Example 6 with ResponseToken
use of org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken in project spring-security by spring-projects.
the class OpenSamlAuthenticationProvider method authenticate.
/**
* @param authentication the authentication request object, must be of type
* {@link Saml2AuthenticationToken}
* @return {@link Saml2Authentication} if the assertion is valid
* @throws AuthenticationException if a validation exception occurs
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
try {
Saml2AuthenticationToken token = (Saml2AuthenticationToken) authentication;
String serializedResponse = token.getSaml2Response();
Response response = parse(serializedResponse);
process(token, response);
return this.responseAuthenticationConverter.convert(new ResponseToken(response, token));
} catch (Saml2AuthenticationException ex) {
throw ex;
} catch (Exception ex) {
throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
}
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
XSString(org.opensaml.core.xml.schema.XSString)
AuthenticationException(org.springframework.security.core.AuthenticationException)
AssertionValidationException(org.opensaml.saml.common.assertion.AssertionValidationException)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Example 7 with ResponseToken
use of org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken in project spring-security by spring-projects.
the class OpenSamlAuthenticationProvider method process.
private void process(Saml2AuthenticationToken token, Response response) {
String issuer = response.getIssuer().getValue();
logger.debug(LogMessage.format("Processing SAML response from %s", issuer));
boolean responseSigned = response.isSigned();
ResponseToken responseToken = new ResponseToken(response, token);
Saml2ResponseValidatorResult result = this.responseSignatureValidator.convert(responseToken);
if (responseSigned) {
this.responseElementsDecrypter.accept(responseToken);
}
result = result.concat(this.responseValidator.convert(responseToken));
boolean allAssertionsSigned = true;
for (Assertion assertion : response.getAssertions()) {
AssertionToken assertionToken = new AssertionToken(assertion, token);
result = result.concat(this.assertionSignatureValidator.convert(assertionToken));
allAssertionsSigned = allAssertionsSigned && assertion.isSigned();
if (responseSigned || assertion.isSigned()) {
this.assertionElementsDecrypter.accept(new AssertionToken(assertion, token));
}
result = result.concat(this.assertionValidator.convert(assertionToken));
}
if (!responseSigned && !allAssertionsSigned) {
String description = "Either the response or one of the assertions is unsigned. " + "Please either sign the response or all of the assertions.";
throw createAuthenticationException(Saml2ErrorCodes.INVALID_SIGNATURE, description, null);
}
Assertion firstAssertion = CollectionUtils.firstElement(response.getAssertions());
if (!hasName(firstAssertion)) {
Saml2Error error = new Saml2Error(Saml2ErrorCodes.SUBJECT_NOT_FOUND, "Assertion [" + firstAssertion.getID() + "] is missing a subject");
result = result.concat(error);
}
if (result.hasErrors()) {
Collection<Saml2Error> errors = result.getErrors();
if (logger.isTraceEnabled()) {
logger.debug("Found " + errors.size() + " validation errors in SAML response [" + response.getID() + "]: " + errors);
} else if (logger.isDebugEnabled()) {
logger.debug("Found " + errors.size() + " validation errors in SAML response [" + response.getID() + "]");
}
Saml2Error first = errors.iterator().next();
throw createAuthenticationException(first.getErrorCode(), first.getDescription(), null);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Successfully processed SAML Response [" + response.getID() + "]");
}
}
}
Also used :
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
XSString(org.opensaml.core.xml.schema.XSString)
Saml2ResponseValidatorResult(org.springframework.security.saml2.core.Saml2ResponseValidatorResult)
Example 8 with ResponseToken
use of org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProvider method authenticate.
/**
* @param authentication the authentication request object, must be of type
* {@link Saml2AuthenticationToken}
* @return {@link Saml2Authentication} if the assertion is valid
* @throws AuthenticationException if a validation exception occurs
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
try {
Saml2AuthenticationToken token = (Saml2AuthenticationToken) authentication;
String serializedResponse = token.getSaml2Response();
Response response = parse(serializedResponse);
process(token, response);
AbstractAuthenticationToken authenticationResponse = this.responseAuthenticationConverter.convert(new ResponseToken(response, token));
if (authenticationResponse != null) {
authenticationResponse.setDetails(authentication.getDetails());
}
return authenticationResponse;
} catch (Saml2AuthenticationException ex) {
throw ex;
} catch (Exception ex) {
throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
}
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
AbstractAuthenticationToken(org.springframework.security.authentication.AbstractAuthenticationToken)
XSString(org.opensaml.core.xml.schema.XSString)
AuthenticationException(org.springframework.security.core.AuthenticationException)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Example 9 with ResponseToken
use of org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken in project spring-security by spring-projects.
the class OpenSamlAuthenticationProviderTests method createDefaultResponseAuthenticationConverterWhenResponseThenConverts.
@Test
public void createDefaultResponseAuthenticationConverterWhenResponseThenConverts() {
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
Saml2AuthenticationToken token = token(response, verifying(registration()));
ResponseToken responseToken = new ResponseToken(response, token);
Saml2Authentication authentication = OpenSamlAuthenticationProvider.createDefaultResponseAuthenticationConverter().convert(responseToken);
assertThat(authentication.getName()).isEqualTo("test@saml.user");
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
ResponseToken(org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken)
Test(org.junit.jupiter.api.Test)
Example 10 with ResponseToken
use of org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProviderTests method createDefaultResponseAuthenticationConverterWhenResponseThenConverts.
@Test
public void createDefaultResponseAuthenticationConverterWhenResponseThenConverts() {
Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
Saml2AuthenticationToken token = token(response, verifying(registration()));
ResponseToken responseToken = new ResponseToken(response, token);
Saml2Authentication authentication = OpenSaml4AuthenticationProvider.createDefaultResponseAuthenticationConverter().convert(responseToken);
assertThat(authentication.getName()).isEqualTo("test@saml.user");
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
ResponseToken(org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.ResponseToken)
Test(org.junit.jupiter.api.Test)
Aggregations
Response (org.opensaml.saml.saml2.core.Response)7
Test (org.junit.jupiter.api.Test)5
XSString (org.opensaml.core.xml.schema.XSString)4
Assertion (org.opensaml.saml.saml2.core.Assertion)3
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)3
Saml2ResponseValidatorResult (org.springframework.security.saml2.core.Saml2ResponseValidatorResult)3
ResponseToken (org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.ResponseToken)3
AuthenticationException (org.springframework.security.core.AuthenticationException)2
Saml2Exception (org.springframework.security.saml2.Saml2Exception)2
Saml2Error (org.springframework.security.saml2.core.Saml2Error)2
ResponseToken (org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken)2
LinkedHashMap (java.util.LinkedHashMap)1
List (java.util.List)1
AssertionValidationException (org.opensaml.saml.common.assertion.AssertionValidationException)1
AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)1
DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)1
Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)1
