Search in sources :

Example 1 with SAML2Configuration

use of org.pac4j.saml.config.SAML2Configuration in project cas by apereo.

the class SamlObjectSignatureValidatorTests method setupTestContextFor.

private void setupTestContextFor(final String spMetadataPath, final String spEntityId) throws Exception {
    val idpMetadata = new File("src/test/resources/metadata/idp-metadata.xml").getCanonicalPath();
    val keystorePath = new File(FileUtils.getTempDirectory(), "keystore").getCanonicalPath();
    saml2ClientConfiguration = new SAML2Configuration(keystorePath, "changeit", "changeit", idpMetadata);
    saml2ClientConfiguration.setServiceProviderEntityId(spEntityId);
    saml2ClientConfiguration.setServiceProviderMetadataPath(spMetadataPath);
    saml2ClientConfiguration.init();
    val saml2Client = new SAML2Client(saml2ClientConfiguration);
    saml2Client.setCallbackUrl("http://callback.example.org");
    saml2Client.init();
    samlContext = new MessageContext();
    saml2MessageContext = new SAML2MessageContext();
    saml2MessageContext.setSaml2Configuration(saml2ClientConfiguration);
    saml2MessageContext.setWebContext(new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()));
    val peer = saml2MessageContext.getMessageContext().getSubcontext(SAMLPeerEntityContext.class, true);
    assertNotNull(peer);
    peer.setEntityId("https://cas.example.org/idp");
    val md = peer.getSubcontext(SAMLMetadataContext.class, true);
    assertNotNull(md);
    val idpResolver = SamlIdPUtils.getRoleDescriptorResolver(casSamlIdPMetadataResolver, true);
    md.setRoleDescriptor(idpResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(peer.getEntityId())), new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME))));
    val self = saml2MessageContext.getMessageContext().getSubcontext(SAMLSelfEntityContext.class, true);
    assertNotNull(self);
    self.setEntityId(saml2ClientConfiguration.getServiceProviderEntityId());
    val sp = self.getSubcontext(SAMLMetadataContext.class, true);
    assertNotNull(sp);
    val spRes = new InMemoryResourceMetadataResolver(saml2ClientConfiguration.getServiceProviderMetadataResource(), openSamlConfigBean);
    spRes.setId(getClass().getSimpleName());
    spRes.initialize();
    val spResolver = SamlIdPUtils.getRoleDescriptorResolver(spRes, true);
    sp.setRoleDescriptor(spResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(self.getEntityId())), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME))));
    val service = new SamlRegisteredService();
    service.setName("Sample");
    service.setServiceId(saml2ClientConfiguration.getServiceProviderEntityId());
    service.setId(100);
    service.setDescription("SAML Service");
    service.setMetadataLocation(spMetadataPath);
    val facade = SamlRegisteredServiceServiceProviderMetadataFacade.get(samlRegisteredServiceCachingMetadataResolver, service, service.getServiceId());
    this.adaptor = facade.get();
}
Also used : lombok.val(lombok.val) SAML2Configuration(org.pac4j.saml.config.SAML2Configuration) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) JEEContext(org.pac4j.core.context.JEEContext) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) SAML2Client(org.pac4j.saml.client.SAML2Client) MessageContext(org.opensaml.messaging.context.MessageContext) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) File(java.io.File) InMemoryResourceMetadataResolver(org.apereo.cas.support.saml.InMemoryResourceMetadataResolver) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 2 with SAML2Configuration

use of org.pac4j.saml.config.SAML2Configuration in project cas by apereo.

the class AuthnRequestRequestedAttributesAttributeReleasePolicyTests method initialize.

