Search in sources :

Example 1 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateUnsignedAssertion.

@Test(expected = AuthenticationFailureException.class)
public void testValidateUnsignedAssertion() throws Exception {
    Assertion assertion = createAssertion(false, true, ISSUER, new DateTime().plusDays(3));
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) DateTime(org.joda.time.DateTime) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 2 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateWithHolderOfKeyAssertion.

@Test
public void testValidateWithHolderOfKeyAssertion() throws Exception {
    Assertion assertion = createHolderOfKeyAssertion();
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    X509Certificate[] certs = { certificate };
    samlAuthenticationToken.setX509Certs(certs);
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 3 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateExpiredAssertion.

@Test(expected = AuthenticationFailureException.class)
public void testValidateExpiredAssertion() throws Exception {
    Assertion assertion = createAssertion(false, true, ISSUER, new DateTime().minusSeconds(10));
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) DateTime(org.joda.time.DateTime) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 4 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class SamlRealm method doGetAuthenticationInfo.

/**
 * Perform authentication based on the supplied token.
 */
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) {
    Object credential = null;
    // perform validation
    if (token instanceof SAMLAuthenticationToken) {
        try {
            samlAssertionValidator.validate((SAMLAuthenticationToken) token);
            credential = token.getCredentials();
        } catch (AuthenticationFailureException e) {
            String msg = "Unable to validate request's authentication.";
            LOGGER.info(msg);
            throw new AuthenticationException(msg, e);
        }
    }
    if (credential == null) {
        String msg = "Unable to authenticate credential.  A NULL credential was provided in the supplied authentication token. This may be due to an error with the SSO server that created the token.";
        LOGGER.info(msg);
        throw new AuthenticationException(msg);
    }
    LOGGER.debug("Received credentials.");
    LOGGER.debug("Creating token authentication information with SAML.");
    SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo();
    Element securityToken = checkForSecurityToken(credential);
    SimplePrincipalCollection principals = createPrincipalFromToken(securityToken);
    simpleAuthenticationInfo.setPrincipals(principals);
    simpleAuthenticationInfo.setCredentials(credential);
    return simpleAuthenticationInfo;
}
Also used : SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) AuthenticationException(org.apache.shiro.authc.AuthenticationException) Element(org.w3c.dom.Element) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) AuthenticationFailureException(org.codice.ddf.platform.filter.AuthenticationFailureException) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken)

Example 5 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateInvalidSignature.

@Test(expected = AuthenticationFailureException.class)
public void testValidateInvalidSignature() throws Exception {
    Assertion assertion = createAssertion(false, false, "WRONG", new DateTime().minusSeconds(10));
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) DateTime(org.joda.time.DateTime) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Aggregations

SAMLAuthenticationToken (org.codice.ddf.security.handler.SAMLAuthenticationToken)11 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)10 SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)9 Element (org.w3c.dom.Element)9 Test (org.junit.Test)8 Assertion (org.opensaml.saml.saml2.core.Assertion)6 DateTime (org.joda.time.DateTime)5 IOException (java.io.IOException)2 X509Certificate (java.security.cert.X509Certificate)2 Cookie (javax.servlet.http.Cookie)2 HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)2 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2 StringReader (java.io.StringReader)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)1 AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)1 AuthenticationFailureException (org.codice.ddf.platform.filter.AuthenticationFailureException)1 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)1