Search in sources :

Example 11 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.

the class UnknownMethodAlgorithmLoggerTest method shouldReportUnknownDigestAlgorithmInIDPAssertion.

@Test
public void shouldReportUnknownDigestAlgorithmInIDPAssertion() throws Exception {
    Assertion authnStatementAssertion = anAssertion().withId(ID).withIssuer(anIssuer().withIssuerId(ISSUER_IDP).build()).withSignature(signatureWithUnknownDigestAlgorithm.get()).buildUnencrypted();
    UnknownMethodAlgorithmLogger.probeAssertionForMethodAlgorithm(authnStatementAssertion, AUTHN_STATEMENT);
    verifyLog(mockAppender, captorLoggingEvent, 1, String.format(UnknownMethodAlgorithmLogger.DIGEST_ALGORITHM_MESSAGE, IDP, DIGEST_SHA1_ID, AUTHN_STATEMENT + Assertion.DEFAULT_ELEMENT_LOCAL_NAME));
}
Also used : AssertionBuilder.anAssertion(uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) Test(org.junit.Test)

Example 12 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorServiceTest method setup.

@Before
public void setup() throws Exception {
    IdaSamlBootstrap.bootstrap();
    service = new CountryAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, responseFromCountryValidator, new IdpIdaStatusUnmarshaller(new IdpIdaStatus.IdpIdaStatusFactory(), new SamlStatusToIdpIdaStatusMappingsFactory()), responseAssertionsFromCountryValidator, validateSamlResponseIssuedByIdpDestination, assertionDecrypter, assertionBlobEncrypter, samlResponseSignatureValidator, samlAssertionsSignatureValidator, new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer<>(), new AuthnContextFactory()));
    Response eidasSAMLResponse = (Response) buildResponseFromFile();
    ValidatedResponse validateEIDASSAMLResponse = new ValidatedResponse(eidasSAMLResponse);
    List<Assertion> decryptedAssertions = eidasSAMLResponse.getAssertions();
    when(samlAuthnResponseTranslatorDto.getSamlResponse()).thenReturn("eidas");
    when(samlAuthnResponseTranslatorDto.getMatchingServiceEntityId()).thenReturn("mid");
    when(stringToOpenSamlResponseTransformer.apply("eidas")).thenReturn(eidasSAMLResponse);
    doNothing().when(responseFromCountryValidator).validate(eidasSAMLResponse);
    when(samlResponseSignatureValidator.validate(eidasSAMLResponse, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(validateEIDASSAMLResponse);
    when(assertionDecrypter.decryptAssertions(validateEIDASSAMLResponse)).thenReturn(decryptedAssertions);
    when(assertionBlobEncrypter.encryptAssertionBlob(eq("mid"), any(String.class))).thenReturn(identityUnderlyingAssertionBlob);
    when(samlAssertionsSignatureValidator.validate(decryptedAssertions, IDPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(new ValidatedAssertions(decryptedAssertions));
}
Also used : IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus) Assertion(org.opensaml.saml.saml2.core.Assertion) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) Response(org.opensaml.saml.saml2.core.Response) PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller) IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller) ValidatedAssertions(uk.gov.ida.saml.security.validators.ValidatedAssertions) AuthnContextFactory(uk.gov.ida.saml.core.transformers.AuthnContextFactory) SamlStatusToIdpIdaStatusMappingsFactory(uk.gov.ida.saml.hub.transformers.inbound.SamlStatusToIdpIdaStatusMappingsFactory) Before(org.junit.Before)

Example 13 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.

the class AttributeQueryRequestBuilder method build.

public AttributeQueryRequestDto build(String persistentIdName, String matchingDatasetAssertionId, String authnStatementAssertionId, String requestId) {
    XmlObjectToBase64EncodedStringTransformer<XMLObject> toBase64EncodedStringTransformer = new XmlObjectToBase64EncodedStringTransformer<>();
    final PersistentId persistentId = aPersistentId().withNameId(persistentIdName).buildSamlEnginePersistentId();
    Assertion authnStatementAssertion = AssertionBuilder.anAssertion().withId(authnStatementAssertionId).buildUnencrypted();
    String authnStatementAssertionString = toBase64EncodedStringTransformer.apply(authnStatementAssertion);
    EncryptedAssertion encryptedMdsAssertion = AssertionBuilder.anAssertion().withId(matchingDatasetAssertionId).build();
    String encryptedMdsAssertionString = toBase64EncodedStringTransformer.apply(encryptedMdsAssertion);
    return aHubMatchingServiceRequestDto().withId(requestId).withMatchingServiceEntityId(TestEntityIds.TEST_RP_MS).withPersistentId(persistentId).withEncryptedMatchingDatasetAssertion(encryptedMdsAssertionString).withAuthnStatementAssertion(authnStatementAssertionString).build();
}
Also used : EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) XMLObject(org.opensaml.core.xml.XMLObject) XmlObjectToBase64EncodedStringTransformer(uk.gov.ida.saml.serializers.XmlObjectToBase64EncodedStringTransformer) PersistentId(uk.gov.ida.hub.samlengine.domain.PersistentId) PersistentIdBuilder.aPersistentId(uk.gov.ida.hub.samlengine.builders.PersistentIdBuilder.aPersistentId)

