use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidatorTests method authentication.
private Authentication authentication(RelyingPartyRegistration registration) {
DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", new HashMap<>());
principal.setRelyingPartyRegistrationId(registration.getRegistrationId());
return new Saml2Authentication(principal, "response", new ArrayList<>());
}
use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project spring-security by spring-projects.
the class Saml2LogoutConfigurerTests method setup.
@BeforeEach
public void setup() {
DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap());
principal.setRelyingPartyRegistrationId("registration-id");
this.user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER"));
this.request = new MockHttpServletRequest("POST", "");
this.request.setServletPath("/login/saml2/sso/test-rp");
this.response = new MockHttpServletResponse();
}
use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project spring-security by spring-projects.
the class Saml2LogoutConfigurerTests method saml2LogoutRequestWhenNoRegistrationThen400.
@Test
public void saml2LogoutRequestWhenNoRegistrationThen400() throws Exception {
this.spring.register(Saml2LogoutDefaultsConfig.class).autowire();
DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap());
principal.setRelyingPartyRegistrationId("wrong");
Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER"));
this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest).param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg).param("Signature", this.apLogoutRequestSignature).with(authentication(user))).andExpect(status().isBadRequest());
verifyNoInteractions(getBean(LogoutHandler.class));
}
use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project midpoint by Evolveum.
the class Saml2Provider method internalAuthentication.
@Override
protected Authentication internalAuthentication(Authentication authentication, List requireAssignment, AuthenticationChannel channel, Class focusType) throws AuthenticationException {
Authentication token;
if (authentication instanceof Saml2AuthenticationToken) {
Saml2AuthenticationToken samlAuthenticationToken = (Saml2AuthenticationToken) authentication;
Saml2Authentication samlAuthentication;
try {
samlAuthentication = (Saml2Authentication) openSamlProvider.authenticate(samlAuthenticationToken);
} catch (AuthenticationException e) {
getAuditProvider().auditLoginFailure(null, null, createConnectEnvironment(getChannel()), e.getMessage());
throw e;
}
Saml2ModuleAuthenticationImpl samlModule = (Saml2ModuleAuthenticationImpl) AuthUtil.getProcessingModule();
try {
DefaultSaml2AuthenticatedPrincipal principal = (DefaultSaml2AuthenticatedPrincipal) samlAuthentication.getPrincipal();
samlAuthenticationToken.setDetails(principal);
Map<String, List<Object>> attributes = principal.getAttributes();
String enteredUsername;
SamlAdditionalConfiguration config = samlModule.getAdditionalConfiguration().get(samlAuthenticationToken.getRelyingPartyRegistration().getRegistrationId());
String nameOfSamlAttribute = config.getNameOfUsernameAttribute();
enteredUsername = defineEnteredUsername(attributes, nameOfSamlAttribute);
token = getPreAuthenticationToken(enteredUsername, focusType, requireAssignment, channel);
} catch (AuthenticationException e) {
samlModule.setAuthentication(samlAuthenticationToken);
LOGGER.info("Authentication with saml module failed: {}", e.getMessage());
throw e;
}
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
}
use of org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal in project midpoint by Evolveum.
the class Saml2Provider method initSamlProvider.
private void initSamlProvider() {
openSamlProvider.setResponseAuthenticationConverter((responseToken) -> {
Saml2Authentication authentication = defaultConverter.convert(responseToken);
if (authentication == null) {
return null;
}
DefaultSaml2AuthenticatedPrincipal principal = (DefaultSaml2AuthenticatedPrincipal) authentication.getPrincipal();
Map<String, List<Object>> originalAttributes = principal.getAttributes();
Response response = responseToken.getResponse();
Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
if (assertion == null) {
return authentication;
}
Map<String, List<Object>> attributes = new LinkedHashMap<>();
for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
for (Attribute attribute : attributeStatement.getAttributes()) {
if (originalAttributes.containsKey(attribute.getName())) {
List<Object> attributeValues = originalAttributes.get(attribute.getName());
attributes.put(attribute.getName(), attributeValues);
if (StringUtils.isNotEmpty(attribute.getFriendlyName())) {
attributes.put(attribute.getFriendlyName(), attributeValues);
}
}
}
}
MidpointSaml2AuthenticatedPrincipal newPrincipal = new MidpointSaml2AuthenticatedPrincipal(principal.getName(), attributes, assertion.getSubject().getNameID());
newPrincipal.setRelyingPartyRegistrationId(responseToken.getToken().getRelyingPartyRegistration().getRegistrationId());
Saml2Authentication saml2Authentication = new Saml2Authentication(newPrincipal, authentication.getSaml2Response(), authentication.getAuthorities());
saml2Authentication.setDetails(assertion.getSubject().getNameID());
return saml2Authentication;
});
}
Aggregations