Example 11 with AttributePrincipal
use of org.jasig.cas.client.authentication.AttributePrincipal in project ddf by codice.
the class CASTokenRequestHandlerTest method testDefaultAddress.
/**
* Tests that with no setting changes the ticket is returned.
*
* @throws SecurityServiceException
*/
@Test
public void testDefaultAddress() throws SecurityServiceException {
// setup mock classes
AttributePrincipal principal = mock(AttributePrincipal.class);
when(principal.getProxyTicketFor(anyString())).thenReturn(SAMPLE_TICKET);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getUserPrincipal()).thenReturn(principal);
CASTokenRequestHandler handler = new CASTokenRequestHandler();
handler.setStsClientConfiguration(mock(STSClientConfiguration.class));
Object token = handler.createToken(request);
assertTrue(token instanceof AuthenticationToken);
assertEquals(SAMPLE_TICKET, ((AuthenticationToken) token).getCredentials());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
STSClientConfiguration(ddf.security.sts.client.configuration.STSClientConfiguration)
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
Test(org.junit.Test)
Example 12 with AttributePrincipal
use of org.jasig.cas.client.authentication.AttributePrincipal in project ddf by codice.
the class WebSSOTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*/
@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.debug("Validating SSO Token");
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
LOGGER.debug("Setting validate state to invalid before check.");
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(STATE.INVALID);
response.setToken(validateTarget);
if (!validateTarget.isBinarySecurityToken()) {
LOGGER.debug("Validate target is not a binary security token, returning invalid response.");
return response;
}
LOGGER.debug("Getting binary security token from validate target");
BinarySecurityTokenType binarySecurityToken = (BinarySecurityTokenType) validateTarget.getToken();
//
// Decode the token
//
LOGGER.debug("Decoding binary security token.");
String base64Token = binarySecurityToken.getValue();
String ticket = null;
String service = null;
try {
byte[] token = Base64.getDecoder().decode(base64Token);
if (token == null || token.length == 0) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
}
String decodedToken = new String(token, Charset.forName("UTF-8"));
if (StringUtils.isNotBlank(decodedToken)) {
LOGGER.debug("Binary security token successfully decoded: {}", decodedToken);
// Token is in the format ticket|service
String[] parts = StringUtils.split(decodedToken, CAS_BST_SEP);
if (parts.length == 2) {
ticket = parts[0];
service = parts[1];
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Was not able to parse out BST propertly. Should be in ticket|service format.");
}
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
}
} catch (WSSecurityException wsse) {
String msg = "Unable to decode BST into ticket and service for validation to CAS.";
LOGGER.info(msg, wsse);
return response;
}
//
try {
LOGGER.debug("Validating ticket [{}] for service [{}].", ticket, service);
// validate either returns an assertion or throws an exception
Assertion assertion = validate(ticket, service);
AttributePrincipal principal = assertion.getPrincipal();
LOGGER.debug("User name retrieved from CAS: {}", principal.getName());
response.setPrincipal(principal);
LOGGER.debug("CAS ticket successfully validated, setting state to valid.");
validateTarget.setState(STATE.VALID);
} catch (TicketValidationException e) {
LOGGER.debug("Unable to validate CAS token.", e);
}
return response;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
Assertion(org.jasig.cas.client.validation.Assertion)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
RequestData(org.apache.wss4j.dom.handler.RequestData)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
TicketValidationException(org.jasig.cas.client.validation.TicketValidationException)
Example 13 with AttributePrincipal
use of org.jasig.cas.client.authentication.AttributePrincipal in project ddf by codice.
the class CasHandlerTest method createServletRequest.
