Example 6 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class OpenSamlAuthenticationRequestFactoryTests method getAuthNRequest.
private AuthnRequest getAuthNRequest(Saml2MessageBinding binding) {
AbstractSaml2AuthenticationRequest result = (binding == Saml2MessageBinding.REDIRECT) ? this.factory.createRedirectAuthenticationRequest(this.context) : this.factory.createPostAuthenticationRequest(this.context);
String samlRequest = result.getSamlRequest();
assertThat(samlRequest).isNotEmpty();
if (result.getBinding() == Saml2MessageBinding.REDIRECT) {
samlRequest = Saml2Utils.samlInflate(Saml2Utils.samlDecode(samlRequest));
} else {
samlRequest = new String(Saml2Utils.samlDecode(samlRequest), StandardCharsets.UTF_8);
}
try {
Document document = XMLObjectProviderRegistrySupport.getParserPool().parse(new ByteArrayInputStream(samlRequest.getBytes(StandardCharsets.UTF_8)));
Element element = document.getDocumentElement();
return (AuthnRequest) this.unmarshaller.unmarshall(element);
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
Also used :
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException)
Example 7 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilterTests method setAuthenticationRequestRepositoryWhenNotExpectedAuthenticationConverterTypeThenDoNotSet.
@Test
public void setAuthenticationRequestRepositoryWhenNotExpectedAuthenticationConverterTypeThenDoNotSet() {
AuthenticationConverter authenticationConverter = mock(AuthenticationConverter.class);
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository = mock(Saml2AuthenticationRequestRepository.class);
this.filter = new Saml2WebSsoAuthenticationFilter(authenticationConverter, "/some/other/path/{registrationId}");
this.filter.setAuthenticationRequestRepository(authenticationRequestRepository);
verifyNoInteractions(authenticationConverter);
}
Also used :
AuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Test(org.junit.jupiter.api.Test)
Example 8 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilterTests method setAuthenticationRequestRepositoryWhenExpectedAuthenticationConverterTypeThenSetLoaderIntoConverter.
@Test
public void setAuthenticationRequestRepositoryWhenExpectedAuthenticationConverterTypeThenSetLoaderIntoConverter() {
Saml2AuthenticationTokenConverter authenticationConverter = mock(Saml2AuthenticationTokenConverter.class);
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository = mock(Saml2AuthenticationRequestRepository.class);
this.filter = new Saml2WebSsoAuthenticationFilter(authenticationConverter, "/some/other/path/{registrationId}");
this.filter.setAuthenticationRequestRepository(authenticationRequestRepository);
verify(authenticationConverter).setAuthenticationRequestRepository(authenticationRequestRepository);
}
Also used :
Saml2AuthenticationTokenConverter(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Test(org.junit.jupiter.api.Test)
Example 9 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class Saml2AuthenticationTokenConverterTests method convertWhenSavedAuthenticationRequestThenToken.
@Test
public void convertWhenSavedAuthenticationRequestThenToken() {
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository = mock(Saml2AuthenticationRequestRepository.class);
AbstractSaml2AuthenticationRequest authenticationRequest = mock(AbstractSaml2AuthenticationRequest.class);
Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(this.relyingPartyRegistrationResolver);
converter.setAuthenticationRequestRepository(authenticationRequestRepository);
given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class))).willReturn(this.relyingPartyRegistration);
given(authenticationRequestRepository.loadAuthenticationRequest(any(HttpServletRequest.class))).willReturn(authenticationRequest);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
Saml2AuthenticationToken token = converter.convert(request);
assertThat(token.getSaml2Response()).isEqualTo("response");
assertThat(token.getRelyingPartyRegistration().getRegistrationId()).isEqualTo(this.relyingPartyRegistration.getRegistrationId());
assertThat(token.getAuthenticationRequest()).isEqualTo(authenticationRequest);
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)
Test(org.junit.jupiter.api.Test)
Example 10 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class Saml2LoginConfigurerTests method authenticateWhenCustomAuthnRequestRepositoryThenUses.
@Test
public void authenticateWhenCustomAuthnRequestRepositoryThenUses() throws Exception {
this.spring.register(CustomAuthenticationRequestRepository.class).autowire();
MockHttpServletRequestBuilder request = post("/login/saml2/sso/registration-id").param("SAMLResponse", SIGNED_RESPONSE);
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> repository = this.spring.getContext().getBean(Saml2AuthenticationRequestRepository.class);
this.mvc.perform(request);
verify(repository).loadAuthenticationRequest(any(HttpServletRequest.class));
verify(repository).removeAuthenticationRequest(any(HttpServletRequest.class), any(HttpServletResponse.class));
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
AbstractSaml2AuthenticationRequest (org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)17
Test (org.junit.jupiter.api.Test)15
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)3
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)3
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
Saml2Exception (org.springframework.security.saml2.Saml2Exception)2
Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)2
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)2
Saml2AuthenticationTokenConverter (org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter)2
AuthenticationConverter (org.springframework.security.web.authentication.AuthenticationConverter)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
Document (org.w3c.dom.Document)2
Element (org.w3c.dom.Element)2
HttpSession (jakarta.servlet.http.HttpSession)1
Issuer (org.opensaml.saml.saml2.core.Issuer)1
MockHttpSession (org.springframework.mock.web.MockHttpSession)1
