Examples with AuthnRequest - org.opensaml.saml.saml2.core.AuthnRequest

Example 76 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.

the class AuthnRequestFromRelyingPartyUnmarshallerTest method fromSamlMessage_shouldNotComplainWhenThereIsNoExtensionsElement.

@Test
public void fromSamlMessage_shouldNotComplainWhenThereIsNoExtensionsElement() throws Exception {
    AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
    authnRequest.setIssuer(new IssuerBuilder().buildObject());
    authnRequest.setDestination("http://example.com");
    AuthnRequestFromRelyingParty authnRequestFromRelyingParty = unmarshaller.fromSamlMessage(authnRequest);
    assertThat(authnRequestFromRelyingParty.getVerifyServiceProviderVersion()).isEqualTo(Optional.empty());
}

Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthnRequestFromRelyingParty(uk.gov.ida.saml.hub.domain.AuthnRequestFromRelyingParty) AuthnRequestBuilder(org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) Test(org.junit.jupiter.api.Test)

Example 77 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.

the class AuthnRequestFromRelyingPartyUnmarshallerTest method fromSamlMessage_shouldNotComplainWhenExceptionDuringDecryption.

@Test
public void fromSamlMessage_shouldNotComplainWhenExceptionDuringDecryption() throws Exception {
    AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
    authnRequest.setIssuer(new IssuerBuilder().buildObject());
    authnRequest.setDestination("http://example.com");
    authnRequest.setExtensions(createApplicationVersionExtensions(null));
    AuthnRequestFromRelyingParty authnRequestFromRelyingParty = unmarshaller.fromSamlMessage(authnRequest);
    assertThat(authnRequestFromRelyingParty.getVerifyServiceProviderVersion()).isEqualTo(Optional.empty());
}

Example 78 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.

the class SamlMessageReceiverApi method handleRequestPost.

@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Timed
@ResponseMetered
public Response handleRequestPost(SamlRequestDto samlRequestDto) {
    relayStateValidator.validate(samlRequestDto.getRelayState());
    AuthnRequest authnRequest = stringSamlAuthnRequestTransformer.apply(samlRequestDto.getSamlRequest());
    SamlValidationResponse signatureValidationResponse = authnRequestSignatureValidator.validate(authnRequest, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    authnRequestsFromEntities.labels(authnRequest.getIssuer().getValue()).inc();
    protectiveMonitoringLogger.logAuthnRequest(authnRequest, Direction.INBOUND, SignatureStatus.fromValidationResponse(signatureValidationResponse));
    if (!signatureValidationResponse.isOK()) {
        SamlValidationSpecificationFailure failure = signatureValidationResponse.getSamlValidationSpecificationFailure();
        throw new SamlTransformationErrorException(String.format("Invalid authn request from issuer \"%s\". %s", authnRequest.getIssuer().getValue(), failure.getErrorMessage()), signatureValidationResponse.getCause(), Level.ERROR);
    }
    SamlAuthnRequestContainerDto samlAuthnRequestContainerDto = new SamlAuthnRequestContainerDto(samlRequestDto.getSamlRequest(), Optional.ofNullable(samlRequestDto.getRelayState()), samlRequestDto.getPrincipalIpAsSeenByFrontend());
    SessionId sessionId = sessionProxy.createSession(samlAuthnRequestContainerDto);
    return Response.ok(sessionId).build();
}

Also used : SamlValidationResponse(uk.gov.ida.saml.core.validation.SamlValidationResponse) SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) SamlAuthnRequestContainerDto(uk.gov.ida.hub.samlproxy.domain.SamlAuthnRequestContainerDto) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) SessionId(uk.gov.ida.common.SessionId) ResponseMetered(com.codahale.metrics.annotation.ResponseMetered) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed)

Example 79 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.

the class SamlMessageSenderHandlerTest method generateAuthRequestFromHub_shouldThrowSamlTransformationException.

@Test
public void generateAuthRequestFromHub_shouldThrowSamlTransformationException() {
    Assertions.assertThrows(SamlTransformationErrorException.class, () -> {
        SessionId sessionId = SessionId.createNewSessionId();
        String expectedSamlMessageId = UUID.randomUUID().toString();
        when(sessionProxy.getAuthnRequestFromHub(sessionId)).thenReturn(new AuthnRequestFromHubContainerDto(samlRequest, postEndPoint, true));
        AuthnRequest authnRequest = anAuthnRequest().withId(expectedSamlMessageId).build();
        when(authnRequestTransformer.apply(samlRequest)).thenReturn(authnRequest);
        when(samlMessageSignatureValidator.validate(authnRequest, SPSSODescriptor.DEFAULT_ELEMENT_NAME)).thenReturn(SamlValidationResponse.anInvalidResponse(new SamlValidationSpecification("bad", true)));
        samlMessageSenderHandler.generateAuthnRequestFromHub(sessionId, principalIpAddressAsSeenByHub);
    });
}

Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthnRequestBuilder.anAuthnRequest(uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) AuthnRequestFromHubContainerDto(uk.gov.ida.hub.samlproxy.domain.AuthnRequestFromHubContainerDto) SessionId(uk.gov.ida.common.SessionId) SamlValidationSpecification(uk.gov.ida.saml.core.validation.errors.SamlValidationSpecification) Test(org.junit.jupiter.api.Test)

Example 80 with AuthnRequest

use of org.opensaml.saml.saml2.core.AuthnRequest in project verify-hub by alphagov.

the class ProtectiveMonitoringLogFormatterTest method shouldFormatAuthnRequestWithoutIssuer.

@Test
public void shouldFormatAuthnRequestWithoutIssuer() {
    AuthnRequest authnRequest = anAuthnRequest().withId("test-id").withDestination("veganistan").withIssuer(null).build();
    String logString = new ProtectiveMonitoringLogFormatter().formatAuthnRequest(authnRequest, Direction.INBOUND, SignatureStatus.VALID_SIGNATURE);
    assertThat(logString).contains("issuerId: ,");
}

Aggregations

AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)113 Test (org.junit.jupiter.api.Test)42 lombok.val (lombok.val)40 Issuer (org.opensaml.saml.saml2.core.Issuer)28 AuthnRequestBuilder.anAuthnRequest (uk.gov.ida.saml.core.test.builders.AuthnRequestBuilder.anAuthnRequest)15 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)14 RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)14 MessageContext (org.opensaml.messaging.context.MessageContext)13 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)12 IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)12 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)11 DateTime (org.joda.time.DateTime)11 AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)11 NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)11 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)10 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)10 IOException (java.io.IOException)9 XMLObject (org.opensaml.core.xml.XMLObject)9 NameID (org.opensaml.saml.saml2.core.NameID)8 JEEContext (org.pac4j.core.context.JEEContext)8