Examples with SessionIndex org.opensaml.saml.saml2.core.SessionIndex used on opensource projects

Search in sources :

Example 6 with SessionIndex

use of org.opensaml.saml.saml2.core.SessionIndex in project ddf by codice.

the class LogoutRequestServiceTest method insertLogoutRequest.

private void insertLogoutRequest() throws XMLStreamException, LogoutSecurityException {
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    LogoutWrapper logoutRequestWrapper = mock(LogoutWrapper.class);
    doReturn(logoutRequest).when(logoutRequestWrapper).getMessage();
    SessionIndex sessionIndex = mock(SessionIndex.class);
    doReturn(SESSION_INDEX).when(sessionIndex).getSessionIndex();
    doReturn((Collections.singletonList(sessionIndex))).when(logoutRequest).getSessionIndexes();
    doReturn(DateTime.now()).when(logoutRequest).getIssueInstant();
    doReturn(SAMLVersion.VERSION_20).when(logoutRequest).getVersion();
    doReturn(ID).when(logoutRequest).getID();
    doReturn(logoutRequestWrapper).when(logoutMessage).extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST));
}
Also used : LogoutWrapper(ddf.security.samlp.LogoutWrapper) SessionIndex(org.opensaml.saml.saml2.core.SessionIndex) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)

Example 7 with SessionIndex

use of org.opensaml.saml.saml2.core.SessionIndex in project ddf by codice.

the class LogoutRequestServiceTest method testPostLogoutRequestResponseNotParsable.

@Test
public void testPostLogoutRequestResponseNotParsable() throws Exception {
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    when(logoutRequest.getIssueInstant()).thenReturn(DateTime.now());
    SessionIndex sessionIndex = mock(SessionIndex.class);
    when(sessionIndex.getSessionIndex()).thenReturn(SESSION_INDEX);
    when(logoutRequest.getSessionIndexes()).thenReturn(Collections.singletonList(sessionIndex));
    String encodedSamlResponse = "encodedSamlRequest";
    when(logoutMessage.extractSamlLogoutResponse(any(String.class))).thenReturn(null);
    logoutRequestService.setLogoutMessage(logoutMessage);
    insertLogoutRequest();
    Response response = logoutRequestService.postLogoutRequest(null, encodedSamlResponse, relayState);
    assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
    String msg = LogoutRequestService.UNABLE_TO_PARSE_LOGOUT_RESPONSE.replaceAll(" ", "+");
    assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used : Response(javax.ws.rs.core.Response) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) SessionIndex(org.opensaml.saml.saml2.core.SessionIndex) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.Test)

Example 8 with SessionIndex

use of org.opensaml.saml.saml2.core.SessionIndex in project pac4j by pac4j.

the class SAML2DefaultResponseValidator method buildSAML2Credentials.

protected final SAML2Credentials buildSAML2Credentials(final SAML2MessageContext context) {
    final NameID nameId = context.getSAMLSubjectNameIdentifierContext().getSAML2SubjectNameID();
    final Assertion subjectAssertion = context.getSubjectAssertion();
    final String sessionIndex = getSessionIndex(subjectAssertion);
    final String issuerEntityId = subjectAssertion.getIssuer().getValue();
    List<AuthnStatement> authnStatements = subjectAssertion.getAuthnStatements();
    List<String> authnContexts = new ArrayList<String>();
    for (AuthnStatement authnStatement : authnStatements) {
        authnContexts.add(authnStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
    }
    final List<Attribute> attributes = new ArrayList<Attribute>();
    for (final AttributeStatement attributeStatement : subjectAssertion.getAttributeStatements()) {
        for (final Attribute attribute : attributeStatement.getAttributes()) {
            attributes.add(attribute);
        }
        if (!attributeStatement.getEncryptedAttributes().isEmpty()) {
            if (decrypter == null) {
                logger.warn("Encrypted attributes returned, but no keystore was provided.");
            } else {
                for (final EncryptedAttribute encryptedAttribute : attributeStatement.getEncryptedAttributes()) {
                    try {
                        attributes.add(decrypter.decrypt(encryptedAttribute));
                    } catch (final DecryptionException e) {
                        logger.warn("Decryption of attribute failed, continue with the next one", e);
                    }
                }
            }
        }
    }
    return new SAML2Credentials(nameId, issuerEntityId, attributes, subjectAssertion.getConditions(), sessionIndex, authnContexts);
}
Also used : EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) NameID(org.opensaml.saml.saml2.core.NameID) Attribute(org.opensaml.saml.saml2.core.Attribute) EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) SAML2Credentials(org.pac4j.saml.credentials.SAML2Credentials) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) ArrayList(java.util.ArrayList) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) DecryptionException(org.opensaml.xmlsec.encryption.support.DecryptionException) SAMLNameIdDecryptionException(org.pac4j.saml.exceptions.SAMLNameIdDecryptionException)

