Example 71 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.
the class RpAuthnRequestTranslatorServiceTest method shouldTranslateSamlAuthnRequest.
@Test
public void shouldTranslateSamlAuthnRequest() {
RpAuthnRequestTranslatorService service = new RpAuthnRequestTranslatorService(stringToAuthnRequestTransformer, samlAuthnRequestToAuthnRequestFromRelyingPartyTransformer, vspVersionGauge);
boolean forceAuthentication = true;
String id = UUID.randomUUID().toString();
String issuer = UUID.randomUUID().toString();
URI assertionConsumerServiceUrl = URI.create("http://someassertionuri");
int assertionConsumerServiceIndex = 1;
Signature signature = aSignature().withSignatureAlgorithm(SIGNATURE_ALGORITHM).build();
((SignatureImpl) signature).setXMLSignature(BuilderHelper.createXMLSignature(SIGNATURE_ALGORITHM, new DigestSHA256()));
SamlRequestWithAuthnRequestInformationDto samlRequestWithAuthnRequestInformationDto = SamlAuthnRequestDtoBuilder.aSamlAuthnRequest().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerIndex(assertionConsumerServiceIndex).withPublicCert(TEST_RP_PUBLIC_SIGNING_CERT).withPrivateKey(TEST_RP_PRIVATE_SIGNING_KEY).build();
AuthnRequest authnRequest = AuthnRequestBuilder.anAuthnRequest().build();
TranslatedAuthnRequestDto expected = TranslatedAuthnRequestDtoBuilder.aTranslatedAuthnRequest().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerServiceUrl(assertionConsumerServiceUrl).withAssertionConsumerServiceIndex(assertionConsumerServiceIndex).build();
AuthnRequestFromRelyingParty intermediateBlah = anAuthnRequestFromRelyingParty().withId(id).withIssuer(issuer).withForceAuthentication(forceAuthentication).withAssertionConsumerServiceUrl(assertionConsumerServiceUrl).withAssertionConsumerServiceIndex(assertionConsumerServiceIndex).withSignature(signature).build();
when(stringToAuthnRequestTransformer.apply(samlRequestWithAuthnRequestInformationDto.getSamlMessage())).thenReturn(authnRequest);
when(samlAuthnRequestToAuthnRequestFromRelyingPartyTransformer.apply(authnRequest)).thenReturn(intermediateBlah);
when(vspVersionGauge.labels(anyString(), anyString())).thenReturn(childGauge);
TranslatedAuthnRequestDto actual = service.translate(samlRequestWithAuthnRequestInformationDto);
assertThat(actual).isEqualToComparingFieldByField(expected);
verify(vspVersionGauge).labels(intermediateBlah.getIssuer(), intermediateBlah.getVerifyServiceProviderVersion().get());
verify(childGauge).set(1.0);
}
Also used :
SamlRequestWithAuthnRequestInformationDto(uk.gov.ida.hub.samlengine.contracts.SamlRequestWithAuthnRequestInformationDto)
DigestSHA256(org.opensaml.xmlsec.algorithm.descriptors.DigestSHA256)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnRequestFromRelyingParty(uk.gov.ida.saml.hub.domain.AuthnRequestFromRelyingParty)
AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty(uk.gov.ida.hub.samlengine.builders.AuthnRequestFromRelyingPartyBuilder.anAuthnRequestFromRelyingParty)
Signature(org.opensaml.xmlsec.signature.Signature)
SignatureBuilder.aSignature(uk.gov.ida.saml.core.test.builders.SignatureBuilder.aSignature)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
TranslatedAuthnRequestDto(uk.gov.ida.hub.samlengine.contracts.TranslatedAuthnRequestDto)
SignatureImpl(org.opensaml.xmlsec.signature.impl.SignatureImpl)
URI(java.net.URI)
Test(org.junit.jupiter.api.Test)
Example 72 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.
the class SamlMessageReceiverApiResourceTest method shouldErrorWhenAuthnRequestIsNotSigned.
