Search in sources :

Example 6 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateIncorrectSamlVersion.

@Test(expected = AuthenticationFailureException.class)
public void testValidateIncorrectSamlVersion() throws Exception {
    org.opensaml.saml.saml1.core.Assertion assertion = new org.opensaml.saml.saml1.core.impl.AssertionBuilder().buildObject();
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 7 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateBearerAssertion.

@Test
public void testValidateBearerAssertion() throws Exception {
    Assertion assertion = createAssertion(true, true, ISSUER, new DateTime().plusDays(3));
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    X509Certificate[] certs = { certificate };
    samlAuthenticationToken.setX509Certs(certs);
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) DateTime(org.joda.time.DateTime) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 8 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateInvalidIssuer.

@Test(expected = AuthenticationFailureException.class)
public void testValidateInvalidIssuer() throws Exception {
    Assertion assertion = createAssertion(false, true, "WRONG", new DateTime().minusSeconds(10));
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) DateTime(org.joda.time.DateTime) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 9 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class OidcRealmTest method testSupportsFails.

@Test
public void testSupportsFails() {
    // null token
    boolean supports = realm.supports(null);
    assertFalse(supports);
    // null credentials
    when(authenticationToken.getCredentials()).thenReturn(null);
    supports = realm.supports(authenticationToken);
    assertFalse(supports);
    // token not an OidcAuthenticationToken type
    SAMLAuthenticationToken samlAuthenticationToken = mock(SAMLAuthenticationToken.class);
    when(samlAuthenticationToken.getCredentials()).thenReturn("creds");
    supports = realm.supports(samlAuthenticationToken);
    assertFalse(supports);
}
Also used : SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) Test(org.junit.Test)

Example 10 with SAMLAuthenticationToken

use of org.codice.ddf.security.handler.SAMLAuthenticationToken in project ddf by codice.

the class AssertionConsumerService method login.

private boolean login(org.opensaml.saml.saml2.core.Response samlResponse) {
    if (!request.isSecure()) {
        return false;
    }
    Map<String, Cookie> cookieMap = HttpUtils.getCookieMap(request);
    if (cookieMap.containsKey("JSESSIONID") && sessionFactory != null) {
        sessionFactory.getOrCreateSession(request).invalidate();
    }
    HandlerResult handlerResult = new HandlerResultImpl();
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(samlResponse.getAssertions().get(0).getDOM()), "default");
    SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, simplePrincipalCollection, request.getRemoteAddr());
    handlerResult.setToken(samlToken);
    handlerResult.setStatus(HandlerResult.Status.COMPLETED);
    if (handlerResult.getStatus() != HandlerResult.Status.COMPLETED) {
        LOGGER.debug("Failed to handle SAML assertion.");
        return false;
    }
    if (handlerResult.getToken() instanceof BaseAuthenticationToken) {
        ((BaseAuthenticationToken) handlerResult.getToken()).setAllowGuest(contextPolicyManager.getGuestAccess());
    }
    request.setAttribute(AUTHENTICATION_TOKEN_KEY, handlerResult);
    request.removeAttribute(ContextPolicy.NO_AUTH_POLICY);
    try {
        LOGGER.trace("Trying to login with provided SAML assertion.");
        loginFilter.doFilter(request, null, (servletRequest, servletResponse) -> {
        });
    } catch (IOException | AuthenticationException e) {
        LOGGER.debug("Failed to apply login filter to SAML assertion", e);
        return false;
    }
    return true;
}
Also used : Cookie(javax.servlet.http.Cookie) AuthenticationException(org.codice.ddf.platform.filter.AuthenticationException) HandlerResultImpl(org.codice.ddf.security.handler.HandlerResultImpl) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) IOException(java.io.IOException) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml)

Aggregations

SAMLAuthenticationToken (org.codice.ddf.security.handler.SAMLAuthenticationToken)11 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)10 SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)9 Element (org.w3c.dom.Element)9 Test (org.junit.Test)8 Assertion (org.opensaml.saml.saml2.core.Assertion)6 DateTime (org.joda.time.DateTime)5 IOException (java.io.IOException)2 X509Certificate (java.security.cert.X509Certificate)2 Cookie (javax.servlet.http.Cookie)2 HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)2 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2 StringReader (java.io.StringReader)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)1 AuthenticationException (org.codice.ddf.platform.filter.AuthenticationException)1 AuthenticationFailureException (org.codice.ddf.platform.filter.AuthenticationFailureException)1 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)1