Example 1 with SAML2AuthnRequestBuilder
use of org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder in project cas by apereo.
the class SamlObjectSignatureValidatorTests method verifySamlAuthnRequestSignedMultipleCertificates.
@Test
public void verifySamlAuthnRequestSignedMultipleCertificates() throws Exception {
setupTestContextFor("classpath:metadata/sp-metadata-multicerts.xml", "https://bard.zoom.us");
val request = new MockHttpServletRequest();
val builder = new SAML2AuthnRequestBuilder();
saml2ClientConfiguration.setAuthnRequestSigned(true);
val authnRequest = builder.build(saml2MessageContext);
assertDoesNotThrow(new Executable() {
@Override
public void execute() throws Throwable {
samlObjectSignatureValidator.verifySamlProfileRequestIfNeeded(authnRequest, adaptor, request, samlContext);
}
});
}
Also used :
lombok.val(lombok.val)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Executable(org.junit.jupiter.api.function.Executable)
SAML2AuthnRequestBuilder(org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder)
Test(org.junit.jupiter.api.Test)
Example 2 with SAML2AuthnRequestBuilder
use of org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder in project cas by apereo.
the class SamlObjectSignatureValidatorTests method verifySamlAuthnRequestWithoutSig.
@Test
public void verifySamlAuthnRequestWithoutSig() throws Exception {
val spMetadataPath = new File(FileUtils.getTempDirectory(), "sp-metadata.xml").getCanonicalPath();
setupTestContextFor(spMetadataPath, "cas:example:sp");
val request = new MockHttpServletRequest();
val builder = new SAML2AuthnRequestBuilder();
val authnRequest = builder.build(saml2MessageContext);
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
val secContext = messageContext.getSubcontext(SecurityParametersContext.class, true);
val provider = new DefaultSignatureSigningParametersProvider(saml2ClientConfiguration);
Objects.requireNonNull(secContext).setSignatureSigningParameters(provider.build(adaptor.getSsoDescriptor()));
assertDoesNotThrow(new Executable() {
@Override
public void execute() throws Throwable {
samlObjectSignatureValidator.verifySamlProfileRequestIfNeeded(authnRequest, adaptor, request, samlContext);
}
});
}
Also used :
lombok.val(lombok.val)
DefaultSignatureSigningParametersProvider(org.pac4j.saml.crypto.DefaultSignatureSigningParametersProvider)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MessageContext(org.opensaml.messaging.context.MessageContext)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
Executable(org.junit.jupiter.api.function.Executable)
File(java.io.File)
SAML2AuthnRequestBuilder(org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder)
Test(org.junit.jupiter.api.Test)
Example 3 with SAML2AuthnRequestBuilder
use of org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder in project cas by apereo.
the class AuthnRequestRequestedAttributesAttributeReleasePolicyTests method verifyAuthnRequestWithExtensionsAllowed.
@Test
public void verifyAuthnRequestWithExtensionsAllowed() throws IOException {
val filter = new AuthnRequestRequestedAttributesAttributeReleasePolicy();
filter.setAllowedAttributes(List.of("eduPersonPrincipalName"));
filter.setUseFriendlyName(false);
val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
registeredService.setAttributeReleasePolicy(filter);
val builder = new SAML2AuthnRequestBuilder();
val authnRequest = builder.build(saml2MessageContext);
val extensions = ((SAMLObjectBuilder<Extensions>) openSamlConfigBean.getBuilderFactory().getBuilder(Extensions.DEFAULT_ELEMENT_NAME)).buildObject();
val attrBuilder = (SAMLObjectBuilder<RequestedAttribute>) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAttribute.DEFAULT_ELEMENT_NAME);
val requestAttribute = attrBuilder.buildObject(RequestedAttribute.DEFAULT_ELEMENT_NAME);
requestAttribute.setIsRequired(false);
requestAttribute.setName("eduPersonPrincipalName");
extensions.getUnknownXMLObjects().add(requestAttribute);
authnRequest.setExtensions(extensions);
try (val writer = SamlUtils.transformSamlObject(openSamlConfigBean, authnRequest)) {
val samlRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
val context = new JEEContext(request, response);
samlIdPDistributedSessionStore.set(context, SamlProtocolConstants.PARAMETER_SAML_REQUEST, samlRequest);
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
samlIdPDistributedSessionStore.set(context, MessageContext.class.getName(), SamlIdPAuthenticationContext.from(messageContext).encode());
val releasePolicyContext = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(CoreAuthenticationTestUtils.getService()).principal(getPrincipal("casuser", CollectionUtils.wrap("eduPersonPrincipalName", "casuser", "givenName", "CAS"))).build();
val attributes = filter.getAttributes(releasePolicyContext);
assertTrue(attributes.containsKey("eduPersonPrincipalName"));
val definitions = filter.determineRequestedAttributeDefinitions(releasePolicyContext);
assertTrue(definitions.contains("eduPersonPrincipalName"));
}
}
Also used :
lombok.val(lombok.val)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
JEEContext(org.pac4j.core.context.JEEContext)
MessageContext(org.opensaml.messaging.context.MessageContext)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SAML2AuthnRequestBuilder(org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder)
Test(org.junit.jupiter.api.Test)
Example 4 with SAML2AuthnRequestBuilder
use of org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder in project cas by apereo.
the class AuthnRequestRequestedAttributesAttributeReleasePolicyTests method verifyAuthnRequestWithoutExtensions.
