use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.
the class SamlAssertionValidatorImplTest method testValidateIncorrectSamlVersion.
@Test(expected = AuthenticationFailureException.class)
public void testValidateIncorrectSamlVersion() throws Exception {
org.opensaml.saml.saml1.core.Assertion assertion = new org.opensaml.saml.saml1.core.impl.AssertionBuilder().buildObject();
Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
samlAssertionValidator.validate(samlAuthenticationToken);
}
use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.
the class SamlAssertionValidatorImplTest method testValidateBearerAssertion.
@Test
public void testValidateBearerAssertion() throws Exception {
Assertion assertion = createAssertion(true, true, ISSUER, new DateTime().plusDays(3));
Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
X509Certificate[] certs = { certificate };
samlAuthenticationToken.setX509Certs(certs);
samlAssertionValidator.validate(samlAuthenticationToken);
}
use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.
the class SamlAssertionValidatorImplTest method testValidateInvalidIssuer.
@Test(expected = AuthenticationFailureException.class)
public void testValidateInvalidIssuer() throws Exception {
Assertion assertion = createAssertion(false, true, "WRONG", new DateTime().minusSeconds(10));
Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
samlAssertionValidator.validate(samlAuthenticationToken);
}
use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.
the class OidcRealmTest method testSupportsFails.
@Test
public void testSupportsFails() {
// null token
boolean supports = realm.supports(null);
assertFalse(supports);
// null credentials
when(authenticationToken.getCredentials()).thenReturn(null);
supports = realm.supports(authenticationToken);
assertFalse(supports);
// token not an OidcAuthenticationToken type
SAMLAuthenticationToken samlAuthenticationToken = mock(SAMLAuthenticationToken.class);
when(samlAuthenticationToken.getCredentials()).thenReturn("creds");
supports = realm.supports(samlAuthenticationToken);
assertFalse(supports);
}
use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.
the class AssertionConsumerService method login.
private boolean login(org.opensaml.saml.saml2.core.Response samlResponse) {
if (!request.isSecure()) {
return false;
}
Map<String, Cookie> cookieMap = HttpUtils.getCookieMap(request);
if (cookieMap.containsKey("JSESSIONID") && sessionFactory != null) {
sessionFactory.getOrCreateSession(request).invalidate();
}
HandlerResult handlerResult = new HandlerResultImpl();
SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
simplePrincipalCollection.add(new SecurityAssertionSaml(samlResponse.getAssertions().get(0).getDOM()), "default");
SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, simplePrincipalCollection, request.getRemoteAddr());
handlerResult.setToken(samlToken);
handlerResult.setStatus(HandlerResult.Status.COMPLETED);
if (handlerResult.getStatus() != HandlerResult.Status.COMPLETED) {
LOGGER.debug("Failed to handle SAML assertion.");
return false;
}
if (handlerResult.getToken() instanceof BaseAuthenticationToken) {
((BaseAuthenticationToken) handlerResult.getToken()).setAllowGuest(contextPolicyManager.getGuestAccess());
}
request.setAttribute(AUTHENTICATION_TOKEN_KEY, handlerResult);
request.removeAttribute(ContextPolicy.NO_AUTH_POLICY);
try {
LOGGER.trace("Trying to login with provided SAML assertion.");
loginFilter.doFilter(request, null, (servletRequest, servletResponse) -> {
});
} catch (IOException | AuthenticationException e) {
LOGGER.debug("Failed to apply login filter to SAML assertion", e);
return false;
}
return true;
}
Aggregations