Example 6 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project cas by apereo.
the class SamlIdPDelegatedAuthenticationConfigurationTests method verifyOperation.
@Test
public void verifyOperation() throws Exception {
val service = getSamlRegisteredServiceFor("https://cassp.example.org");
service.setId(2000);
val authnRequest = SamlIdPTestUtils.getAuthnRequest(openSamlConfigBean, service);
authnRequest.setForceAuthn(true);
authnRequest.setIsPassive(true);
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
val classRef = (AuthnContextClassRef) builder.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
classRef.setURI("https://refeds.org/profile/mfa");
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
val reqCtx = (RequestedAuthnContext) builder.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
reqCtx.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
reqCtx.getAuthnContextClassRefs().add(classRef);
authnRequest.setRequestedAuthnContext(reqCtx);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val webContext = new JEEContext(request, response);
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
val context = Pair.of(authnRequest, messageContext);
SamlIdPUtils.storeSamlRequest(webContext, openSamlConfigBean, samlIdPDistributedSessionStore, context);
val saml2Client = mock(SAML2Client.class);
assertTrue(customizer.supports(saml2Client, webContext));
customizer.customize(saml2Client, webContext);
assertTrue(webContext.getRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN).isPresent());
assertTrue(webContext.getRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE).isPresent());
assertTrue(webContext.getRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_AUTHN_CONTEXT_CLASS_REFS).isPresent());
assertTrue(webContext.getRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_COMPARISON_TYPE).isPresent());
}
Also used :
lombok.val(lombok.val)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
JEEContext(org.pac4j.core.context.JEEContext)
MessageContext(org.opensaml.messaging.context.MessageContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 7 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTriggerTests method verifyContextMapping.
@Test
public void verifyContextMapping() throws Exception {
val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
val service = RegisteredServiceTestUtils.getService(registeredService.getServiceId());
val authnRequest = SamlIdPTestUtils.getAuthnRequest(openSamlConfigBean, registeredService);
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
val classRef = (AuthnContextClassRef) builder.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
classRef.setURI("context1");
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
val reqCtx = (RequestedAuthnContext) builder.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
reqCtx.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
reqCtx.getAuthnContextClassRefs().add(classRef);
authnRequest.setRequestedAuthnContext(reqCtx);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
val context = Pair.of(authnRequest, messageContext);
SamlIdPUtils.storeSamlRequest(new JEEContext(request, response), openSamlConfigBean, samlIdPDistributedSessionStore, context);
assertTrue(samlIdPMultifactorAuthenticationTrigger.supports(request, registeredService, RegisteredServiceTestUtils.getAuthentication(), service));
val result = samlIdPMultifactorAuthenticationTrigger.isActivated(RegisteredServiceTestUtils.getAuthentication(), registeredService, request, response, service);
assertTrue(result.isPresent());
}
Also used :
lombok.val(lombok.val)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
JEEContext(org.pac4j.core.context.JEEContext)
MessageContext(org.opensaml.messaging.context.MessageContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 8 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project ddf by codice.
the class SamlAssertionValidatorImplTest method createHolderOfKeyAssertion.
