Search in sources :

Example 36 with Response

use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.

the class OpenSaml4AuthenticationProviderTests method authenticateWhenAssertionIssuerNotValidThenFailsWithInvalidIssuer.

@Test
public void authenticateWhenAssertionIssuerNotValidThenFailsWithInvalidIssuer() {
    OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider();
    Response response = response();
    Assertion assertion = assertion();
    assertion.setIssuer(TestOpenSamlObjects.issuer("https://invalid.idp.test/saml2/idp"));
    response.getAssertions().add(assertion);
    TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), ASSERTING_PARTY_ENTITY_ID);
    Saml2AuthenticationToken token = token(response, verifying(registration()));
    assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> provider.authenticate(token)).withMessageContaining("did not match any valid issuers");
}
Also used : Response(org.opensaml.saml.saml2.core.Response) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Test(org.junit.jupiter.api.Test)

Example 37 with Response

use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.

the class OpenSaml4AuthenticationProviderTests method authenticateWithSHA1SignatureThenItSucceeds.

@Test
public void authenticateWithSHA1SignatureThenItSucceeds() throws Exception {
    Response response = response();
    Assertion assertion = TestOpenSamlObjects.signed(assertion(), TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID, SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
    response.getAssertions().add(assertion);
    Saml2AuthenticationToken token = token(response, verifying(registration()));
    this.provider.authenticate(token);
}
Also used : Response(org.opensaml.saml.saml2.core.Response) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) Test(org.junit.jupiter.api.Test)

Example 38 with Response

use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.

the class OpenSaml4AuthenticationProviderTests method authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException.

@Test
public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationException() {
    Response response = response();
    EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(), TestSaml2X509Credentials.assertingPartyEncryptingCredential());
    response.getEncryptedAssertions().add(encryptedAssertion);
    TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    Saml2AuthenticationToken token = token(response, verifying(registration()));
    assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> this.provider.authenticate(token)).satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
}
Also used : Response(org.opensaml.saml.saml2.core.Response) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Test(org.junit.jupiter.api.Test)

Example 39 with Response

use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.

the class OpenSaml4AuthenticationProviderTests method authenticateWhenAssertionContainsAttributesThenItSucceeds.

@Test
public void authenticateWhenAssertionContainsAttributesThenItSucceeds() {
    Response response = response();
    Assertion assertion = assertion();
    List<AttributeStatement> attributes = attributeStatements();
    assertion.getAttributeStatements().addAll(attributes);
    TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    response.getAssertions().add(assertion);
    Saml2AuthenticationToken token = token(response, verifying(registration()));
    Authentication authentication = this.provider.authenticate(token);
    Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
    Map<String, Object> expected = new LinkedHashMap<>();
    expected.put("email", Arrays.asList("john.doe@example.com", "doe.john@example.com"));
    expected.put("name", Collections.singletonList("John Doe"));
    expected.put("age", Collections.singletonList(21));
    expected.put("website", Collections.singletonList("https://johndoe.com/"));
    expected.put("registered", Collections.singletonList(true));
    Instant registeredDate = Instant.parse("1970-01-01T00:00:00Z");
    expected.put("registeredDate", Collections.singletonList(registeredDate));
    assertThat((String) principal.getFirstAttribute("name")).isEqualTo("John Doe");
    assertThat(principal.getAttributes()).isEqualTo(expected);
    assertThat(principal.getSessionIndexes()).contains("session-index");
}
Also used : Response(org.opensaml.saml.saml2.core.Response) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Authentication(org.springframework.security.core.Authentication) Instant(java.time.Instant) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) XMLObject(org.opensaml.core.xml.XMLObject) CustomOpenSamlObject(org.springframework.security.saml2.provider.service.authentication.TestCustomOpenSamlObjects.CustomOpenSamlObject) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.jupiter.api.Test)

Example 40 with Response

use of org.opensaml.saml2.core.Response in project spring-security by spring-projects.

the class OpenSaml4AuthenticationProviderTests method writeObjectWhenTypeIsSaml2AuthenticationThenNoException.

@Test
public void writeObjectWhenTypeIsSaml2AuthenticationThenNoException() throws IOException {
    Response response = response();
    Assertion assertion = TestOpenSamlObjects.signed(assertion(), TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion, TestSaml2X509Credentials.assertingPartyEncryptingCredential());
    response.getEncryptedAssertions().add(encryptedAssertion);
    TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
    Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
    Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
    // the following code will throw an exception if authentication isn't serializable
    ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
    ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteStream);
    objectOutputStream.writeObject(authentication);
    objectOutputStream.flush();
}
Also used : Response(org.opensaml.saml.saml2.core.Response) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream) Test(org.junit.jupiter.api.Test)

Aggregations

Response (org.opensaml.saml.saml2.core.Response)245 Test (org.junit.jupiter.api.Test)148 ResponseBuilder.aResponse (uk.gov.ida.saml.core.test.builders.ResponseBuilder.aResponse)84 Assertion (org.opensaml.saml.saml2.core.Assertion)62 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)51 Element (org.w3c.dom.Element)44 Status (org.opensaml.saml.saml2.core.Status)37 DateTime (org.joda.time.DateTime)36 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)31 Document (org.w3c.dom.Document)31 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)19 SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)19 SamlValidationResponse (uk.gov.ida.saml.core.validation.SamlValidationResponse)19 IdpIdaStatus (uk.gov.ida.saml.hub.domain.IdpIdaStatus)18 Authentication (org.springframework.security.core.Authentication)16 ResponseValidatorTestHelper.createStatus (uk.gov.ida.saml.hub.validators.response.helpers.ResponseValidatorTestHelper.createStatus)16 Crypto (org.apache.wss4j.common.crypto.Crypto)15 NameID (org.opensaml.saml.saml2.core.NameID)14 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)13