Example 9 with SessionIndex

use of org.opensaml.saml.saml2.core.SessionIndex in project spring-security by spring-projects.

the class OpenSamlLogoutRequestResolver method resolve.

Saml2LogoutRequest resolve(HttpServletRequest request, Authentication authentication, BiConsumer<RelyingPartyRegistration, LogoutRequest> logoutRequestConsumer) {
    String registrationId = getRegistrationId(authentication);
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
    if (registration == null) {
        return null;
    }
    if (registration.getAssertingPartyDetails().getSingleLogoutServiceLocation() == null) {
        return null;
    }
    LogoutRequest logoutRequest = this.logoutRequestBuilder.buildObject();
    logoutRequest.setDestination(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
    Issuer issuer = this.issuerBuilder.buildObject();
    issuer.setValue(registration.getEntityId());
    logoutRequest.setIssuer(issuer);
    NameID nameId = this.nameIdBuilder.buildObject();
    nameId.setValue(authentication.getName());
    logoutRequest.setNameID(nameId);
    if (authentication.getPrincipal() instanceof Saml2AuthenticatedPrincipal) {
        Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
        for (String index : principal.getSessionIndexes()) {
            SessionIndex sessionIndex = this.sessionIndexBuilder.buildObject();
            sessionIndex.setSessionIndex(index);
            logoutRequest.getSessionIndexes().add(sessionIndex);
        }
    }
    logoutRequestConsumer.accept(registration, logoutRequest);
    if (logoutRequest.getID() == null) {
        logoutRequest.setID("LR" + UUID.randomUUID());
    }
    String relayState = UUID.randomUUID().toString();
    Saml2LogoutRequest.Builder result = Saml2LogoutRequest.withRelyingPartyRegistration(registration).id(logoutRequest.getID());
    if (registration.getAssertingPartyDetails().getSingleLogoutServiceBinding() == Saml2MessageBinding.POST) {
        String xml = serialize(OpenSamlSigningUtils.sign(logoutRequest, registration));
        String samlRequest = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
        return result.samlRequest(samlRequest).relayState(relayState).build();
    } else {
        String xml = serialize(logoutRequest);
        String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
        result.samlRequest(deflatedAndEncoded);
        QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded).param(Saml2ParameterNames.RELAY_STATE, relayState);
        return result.parameters((params) -> params.putAll(partial.parameters())).build();
    }
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) QueryParametersPartial(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService) LogoutRequestMarshaller(org.opensaml.saml.saml2.core.impl.LogoutRequestMarshaller) XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) SerializeSupport(net.shibboleth.utilities.java.support.xml.SerializeSupport) BiConsumer(java.util.function.BiConsumer) MarshallingException(org.opensaml.core.xml.io.MarshallingException) QueryParametersPartial(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) SessionIndexBuilder(org.opensaml.saml.saml2.core.impl.SessionIndexBuilder) Saml2Exception(org.springframework.security.saml2.Saml2Exception) ConfigurationService(org.opensaml.core.config.ConfigurationService) UUID(java.util.UUID) LogoutRequestBuilder(org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder) StandardCharsets(java.nio.charset.StandardCharsets) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) SessionIndex(org.opensaml.saml.saml2.core.SessionIndex) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Element(org.w3c.dom.Element) Issuer(org.opensaml.saml.saml2.core.Issuer) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) Authentication(org.springframework.security.core.Authentication) Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) NameID(org.opensaml.saml.saml2.core.NameID) Assert(org.springframework.util.Assert) Issuer(org.opensaml.saml.saml2.core.Issuer) NameID(org.opensaml.saml.saml2.core.NameID) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) SessionIndex(org.opensaml.saml.saml2.core.SessionIndex) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal)

Example 10 with SessionIndex

use of org.opensaml.saml.saml2.core.SessionIndex in project ddf by codice.

the class LogoutRequestServiceTest method testPostLogoutRequest.