private HttpServletRequest createServletRequest(boolean shouldAddCas) {
HttpServletRequest servletRequest = mock(HttpServletRequest.class);
HttpSession session = mock(HttpSession.class);
when(session.getId()).thenReturn(SESSION_ID);
when(servletRequest.getSession()).thenReturn(session);
when(servletRequest.getSession(any(Boolean.class))).thenReturn(session);
if (shouldAddCas) {
// Mock CAS items
Assertion assertion = mock(Assertion.class);
when(session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION)).thenReturn(assertion);
AttributePrincipal principal = mock(AttributePrincipal.class);
when(principal.getProxyTicketFor(STS_ADDRESS)).thenReturn(MOCK_TICKET);
when(principal.getProxyTicketFor(not(eq(STS_ADDRESS)))).thenThrow(new RuntimeException("Tried to create ticket for incorrect service."));
when(assertion.getPrincipal()).thenReturn(principal);
}
return servletRequest;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpSession(javax.servlet.http.HttpSession)
Assertion(org.jasig.cas.client.validation.Assertion)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
Example 14 with AttributePrincipal
use of org.jasig.cas.client.authentication.AttributePrincipal in project ddf by codice.
the class CASTokenRequestHandler method createToken.
@Override
public Object createToken(HttpServletRequest request) throws SecurityServiceException {
AttributePrincipal attributePrincipal = (AttributePrincipal) request.getUserPrincipal();
String proxyTicket = null;
String stsAddress = stsClientConfig.getAddress();
if (attributePrincipal != null) {
LOGGER.debug("Getting proxy ticket for {}", stsAddress);
proxyTicket = attributePrincipal.getProxyTicketFor(stsAddress);
if (proxyTicket != null) {
LOGGER.debug("Retrieved proxy ticket: {}", proxyTicket);
return new CasAuthenticationToken(proxyTicket, stsAddress);
} else {
throw new SecurityServiceException("Could not get Proxy Ticket from CAS server. Check CAS log for error.");
}
} else {
throw new SecurityServiceException("Could not get the principal from the incoming request.");
}
}
Also used :
SecurityServiceException(ddf.security.service.SecurityServiceException)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
Example 15 with AttributePrincipal
use of org.jasig.cas.client.authentication.AttributePrincipal in project cas by apereo.
the class WSFederationValidateRequestCallbackController method validateSecurityTokenInAssertion.
private static SecurityToken validateSecurityTokenInAssertion(final Assertion assertion, final HttpServletRequest request, final HttpServletResponse response) {
LOGGER.debug("Validating security token in CAS assertion...");
final AttributePrincipal principal = assertion.getPrincipal();
if (!principal.getAttributes().containsKey(WSFederationConstants.SECURITY_TOKEN_ATTRIBUTE)) {
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
}
final String token = (String) principal.getAttributes().get(WSFederationConstants.SECURITY_TOKEN_ATTRIBUTE);
final byte[] securityTokenBin = EncodingUtils.decodeBase64(token);
return SerializationUtils.deserialize(securityTokenBin);
}
Also used :
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
Aggregations
AttributePrincipal (org.jasig.cas.client.authentication.AttributePrincipal)19
Assertion (org.jasig.cas.client.validation.Assertion)9
HashMap (java.util.HashMap)4
AttributePrincipalImpl (org.jasig.cas.client.authentication.AttributePrincipalImpl)4
AssertionImpl (org.jasig.cas.client.validation.AssertionImpl)4
Test (org.junit.Test)4
Map (java.util.Map)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
TicketValidationException (org.jasig.cas.client.validation.TicketValidationException)3
Principal (java.security.Principal)2
HttpSession (javax.servlet.http.HttpSession)2
Ignore (org.junit.Ignore)2
TechnicalException (org.pac4j.core.exception.TechnicalException)2
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2
ParseException (com.vividsolutions.jts.io.ParseException)1
SecurityServiceException (ddf.security.service.SecurityServiceException)1
STSClientConfiguration (ddf.security.sts.client.configuration.STSClientConfiguration)1
MalformedURLException (java.net.MalformedURLException)1
URL (java.net.URL)1
Iterator (java.util.Iterator)1
