Example 11 with JEEContext
use of org.pac4j.jee.context.JEEContext in project cas by apereo.
the class AuthnRequestRequestedAttributesAttributeReleasePolicyTests method initialize.
@BeforeEach
public void initialize() throws Exception {
val idpMetadata = new File("src/test/resources/metadata/idp-metadata.xml").getCanonicalPath();
val keystorePath = new File(FileUtils.getTempDirectory(), "keystore").getCanonicalPath();
val spMetadataPath = new File(FileUtils.getTempDirectory(), "sp-metadata.xml").getCanonicalPath();
saml2Configuration = new SAML2Configuration(keystorePath, "changeit", "changeit", idpMetadata);
saml2Configuration.setServiceProviderEntityId("cas:example:sp");
saml2Configuration.setServiceProviderMetadataPath(spMetadataPath);
saml2Configuration.init();
val saml2Client = new SAML2Client(saml2Configuration);
saml2Client.setCallbackUrl("http://callback.example.org");
saml2Client.init();
saml2MessageContext = new SAML2MessageContext();
saml2MessageContext.setSaml2Configuration(saml2Configuration);
saml2MessageContext.setWebContext(new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()));
val peer = saml2MessageContext.getMessageContext().getSubcontext(SAMLPeerEntityContext.class, true);
assertNotNull(peer);
peer.setEntityId("https://cas.example.org/idp");
val md = peer.getSubcontext(SAMLMetadataContext.class, true);
assertNotNull(md);
val idpResolver = SamlIdPUtils.getRoleDescriptorResolver(casSamlIdPMetadataResolver, true);
md.setRoleDescriptor(idpResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(peer.getEntityId())), new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME))));
val self = saml2MessageContext.getMessageContext().getSubcontext(SAMLSelfEntityContext.class, true);
assertNotNull(self);
self.setEntityId(saml2Configuration.getServiceProviderEntityId());
val sp = self.getSubcontext(SAMLMetadataContext.class, true);
assertNotNull(sp);
val spRes = new InMemoryResourceMetadataResolver(new File(spMetadataPath), openSamlConfigBean);
spRes.setId(getClass().getSimpleName());
spRes.initialize();
val spResolver = SamlIdPUtils.getRoleDescriptorResolver(spRes, true);
sp.setRoleDescriptor(spResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(self.getEntityId())), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME))));
}
Also used :
lombok.val(lombok.val)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SAML2Configuration(org.pac4j.saml.config.SAML2Configuration)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
JEEContext(org.pac4j.jee.context.JEEContext)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion)
SAML2Client(org.pac4j.saml.client.SAML2Client)
File(java.io.File)
InMemoryResourceMetadataResolver(org.apereo.cas.support.saml.InMemoryResourceMetadataResolver)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Example 12 with JEEContext
use of org.pac4j.jee.context.JEEContext in project cas by apereo.
the class AuthnRequestRequestedAttributesAttributeReleasePolicyTests method verifyAuthnRequestWithoutExtensions.
@Test
public void verifyAuthnRequestWithoutExtensions() throws IOException {
val filter = new AuthnRequestRequestedAttributesAttributeReleasePolicy();
filter.setAllowedAttributes(List.of("eduPersonPrincipalAttribute"));
filter.setUseFriendlyName(true);
val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
registeredService.setAttributeReleasePolicy(filter);
val builder = new SAML2AuthnRequestBuilder();
val authnRequest = builder.build(saml2MessageContext);
try (val writer = SamlUtils.transformSamlObject(openSamlConfigBean, authnRequest)) {
val samlRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
val context = new JEEContext(request, response);
samlIdPDistributedSessionStore.set(context, SamlProtocolConstants.PARAMETER_SAML_REQUEST, samlRequest);
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
samlIdPDistributedSessionStore.set(context, MessageContext.class.getName(), SamlIdPAuthenticationContext.from(messageContext).encode());
val releasePolicyContext = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(CoreAuthenticationTestUtils.getService()).principal(getPrincipal("casuser", CollectionUtils.wrap("eduPersonPrincipalName", "casuser"))).build();
val attributes = filter.getAttributes(releasePolicyContext);
assertTrue(attributes.isEmpty());
}
}
Also used :
lombok.val(lombok.val)
JEEContext(org.pac4j.jee.context.JEEContext)
MessageContext(org.opensaml.messaging.context.MessageContext)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SAML2AuthnRequestBuilder(org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder)
Test(org.junit.jupiter.api.Test)
Example 13 with JEEContext
use of org.pac4j.jee.context.JEEContext in project cas by apereo.
the class SamlObjectSignatureValidatorTests method setupTestContextFor.