@Test
public void testPostLogoutRequest() throws Exception {
    String encodedSamlRequest = "encodedSamlRequest";
    String issuerStr = "issuer";
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    when(logoutRequest.getIssueInstant()).thenReturn(DateTime.now());
    SessionIndex sessionIndex = mock(SessionIndex.class);
    when(sessionIndex.getSessionIndex()).thenReturn(SESSION_INDEX);
    when(logoutRequest.getSessionIndexes()).thenReturn(Collections.singletonList(sessionIndex));
    LogoutWrapper<LogoutRequest> requestLogoutWrapper = new LogoutWrapperImpl<>(logoutRequest);
    when(logoutMessage.extractSamlLogoutRequest(any(String.class))).thenReturn(requestLogoutWrapper);
    Issuer issuer = mock(Issuer.class);
    OpenSAMLUtil.initSamlEngine();
    LogoutResponse logoutResponse = new LogoutResponseBuilder().buildObject();
    when(logoutRequest.getIssuer()).thenReturn(issuer);
    when(logoutRequest.getIssueInstant()).thenReturn(new DateTime());
    when(logoutRequest.getVersion()).thenReturn(SAMLVersion.VERSION_20);
    when(logoutRequest.getID()).thenReturn("id");
    when(issuer.getValue()).thenReturn(issuerStr);
    LogoutWrapper<LogoutResponse> responseLogoutWrapper = new LogoutWrapperImpl<>(logoutResponse);
    when(logoutMessage.buildLogoutResponse(eq(issuerStr), eq(StatusCode.SUCCESS), anyString())).thenReturn(responseLogoutWrapper);
    logoutRequestService.setLogoutMessage(logoutMessage);
    when(idpMetadata.getSingleLogoutBinding()).thenReturn(SamlProtocol.POST_BINDING);
    when(idpMetadata.getSingleLogoutLocation()).thenReturn(postLogoutUrl);
    Response response = logoutRequestService.postLogoutRequest(encodedSamlRequest, null, relayState);
    assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    assertTrue("Expected logout url of " + postLogoutUrl, response.getEntity().toString().contains(postLogoutUrl));
}
Also used : Response(javax.ws.rs.core.Response) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) LogoutWrapperImpl(ddf.security.samlp.impl.LogoutWrapperImpl) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) LogoutResponseBuilder(org.opensaml.saml.saml2.core.impl.LogoutResponseBuilder) Issuer(org.opensaml.saml.saml2.core.Issuer) SessionIndex(org.opensaml.saml.saml2.core.SessionIndex) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Aggregations

LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)9 SessionIndex (org.opensaml.saml.saml2.core.SessionIndex)9 Response (javax.ws.rs.core.Response)4 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)4 Test (org.junit.Test)4 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)4 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)4 NameID (org.opensaml.saml.saml2.core.NameID)4 Issuer (org.opensaml.saml.saml2.core.Issuer)3 SessionIndexBuilder (org.opensaml.saml.saml2.core.impl.SessionIndexBuilder)3 DateTime (org.joda.time.DateTime)2 Assertion (org.opensaml.saml.saml2.core.Assertion)2 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)2 IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)2 LogoutRequestBuilder (org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder)2 NameIDBuilder (org.opensaml.saml.saml2.core.impl.NameIDBuilder)2 LogoutWrapper (ddf.security.samlp.LogoutWrapper)1 LogoutWrapperImpl (ddf.security.samlp.impl.LogoutWrapperImpl)1 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1 StringWriter (java.io.StringWriter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial