Example 31 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project verify-hub by alphagov.
the class SamlEntityDescriptorValidatorTest method decorate_shouldThrowExceptionWhenRoleDescriptorDoesNotHaveAKeyInfoElement.
@Test
public void decorate_shouldThrowExceptionWhenRoleDescriptorDoesNotHaveAKeyInfoElement() throws Exception {
EntityDescriptor entityDescriptor = anEntityDescriptor().withIdpSsoDescriptor(IdpSsoDescriptorBuilder.anIdpSsoDescriptor().withoutDefaultSigningKey().addKeyDescriptor(KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(null).build()).build()).build();
assertExceptionMessage(entityDescriptor, SamlTransformationErrorFactory.missingKeyInfo());
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
EntityDescriptorBuilder.anEntityDescriptor(uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor)
Test(org.junit.jupiter.api.Test)
Example 32 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project verify-hub by alphagov.
the class SamlEntityDescriptorValidatorTest method decorate_shouldThrowExceptionWhenEntityIdIsEmpty.
@Test
public void decorate_shouldThrowExceptionWhenEntityIdIsEmpty() throws Exception {
EntityDescriptor entityDescriptor = anEntityDescriptor().withEntityId("").build();
assertExceptionMessage(entityDescriptor, SamlTransformationErrorFactory.missingOrEmptyEntityID());
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
EntityDescriptorBuilder.anEntityDescriptor(uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor)
Test(org.junit.jupiter.api.Test)
Example 33 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project verify-hub by alphagov.
the class HubMetadataIntegrationTests method getSpMetadataFromApi_shouldReturnTheHubFromNewMetadataAsAnSp.
@Test
public void getSpMetadataFromApi_shouldReturnTheHubFromNewMetadataAsAnSp() {
SamlDto samlDto = client.getTargetMain(UriBuilder.fromPath("/API/metadata/sp").build(), SamlDto.class);
EntityDescriptor entityDescriptor = getEntityDescriptor(samlDto);
assertThat(entityDescriptor.getEntityID()).isEqualTo(HUB_ENTITY_ID);
assertThat(entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)).isNull();
assertThat(entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS)).isNotNull();
assertThat(entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS).getAssertionConsumerServices().get(0).getLocation()).isEqualTo("http://foo.com/bar");
assertThat(entityDescriptor.getValidUntil()).isEqualTo(DateTime.now(DateTimeZone.UTC).plusHours(1));
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SamlDto(uk.gov.ida.hub.samlproxy.domain.SamlDto)
Test(org.junit.jupiter.api.Test)
Example 34 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class SamlProtocolTest method testCreateIdpMetadata.
@Test
public void testCreateIdpMetadata() {
EntityDescriptor entityDescriptor = SamlProtocol.createIdpMetadata("myid", "mysigningcert", "myencryptioncert", Arrays.asList("mynameid"), "redirectlocation", "postlocation", "logoutlocation");
assertEquals("myid", entityDescriptor.getEntityID());
assertEquals("mysigningcert", entityDescriptor.getIDPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue());
assertEquals("myencryptioncert", entityDescriptor.getIDPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getKeyDescriptors().get(1).getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue());
assertEquals("mynameid", entityDescriptor.getIDPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getNameIDFormats().get(0).getFormat());
assertEquals("redirectlocation", entityDescriptor.getIDPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getSingleSignOnServices().get(0).getLocation());
assertEquals("postlocation", entityDescriptor.getIDPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getSingleSignOnServices().get(1).getLocation());
assertEquals("logoutlocation", entityDescriptor.getIDPSSODescriptor(SamlProtocol.SUPPORTED_PROTOCOL).getSingleLogoutServices().get(0).getLocation());
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
Test(org.junit.Test)
Example 35 with EntityDescriptor
use of org.opensaml.saml2.metadata.EntityDescriptor in project ddf by codice.
the class SamlProtocol method createIdpMetadata.
public static EntityDescriptor createIdpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleSignOnLocationRedirect, String singleSignOnLocationPost, String singleLogOutLocation) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
//signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
//encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
for (String nameId : nameIds) {
NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
nameIDFormat.setFormat(nameId);
idpssoDescriptor.getNameIDFormats().add(nameIDFormat);
}
if (StringUtils.isNotBlank(singleSignOnLocationRedirect)) {
SingleSignOnService singleSignOnServiceRedirect = singleSignOnServiceBuilder.buildObject();
singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING);
singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect);
}
if (StringUtils.isNotBlank(singleSignOnLocationPost)) {
SingleSignOnService singleSignOnServicePost = singleSignOnServiceBuilder.buildObject();
singleSignOnServicePost.setBinding(POST_BINDING);
singleSignOnServicePost.setLocation(singleSignOnLocationPost);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost);
}
if (StringUtils.isNotBlank(singleLogOutLocation)) {
SingleLogoutService singleLogoutServiceRedir = singleLogOutServiceBuilder.buildObject();
singleLogoutServiceRedir.setBinding(REDIRECT_BINDING);
singleLogoutServiceRedir.setLocation(singleLogOutLocation);
idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedir);
SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
singleLogoutServicePost.setBinding(POST_BINDING);
singleLogoutServicePost.setLocation(singleLogOutLocation);
idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
}
idpssoDescriptor.setWantAuthnRequestsSigned(true);
idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
return entityDescriptor;
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Aggregations
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)60
Test (org.junit.jupiter.api.Test)15
KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)13
EntityDescriptorBuilder.anEntityDescriptor (uk.gov.ida.saml.core.test.builders.metadata.EntityDescriptorBuilder.anEntityDescriptor)11
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8
Test (org.junit.Test)8
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8
SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)8
List (java.util.List)7
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)7
AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)7
X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)7
IOException (java.io.IOException)6
InputStream (java.io.InputStream)6
ArrayList (java.util.ArrayList)6
SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)6
InputStreamReader (java.io.InputStreamReader)5
SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)5
SamlRegisteredServiceCachingMetadataResolver (org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)5
ApplicationContext (org.springframework.context.ApplicationContext)5