private void setupTestContextFor(final String spMetadataPath, final String spEntityId) throws Exception {
val idpMetadata = new File("src/test/resources/metadata/idp-metadata.xml").getCanonicalPath();
val keystorePath = new File(FileUtils.getTempDirectory(), "keystore").getCanonicalPath();
saml2ClientConfiguration = new SAML2Configuration(keystorePath, "changeit", "changeit", idpMetadata);
saml2ClientConfiguration.setServiceProviderEntityId(spEntityId);
saml2ClientConfiguration.setServiceProviderMetadataPath(spMetadataPath);
saml2ClientConfiguration.init();
val saml2Client = new SAML2Client(saml2ClientConfiguration);
saml2Client.setCallbackUrl("http://callback.example.org");
saml2Client.init();
samlContext = new MessageContext();
saml2MessageContext = new SAML2MessageContext();
saml2MessageContext.setSaml2Configuration(saml2ClientConfiguration);
saml2MessageContext.setWebContext(new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()));
val peer = saml2MessageContext.getMessageContext().getSubcontext(SAMLPeerEntityContext.class, true);
assertNotNull(peer);
peer.setEntityId("https://cas.example.org/idp");
val md = peer.getSubcontext(SAMLMetadataContext.class, true);
assertNotNull(md);
val idpResolver = SamlIdPUtils.getRoleDescriptorResolver(casSamlIdPMetadataResolver, true);
md.setRoleDescriptor(idpResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(peer.getEntityId())), new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME))));
val self = saml2MessageContext.getMessageContext().getSubcontext(SAMLSelfEntityContext.class, true);
assertNotNull(self);
self.setEntityId(saml2ClientConfiguration.getServiceProviderEntityId());
val sp = self.getSubcontext(SAMLMetadataContext.class, true);
assertNotNull(sp);
val spRes = new InMemoryResourceMetadataResolver(saml2ClientConfiguration.getServiceProviderMetadataResource(), openSamlConfigBean);
spRes.setId(getClass().getSimpleName());
spRes.initialize();
val spResolver = SamlIdPUtils.getRoleDescriptorResolver(spRes, true);
sp.setRoleDescriptor(spResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(self.getEntityId())), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME))));
val service = new SamlRegisteredService();
service.setName("Sample");
service.setServiceId(saml2ClientConfiguration.getServiceProviderEntityId());
service.setId(100);
service.setDescription("SAML Service");
service.setMetadataLocation(spMetadataPath);
val facade = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId());
this.adaptor = facade.get();
}
Also used :
lombok.val(lombok.val)
SAML2Configuration(org.pac4j.saml.config.SAML2Configuration)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
JEEContext(org.pac4j.jee.context.JEEContext)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion)
SAML2Client(org.pac4j.saml.client.SAML2Client)
MessageContext(org.opensaml.messaging.context.MessageContext)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
File(java.io.File)
InMemoryResourceMetadataResolver(org.apereo.cas.support.saml.InMemoryResourceMetadataResolver)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Example 14 with JEEContext
use of org.pac4j.jee.context.JEEContext in project cas by apereo.
the class SamlIdPDelegatedAuthenticationConfigurationTests method verifyOperation.
@Test
public void verifyOperation() throws Exception {
val service = getSamlRegisteredServiceFor("https://cassp.example.org");
service.setId(2000);
val authnRequest = SamlIdPTestUtils.getAuthnRequest(openSamlConfigBean, service);
authnRequest.setForceAuthn(true);
authnRequest.setIsPassive(true);
var builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
val classRef = (AuthnContextClassRef) builder.buildObject(AuthnContextClassRef.DEFAULT_ELEMENT_NAME);
classRef.setURI("https://refeds.org/profile/mfa");
builder = (SAMLObjectBuilder) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
val reqCtx = (RequestedAuthnContext) builder.buildObject(RequestedAuthnContext.DEFAULT_ELEMENT_NAME);
reqCtx.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
reqCtx.getAuthnContextClassRefs().add(classRef);
authnRequest.setRequestedAuthnContext(reqCtx);
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val webContext = new JEEContext(request, response);
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
val context = Pair.of(authnRequest, messageContext);
SamlIdPUtils.storeSamlRequest(webContext, openSamlConfigBean, samlIdPDistributedSessionStore, context);
val saml2Client = mock(SAML2Client.class);
assertTrue(customizer.supports(saml2Client, webContext));
customizer.customize(saml2Client, webContext);
assertTrue(webContext.getRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN).isPresent());
assertTrue(webContext.getRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE).isPresent());
assertTrue(webContext.getRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_AUTHN_CONTEXT_CLASS_REFS).isPresent());
assertTrue(webContext.getRequestAttribute(SAML2ConfigurationContext.REQUEST_ATTR_COMPARISON_TYPE).isPresent());
}
Also used :
lombok.val(lombok.val)
RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
JEEContext(org.pac4j.jee.context.JEEContext)
MessageContext(org.opensaml.messaging.context.MessageContext)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 15 with JEEContext
use of org.pac4j.jee.context.JEEContext in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTrigger method supports.
@Override
public boolean supports(final HttpServletRequest request, final RegisteredService registeredService, final Authentication authentication, final Service service) {
if (!getAuthenticationContextMappings().isEmpty()) {
val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
val context = new JEEContext(request, response);
val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
if (result.isPresent()) {
val authnRequest = (AuthnRequest) result.get().getLeft();
return authnRequest.getRequestedAuthnContext() != null && authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() != null && !authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().isEmpty();
}
}
return false;
}
Also used :
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
JEEContext(org.pac4j.jee.context.JEEContext)
Aggregations
JEEContext (org.pac4j.jee.context.JEEContext)227
lombok.val (lombok.val)224
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)166
Test (org.junit.jupiter.api.Test)163
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)161
MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)34
ProfileManager (org.pac4j.core.profile.ProfileManager)27
UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)24
CommonProfile (org.pac4j.core.profile.CommonProfile)21
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)16
ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)14
MockRequestContext (org.springframework.webflow.test.MockRequestContext)14
HashMap (java.util.HashMap)13
CasProfile (org.pac4j.cas.profile.CasProfile)13
RedirectView (org.springframework.web.servlet.view.RedirectView)13
HttpServletRequest (javax.servlet.http.HttpServletRequest)12
Map (java.util.Map)10
Optional (java.util.Optional)10
HttpServletResponse (javax.servlet.http.HttpServletResponse)10
MockServletContext (org.apereo.cas.util.MockServletContext)10