private Assertion createHolderOfKeyAssertion() throws Exception {
Assertion assertion = new AssertionBuilder().buildObject();
assertion.setID(UUID.randomUUID().toString());
assertion.setIssueInstant(new DateTime());
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(ISSUER);
assertion.setIssuer(issuer);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
nameID.setNameQualifier("http://cxf.apache.org/sts");
nameID.setValue("admin");
X509SubjectName x509SubjectName = new X509SubjectNameBuilder().buildObject();
x509SubjectName.setValue("EMAILADDRESS=localhost@example.org, CN=localhost, OU=Dev, O=DDF, ST=AZ, C=US");
org.opensaml.xmlsec.signature.X509Certificate x509Certificate = new X509CertificateBuilder().buildObject();
byte[] certBytes = certificate.getEncoded();
String certString = new String(Base64.encode(certBytes));
x509Certificate.setValue(certString);
X509Data x509Data = new X509DataBuilder().buildObject();
x509Data.getX509SubjectNames().add(x509SubjectName);
x509Data.getX509Certificates().add(x509Certificate);
KeyInfo keyInfo = new KeyInfoBuilder().buildObject();
keyInfo.getX509Datas().add(x509Data);
KeyInfoConfirmationDataType keyInfoConfirmationDataType = new KeyInfoConfirmationDataTypeBuilder().buildObject();
keyInfoConfirmationDataType.getKeyInfos().add(keyInfo);
SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
subjectConfirmation.setSubjectConfirmationData(keyInfoConfirmationDataType);
Subject subject = new SubjectBuilder().buildObject();
subject.setNameID(nameID);
subject.getSubjectConfirmations().add(subjectConfirmation);
assertion.setSubject(subject);
Conditions conditions = new ConditionsBuilder().buildObject();
conditions.setNotBefore(new DateTime().minusDays(3));
conditions.setNotOnOrAfter(new DateTime().plusDays(3));
assertion.setConditions(conditions);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setAuthnInstant(new DateTime());
AuthnContext authnContext = new AuthnContextBuilder().buildObject();
AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
authnContext.setAuthnContextClassRef(authnContextClassRef);
authnStatement.setAuthnContext(authnContext);
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
Attribute attribute = new AttributeBuilder().buildObject();
AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
attributeValue.setValue("admin");
attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
attribute.getAttributeValues().add(attributeValue);
attributeStatement.getAttributes().add(attribute);
assertion.getAttributeStatements().add(attributeStatement);
Signature signature = OpenSAMLUtil.buildSignature();
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(WSS4JConstants.RSA);
BasicX509Credential signingCredential;
signingCredential = new BasicX509Credential(certificate);
signingCredential.setPrivateKey(privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfo signatureKeyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(signatureKeyInfo);
assertion.setSignature(signature);
return assertion;
}
Also used :
Issuer(org.opensaml.saml.saml2.core.Issuer)
KeyInfoBuilder(org.opensaml.xmlsec.signature.impl.KeyInfoBuilder)
Attribute(org.opensaml.saml.saml2.core.Attribute)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
AuthnStatementBuilder(org.opensaml.saml.saml2.core.impl.AuthnStatementBuilder)
AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)
X509Data(org.opensaml.xmlsec.signature.X509Data)
DateTime(org.joda.time.DateTime)
Conditions(org.opensaml.saml.saml2.core.Conditions)
AuthnContext(org.opensaml.saml.saml2.core.AuthnContext)
NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder)
X509DataBuilder(org.opensaml.xmlsec.signature.impl.X509DataBuilder)
SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SubjectBuilder(org.opensaml.saml.saml2.core.impl.SubjectBuilder)
SubjectConfirmationBuilder(org.opensaml.saml.saml2.core.impl.SubjectConfirmationBuilder)
X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)
AttributeStatementBuilder(org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
X509SubjectNameBuilder(org.opensaml.xmlsec.signature.impl.X509SubjectNameBuilder)
KeyInfoConfirmationDataTypeBuilder(org.opensaml.saml.saml2.core.impl.KeyInfoConfirmationDataTypeBuilder)
NameID(org.opensaml.saml.saml2.core.NameID)
AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType)
AuthnContextBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextBuilder)
Assertion(org.opensaml.saml.saml2.core.Assertion)
X509CertificateBuilder(org.opensaml.xmlsec.signature.impl.X509CertificateBuilder)
KeyInfoConfirmationDataType(org.opensaml.saml.saml2.core.KeyInfoConfirmationDataType)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AssertionBuilder(org.opensaml.saml.saml2.core.impl.AssertionBuilder)
Subject(org.opensaml.saml.saml2.core.Subject)
ConditionsBuilder(org.opensaml.saml.saml2.core.impl.ConditionsBuilder)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Signature(org.opensaml.xmlsec.signature.Signature)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
X509SubjectName(org.opensaml.xmlsec.signature.X509SubjectName)
IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder)
AttributeValueTypeImplBuilder(org.opensaml.xacml.ctx.impl.AttributeValueTypeImplBuilder)
Example 9 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project verify-hub by alphagov.
the class IdaAuthnRequestFromHubToAuthnRequestTransformerTest method shouldMaintainTheAuthnContextsInPreferenceOrder.
