use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenEncryptedAttributeThenDecrypts.
@Test
public void authenticateWhenEncryptedAttributeThenDecrypts() {
Response response = response();
Assertion assertion = assertion();
EncryptedAttribute attribute = TestOpenSamlObjects.encrypted("name", "value", TestSaml2X509Credentials.assertingPartyEncryptingCredential());
AttributeStatement statement = build(AttributeStatement.DEFAULT_ELEMENT_NAME);
statement.getEncryptedAttributes().add(attribute);
assertion.getAttributeStatements().add(statement);
response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
assertThat(principal.getAttribute("name")).containsExactly("value");
}
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method token.
private Saml2AuthenticationToken token() {
Response response = response();
RelyingPartyRegistration registration = verifying(registration()).build();
return new Saml2AuthenticationToken(registration, serialize(response));
}
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException.
@Test
public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() {
Response response = response();
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential());
response.getEncryptedAssertions().add(encryptedAssertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
}
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method authenticateWhenDelegatingToDefaultAssertionValidatorThenUses.
@Test
public void authenticateWhenDelegatingToDefaultAssertionValidatorThenUses() {
OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
// @formatter:off
provider.setAssertionValidator((assertionToken) -> OpenSamlAuthenticationProvider.createDefaultAssertionValidator((token) -> new ValidationContext()).convert(assertionToken).concat(new Saml2Error("wrong error", "wrong error")));
// @formatter:on
Response response = response();
Assertion assertion = assertion();
OneTimeUse oneTimeUse = build(OneTimeUse.DEFAULT_ELEMENT_NAME);
assertion.getConditions().getConditions().add(oneTimeUse);
response.getAssertions().add(assertion);
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), ASSERTING_PARTY_ENTITY_ID);
Saml2AuthenticationToken token = token(response, verifying(registration()));
// @formatter:off
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class).satisfies((error) -> assertThat(error.getSaml2Error().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_ASSERTION));
// @formatter:on
}
use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.
the class TestOpenSamlObjects method signedResponseWithOneAssertion.
static Response signedResponseWithOneAssertion(Consumer<Response> responseConsumer) {
Response response = response();
response.getAssertions().add(assertion());
responseConsumer.accept(response);
return signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
}
Aggregations