Example 6 with RequestedAuthnContext
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.
the class DefaultAuthnContextClassRefBuilder method build.
@Override
public String build(final SamlProfileBuilderContext context) {
if (StringUtils.isNotBlank(context.getRegisteredService().getRequiredAuthenticationContextClass())) {
LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", context.getRegisteredService().getRequiredAuthenticationContextClass(), context.getRegisteredService().getName());
return context.getRegisteredService().getRequiredAuthenticationContextClass();
}
val defClass = StringUtils.defaultIfBlank(casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX);
val requestedAuthnContext = context.getSamlRequest() instanceof AuthnRequest ? AuthnRequest.class.cast(context.getSamlRequest()).getRequestedAuthnContext() : null;
if (requestedAuthnContext == null) {
LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass);
return defClass;
}
val authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass);
return defClass;
}
val contextInAssertion = getAuthenticationContextByAssertion(context, requestedAuthnContext, authnContextClassRefs);
val finalCtx = StringUtils.defaultIfBlank(contextInAssertion, defClass);
LOGGER.debug("Returning authN context [{}]", finalCtx);
return finalCtx;
}
Also used :
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Example 7 with RequestedAuthnContext
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTriggerTests method verifyContextMapping.
@Test
public void verifyContextMapping() throws Exception {
val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
val service = RegisteredServiceTestUtils.getService(registeredService.getServiceId());
val authnRequest = SamlIdPTestUtils.getAuthnRequest(openSamlConfigBean, registeredService);
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
val classRef = (AuthnContextClassRef) builder.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
classRef.setURI("context1");
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
val reqCtx = (RequestedAuthnContext) builder.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
reqCtx.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
reqCtx.getAuthnContextClassRefs().add(classRef);
authnRequest.setRequestedAuthnContext(reqCtx);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
val context = Pair.of(authnRequest, messageContext);
SamlIdPUtils.storeSamlRequest(new JEEContext(request, response), openSamlConfigBean, samlIdPDistributedSessionStore, context);
assertTrue(samlIdPMultifactorAuthenticationTrigger.supports(request, registeredService, RegisteredServiceTestUtils.getAuthentication(), service));
val result = samlIdPMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), registeredService, request, response, service);
assertTrue(result.isPresent());
}
Also used :
lombok.val(lombok.val)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
JEEContext(org.pac4j.core.context.JEEContext)
MessageContext(org.opensaml.messaging.context.MessageContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 8 with RequestedAuthnContext
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.
the class SamlIdPDelegatedClientAuthenticationRequestCustomizer method customize.
@Override
public void customize(final IndirectClient client, final WebContext webContext) {
val authnRequestResult = SamlIdPUtils.retrieveSamlRequest(webContext, sessionStore, openSamlConfigBean, AuthnRequest.class).map(Pair::getLeft).map(AuthnRequest.class::cast);
authnRequestResult.ifPresent(authnRequest -> {
LOGGER.debug("Retrieved the SAML2 authentication request from [{}]", SamlIdPUtils.getIssuerFromSamlObject(authnRequest));
if (authnRequest.isForceAuthn()) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
}
if (authnRequest.isPassive()) {
webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
}
val requestedAuthnContext = authnRequest.getRequestedAuthnContext();
if (requestedAuthnContext != null && requestedAuthnContext.getAuthnContextClassRefs() != null && !requestedAuthnContext.getAuthnContextClassRefs().isEmpty()) {
val refs = requestedAuthnContext.getAuthnContextClassRefs().stream().map(XSURI::getURI).collect(Collectors.toList());
webContext.setRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_AUTHN_CONTEXT_CLASS_REFS, refs);
webContext.setRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_COMPARISON_TYPE, requestedAuthnContext.getComparison().name());
}
});
}
Also used :
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Example 9 with RequestedAuthnContext
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.
the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldMaintainTheAuthnContextsInPreferenceOrder.
@Test
public void shouldMaintainTheAuthnContextsInPreferenceOrder() {
IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withLevelsOfAssurance(Arrays.asList(AuthnContext.LEVEL_1, AuthnContext.LEVEL_2)).buildFromHub();
AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
List<String> authnContexts = authnContextClassRefs.stream().map(AuthnContextClassRef::getAuthnContextClassRef).collect(Collectors.toList());
assertThat(authnContexts).containsSequence(IdaAuthnContext.LEVEL_1_AUTHN_CTX, IdaAuthnContext.LEVEL_2_AUTHN_CTX);
}
Also used :
IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
IdaAuthnRequestBuilder.anIdaAuthnRequest(uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
Test(org.junit.jupiter.api.Test)
Example 10 with RequestedAuthnContext
use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.
the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldCorrectlyMapLevelsOfAssurance.
@Test
public void shouldCorrectlyMapLevelsOfAssurance() {
List<AuthnContext> levelsOfAssurance = Arrays.asList(AuthnContext.LEVEL_1, AuthnContext.LEVEL_2);
List<String> expected = Arrays.asList(IdaAuthnContext.LEVEL_1_AUTHN_CTX, IdaAuthnContext.LEVEL_2_AUTHN_CTX);
IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withLevelsOfAssurance(levelsOfAssurance).buildFromHub();
AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
List<String> actual = requestedAuthnContext.getAuthnContextClassRefs().stream().map(AuthnContextClassRef::getAuthnContextClassRef).collect(Collectors.toList());
assertThat(actual).containsAll(expected);
}
Also used :
IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
IdaAuthnRequestBuilder.anIdaAuthnRequest(uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext)
IdaAuthnContext(uk.gov.ida.saml.core.extensions.IdaAuthnContext)
Test(org.junit.jupiter.api.Test)
Aggregations
RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)16
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)13
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)13
lombok.val (lombok.val)5
Test (org.junit.jupiter.api.Test)5
NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)5
DateTime (org.joda.time.DateTime)4
Issuer (org.opensaml.saml.saml2.core.Issuer)4
IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)4
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)3
AuthnContextClassRefBuilder (org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)3
IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)3
XMLObject (org.opensaml.core.xml.XMLObject)2
MessageContext (org.opensaml.messaging.context.MessageContext)2
RequestedAuthnContextBuilder (org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)2
JEEContext (org.pac4j.core.context.JEEContext)2
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
Inject (com.google.inject.Inject)1
StringReader (java.io.StringReader)1