@Test
public void verifyAuthnRequestWithoutExtensions() throws IOException {
val filter = new AuthnRequestRequestedAttributesAttributeReleasePolicy();
filter.setAllowedAttributes(List.of("eduPersonPrincipalAttribute"));
filter.setUseFriendlyName(true);
val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
registeredService.setAttributeReleasePolicy(filter);
val builder = new SAML2AuthnRequestBuilder();
val authnRequest = builder.build(saml2MessageContext);
try (val writer = SamlUtils.transformSamlObject(openSamlConfigBean, authnRequest)) {
val samlRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
val context = new JEEContext(request, response);
samlIdPDistributedSessionStore.set(context, SamlProtocolConstants.PARAMETER_SAML_REQUEST, samlRequest);
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
samlIdPDistributedSessionStore.set(context, MessageContext.class.getName(), SamlIdPAuthenticationContext.from(messageContext).encode());
val releasePolicyContext = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(CoreAuthenticationTestUtils.getService()).principal(getPrincipal("casuser", CollectionUtils.wrap("eduPersonPrincipalName", "casuser"))).build();
val attributes = filter.getAttributes(releasePolicyContext);
assertTrue(attributes.isEmpty());
}
}
Also used :
lombok.val(lombok.val)
JEEContext(org.pac4j.core.context.JEEContext)
MessageContext(org.opensaml.messaging.context.MessageContext)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SAML2AuthnRequestBuilder(org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder)
Test(org.junit.jupiter.api.Test)
Example 5 with SAML2AuthnRequestBuilder
use of org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder in project cas by apereo.
the class AuthnRequestRequestedAttributesAttributeReleasePolicyTests method verifyAuthnRequestWithExtensionsNotAllowed.
@Test
public void verifyAuthnRequestWithExtensionsNotAllowed() throws IOException {
val filter = new AuthnRequestRequestedAttributesAttributeReleasePolicy();
filter.setAllowedAttributes(List.of("eduPersonPrincipalAttribute"));
filter.setUseFriendlyName(false);
val registeredService = SamlIdPTestUtils.getSamlRegisteredService();
registeredService.setAttributeReleasePolicy(filter);
val builder = new SAML2AuthnRequestBuilder();
val authnRequest = builder.build(saml2MessageContext);
val extensions = ((SAMLObjectBuilder<Extensions>) openSamlConfigBean.getBuilderFactory().getBuilder(Extensions.DEFAULT_ELEMENT_NAME)).buildObject();
val attrBuilder = (SAMLObjectBuilder<RequestedAttribute>) openSamlConfigBean.getBuilderFactory().getBuilder(RequestedAttribute.DEFAULT_ELEMENT_NAME);
val requestAttribute = attrBuilder.buildObject(RequestedAttribute.DEFAULT_ELEMENT_NAME);
requestAttribute.setIsRequired(false);
requestAttribute.setName("givenName");
extensions.getUnknownXMLObjects().add(requestAttribute);
authnRequest.setExtensions(extensions);
try (val writer = SamlUtils.transformSamlObject(openSamlConfigBean, authnRequest)) {
val samlRequest = EncodingUtils.encodeBase64(writer.toString().getBytes(StandardCharsets.UTF_8));
val request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
val context = new JEEContext(request, response);
samlIdPDistributedSessionStore.set(context, SamlProtocolConstants.PARAMETER_SAML_REQUEST, samlRequest);
val messageContext = new MessageContext();
messageContext.setMessage(authnRequest);
samlIdPDistributedSessionStore.set(context, MessageContext.class.getName(), SamlIdPAuthenticationContext.from(messageContext).encode());
val releasePolicyContext = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(CoreAuthenticationTestUtils.getService()).principal(getPrincipal("casuser", CollectionUtils.wrap("eduPersonPrincipalName", "casuser", "givenName", "CAS"))).build();
val attributes = filter.getAttributes(releasePolicyContext);
assertTrue(attributes.isEmpty());
}
}
Also used :
lombok.val(lombok.val)
SAMLObjectBuilder(org.opensaml.saml.common.SAMLObjectBuilder)
JEEContext(org.pac4j.core.context.JEEContext)
MessageContext(org.opensaml.messaging.context.MessageContext)
SAML2MessageContext(org.pac4j.saml.context.SAML2MessageContext)
SAML2AuthnRequestBuilder(org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder)
Test(org.junit.jupiter.api.Test)
Aggregations
lombok.val (lombok.val)9
Test (org.junit.jupiter.api.Test)9
SAML2AuthnRequestBuilder (org.pac4j.saml.sso.impl.SAML2AuthnRequestBuilder)9
MessageContext (org.opensaml.messaging.context.MessageContext)5
SAML2MessageContext (org.pac4j.saml.context.SAML2MessageContext)5
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4
File (java.io.File)3
Executable (org.junit.jupiter.api.function.Executable)3
JEEContext (org.pac4j.core.context.JEEContext)3
DefaultRegisteredServiceProperty (org.apereo.cas.services.DefaultRegisteredServiceProperty)2
SAMLObjectBuilder (org.opensaml.saml.common.SAMLObjectBuilder)2
DefaultSignatureSigningParametersProvider (org.pac4j.saml.crypto.DefaultSignatureSigningParametersProvider)2
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2
SAMLOutboundProtocolMessageSigningHandler (org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler)1
