Search in sources :

Example 1 with EncryptedID

use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds.

@Test
public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() {
    Response response = response();
    Assertion assertion = assertion();
    NameID nameId = assertion.getSubject().getNameID();
    EncryptedID encryptedID = TestOpenSamlObjects.encrypted(nameId, TestSaml2X509Credentials.assertingPartyEncryptingCredential());
    assertion.getSubject().setNameID(null);
    assertion.getSubject().setEncryptedID(encryptedID);
    response.getAssertions().add(assertion);
    TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
    this.provider.authenticate(token);
}
Also used : Response(org.opensaml.saml.saml2.core.Response) NameID(org.opensaml.saml.saml2.core.NameID) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) EncryptedID(org.opensaml.saml.saml2.core.EncryptedID) Test(org.junit.jupiter.api.Test)

Example 2 with EncryptedID

use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.

the class TestOpenSamlObjects method encrypted.

static EncryptedID encrypted(NameID nameId, Saml2X509Credential credential) {
    X509Certificate certificate = credential.getCertificate();
    Encrypter encrypter = getEncrypter(certificate);
    try {
        return encrypter.encrypt(nameId);
    } catch (EncryptionException ex) {
        throw new Saml2Exception("Unable to encrypt nameID.", ex);
    }
}
Also used : Encrypter(org.opensaml.saml.saml2.encryption.Encrypter) EncryptionException(org.opensaml.xmlsec.encryption.support.EncryptionException) Saml2Exception(org.springframework.security.saml2.Saml2Exception) X509Certificate(java.security.cert.X509Certificate)

Example 3 with EncryptedID

use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertion.

@Test
public void authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertion() {
    Response response = response();
    Assertion assertion = assertion();
    EncryptedID id = new EncryptedIDBuilder().buildObject();
    id.setEncryptedData(new EncryptedDataBuilder().buildObject());
    assertion.getSubject().setEncryptedID(id);
    TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    response.getAssertions().add(assertion);
    Saml2AuthenticationToken token = token(response, verifying(registration()));
    this.provider.setAssertionElementsDecrypter((tuple) -> {
        NameID name = new NameIDBuilder().buildObject();
        name.setValue("decrypted name");
        tuple.getAssertion().getSubject().setNameID(name);
    });
    Authentication authentication = this.provider.authenticate(token);
    assertThat(authentication.getName()).isEqualTo("decrypted name");
}
Also used : Response(org.opensaml.saml.saml2.core.Response) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) EncryptedIDBuilder(org.opensaml.saml.saml2.core.impl.EncryptedIDBuilder) EncryptedDataBuilder(org.opensaml.xmlsec.encryption.impl.EncryptedDataBuilder) NameID(org.opensaml.saml.saml2.core.NameID) Authentication(org.springframework.security.core.Authentication) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) EncryptedID(org.opensaml.saml.saml2.core.EncryptedID) Test(org.junit.jupiter.api.Test)

Example 4 with EncryptedID

use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.

the class OpenSaml4AuthenticationProviderTests method authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertion.

@Test
public void authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertion() {
    Response response = response();
    Assertion assertion = assertion();
    EncryptedID id = new EncryptedIDBuilder().buildObject();
    id.setEncryptedData(new EncryptedDataBuilder().buildObject());
    assertion.getSubject().setEncryptedID(id);
    TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    response.getAssertions().add(assertion);
    Saml2AuthenticationToken token = token(response, verifying(registration()));
    this.provider.setAssertionElementsDecrypter((tuple) -> {
        NameID name = new NameIDBuilder().buildObject();
        name.setValue("decrypted name");
        tuple.getAssertion().getSubject().setNameID(name);
    });
    Authentication authentication = this.provider.authenticate(token);
    assertThat(authentication.getName()).isEqualTo("decrypted name");
}
Also used : Response(org.opensaml.saml.saml2.core.Response) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) EncryptedIDBuilder(org.opensaml.saml.saml2.core.impl.EncryptedIDBuilder) EncryptedDataBuilder(org.opensaml.xmlsec.encryption.impl.EncryptedDataBuilder) NameID(org.opensaml.saml.saml2.core.NameID) Authentication(org.springframework.security.core.Authentication) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) EncryptedID(org.opensaml.saml.saml2.core.EncryptedID) Test(org.junit.jupiter.api.Test)

Example 5 with EncryptedID

use of org.opensaml.saml.saml2.core.EncryptedID in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidator method getNameId.

private NameID getNameId(LogoutRequest request, RelyingPartyRegistration registration) {
    NameID nameId = request.getNameID();
    if (nameId != null) {
        return nameId;
    }
    EncryptedID encryptedId = request.getEncryptedID();
    if (encryptedId == null) {
        return null;
    }
    return decryptNameId(encryptedId, registration);
}
Also used : NameID(org.opensaml.saml.saml2.core.NameID) EncryptedID(org.opensaml.saml.saml2.core.EncryptedID)

Aggregations

NameID (org.opensaml.saml.saml2.core.NameID)8 EncryptedID (org.opensaml.saml.saml2.core.EncryptedID)7 Assertion (org.opensaml.saml.saml2.core.Assertion)5 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)5 Test (org.junit.jupiter.api.Test)4 Response (org.opensaml.saml.saml2.core.Response)4 NameIDBuilder (org.opensaml.saml.saml2.core.impl.NameIDBuilder)3 SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)2 EncryptedIDBuilder (org.opensaml.saml.saml2.core.impl.EncryptedIDBuilder)2 EncryptedDataBuilder (org.opensaml.xmlsec.encryption.impl.EncryptedDataBuilder)2 Authentication (org.springframework.security.core.Authentication)2 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 BaseID (org.opensaml.saml.saml2.core.BaseID)1 Issuer (org.opensaml.saml.saml2.core.Issuer)1 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)1 IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)1 LogoutRequestBuilder (org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder)1 Encrypter (org.opensaml.saml.saml2.encryption.Encrypter)1 EncryptionException (org.opensaml.xmlsec.encryption.support.EncryptionException)1