@Test
public void shouldErrorWhenAuthnRequestIsNotSigned() {
AuthnRequest authnRequest = anAuthnRequest().withIssuer(anIssuer().withIssuerId(TEST_RP).build()).withDestination(Endpoints.SSO_REQUEST_ENDPOINT).withId(AuthnRequestIdGenerator.generateRequestId()).withoutSignatureElement().build();
SamlRequestDto authnRequestWrapper = new SamlRequestDto(authnRequestToStringTransformer.apply(authnRequest), "relayState", "ipAddress", ANALYTICS_SESSION_ID, JOURNEY_TYPE);
Response clientResponse = postSAML(authnRequestWrapper, Urls.SamlProxyUrls.SAML2_SSO_RECEIVER_API_ROOT);
assertError(Response.Status.BAD_REQUEST, clientResponse, ExceptionType.INVALID_SAML);
}
Also used :
ResponseBuilder.aResponse(uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)
Response(javax.ws.rs.core.Response)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)
SamlRequestDto(uk.gov.ida.hub.samlproxy.contracts.SamlRequestDto)
Test(org.junit.jupiter.api.Test)
Example 73 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.
the class SamlMessageSenderHandler method generateAuthnRequestFromHub.
public SamlMessage generateAuthnRequestFromHub(SessionId sessionId, String principalIpAddress) {
AuthnRequestFromHubContainerDto authnRequestFromHub = sessionProxy.getAuthnRequestFromHub(sessionId);
AuthnRequest request = authnRequestTransformer.apply(authnRequestFromHub.getSamlRequest());
SamlValidationResponse samlSignatureValidationResponse = samlMessageSignatureValidator.validate(request, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
protectiveMonitoringLogger.logAuthnRequest(request, Direction.OUTBOUND, SignatureStatus.fromValidationResponse(samlSignatureValidationResponse));
if (!samlSignatureValidationResponse.isOK()) {
SamlValidationSpecificationFailure failure = samlSignatureValidationResponse.getSamlValidationSpecificationFailure();
throw new SamlTransformationErrorException(failure.getErrorMessage(), samlSignatureValidationResponse.getCause(), Level.ERROR);
}
SamlMessage samlMessage = new SamlMessage(authnRequestFromHub.getSamlRequest(), SamlMessageType.SAML_REQUEST, Optional.ofNullable(sessionId.toString()), authnRequestFromHub.getPostEndpoint().toString(), Optional.of(authnRequestFromHub.getRegistering()));
externalCommunicationEventLogger.logIdpAuthnRequest(request.getID(), sessionId, authnRequestFromHub.getPostEndpoint(), principalIpAddress);
return samlMessage;
}
Also used :
SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse)
SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException)
AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto)
Example 74 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.
the class EntitiesDescriptorToElementTransformerTest method transform_shouldTransformASamlObjectIntoAnElement.
@Test
public void transform_shouldTransformASamlObjectIntoAnElement() {
AuthnRequest authnRequest = anAuthnRequest().withIssuer(anIssuer().build()).build();
XmlObjectToElementTransformer<AuthnRequest> transformer = new XmlObjectToElementTransformer<>();
Element result = transformer.apply(authnRequest);
assertThat(result).isNotNull();
}
Also used :
AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
XmlObjectToElementTransformer(uk.gov.ida.saml.serializers.XmlObjectToElementTransformer)
Element(org.w3c.dom.Element)
Test(org.junit.jupiter.api.Test)
Example 75 with AuthnRequest
use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.
the class HubTransformersFactoryTest method shouldNotContainKeyInfoInIdaAuthnRequest.
@Test
public void shouldNotContainKeyInfoInIdaAuthnRequest() throws Exception {
Function<IdaAuthnRequestFromHub, String> authnRequestTransformer = new HubTransformersFactory().getIdaAuthnRequestFromHubToStringTransformer(getKeyStore(hubSigningCert), signatureAlgorithm, digestAlgorithm);
IdaAuthnRequestFromHub idaAuthnRequestFromHub = IdaAuthnRequestBuilder.anIdaAuthnRequest().withLevelsOfAssurance(Collections.singletonList(AuthnContext.LEVEL_3)).buildFromHub();
String apply = authnRequestTransformer.apply(idaAuthnRequestFromHub);
assertThat(apply).isNotNull();
AuthnRequest authnReq = stringToOpenSamlObjectTransformer.apply(apply);
assertThat(authnReq).isNotNull();
assertThat(authnReq.getSignature()).isNotNull();
assertThat(authnReq.getSignature().getKeyInfo()).as("The Authn Request does not contain a KeyInfo section for Verify UK").isNull();
}
Also used :
IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)113
Test (org.junit.jupiter.api.Test)42
lombok.val (lombok.val)40
Issuer (org.opensaml.saml.saml2.core.Issuer)28
AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)15
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)14
RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)14
MessageContext (org.opensaml.messaging.context.MessageContext)13
IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)12
IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)12
SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)11
DateTime (org.joda.time.DateTime)11
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)11
NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)11
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)10
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)10
IOException (java.io.IOException)9
XMLObject (org.opensaml.core.xml.XMLObject)9
NameID (org.opensaml.saml.saml2.core.NameID)8
JEEContext (org.pac4j.core.context.JEEContext)8
