Example 16 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException.
@Test
public void authenticateWhenInvalidSignatureOnAssertionThenThrowAuthenticationException() {
Response response = response();
response.getAssertions().add(assertion());
Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies(errorOf(Saml2ErrorCodes.INVALID_SIGNATURE));
}Example 17 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenResponseAuthenticationConverterConfiguredThenUses.
@Test
public void authenticateWhenResponseAuthenticationConverterConfiguredThenUses() {
Converter<ResponseToken, Saml2Authentication> authenticationConverter = mock(Converter.class);
OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
provider.setResponseAuthenticationConverter(authenticationConverter);
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
Saml2AuthenticationToken token = token(response, verifying(registration()));
provider.authenticate(token);
verify(authenticationConverter).convert(any());
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
ResponseToken(org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken)
Test(org.junit.jupiter.api.Test)
Example 18 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds.
@Test
public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() {
Response response = response();
Assertion assertion = assertion();
NameID nameId = assertion.getSubject().getNameID();
EncryptedID encryptedID = TestOpenSamlObjects.encrypted(nameId, TestSaml2X509Credentials.assertingPartyEncryptingCredential());
assertion.getSubject().setNameID(null);
assertion.getSubject().setEncryptedID(encryptedID);
response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
this.provider.authenticate(token);
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
NameID(org.opensaml.saml.saml2.core.NameID)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
EncryptedID(org.opensaml.saml.saml2.core.EncryptedID)
Test(org.junit.jupiter.api.Test)
Example 19 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenInvalidDestinationThenThrowAuthenticationException.
@Test
public void authenticateWhenInvalidDestinationThenThrowAuthenticationException() {
Response response = response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion());
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies(errorOf(Saml2ErrorCodes.INVALID_DESTINATION));
}Example 20 with Response
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenUsernameMissingThenThrowAuthenticationException.
@Test
public void authenticateWhenUsernameMissingThenThrowAuthenticationException() {
Response response = response();
Assertion assertion = assertion();
assertion.getSubject().getNameID().setValue(null);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies(errorOf(Saml2ErrorCodes.SUBJECT_NOT_FOUND));
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
Test(org.junit.jupiter.api.Test)
Aggregations
Response (org.opensaml.saml.saml2.core.Response)245
Test (org.junit.jupiter.api.Test)148
ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)84
Assertion (org.opensaml.saml.saml2.core.Assertion)62
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)51
Element (org.w3c.dom.Element)44
Status (org.opensaml.saml.saml2.core.Status)37
DateTime (org.joda.time.DateTime)36
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)31
Document (org.w3c.dom.Document)31
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26
SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)19
SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)19
SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)19
IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)18
Authentication (org.springframework.security.core.Authentication)16
ResponseValidatorTestHelper.createStatus (uk.gov.ida.saml.hub.validators.response.helpers.ResponseValidatorTestHelper.createStatus)16
Crypto (org.apache.wss4j.common.crypto.Crypto)15
NameID (org.opensaml.saml.saml2.core.NameID)14
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)13