@BeforeEach
public void initialize() throws Exception {
    val idpMetadata = new File("src/test/resources/metadata/idp-metadata.xml").getCanonicalPath();
    val keystorePath = new File(FileUtils.getTempDirectory(), "keystore").getCanonicalPath();
    val spMetadataPath = new File(FileUtils.getTempDirectory(), "sp-metadata.xml").getCanonicalPath();
    saml2Configuration = new SAML2Configuration(keystorePath, "changeit", "changeit", idpMetadata);
    saml2Configuration.setServiceProviderEntityId("cas:example:sp");
    saml2Configuration.setServiceProviderMetadataPath(spMetadataPath);
    saml2Configuration.init();
    val saml2Client = new SAML2Client(saml2Configuration);
    saml2Client.setCallbackUrl("http://callback.example.org");
    saml2Client.init();
    saml2MessageContext = new SAML2MessageContext();
    saml2MessageContext.setSaml2Configuration(saml2Configuration);
    saml2MessageContext.setWebContext(new JEEContext(new MockHttpServletRequest(), new MockHttpServletResponse()));
    val peer = saml2MessageContext.getMessageContext().getSubcontext(SAMLPeerEntityContext.class, true);
    assertNotNull(peer);
    peer.setEntityId("https://cas.example.org/idp");
    val md = peer.getSubcontext(SAMLMetadataContext.class, true);
    assertNotNull(md);
    val idpResolver = SamlIdPUtils.getRoleDescriptorResolver(casSamlIdPMetadataResolver, true);
    md.setRoleDescriptor(idpResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(peer.getEntityId())), new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME))));
    val self = saml2MessageContext.getMessageContext().getSubcontext(SAMLSelfEntityContext.class, true);
    assertNotNull(self);
    self.setEntityId(saml2Configuration.getServiceProviderEntityId());
    val sp = self.getSubcontext(SAMLMetadataContext.class, true);
    assertNotNull(sp);
    val spRes = new InMemoryResourceMetadataResolver(new File(spMetadataPath), openSamlConfigBean);
    spRes.setId(getClass().getSimpleName());
    spRes.initialize();
    val spResolver = SamlIdPUtils.getRoleDescriptorResolver(spRes, true);
    sp.setRoleDescriptor(spResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(Objects.requireNonNull(self.getEntityId())), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME))));
}
Also used : lombok.val(lombok.val) SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext) SAML2Configuration(org.pac4j.saml.config.SAML2Configuration) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) JEEContext(org.pac4j.core.context.JEEContext) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) SAML2Client(org.pac4j.saml.client.SAML2Client) File(java.io.File) InMemoryResourceMetadataResolver(org.apereo.cas.support.saml.InMemoryResourceMetadataResolver) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 3 with SAML2Configuration

use of org.pac4j.saml.config.SAML2Configuration in project cas by apereo.

the class DefaultDelegatedClientFactory method configureSamlClient.

