Example 6 with Saml2Error
use of org.springframework.security.saml2.core.Saml2Error in project spring-security by spring-projects.
the class Saml2LogoutRequestFilterTests method doFilterWhenValidationFailsThen401.
@Test
public void doFilterWhenValidationFailsThen401() throws Exception {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
Authentication authentication = new TestingAuthenticationToken("user", "password");
SecurityContextHolder.getContext().setAuthentication(authentication);
MockHttpServletRequest request = new MockHttpServletRequest("POST", "/logout/saml2/slo");
request.setServletPath("/logout/saml2/slo");
request.setParameter(Saml2ParameterNames.SAML_REQUEST, "request");
MockHttpServletResponse response = new MockHttpServletResponse();
given(this.relyingPartyRegistrationResolver.resolve(request, null)).willReturn(registration);
given(this.logoutRequestValidator.validate(any())).willReturn(Saml2LogoutValidatorResult.withErrors(new Saml2Error("error", "description")).build());
this.logoutRequestProcessingFilter.doFilter(request, response, new MockFilterChain());
assertThat(response.getStatus()).isEqualTo(401);
verifyNoInteractions(this.logoutHandler);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
Authentication(org.springframework.security.core.Authentication)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Example 7 with Saml2Error
use of org.springframework.security.saml2.core.Saml2Error in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
Authentication authentication = this.authenticationConverter.convert(request);
if (authentication == null) {
Saml2Error saml2Error = new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "No relying party registration found");
throw new Saml2AuthenticationException(saml2Error);
}
setDetails(request, authentication);
this.authenticationRequestRepository.removeAuthenticationRequest(request, response);
return getAuthenticationManager().authenticate(authentication);
}
Also used :
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
Authentication(org.springframework.security.core.Authentication)
Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException)
Example 8 with Saml2Error
use of org.springframework.security.saml2.core.Saml2Error in project spring-security by spring-projects.
the class OpenSamlAuthenticationProvider method process.
private void process(Saml2AuthenticationToken token, Response response) {
String issuer = response.getIssuer().getValue();
logger.debug(LogMessage.format("Processing SAML response from %s", issuer));
boolean responseSigned = response.isSigned();
ResponseToken responseToken = new ResponseToken(response, token);
Saml2ResponseValidatorResult result = this.responseSignatureValidator.convert(responseToken);
if (responseSigned) {
this.responseElementsDecrypter.accept(responseToken);
}
result = result.concat(this.responseValidator.convert(responseToken));
boolean allAssertionsSigned = true;
for (Assertion assertion : response.getAssertions()) {
AssertionToken assertionToken = new AssertionToken(assertion, token);
result = result.concat(this.assertionSignatureValidator.convert(assertionToken));
allAssertionsSigned = allAssertionsSigned && assertion.isSigned();
if (responseSigned || assertion.isSigned()) {
this.assertionElementsDecrypter.accept(new AssertionToken(assertion, token));
}
result = result.concat(this.assertionValidator.convert(assertionToken));
}
if (!responseSigned && !allAssertionsSigned) {
String description = "Either the response or one of the assertions is unsigned. " + "Please either sign the response or all of the assertions.";
throw createAuthenticationException(Saml2ErrorCodes.INVALID_SIGNATURE, description, null);
}
Assertion firstAssertion = CollectionUtils.firstElement(response.getAssertions());
if (!hasName(firstAssertion)) {
Saml2Error error = new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND, "Assertion [" + firstAssertion.getID() + "] is missing a subject");
result = result.concat(error);
}
if (result.hasErrors()) {
Collection<Saml2Error> errors = result.getErrors();
if (logger.isTraceEnabled()) {
logger.debug("Found " + errors.size() + " validation errors in SAML response [" + response.getID() + "]: " + errors);
} else if (logger.isDebugEnabled()) {
logger.debug("Found " + errors.size() + " validation errors in SAML response [" + response.getID() + "]");
}
Saml2Error first = errors.iterator().next();
throw createAuthenticationException(first.getErrorCode(), first.getDescription(), null);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Successfully processed SAML Response [" + response.getID() + "]");
}
}
}
Also used :
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
XSString(org.opensaml.core.xml.schema.XSString)
Saml2ResponseValidatorResult(org.springframework.security.saml2.core.Saml2ResponseValidatorResult)
Example 9 with Saml2Error
use of org.springframework.security.saml2.core.Saml2Error in project spring-security by spring-projects.
the class Saml2LogoutResponseFilterTests method doFilterWhenValidatorFailsThenStops.
@Test
public void doFilterWhenValidatorFailsThenStops() throws Exception {
Authentication authentication = new TestingAuthenticationToken("user", "password");
SecurityContextHolder.getContext().setAuthentication(authentication);
MockHttpServletRequest request = new MockHttpServletRequest("POST", "/logout/saml2/slo");
request.setServletPath("/logout/saml2/slo");
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, "response");
MockHttpServletResponse response = new MockHttpServletResponse();
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
given(this.relyingPartyRegistrationResolver.resolve(request, "registration-id")).willReturn(registration);
Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest("request").build();
given(this.logoutRequestRepository.removeLogoutRequest(request, response)).willReturn(logoutRequest);
given(this.logoutResponseValidator.validate(any())).willReturn(Saml2LogoutValidatorResult.withErrors(new Saml2Error("error", "description")).build());
this.logoutResponseProcessingFilter.doFilterInternal(request, response, new MockFilterChain());
verify(this.logoutResponseValidator).validate(any());
verifyNoInteractions(this.logoutSuccessHandler);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
Authentication(org.springframework.security.core.Authentication)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken)
MockFilterChain(org.springframework.mock.web.MockFilterChain)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
Saml2Error (org.springframework.security.saml2.core.Saml2Error)9
Authentication (org.springframework.security.core.Authentication)5
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)5
Test (org.junit.jupiter.api.Test)4
Assertion (org.opensaml.saml.saml2.core.Assertion)4
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)4
Saml2ResponseValidatorResult (org.springframework.security.saml2.core.Saml2ResponseValidatorResult)4
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
IOException (java.io.IOException)3
Saml2ErrorCodes (org.springframework.security.saml2.core.Saml2ErrorCodes)3
ObjectOutputStream (java.io.ObjectOutputStream)2
Instant (java.time.Instant)2
Arrays (java.util.Arrays)2
Collections (java.util.Collections)2
HashMap (java.util.HashMap)2
LinkedHashMap (java.util.LinkedHashMap)2
List (java.util.List)2
Map (java.util.Map)2
Consumer (java.util.function.Consumer)2
QName (javax.xml.namespace.QName)2