@Test
public void shouldMaintainTheAuthnContextsInPreferenceOrder() {
IdaAuthnRequestFromHub originalRequestFromHub = anIdaAuthnRequest().withLevelsOfAssurance(Arrays.asList(AuthnContext.LEVEL_1, AuthnContext.LEVEL_2)).buildFromHub();
AuthnRequest transformedRequest = transformer.apply(originalRequestFromHub);
RequestedAuthnContext requestedAuthnContext = transformedRequest.getRequestedAuthnContext();
List<AuthnContextClassRef> authnContextClassRefs = requestedAuthnContext.getAuthnContextClassRefs();
List<String> authnContexts = authnContextClassRefs.stream().map(AuthnContextClassRef::getAuthnContextClassRef).collect(Collectors.toList());
assertThat(authnContexts).containsSequence(IdaAuthnContext.LEVEL_1_AUTHN_CTX, IdaAuthnContext.LEVEL_2_AUTHN_CTX);
}
Also used :
IdaAuthnRequestFromHub(uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
IdaAuthnRequestBuilder.anIdaAuthnRequest(uk.gov.ida.saml.hub.test.builders.IdaAuthnRequestBuilder.anIdaAuthnRequest)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
Test(org.junit.jupiter.api.Test)
Example 10 with AuthnContextClassRef
use of org.opensaml.saml2.core.AuthnContextClassRef in project verify-hub by alphagov.
the class AuthnStatementAssertionValidatorTest method validate_shouldThrowExceptionIfAuthnContextClassRefValueIsAbsent.
@Test
public void validate_shouldThrowExceptionIfAuthnContextClassRefValueIsAbsent() throws Exception {
AuthnContextClassRef authnContextClassRef = AuthnContextClassRefBuilder.anAuthnContextClassRef().withAuthnContextClasRefValue(null).build();
AuthnContext authnContext = AuthnContextBuilder.anAuthnContext().withAuthnContextClassRef(authnContextClassRef).build();
AuthnStatement authnStatement = AuthnStatementBuilder.anAuthnStatement().withAuthnContext(authnContext).build();
Assertion assertion = AssertionBuilder.anAssertion().addAuthnStatement(authnStatement).buildUnencrypted();
validateFail(() -> validator.validate(assertion), authnContextClassRefValueMissing());
}
Also used :
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
Assertion(org.opensaml.saml.saml2.core.Assertion)
AuthnContext(org.opensaml.saml.saml2.core.AuthnContext)
Test(org.junit.jupiter.api.Test)
Aggregations
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)21
RequestedAuthnContext (org.opensaml.saml.saml2.core.RequestedAuthnContext)13
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7
Test (org.junit.jupiter.api.Test)6
Issuer (org.opensaml.saml.saml2.core.Issuer)6
AuthnContextClassRefBuilder (org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)6
DateTime (org.joda.time.DateTime)5
Assertion (org.opensaml.saml.saml2.core.Assertion)5
AuthnContext (org.opensaml.saml.saml2.core.AuthnContext)4
lombok.val (lombok.val)3
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)3
AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)3
NameIDPolicy (org.opensaml.saml.saml2.core.NameIDPolicy)3
IssuerBuilder (org.opensaml.saml.saml2.core.impl.IssuerBuilder)3
XMLObject (org.opensaml.core.xml.XMLObject)2
MessageContext (org.opensaml.messaging.context.MessageContext)2
RequestedAuthnContextBuilder (org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder)2
AuthnContextClassRef (org.opensaml.saml2.core.AuthnContextClassRef)2
AuthnContextClassRefBuilder (org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder)2
JEEContext (org.pac4j.core.context.JEEContext)2