/**
 * Configure saml client.
 *
 * @param properties the properties
 */
protected void configureSamlClient(final Collection<IndirectClient> properties) {
    val pac4jProperties = casProperties.getAuthn().getPac4j();
    val index = new AtomicInteger();
    pac4jProperties.getSaml().stream().filter(saml -> saml.isEnabled() && StringUtils.isNotBlank(saml.getKeystorePath()) && StringUtils.isNotBlank(saml.getIdentityProviderMetadataPath()) && StringUtils.isNotBlank(saml.getServiceProviderEntityId()) && StringUtils.isNotBlank(saml.getServiceProviderMetadataPath())).forEach(saml -> {
        val cfg = new SAML2Configuration(saml.getKeystorePath(), saml.getKeystorePassword(), saml.getPrivateKeyPassword(), saml.getIdentityProviderMetadataPath());
        cfg.setForceKeystoreGeneration(saml.isForceKeystoreGeneration());
        if (saml.getCertificateExpirationDays() > 0) {
            cfg.setCertificateExpirationPeriod(Period.ofDays(saml.getCertificateExpirationDays()));
        }
        FunctionUtils.doIfNotNull(saml.getCertificateSignatureAlg(), cfg::setCertificateSignatureAlg);
        cfg.setCertificateNameToAppend(StringUtils.defaultIfBlank(saml.getCertificateNameToAppend(), saml.getClientName()));
        cfg.setMaximumAuthenticationLifetime(Beans.newDuration(saml.getMaximumAuthenticationLifetime()).toSeconds());
        cfg.setServiceProviderEntityId(saml.getServiceProviderEntityId());
        cfg.setServiceProviderMetadataPath(saml.getServiceProviderMetadataPath());
        cfg.setAuthnRequestBindingType(saml.getDestinationBinding());
        cfg.setForceAuth(saml.isForceAuth());
        cfg.setPassive(saml.isPassive());
        cfg.setSignMetadata(saml.isSignServiceProviderMetadata());
        cfg.setMetadataSigner(new XMLSecSAML2MetadataSigner(cfg));
        cfg.setAuthnRequestSigned(saml.isSignAuthnRequest());
        cfg.setSpLogoutRequestSigned(saml.isSignServiceProviderLogoutRequest());
        cfg.setAcceptedSkew(Beans.newDuration(saml.getAcceptedSkew()).toSeconds());
        cfg.setSslSocketFactory(casSSLContext.getSslContext().getSocketFactory());
        cfg.setHostnameVerifier(casSSLContext.getHostnameVerifier());
        if (StringUtils.isNotBlank(saml.getPrincipalIdAttribute())) {
            cfg.setAttributeAsId(saml.getPrincipalIdAttribute());
        }
        cfg.setWantsAssertionsSigned(saml.isWantsAssertionsSigned());
        cfg.setWantsResponsesSigned(saml.isWantsResponsesSigned());
        cfg.setAllSignatureValidationDisabled(saml.isAllSignatureValidationDisabled());
        cfg.setUseNameQualifier(saml.isUseNameQualifier());
        cfg.setAttributeConsumingServiceIndex(saml.getAttributeConsumingServiceIndex());
        if (applicationContext.containsBean(DelegatedClientFactory.BEAN_NAME_SAML2_CLIENT_MESSAGE_FACTORY)) {
            val factory = applicationContext.getBean(DelegatedClientFactory.BEAN_NAME_SAML2_CLIENT_MESSAGE_FACTORY, SAMLMessageStoreFactory.class);
            cfg.setSamlMessageStoreFactory(factory);
        } else {
            FunctionUtils.doIf(saml.getMessageStoreFactory().equalsIgnoreCase("EMPTY"), ig -> cfg.setSamlMessageStoreFactory(new EmptyStoreFactory())).accept(saml);
            FunctionUtils.doIf(saml.getMessageStoreFactory().equalsIgnoreCase("SESSION"), ig -> cfg.setSamlMessageStoreFactory(new HttpSessionStoreFactory())).accept(saml);
            if (saml.getMessageStoreFactory().contains(".")) {
                Unchecked.consumer(ig -> {
                    val clazz = ClassUtils.getClass(DefaultDelegatedClientFactory.class.getClassLoader(), saml.getMessageStoreFactory());
                    val factory = SAMLMessageStoreFactory.class.cast(clazz.getDeclaredConstructor().newInstance());
                    cfg.setSamlMessageStoreFactory(factory);
                }).accept(saml);
            }
        }
        if (saml.getAssertionConsumerServiceIndex() >= 0) {
            cfg.setAssertionConsumerServiceIndex(saml.getAssertionConsumerServiceIndex());
        }
        if (!saml.getAuthnContextClassRef().isEmpty()) {
            cfg.setComparisonType(saml.getAuthnContextComparisonType().toUpperCase());
            cfg.setAuthnContextClassRefs(saml.getAuthnContextClassRef());
        }
        if (StringUtils.isNotBlank(saml.getKeystoreAlias())) {
            cfg.setKeystoreAlias(saml.getKeystoreAlias());
        }
        if (StringUtils.isNotBlank(saml.getNameIdPolicyFormat())) {
            cfg.setNameIdPolicyFormat(saml.getNameIdPolicyFormat());
        }
        if (!saml.getRequestedAttributes().isEmpty()) {
            saml.getRequestedAttributes().stream().map(attribute -> new SAML2ServiceProviderRequestedAttribute(attribute.getName(), attribute.getFriendlyName(), attribute.getNameFormat(), attribute.isRequired())).forEach(attribute -> cfg.getRequestedServiceProviderAttributes().add(attribute));
        }
        if (!saml.getBlockedSignatureSigningAlgorithms().isEmpty()) {
            cfg.setBlackListedSignatureSigningAlgorithms(saml.getBlockedSignatureSigningAlgorithms());
        }
        if (!saml.getSignatureAlgorithms().isEmpty()) {
            cfg.setSignatureAlgorithms(saml.getSignatureAlgorithms());
        }
        if (!saml.getSignatureReferenceDigestMethods().isEmpty()) {
            cfg.setSignatureReferenceDigestMethods(saml.getSignatureReferenceDigestMethods());
        }
        if (!StringUtils.isNotBlank(saml.getSignatureCanonicalizationAlgorithm())) {
            cfg.setSignatureCanonicalizationAlgorithm(saml.getSignatureCanonicalizationAlgorithm());
        }
        cfg.setProviderName(saml.getProviderName());
        cfg.setNameIdPolicyAllowCreate(saml.getNameIdPolicyAllowCreate().toBoolean());
        val mappedAttributes = saml.getMappedAttributes();
        if (!mappedAttributes.isEmpty()) {
            cfg.setMappedAttributes(CollectionUtils.convertDirectedListToMap(mappedAttributes));
        }
        val client = new SAML2Client(cfg);
        if (StringUtils.isBlank(saml.getClientName())) {
            val count = index.intValue();
            client.setName(client.getClass().getSimpleName() + count);
        }
        configureClient(client, saml);
        index.incrementAndGet();
        LOGGER.debug("Created delegated client [{}]", client);
        properties.add(client);
    });
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) Pac4jBaseClientProperties(org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties) RandomUtils(org.apereo.cas.util.RandomUtils) CasConfiguration(org.pac4j.cas.config.CasConfiguration) CasClient(org.pac4j.cas.client.CasClient) SneakyThrows(lombok.SneakyThrows) Google2Client(org.pac4j.oauth.client.Google2Client) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) RequiredArgsConstructor(lombok.RequiredArgsConstructor) SAML2Client(org.pac4j.saml.client.SAML2Client) HttpSessionStoreFactory(org.pac4j.saml.store.HttpSessionStoreFactory) Beans(org.apereo.cas.configuration.support.Beans) StringUtils(org.apache.commons.lang3.StringUtils) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) YahooClient(org.pac4j.oauth.client.YahooClient) AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration) ClassUtils(org.apache.commons.lang3.ClassUtils) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) LinkedIn2Client(org.pac4j.oauth.client.LinkedIn2Client) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) HiOrgServerClient(org.pac4j.oauth.client.HiOrgServerClient) IndirectClient(org.pac4j.core.client.IndirectClient) Pac4jOidcClientProperties(org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties) Synchronized(lombok.Synchronized) ResourceUtils(org.apereo.cas.util.ResourceUtils) Unchecked(org.jooq.lambda.Unchecked) Verb(com.github.scribejava.core.model.Verb) Collection(java.util.Collection) Set(java.util.Set) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) BasePac4jOidcClientProperties(org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties) EmptyStoreFactory(org.pac4j.saml.store.EmptyStoreFactory) Slf4j(lombok.extern.slf4j.Slf4j) ClientCustomPropertyConstants(org.apereo.cas.authentication.principal.ClientCustomPropertyConstants) QueryParameterCallbackUrlResolver(org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver) XMLSecSAML2MetadataSigner(org.pac4j.saml.metadata.XMLSecSAML2MetadataSigner) DisposableBean(org.springframework.beans.factory.DisposableBean) CasSSLContext(org.apereo.cas.authentication.CasSSLContext) CasWebflowConfigurer(org.apereo.cas.web.flow.CasWebflowConfigurer) CasProtocol(org.pac4j.cas.config.CasProtocol) FoursquareClient(org.pac4j.oauth.client.FoursquareClient) GitHubClient(org.pac4j.oauth.client.GitHubClient) SAML2Configuration(org.pac4j.saml.config.SAML2Configuration) Pattern(java.util.regex.Pattern) PathParameterCallbackUrlResolver(org.pac4j.core.http.callback.PathParameterCallbackUrlResolver) WindowsLiveClient(org.pac4j.oauth.client.WindowsLiveClient) AzureAdClient(org.pac4j.oidc.client.AzureAdClient) Getter(lombok.Getter) BitbucketClient(org.pac4j.oauth.client.BitbucketClient) WordPressClient(org.pac4j.oauth.client.WordPressClient) SAML2ServiceProviderRequestedAttribute(org.pac4j.saml.metadata.SAML2ServiceProviderRequestedAttribute) OidcClient(org.pac4j.oidc.client.OidcClient) CollectionUtils(org.apereo.cas.util.CollectionUtils) PayPalClient(org.pac4j.oauth.client.PayPalClient) ECPrivateKey(java.security.interfaces.ECPrivateKey) LinkedHashSet(java.util.LinkedHashSet) NoParameterCallbackUrlResolver(org.pac4j.core.http.callback.NoParameterCallbackUrlResolver) Period(java.time.Period) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) FacebookClient(org.pac4j.oauth.client.FacebookClient) KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient) lombok.val(lombok.val) ApplicationContext(org.springframework.context.ApplicationContext) AppleOidcConfiguration(org.pac4j.oidc.config.AppleOidcConfiguration) GenericOAuth20Client(org.pac4j.oauth.client.GenericOAuth20Client) AppleClient(org.pac4j.oidc.client.AppleClient) TwitterClient(org.pac4j.oauth.client.TwitterClient) SAMLMessageStoreFactory(org.pac4j.saml.store.SAMLMessageStoreFactory) KeycloakOidcConfiguration(org.pac4j.oidc.config.KeycloakOidcConfiguration) DropBoxClient(org.pac4j.oauth.client.DropBoxClient) HttpSessionStoreFactory(org.pac4j.saml.store.HttpSessionStoreFactory) EmptyStoreFactory(org.pac4j.saml.store.EmptyStoreFactory) SAMLMessageStoreFactory(org.pac4j.saml.store.SAMLMessageStoreFactory) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) SAML2Configuration(org.pac4j.saml.config.SAML2Configuration) SAML2ServiceProviderRequestedAttribute(org.pac4j.saml.metadata.SAML2ServiceProviderRequestedAttribute) SAML2Client(org.pac4j.saml.client.SAML2Client) XMLSecSAML2MetadataSigner(org.pac4j.saml.metadata.XMLSecSAML2MetadataSigner)

