Example 11 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProviderTests method authenticateWhenEncryptedAssertionWithoutSignatureThenItFails.
@Test
public void authenticateWhenEncryptedAssertionWithoutSignatureThenItFails() {
Response response = response();
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE, "Did not decrypt response"));
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Test(org.junit.jupiter.api.Test)
Example 12 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProviderTests method authenticateWhenAuthenticationHasDetailsThenSucceeds.
@Test
public void authenticateWhenAuthenticationHasDetailsThenSucceeds() {
Response response = response();
Assertion assertion = assertion();
assertion.getSubject().getSubjectConfirmations().forEach((sc) -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration()));
token.setDetails("some-details");
Authentication authentication = this.provider.authenticate(token);
assertThat(authentication.getDetails()).isEqualTo("some-details");
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
Authentication(org.springframework.security.core.Authentication)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Test(org.junit.jupiter.api.Test)
Example 13 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProviderTests method authenticateWhenAssertionContainsCustomAttributesThenItSucceeds.
@Test
public void authenticateWhenAssertionContainsCustomAttributesThenItSucceeds() {
Response response = response();
Assertion assertion = assertion();
AttributeStatement attribute = TestOpenSamlObjects.customAttributeStatement("Address", TestCustomOpenSamlObjects.instance());
assertion.getAttributeStatements().add(attribute);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration()));
Authentication authentication = this.provider.authenticate(token);
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
CustomOpenSamlObject address = (CustomOpenSamlObject) principal.getAttribute("Address").get(0);
assertThat(address.getStreet()).isEqualTo("Test Street");
assertThat(address.getStreetNumber()).isEqualTo("1");
assertThat(address.getZIP()).isEqualTo("11111");
assertThat(address.getCity()).isEqualTo("Test City");
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Authentication(org.springframework.security.core.Authentication)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
CustomOpenSamlObject(org.springframework.security.saml2.provider.service.authentication.TestCustomOpenSamlObjects.CustomOpenSamlObject)
Test(org.junit.jupiter.api.Test)
Example 14 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenCustomAssertionValidatorThenUses.
@Test
public void authenticateWhenCustomAssertionValidatorThenUses() {
Converter<OpenSamlAuthenticationProvider.AssertionToken, Saml2ResponseValidatorResult> validator = mock(Converter.class);
OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
// @formatter:off
provider.setAssertionValidator((assertionToken) -> OpenSamlAuthenticationProvider.createDefaultAssertionValidator().convert(assertionToken).concat(validator.convert(assertionToken)));
// @formatter:on
Response response = response();
Assertion assertion = assertion();
response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), ASSERTING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
given(validator.convert(any(OpenSamlAuthenticationProvider.AssertionToken.class))).willReturn(Saml2ResponseValidatorResult.success());
provider.authenticate(token);
verify(validator).convert(any(OpenSamlAuthenticationProvider.AssertionToken.class));
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Saml2ResponseValidatorResult(org.springframework.security.saml2.core.Saml2ResponseValidatorResult)
Test(org.junit.jupiter.api.Test)
Example 15 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenResponseStatusIsSuccessThenSucceeds.
@Test
public void authenticateWhenResponseStatusIsSuccessThenSucceeds() {
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion((r) -> r.setStatus(TestOpenSamlObjects.successStatus()));
Saml2AuthenticationToken token = token(response, verifying(registration()));
Authentication authentication = this.provider.authenticate(token);
assertThat(authentication.getName()).isEqualTo("test@saml.user");
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
Authentication(org.springframework.security.core.Authentication)
Test(org.junit.jupiter.api.Test)
Aggregations
Response (org.opensaml.saml.saml2.core.Response)245
Test (org.junit.jupiter.api.Test)148
ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)84
Assertion (org.opensaml.saml.saml2.core.Assertion)62
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)51
Element (org.w3c.dom.Element)44
Status (org.opensaml.saml.saml2.core.Status)37
DateTime (org.joda.time.DateTime)36
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)31
Document (org.w3c.dom.Document)31
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)19
SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)19
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)19
IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)18
Authentication (org.springframework.security.core.Authentication)16
ResponseValidatorTestHelper.createStatus (uk.gov.ida.saml.hub.validators.response.helpers.ResponseValidatorTestHelper.createStatus)16
Crypto (org.apache.wss4j.common.crypto.Crypto)15
NameID (org.opensaml.saml.saml2.core.NameID)14
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)13
