use of org.opensaml.saml.saml2.core.Status in project cxf by apache.
the class SAMLResponseValidatorTest method testInvalidSubjectLocality.
@org.junit.Test
public void testInvalidSubjectLocality() throws Exception {
Document doc = DOMUtils.createDocument();
Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
// Create an AuthenticationAssertion
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
callbackHandler.setIssuer("http://cxf.apache.org/issuer");
callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
callbackHandler.setSubjectLocality("xyz.123", null);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
response.getAssertions().add(assertion.getSaml2());
Element policyElement = OpenSAMLUtil.toDom(response, doc);
doc.appendChild(policyElement);
assertNotNull(policyElement);
Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
// Validate the Response
SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
try {
validator.validateSamlResponse(marshalledResponse, null, null);
fail("Expected failure on an invalid SessionNotOnOrAfter");
} catch (WSSecurityException ex) {
// expected
}
}
use of org.opensaml.saml.saml2.core.Status in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorServiceTest method setup.
@BeforeEach
public void setup() {
final String idpEntityId = TestEntityIds.STUB_IDP_ONE;
final String assertionId1 = randomUUID().toString();
final String assertionId2 = randomUUID().toString();
final SignatureAlgorithm signatureAlgorithm = new SignatureRSASHA1();
final DigestAlgorithm digestAlgorithm = new DigestSHA256();
final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
final AttributeStatement ipAddress = anAttributeStatement().addAttribute(IPAddressAttributeBuilder.anIPAddress().build()).build();
final Optional<Signature> signature = of(SignatureBuilder.aSignature().build());
final SignatureImpl signatureImpl = ((SignatureImpl) signature.get());
signatureImpl.setXMLSignature(BuilderHelper.createXMLSignature(signatureAlgorithm, digestAlgorithm));
authnStatementAssertion = AssertionBuilder.anAssertion().withId(assertionId1).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).addAttributeStatement(ipAddress).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().build()).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId1, digestAlgorithm).build()).buildUnencrypted();
matchingDatasetAssertion = AssertionBuilder.anAssertion().withId(assertionId2).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).addAttributeStatement(matchingDatasetAttributeStatement).withSignature(SignatureBuilder.aSignature().withSignatureAlgorithm(signatureAlgorithm).withDigestAlgorithm(assertionId2, digestAlgorithm).build()).buildUnencrypted();
when(responseContainer.getSamlResponse()).thenReturn(saml);
when(assertionBlobEncrypter.encryptAssertionBlob(any(), eq(authStatementUnderlyingAssertionBlob))).thenReturn(encryptedAuthnAssertion);
when(stringToOpenSamlResponseTransformer.apply(saml)).thenReturn(samlResponse);
when(samlResponseToIdaResponseIssuedByIdpTransformer.apply(samlResponse)).thenReturn(responseFromIdp);
when(authStatementAssertion.getUnderlyingAssertionBlob()).thenReturn(authStatementUnderlyingAssertionBlob);
when(authStatementAssertion.getAuthnContext()).thenReturn(Optional.empty());
when(authStatementAssertion.getFraudDetectedDetails()).thenReturn(Optional.empty());
when(authStatementAssertion.getPrincipalIpAddressAsSeenByIdp()).thenReturn(Optional.of(principalIpAddressSeenByIdp));
when(authnStatementPersistentId.getNameId()).thenReturn("a name id");
when(authnStatementPersistentId.getNameId()).thenReturn(persistentIdName);
when(authStatementAssertion.getPersistentId()).thenReturn(authnStatementPersistentId);
when(responseFromIdp.getIssuer()).thenReturn(responseIssuer);
when(responseFromIdp.getStatus()).thenReturn(status);
when(responseFromIdp.getMatchingDatasetAssertion()).thenReturn(empty());
when(responseFromIdp.getAuthnStatementAssertion()).thenReturn(empty());
when(responseFromIdp.getSignature()).thenReturn(signature);
when(samlResponse.getIssuer()).thenReturn(issuer);
when(stringToAssertionTransformer.apply(authStatementUnderlyingAssertionBlob)).thenReturn(authnStatementAssertion);
when(stringToAssertionTransformer.apply(matchingDatasetUnderlyingAssertionBlob)).thenReturn(matchingDatasetAssertion);
InboundResponseFromIdpDataGenerator inboundResponseFromIdpDataGenerator = new InboundResponseFromIdpDataGenerator(assertionBlobEncrypter);
service = new IdpAuthnResponseTranslatorService(stringToOpenSamlResponseTransformer, stringToAssertionTransformer, samlResponseToIdaResponseIssuedByIdpTransformer, inboundResponseFromIdpDataGenerator, idpAssertionMetricsCollector, transactionsConfigProxy);
}
use of org.opensaml.saml.saml2.core.Status in project verify-hub by alphagov.
the class MatchingServiceResponseTranslatorServiceTest method setUpForTranslate.
private void setUpForTranslate(Optional<AuthnContext> authnContext, Optional<FraudDetectedDetails> fraudDetectedDetails, String encryptedAssertion, String inResponseTo, String issuer, String samlResponse, MatchingServiceIdaStatus status) {
final PassthroughAssertion assertion = new PassthroughAssertion(new PersistentId("persistentId"), authnContext, encryptedAssertion, fraudDetectedDetails, Optional.of("principalIpAddressAsSeenByIdp"));
final InboundResponseFromMatchingService inboundResponseFromMatchingService = InboundResponseFromMatchingServiceBuilder.anInboundResponseFromMatchingService().withInResponseTo(inResponseTo).withIssuerId(issuer).withMatchingServiceAssertion(assertion).withStatus(status).build();
Response response = mock(Response.class);
Issuer responseIssuer = mock(Issuer.class);
when(response.getIssuer()).thenReturn(responseIssuer);
when(responseUnmarshaller.apply(samlResponse)).thenReturn(response);
when(responseToInboundResponseFromMatchingServiceTransformer.transform(response)).thenReturn(inboundResponseFromMatchingService);
when(assertionBlobEncrypter.encryptAssertionBlob(eq(TEST_RP), any())).thenReturn(encryptedAssertion);
}
use of org.opensaml.saml.saml2.core.Status in project verify-hub by alphagov.
the class IdpIdaStatusMarshallerTest method transform_shouldTransformAuthnFailedWithNoSubStatus.
@Test
public void transform_shouldTransformAuthnFailedWithNoSubStatus() {
Status transformedStatus = marshaller.toSamlStatus(IdpIdaStatus.authenticationFailed());
assertThat(transformedStatus.getStatusCode().getValue()).isEqualTo(StatusCode.RESPONDER);
assertThat(transformedStatus.getStatusCode().getStatusCode().getValue()).isEqualTo(StatusCode.AUTHN_FAILED);
assertThat(transformedStatus.getStatusCode().getStatusCode().getStatusCode()).isNull();
}
use of org.opensaml.saml.saml2.core.Status in project verify-hub by alphagov.
the class IdpIdaStatusMarshallerTest method shouldMarshallStatusDetailWithStatusValueContainingAuthnCancelInCaseOfAuthenticationCancelled.
@Test
public void shouldMarshallStatusDetailWithStatusValueContainingAuthnCancelInCaseOfAuthenticationCancelled() {
Status status = marshaller.toSamlStatus(IdpIdaStatus.authenticationCancelled());
StatusValue actual = (StatusValue) status.getStatusDetail().getOrderedChildren().get(0);
assertThat(actual.getNamespaces()).isEmpty();
assertThat(actual.getValue()).isEqualTo(StatusValue.CANCEL);
}
Aggregations