Example 51 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SSOSamlIdPPostProfileHandlerControllerWithBrowserStorageTests method getAuthnRequest.
private AuthnRequest getAuthnRequest() {
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
val authnRequest = (AuthnRequest) builder.buildObject();
authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_BINDING_URI);
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
val issuer = (Issuer) builder.buildObject();
issuer.setValue(samlRegisteredService.getServiceId());
authnRequest.setIssuer(issuer);
return authnRequest;
}
Also used :
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
Issuer(org.opensaml.saml.saml2.core.Issuer)
Example 52 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SSOSamlIdPPostSimpleSignProfileHandlerControllerTests method getAuthnRequest.
private AuthnRequest getAuthnRequest() {
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnRequest.DEFAULT_ELEMENT_NAME);
val authnRequest = (AuthnRequest) builder.buildObject();
authnRequest.setProtocolBinding(SAMLConstants.SAML2_POST_SIMPLE_SIGN_BINDING_URI);
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
val issuer = (Issuer) builder.buildObject();
issuer.setValue(samlRegisteredService.getServiceId());
authnRequest.setIssuer(issuer);
return authnRequest;
}
Also used :
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
Issuer(org.opensaml.saml.saml2.core.Issuer)
Example 53 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SamlIdPConsentSingleSignOnParticipationStrategyTests method verifyIdPNeedsConsentOperation.
@Test
public void verifyIdPNeedsConsentOperation() {
val context = new MockRequestContext();
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
RequestContextHolder.setRequestContext(context);
ExternalContextHolder.setExternalContext(context.getExternalContext());
val principal = RegisteredServiceTestUtils.getPrincipal("casuser", CollectionUtils.wrap("uid", "CAS-System"));
val authn = RegisteredServiceTestUtils.getAuthentication(principal);
val cookie = new MockTicketGrantingTicket(authn);
val issuer = UUID.randomUUID().toString();
val registeredService = SamlIdPTestUtils.getSamlRegisteredService(issuer);
registeredService.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(List.of("uid")));
val service = RegisteredServiceTestUtils.getService(issuer);
val authnRequest = getAuthnRequestFor(issuer);
val ssoRequest = SingleSignOnParticipationRequest.builder().httpServletRequest(request).requestContext(context).build().attribute(AuthnRequest.class.getName(), authnRequest).attribute(Issuer.class.getName(), issuer).attribute(Service.class.getName(), service).attribute(RegisteredService.class.getName(), registeredService).attribute(Authentication.class.getName(), authn).attribute(TicketGrantingTicket.class.getName(), cookie);
assertFalse(singleSignOnParticipationStrategy.isParticipating(ssoRequest));
}
Also used :
lombok.val(lombok.val)
MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket)
RegisteredService(org.apereo.cas.services.RegisteredService)
Issuer(org.opensaml.saml.saml2.core.Issuer)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext)
ReturnAllowedAttributeReleasePolicy(org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket)
MockRequestContext(org.springframework.webflow.test.MockRequestContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
MockServletContext(org.springframework.mock.web.MockServletContext)
Test(org.junit.jupiter.api.Test)
Example 54 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class SamlIdPSingleSignOnParticipationStrategyTests method verifyForcedAuthn.
@Test
public void verifyForcedAuthn() {
val context = new MockRequestContext();
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
RequestContextHolder.setRequestContext(context);
ExternalContextHolder.setExternalContext(context.getExternalContext());
val issuer = UUID.randomUUID().toString();
val authnRequest = getAuthnRequestFor(issuer);
when(authnRequest.isForceAuthn()).thenReturn(Boolean.TRUE);
val ssoRequest = SingleSignOnParticipationRequest.builder().httpServletRequest(request).requestContext(context).build().attribute(AuthnRequest.class.getName(), authnRequest).attribute(Issuer.class.getName(), issuer);
assertTrue(samlIdPSingleSignOnParticipationStrategy.supports(ssoRequest));
assertFalse(samlIdPSingleSignOnParticipationStrategy.isParticipating(ssoRequest));
}
Also used :
lombok.val(lombok.val)
Issuer(org.opensaml.saml.saml2.core.Issuer)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext)
MockRequestContext(org.springframework.webflow.test.MockRequestContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
MockServletContext(org.springframework.mock.web.MockServletContext)
Test(org.junit.jupiter.api.Test)
Example 55 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project cas by apereo.
the class AbstractSamlIdPProfileHandlerController method issueAuthenticationRequestRedirect.
/**
* Redirect request for authentication.
*
* @param pair the pair
* @param request the request
* @param response the response
* @return the model and view
* @throws Exception the exception
*/
protected ModelAndView issueAuthenticationRequestRedirect(final Pair<? extends SignableSAMLObject, MessageContext> pair, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
val authnRequest = (AuthnRequest) pair.getLeft();
val serviceUrl = constructServiceUrl(request, response, pair);
LOGGER.debug("Created service url [{}]", DigestUtils.abbreviate(serviceUrl));
val properties = configurationContext.getCasProperties();
val urlToRedirectTo = CommonUtils.constructRedirectUrl(properties.getServer().getLoginUrl(), CasProtocolConstants.PARAMETER_SERVICE, serviceUrl, authnRequest.isForceAuthn(), authnRequest.isPassive());
LOGGER.debug("Redirecting SAML authN request to [{}]", urlToRedirectTo);
val type = properties.getAuthn().getSamlIdp().getCore().getSessionStorageType();
if (type == SamlIdPCoreProperties.SessionStorageTypes.BROWSER_SESSION_STORAGE) {
val context = new JEEContext(request, response);
val sessionStorage = configurationContext.getSessionStore().getTrackableSession(context).map(BrowserSessionStorage.class::cast).orElseThrow(() -> new IllegalStateException("Unable to determine trackable session for storage"));
sessionStorage.setDestinationUrl(urlToRedirectTo);
return new ModelAndView(CasWebflowConstants.VIEW_ID_SESSION_STORAGE_WRITE, BrowserSessionStorage.KEY_SESSION_STORAGE, sessionStorage);
}
LOGGER.debug("Redirecting SAML authN request to [{}]", urlToRedirectTo);
val mv = new ModelAndView(new RedirectView(urlToRedirectTo));
mv.setStatus(HttpStatus.FOUND);
return mv;
}
Also used :
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
JEEContext(org.pac4j.core.context.JEEContext)
ModelAndView(org.springframework.web.servlet.ModelAndView)
RedirectView(org.springframework.web.servlet.view.RedirectView)
Aggregations
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)113
Test (org.junit.jupiter.api.Test)42
lombok.val (lombok.val)40
Issuer (org.opensaml.saml.saml2.core.Issuer)28
AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)15
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)14
RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)14
MessageContext (org.opensaml.messaging.context.MessageContext)13
IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)12
IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)12
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)11
DateTime (org.joda.time.DateTime)11
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)11
NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)11
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)10
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)10
IOException (java.io.IOException)9
XMLObject (org.opensaml.core.xml.XMLObject)9
NameID (org.opensaml.saml.saml2.core.NameID)8
JEEContext (org.pac4j.core.context.JEEContext)8