Example 4 with SAML2Configuration

use of org.pac4j.saml.config.SAML2Configuration in project hive by apache.

the class HiveSaml2Client method getSamlConfig.

/**
 * Extracts the SAML specific configuration needed to initialize the SAML2.0 client.
 */
private static SAML2Configuration getSamlConfig(HiveConf conf) throws Exception {
    // by default the SAML2Client will create the keystore if the keystore path provided
    // doesn't exist. The directory where the keystore path is set must be accessible.
    SAML2Configuration saml2Configuration = new SAML2Configuration(conf.get(ConfVars.HIVE_SERVER2_SAML_KEYSTORE_PATH.varname), String.valueOf(conf.getPassword(ConfVars.HIVE_SERVER2_SAML_KEYSTORE_PASSWORD.varname)), String.valueOf(conf.getPassword(ConfVars.HIVE_SERVER2_SAML_PRIVATE_KEY_PASSWORD.varname)), conf.get(ConfVars.HIVE_SERVER2_SAML_IDP_METADATA.varname));
    saml2Configuration.setAuthnRequestBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
    saml2Configuration.setResponseBindingType(SAML2_POST_BINDING_URI);
    saml2Configuration.setForceAuth(conf.getBoolean(ConfVars.HIVE_SERVER2_SAML_FORCE_AUTH.varname, false));
    saml2Configuration.setMaximumAuthenticationLifetime(((int) conf.getTimeVar(ConfVars.HIVE_SERVER2_SAML_AUTHENTICATION_LIFETIME, TimeUnit.SECONDS)));
    String acsIndex = conf.get(ConfVars.HIVE_SERVER2_SAML_ACS_INDEX.varname, "");
    if (!acsIndex.isEmpty()) {
        saml2Configuration.setAssertionConsumerServiceIndex(conf.getIntVar(ConfVars.HIVE_SERVER2_SAML_ACS_INDEX));
    }
    String disallowedSignatureAlgos = conf.get(ConfVars.HIVE_SERVER2_SAML_BLACKLISTED_SIGNATURE_ALGORITHMS.varname, "");
    if (!disallowedSignatureAlgos.isEmpty()) {
        LOG.info("List of disallowed signature algorithms: " + disallowedSignatureAlgos);
        List<String> blackListedSignAlgos = Splitter.on(',').splitToList(disallowedSignatureAlgos);
        saml2Configuration.setBlackListedSignatureSigningAlgorithms(blackListedSignAlgos);
    }
    // if the SP id is set use it else we configure the SP Id as the callback id.
    // this behavior IDP dependent. E.g. in case of Okta we can explicitly set a
    // different SP id.
    saml2Configuration.setServiceProviderEntityId(conf.get(ConfVars.HIVE_SERVER2_SAML_SP_ID.varname, getCallBackUrl(conf)));
    saml2Configuration.setWantsAssertionsSigned(conf.getBoolVar(ConfVars.HIVE_SERVER2_SAML_WANT_ASSERTIONS_SIGNED));
    saml2Configuration.setAuthnRequestSigned(conf.getBoolVar(ConfVars.HIVE_SERVER2_SAML_SIGN_REQUESTS));
    return saml2Configuration;
}
Also used : SAML2Configuration(org.pac4j.saml.config.SAML2Configuration)

Example 5 with SAML2Configuration

use of org.pac4j.saml.config.SAML2Configuration in project cas by apereo.

the class DefaultDelegatedClientAuthenticationWebflowManagerTests method verifySamlStoreOperation.

@Test
public void verifySamlStoreOperation() throws Exception {
    val config = new SAML2Configuration();
    val client = new SAML2Client(config);
    val ticket = delegatedClientAuthenticationWebflowManager.store(context, client);
    assertNotNull(ticketRegistry.getTicket(ticket.getId()));
    assertEquals(ticket.getId(), delegatedClientDistributedSessionStore.get(context, SAML2StateGenerator.SAML_RELAY_STATE_ATTRIBUTE).get());
    httpServletRequest.addParameter("RelayState", ticket.getId());
    val service = delegatedClientAuthenticationWebflowManager.retrieve(requestContext, context, client);
    assertNotNull(service);
    assertNull(ticketRegistry.getTicket(ticket.getId()));
}
Also used : lombok.val(lombok.val) SAML2Configuration(org.pac4j.saml.config.SAML2Configuration) SAML2Client(org.pac4j.saml.client.SAML2Client) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

SAML2Configuration (org.pac4j.saml.config.SAML2Configuration)7 lombok.val (lombok.val)6 SAML2Client (org.pac4j.saml.client.SAML2Client)6 File (java.io.File)3 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)3 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)3 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)3 SAML2MessageContext (org.pac4j.saml.context.SAML2MessageContext)3 InMemoryResourceMetadataResolver (org.apereo.cas.support.saml.InMemoryResourceMetadataResolver)2 Test (org.junit.jupiter.api.Test)2 JEEContext (org.pac4j.core.context.JEEContext)2 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 Verb (com.github.scribejava.core.model.Verb)1 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1 ECPrivateKey (java.security.interfaces.ECPrivateKey)1 Period (java.time.Period)1 Collection (java.util.Collection)1 LinkedHashSet (java.util.LinkedHashSet)1