Example 14 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project verify-hub by alphagov.

the class CountryAuthnResponseTranslatorService method toModel.

private InboundResponseFromCountry toModel(ValidatedResponse response, Optional<Assertion> validatedIdentityAssertionOptional, String matchingServiceEntityId) {
    Optional<PassthroughAssertion> passthroughAssertion = validatedIdentityAssertionOptional.map(validatedIdentityAssertion -> passthroughAssertionUnmarshaller.fromAssertion(validatedIdentityAssertion, true));
    Optional<LevelOfAssurance> levelOfAssurance = passthroughAssertion.flatMap(assertion -> assertion.getAuthnContext()).map(AuthnContext::name).filter(string -> !isNullOrEmpty(string)).map(LevelOfAssurance::valueOf);
    IdpIdaStatus status = statusUnmarshaller.fromSaml(response.getStatus());
    return new InboundResponseFromCountry(response.getIssuer().getValue(), validatedIdentityAssertionOptional.map(Assertion::getSubject).map(Subject::getNameID).map(NameID::getValue), Optional.ofNullable(status).map(IdpIdaStatus::getStatusCode).map(IdpIdaStatus.Status::name), status.getMessage(), passthroughAssertion.map(assertion -> assertionBlobEncrypter.encryptAssertionBlob(matchingServiceEntityId, assertion.getUnderlyingAssertionBlob())), levelOfAssurance);
}
Also used : LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) StringToOpenSamlObjectTransformer(uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) Subject(org.opensaml.saml.saml2.core.Subject) IdpIdaStatusUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller) ValidatedResponse(uk.gov.ida.saml.security.validators.ValidatedResponse) MdcHelper(uk.gov.ida.hub.samlengine.logging.MdcHelper) ResponseFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseFromCountryValidator) SamlResponseSignatureValidator(uk.gov.ida.saml.security.validators.signature.SamlResponseSignatureValidator) Inject(javax.inject.Inject) Assertion(org.opensaml.saml.saml2.core.Assertion) AssertionBlobEncrypter(uk.gov.ida.saml.core.transformers.outbound.decorators.AssertionBlobEncrypter) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) ResponseAssertionsFromCountryValidator(uk.gov.ida.hub.samlengine.validation.country.ResponseAssertionsFromCountryValidator) Response(org.opensaml.saml.saml2.core.Response) PassthroughAssertionUnmarshaller(uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller) AssertionDecrypter(uk.gov.ida.saml.security.AssertionDecrypter) SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto) InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry) List(java.util.List) PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) LevelOfAssurance(uk.gov.ida.hub.samlengine.domain.LevelOfAssurance) DestinationValidator(uk.gov.ida.saml.core.validators.DestinationValidator) Optional(java.util.Optional) IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus) NameID(org.opensaml.saml.saml2.core.NameID) SamlAssertionsSignatureValidator(uk.gov.ida.saml.security.SamlAssertionsSignatureValidator) InboundResponseFromCountry(uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry) PassthroughAssertion(uk.gov.ida.saml.core.domain.PassthroughAssertion) IdpIdaStatus(uk.gov.ida.saml.hub.domain.IdpIdaStatus) Subject(org.opensaml.saml.saml2.core.Subject) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)

Example 15 with Assertion

use of org.opensaml.saml.saml1.core.Assertion in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newAssertion.

/**
 * Create a new SAML1 response object.
 *
 * @param authnStatement the authn statement
 * @param issuer         the issuer
 * @param issuedAt       the issued at
 * @param id             the id
 * @return the assertion
 */
public Assertion newAssertion(final List<Statement> authnStatement, final String issuer, final ZonedDateTime issuedAt, final String id) {
    final Assertion assertion = newSamlObject(Assertion.class);
    assertion.setID(id);
    assertion.setIssueInstant(DateTimeUtils.dateTimeOf(issuedAt));
    assertion.setIssuer(newIssuer(issuer));
    assertion.getStatements().addAll(authnStatement);
    return assertion;
}
Also used : Assertion(org.opensaml.saml.saml2.core.Assertion)

Aggregations

Assertion (org.opensaml.saml.saml2.core.Assertion)33 Test (org.junit.Test)16 Assertion (org.opensaml.saml.saml1.core.Assertion)13 AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)9 Response (org.opensaml.saml.saml2.core.Response)8 DateTime (org.joda.time.DateTime)6 Assertion (org.opensaml.saml2.core.Assertion)6 Element (org.w3c.dom.Element)6 PassthroughAssertion (uk.gov.ida.saml.core.domain.PassthroughAssertion)6 Subject (org.opensaml.saml.saml2.core.Subject)5 MetricRegistry (com.codahale.metrics.MetricRegistry)4 ZonedDateTime (java.time.ZonedDateTime)4 ArrayList (java.util.ArrayList)4 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)4 Credential (org.apache.wss4j.dom.validate.Credential)4 Service (org.apereo.cas.authentication.principal.Service)4 RegisteredService (org.apereo.cas.services.RegisteredService)4 WsFederationCredential (org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential)4 XMLObject (org.opensaml.core.xml.XMLObject)4