Example 71 with SamlAssertionWrapper
use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.
the class JAXRSOAuth2Test method testSAML2BearerGrant.
@Test
public void testSAML2BearerGrant() throws Exception {
String address = "https://localhost:" + PORT + "/oauth2/token";
WebClient wc = createWebClient(address);
Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
String audienceURI = "https://localhost:" + PORT + "/oauth2/token";
samlCallbackHandler.setAudience(audienceURI);
SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(samlCallbackHandler, signInfo);
Document doc = DOMUtils.newDocument();
Element assertionElement = assertionWrapper.toDOM(doc);
String assertion = DOM2Writer.nodeToString(assertionElement);
Saml2BearerGrant grant = new Saml2BearerGrant(assertion);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("alice", "alice"), grant, false);
assertNotNull(at.getTokenKey());
}
Also used :
SelfSignInfo(org.apache.cxf.rs.security.saml.SAMLUtils.SelfSignInfo)
SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler)
Crypto(org.apache.wss4j.common.crypto.Crypto)
Saml2BearerGrant(org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrant)
Consumer(org.apache.cxf.rs.security.oauth2.client.Consumer)
CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader)
Element(org.w3c.dom.Element)
ClientAccessToken(org.apache.cxf.rs.security.oauth2.common.ClientAccessToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
Document(org.w3c.dom.Document)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
Test(org.junit.Test)
Example 72 with SamlAssertionWrapper
use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.
the class JAXRSOAuth2Test method testSAMLBadSubjectName.
@Test
public void testSAMLBadSubjectName() throws Exception {
String address = "https://localhost:" + PORT + "/oauth2-auth/token";
WebClient wc = createWebClient(address);
String audienceURI = "https://localhost:" + PORT + "/oauth2-auth/token";
// Create the SAML Assertion
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
samlCallbackHandler.setSubjectName("bob");
samlCallbackHandler.setAudience(audienceURI);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
if (samlCallback.isSignAssertion()) {
samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
}
String assertion = samlAssertion.assertionToString();
String encodedAssertion = Base64UrlUtility.encode(assertion);
Map<String, String> extraParams = new HashMap<>();
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_SAML2_BEARER);
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodedAssertion);
try {
OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
fail("Failure expected on a bad subject name");
} catch (OAuthServiceException ex) {
// expected
}
}
Also used :
SamlCallbackHandler(org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler)
HashMap(java.util.HashMap)
OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
Test(org.junit.Test)
Example 73 with SamlAssertionWrapper
use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.
the class JAXRSSamlTest method testSAMLTokenHeaderUsingAuthorizationPolicy.
@Test
public void testSAMLTokenHeaderUsingAuthorizationPolicy() throws Exception {
String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSSamlTest.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
// Create SAML Token
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(new SamlCallbackHandler(), samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
Document doc = DOMUtils.createDocument();
Element token = assertion.toDOM(doc);
WebClient wc = bean.createWebClient();
HTTPConduit http = (HTTPConduit) WebClient.getConfig(wc).getConduit();
AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
String encodedToken = encodeToken(DOM2Writer.nodeToString(token));
authorizationPolicy.setAuthorization(encodedToken);
authorizationPolicy.setAuthorizationType("SAML");
http.setAuthorization(authorizationPolicy);
try {
Book book = wc.get(Book.class);
assertEquals(123L, book.getId());
} catch (WebApplicationException ex) {
fail(ex.getMessage());
} catch (ProcessingException ex) {
if (ex.getCause() != null && ex.getCause().getMessage() != null) {
fail(ex.getCause().getMessage());
} else {
fail(ex.getMessage());
}
}
}
Also used :
Bus(org.apache.cxf.Bus)
JAXRSClientFactoryBean(org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean)
WebApplicationException(javax.ws.rs.WebApplicationException)
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
Document(org.w3c.dom.Document)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
URL(java.net.URL)
HTTPConduit(org.apache.cxf.transport.http.HTTPConduit)
AuthorizationPolicy(org.apache.cxf.configuration.security.AuthorizationPolicy)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
Book(org.apache.cxf.systest.jaxrs.security.Book)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
ProcessingException(javax.ws.rs.ProcessingException)
Test(org.junit.Test)
Example 74 with SamlAssertionWrapper
use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project ddf by codice.
the class RestSecurity method createSamlHeader.
/**
* Creates an authorization header to be returned to the browser if the token was successfully
* exchanged for a SAML assertion
*
* @param subject - {@link ddf.security.Subject} to create the header from
*/
private static String createSamlHeader(Subject subject) {
String encodedSamlHeader = null;
org.w3c.dom.Element samlToken = null;
try {
for (Object principal : subject.getPrincipals().asList()) {
if (principal instanceof SecurityAssertion) {
SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
samlToken = securityToken.getToken();
}
}
if (samlToken != null) {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlToken);
String saml = assertion.assertionToString();
encodedSamlHeader = SAML_HEADER_PREFIX + deflateAndBase64Encode(saml);
}
} catch (WSSecurityException | ArithmeticException | IOException e) {
LOGGER.info("Unable to parse SAML assertion from subject.", e);
}
return encodedSamlHeader;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Example 75 with SamlAssertionWrapper
use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project ddf by codice.
the class StsIssueTest method validateSecurityToken.
private void validateSecurityToken(SecurityToken token) {
assert (SAML2_TOKEN_TYPE.equals(token.getTokenType()));
assert (token.getToken() != null);
// Process the token
List<WSSecurityEngineResult> results;
try {
results = processToken(token);
assert (results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assert (assertion != null);
assert (assertion.getSaml1() == null && assertion.getSaml2() != null);
assert (assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && methods.size() > 0) {
confirmMethod = methods.get(0);
}
assert (confirmMethod != null);
} catch (WSSecurityException e) {
LOGGER.info("Error validating the SecurityToken.", e);
}
}
Also used :
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Aggregations
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)141
Element (org.w3c.dom.Element)68
Document (org.w3c.dom.Document)55
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)44
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)40
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)35
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)27
Crypto (org.apache.wss4j.common.crypto.Crypto)26
Response (org.opensaml.saml.saml2.core.Response)23
URL (java.net.URL)22
Bus (org.apache.cxf.Bus)20
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)19
ArrayList (java.util.ArrayList)18
WebClient (org.apache.cxf.jaxrs.client.WebClient)18
Status (org.opensaml.saml.saml2.core.Status)18
HashMap (java.util.HashMap)16
Test (org.junit.Test)16
Principal (java.security.Principal)15
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)14
Response (javax.ws.rs.core.Response)13
