Search in sources :

Example 1 with DefaultSaml2AuthenticatedPrincipal

use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method authentication.

private Authentication authentication(RelyingPartyRegistration registration) {
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", new HashMap<>());
    principal.setRelyingPartyRegistrationId(registration.getRegistrationId());
    return new Saml2Authentication(principal, "response", new ArrayList<>());
}
Also used : Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)

Example 2 with DefaultSaml2AuthenticatedPrincipal

use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method setup.

@BeforeEach
public void setup() {
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap());
    principal.setRelyingPartyRegistrationId("registration-id");
    this.user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER"));
    this.request = new MockHttpServletRequest("POST", "");
    this.request.setServletPath("/login/saml2/sso/test-rp");
    this.response = new MockHttpServletResponse();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 3 with DefaultSaml2AuthenticatedPrincipal

use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method saml2LogoutRequestWhenNoRegistrationThen400.

@Test
public void saml2LogoutRequestWhenNoRegistrationThen400() throws Exception {
    this.spring.register(Saml2LogoutDefaultsConfig.class).autowire();
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap());
    principal.setRelyingPartyRegistrationId("wrong");
    Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER"));
    this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest).param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg).param("Signature", this.apLogoutRequestSignature).with(authentication(user))).andExpect(status().isBadRequest());
    verifyNoInteractions(getBean(LogoutHandler.class));
}
Also used : Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) Test(org.junit.jupiter.api.Test)

Example 4 with DefaultSaml2AuthenticatedPrincipal

use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project midpoint by Evolveum.

the class Saml2Provider method internalAuthentication.

@Override
protected Authentication internalAuthentication(Authentication authentication, List requireAssignment, AuthenticationChannel channel, Class focusType) throws AuthenticationException {
    Authentication token;
    if (authentication instanceof Saml2AuthenticationToken) {
        Saml2AuthenticationToken samlAuthenticationToken = (Saml2AuthenticationToken) authentication;
        Saml2Authentication samlAuthentication;
        try {
            samlAuthentication = (Saml2Authentication) openSamlProvider.authenticate(samlAuthenticationToken);
        } catch (AuthenticationException e) {
            getAuditProvider().auditLoginFailure(null, null, createConnectEnvironment(getChannel()), e.getMessage());
            throw e;
        }
        Saml2ModuleAuthenticationImpl samlModule = (Saml2ModuleAuthenticationImpl) AuthUtil.getProcessingModule();
        try {
            DefaultSaml2AuthenticatedPrincipal principal = (DefaultSaml2AuthenticatedPrincipal) samlAuthentication.getPrincipal();
            samlAuthenticationToken.setDetails(principal);
            Map<String, List<Object>> attributes = principal.getAttributes();
            String enteredUsername;
            SamlAdditionalConfiguration config = samlModule.getAdditionalConfiguration().get(samlAuthenticationToken.getRelyingPartyRegistration().getRegistrationId());
            String nameOfSamlAttribute = config.getNameOfUsernameAttribute();
            enteredUsername = defineEnteredUsername(attributes, nameOfSamlAttribute);
            token = getPreAuthenticationToken(enteredUsername, focusType, requireAssignment, channel);
        } catch (AuthenticationException e) {
            samlModule.setAuthentication(samlAuthenticationToken);
            LOGGER.info("Authentication with saml module failed: {}", e.getMessage());
            throw e;
        }
    } else {
        LOGGER.error("Unsupported authentication {}", authentication);
        throw new AuthenticationServiceException("web.security.provider.unavailable");
    }
    MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
    LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
    return token;
}
Also used : AuthenticationException(org.springframework.security.core.AuthenticationException) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) Authentication(org.springframework.security.core.Authentication) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) SamlAdditionalConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.SamlAdditionalConfiguration) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) Saml2ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl) List(java.util.List) Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken) AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException) MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)

Example 5 with DefaultSaml2AuthenticatedPrincipal

use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project midpoint by Evolveum.

the class Saml2Provider method initSamlProvider.

private void initSamlProvider() {
    openSamlProvider.setResponseAuthenticationConverter((responseToken) -> {
        Saml2Authentication authentication = defaultConverter.convert(responseToken);
        if (authentication == null) {
            return null;
        }
        DefaultSaml2AuthenticatedPrincipal principal = (DefaultSaml2AuthenticatedPrincipal) authentication.getPrincipal();
        Map<String, List<Object>> originalAttributes = principal.getAttributes();
        Response response = responseToken.getResponse();
        Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
        if (assertion == null) {
            return authentication;
        }
        Map<String, List<Object>> attributes = new LinkedHashMap<>();
        for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
            for (Attribute attribute : attributeStatement.getAttributes()) {
                if (originalAttributes.containsKey(attribute.getName())) {
                    List<Object> attributeValues = originalAttributes.get(attribute.getName());
                    attributes.put(attribute.getName(), attributeValues);
                    if (StringUtils.isNotEmpty(attribute.getFriendlyName())) {
                        attributes.put(attribute.getFriendlyName(), attributeValues);
                    }
                }
            }
        }
        MidpointSaml2AuthenticatedPrincipal newPrincipal = new MidpointSaml2AuthenticatedPrincipal(principal.getName(), attributes, assertion.getSubject().getNameID());
        newPrincipal.setRelyingPartyRegistrationId(responseToken.getToken().getRelyingPartyRegistration().getRegistrationId());
        Saml2Authentication saml2Authentication = new Saml2Authentication(newPrincipal, authentication.getSaml2Response(), authentication.getAuthorities());
        saml2Authentication.setDetails(assertion.getSubject().getNameID());
        return saml2Authentication;
    });
}
Also used : DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) LinkedHashMap(java.util.LinkedHashMap) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) List(java.util.List)

Aggregations

DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)10 Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)10 Test (org.junit.jupiter.api.Test)3 List (java.util.List)2 Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)1 SamlAdditionalConfiguration (com.evolveum.midpoint.authentication.impl.module.configuration.SamlAdditionalConfiguration)1 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)1 LinkedHashMap (java.util.LinkedHashMap)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 BeforeEach (org.junit.jupiter.api.BeforeEach)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1 AuthenticationServiceException (org.springframework.security.authentication.AuthenticationServiceException)1 Authentication (org.springframework.security.core.Authentication)1 AuthenticationException (org.springframework.security.core.AuthenticationException)1 Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)1 LogoutHandler (org.springframework.security.web.authentication.logout.LogoutHandler)1 MvcResult (org.springframework.test.web.servlet.MvcResult)1