Example 11 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class OpenSamlAuthenticationRequestResolver method resolve.
<T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request, BiConsumer<RelyingPartyRegistration, AuthnRequest> authnRequestConsumer) {
RequestMatcher.MatchResult result = this.requestMatcher.matcher(request);
if (!result.isMatch()) {
return null;
}
String registrationId = result.getVariables().get("registrationId");
RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
if (registration == null) {
return null;
}
AuthnRequest authnRequest = this.authnRequestBuilder.buildObject();
authnRequest.setForceAuthn(Boolean.FALSE);
authnRequest.setIsPassive(Boolean.FALSE);
authnRequest.setProtocolBinding(registration.getAssertionConsumerServiceBinding().getUrn());
Issuer iss = this.issuerBuilder.buildObject();
iss.setValue(registration.getEntityId());
authnRequest.setIssuer(iss);
authnRequest.setDestination(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
authnRequest.setAssertionConsumerServiceURL(registration.getAssertionConsumerServiceLocation());
authnRequestConsumer.accept(registration, authnRequest);
if (authnRequest.getID() == null) {
authnRequest.setID("ARQ" + UUID.randomUUID().toString().substring(1));
}
String relayState = UUID.randomUUID().toString();
Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleSignOnServiceBinding();
if (binding == Saml2MessageBinding.POST) {
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
OpenSamlSigningUtils.sign(authnRequest, registration);
}
String xml = serialize(authnRequest);
String encoded = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
return (T) Saml2PostAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest(encoded).relayState(relayState).build();
} else {
String xml = serialize(authnRequest);
String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
Saml2RedirectAuthenticationRequest.Builder builder = Saml2RedirectAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest(deflatedAndEncoded).relayState(relayState);
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
Map<String, String> parameters = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded).param(Saml2ParameterNames.RELAY_STATE, relayState).parameters();
builder.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get(Saml2ParameterNames.SIGNATURE));
}
return (T) builder.build();
}
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest)
Issuer(org.opensaml.saml.saml2.core.Issuer)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
Example 12 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilter method setAuthenticationRequestRepositoryIntoAuthenticationConverter.
private void setAuthenticationRequestRepositoryIntoAuthenticationConverter(Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository) {
if (this.authenticationConverter instanceof Saml2AuthenticationTokenConverter) {
Saml2AuthenticationTokenConverter authenticationTokenConverter = (Saml2AuthenticationTokenConverter) this.authenticationConverter;
authenticationTokenConverter.setAuthenticationRequestRepository(authenticationRequestRepository);
}
}
Also used :
Saml2AuthenticationTokenConverter(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter)
Example 13 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class HttpSessionSaml2AuthenticationRequestRepository method removeAuthenticationRequest.
@Override
public AbstractSaml2AuthenticationRequest removeAuthenticationRequest(HttpServletRequest request, HttpServletResponse response) {
AbstractSaml2AuthenticationRequest authenticationRequest = loadAuthenticationRequest(request);
if (authenticationRequest == null) {
return null;
}
HttpSession httpSession = request.getSession();
httpSession.removeAttribute(this.saml2AuthnRequestAttributeName);
return authenticationRequest;
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Example 14 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class Saml2AuthenticationTokenConverter method convert.
@Override
public Saml2AuthenticationToken convert(HttpServletRequest request) {
RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationResolver.convert(request);
if (relyingPartyRegistration == null) {
return null;
}
String saml2Response = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
if (saml2Response == null) {
return null;
}
byte[] b = samlDecode(saml2Response);
saml2Response = inflateIfRequired(request, b);
AbstractSaml2AuthenticationRequest authenticationRequest = loadAuthenticationRequest(request);
return new Saml2AuthenticationToken(relyingPartyRegistration, saml2Response, authenticationRequest);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)
Example 15 with AbstractSaml2AuthenticationRequest
use of org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilterTests method attemptAuthenticationWhenSavedAuthnRequestThenRemovesAuthnRequest.
@Test
public void attemptAuthenticationWhenSavedAuthnRequestThenRemovesAuthnRequest() {
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository = mock(Saml2AuthenticationRequestRepository.class);
AuthenticationConverter authenticationConverter = mock(AuthenticationConverter.class);
given(authenticationConverter.convert(this.request)).willReturn(TestSaml2AuthenticationTokens.token());
this.filter = new Saml2WebSsoAuthenticationFilter(authenticationConverter, "/some/other/path/{registrationId}");
this.filter.setAuthenticationManager((authentication) -> null);
this.request.setPathInfo("/some/other/path/idp-registration-id");
this.filter.setAuthenticationRequestRepository(authenticationRequestRepository);
this.filter.attemptAuthentication(this.request, this.response);
verify(authenticationRequestRepository).removeAuthenticationRequest(this.request, this.response);
}
Also used :
AuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
AbstractSaml2AuthenticationRequest (org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)17
Test (org.junit.jupiter.api.Test)15
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)3
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)3
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2
Saml2Exception (org.springframework.security.saml2.Saml2Exception)2
Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)2
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)2
Saml2AuthenticationTokenConverter (org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter)2
AuthenticationConverter (org.springframework.security.web.authentication.AuthenticationConverter)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
Document (org.w3c.dom.Document)2
Element (org.w3c.dom.Element)2
HttpSession (jakarta.servlet.http.HttpSession)1
Issuer (org.opensaml.saml.saml2.core.Issuer)1
MockHttpSession (org.springframework.mock.web.MockHttpSession)1
