Search in sources :

Example 6 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.

the class DefaultAuthnContextClassRefBuilder method build.

@Override
public String build(final SamlProfileBuilderContext context) {
    if (StringUtils.isNotBlank(context.getRegisteredService().getRequiredAuthenticationContextClass())) {
        LOGGER.debug("Using [{}] as indicated by SAML registered service [{}]", context.getRegisteredService().getRequiredAuthenticationContextClass(), context.getRegisteredService().getName());
        return context.getRegisteredService().getRequiredAuthenticationContextClass();
    }
    val defClass = StringUtils.defaultIfBlank(casProperties.getAuthn().getSamlIdp().getResponse().getDefaultAuthenticationContextClass(), AuthnContext.PPT_AUTHN_CTX);
    val requestedAuthnContext = context.getSamlRequest() instanceof AuthnRequest ? AuthnRequest.class.cast(context.getSamlRequest()).getRequestedAuthnContext() : null;
    if (requestedAuthnContext == null) {
        LOGGER.debug("No specific authN context is requested. Returning [{}]", defClass);
        return defClass;
    }
    val authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
    if (authnContextClassRefs == null || authnContextClassRefs.isEmpty()) {
        LOGGER.debug("Requested authN context class ref is unspecified. Returning [{}]", defClass);
        return defClass;
    }
    val contextInAssertion = getAuthenticationContextByAssertion(context, requestedAuthnContext, authnContextClassRefs);
    val finalCtx = StringUtils.defaultIfBlank(contextInAssertion, defClass);
    LOGGER.debug("Returning authN context [{}]", finalCtx);
    return finalCtx;
}
Also used : lombok.val(lombok.val) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)

Example 7 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.

the class SamlIdPMultifactorAuthenticationTriggerTests method verifyContextMapping.

@Test
public void verifyContextMapping() throws Exception {
    val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
    val service = RegisteredServiceTestUtils.getService(registeredService.getServiceId());
    val authnRequest = SamlIdPTestUtils.getAuthnRequest(openSamlConfigBean, registeredService);
    var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
    val classRef = (AuthnContextClassRef) builder.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
    classRef.setURI("context1");
    builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
    val reqCtx = (RequestedAuthnContext) builder.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
    reqCtx.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
    reqCtx.getAuthnContextClassRefs().add(classRef);
    authnRequest.setRequestedAuthnContext(reqCtx);
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    val messageContext = new MessageContext();
    messageContext.setMessage(authnRequest);
    val context = Pair.of(authnRequest, messageContext);
    SamlIdPUtils.storeSamlRequest(new JEEContext(request, response), openSamlConfigBean, samlIdPDistributedSessionStore, context);
    assertTrue(samlIdPMultifactorAuthenticationTrigger.supports(request, registeredService, RegisteredServiceTestUtils.getAuthentication(), service));
    val result = samlIdPMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), registeredService, request, response, service);
    assertTrue(result.isPresent());
}
Also used : lombok.val(lombok.val) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) JEEContext(org.pac4j.core.context.JEEContext) MessageContext(org.opensaml.messaging.context.MessageContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 8 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project cas by apereo.

the class SamlIdPDelegatedClientAuthenticationRequestCustomizer method customize.

@Override
public void customize(final IndirectClient client, final WebContext webContext) {
    val authnRequestResult = SamlIdPUtils.retrieveSamlRequest(webContext, sessionStore, openSamlConfigBean, AuthnRequest.class).map(Pair::getLeft).map(AuthnRequest.class::cast);
    authnRequestResult.ifPresent(authnRequest -> {
        LOGGER.debug("Retrieved the SAML2 authentication request from [{}]", SamlIdPUtils.getIssuerFromSamlObject(authnRequest));
        if (authnRequest.isForceAuthn()) {
            webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
        }
        if (authnRequest.isPassive()) {
            webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
        }
        val requestedAuthnContext = authnRequest.getRequestedAuthnContext();
        if (requestedAuthnContext != null && requestedAuthnContext.getAuthnContextClassRefs() != null && !requestedAuthnContext.getAuthnContextClassRefs().isEmpty()) {
            val refs = requestedAuthnContext.getAuthnContextClassRefs().stream().map(XSURI::getURI).collect(Collectors.toList());
            webContext.setRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_AUTHN_CONTEXT_CLASS_REFS, refs);
            webContext.setRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_COMPARISON_TYPE, requestedAuthnContext.getComparison().name());
        }
    });
}
Also used : lombok.val(lombok.val) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)

Example 9 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.

the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldMaintainTheAuthnContextsInPreferenceOrder.

@Test
public void shouldMaintainTheAuthnContextsInPreferenceOrder() {
    IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withLevelsOfAssurance(Arrays.asList(AuthnContext.LEVEL_1, AuthnContext.LEVEL_2)).buildFromHub();
    AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
    RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
    List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
    List<String> authnContexts = authnContextClassRefs.stream().map(AuthnContextClassRef::getAuthnContextClassRef).collect(Collectors.toList());
    assertThat(authnContexts).containsSequence(IdaAuthnContext.LEVEL_1_AUTHN_CTX, IdaAuthnContext.LEVEL_2_AUTHN_CTX);
}
Also used : IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) IdaAuthnRequestBuilder.anIdaAuthnRequest(uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) Test(org.junit.jupiter.api.Test)

Example 10 with RequestedAuthnContext

use of org.opensaml.saml.saml2.core.RequestedAuthnContext in project verify-hub by alphagov.

the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldCorrectlyMapLevelsOfAssurance.

@Test
public void shouldCorrectlyMapLevelsOfAssurance() {
    List<AuthnContext> levelsOfAssurance = Arrays.asList(AuthnContext.LEVEL_1, AuthnContext.LEVEL_2);
    List<String> expected = Arrays.asList(IdaAuthnContext.LEVEL_1_AUTHN_CTX, IdaAuthnContext.LEVEL_2_AUTHN_CTX);
    IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withLevelsOfAssurance(levelsOfAssurance).buildFromHub();
    AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
    RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
    List<String> actual = requestedAuthnContext.getAuthnContextClassRefs().stream().map(AuthnContextClassRef::getAuthnContextClassRef).collect(Collectors.toList());
    assertThat(actual).containsAll(expected);
}
Also used : IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) IdaAuthnRequestBuilder.anIdaAuthnRequest(uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) AuthnContext(uk.gov.ida.saml.core.domain.AuthnContext) IdaAuthnContext(uk.gov.ida.saml.core.extensions.IdaAuthnContext) Test(org.junit.jupiter.api.Test)

Aggregations

RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)16 AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)13 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)13 lombok.val (lombok.val)5 Test (org.junit.jupiter.api.Test)5 NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)5 DateTime (org.joda.time.DateTime)4 Issuer (org.opensaml.saml.saml2.core.Issuer)4 IdaAuthnRequestFromHub (uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)4 SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)3 AuthnContextClassRefBuilder (org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)3 IdaAuthnRequestBuilder.anIdaAuthnRequest (uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)3 XMLObject (org.opensaml.core.xml.XMLObject)2 MessageContext (org.opensaml.messaging.context.MessageContext)2 RequestedAuthnContextBuilder (org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)2 JEEContext (org.pac4j.core.context.JEEContext)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 Inject (com.google.inject.Inject)1 StringReader (java.io.StringReader)1