Search in sources :

Example 1 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method authenticateWhenResponseAuthenticationConverterConfiguredThenUses.

@Test
public void authenticateWhenResponseAuthenticationConverterConfiguredThenUses() {
    Converter<ResponseToken, Saml2Authentication> authenticationConverter = mock(Converter.class);
    OpenSamlAuthenticationProvider provider = new OpenSamlAuthenticationProvider();
    provider.setResponseAuthenticationConverter(authenticationConverter);
    Response response = TestOpenSamlObjects.signedResponseWithOneAssertion();
    Saml2AuthenticationToken token = token(response, verifying(registration()));
    provider.authenticate(token);
    verify(authenticationConverter).convert(any());
}
Also used : Response(org.opensaml.saml.saml2.core.Response) ResponseToken(org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken) Test(org.junit.jupiter.api.Test)

Example 2 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method authentication.

private Authentication authentication(RelyingPartyRegistration registration) {
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", new HashMap<>());
    principal.setRelyingPartyRegistrationId(registration.getRegistrationId());
    return new Saml2Authentication(principal, "response", new ArrayList<>());
}
Also used : Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)

Example 3 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method setup.

@BeforeEach
public void setup() {
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap());
    principal.setRelyingPartyRegistrationId("registration-id");
    this.user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER"));
    this.request = new MockHttpServletRequest("POST", "");
    this.request.setServletPath("/login/saml2/sso/test-rp");
    this.response = new MockHttpServletResponse();
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) BeforeEach(org.junit.jupiter.api.BeforeEach)

Example 4 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method saml2LogoutRequestWhenNoRegistrationThen400.

@Test
public void saml2LogoutRequestWhenNoRegistrationThen400() throws Exception {
    this.spring.register(Saml2LogoutDefaultsConfig.class).autowire();
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap());
    principal.setRelyingPartyRegistrationId("wrong");
    Saml2Authentication user = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER"));
    this.mvc.perform(get("/logout/saml2/slo").param("SAMLRequest", this.apLogoutRequest).param("RelayState", this.apLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg).param("Signature", this.apLogoutRequestSignature).with(authentication(user))).andExpect(status().isBadRequest());
    verifyNoInteractions(getBean(LogoutHandler.class));
}
Also used : Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) Test(org.junit.jupiter.api.Test)

Example 5 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project spring-security by spring-projects.

the class OpenSamlLogoutRequestResolverTests method resolvePostWhenAuthenticatedThenIncludesName.

@Test
public void resolvePostWhenAuthenticatedThenIncludesName() {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)).build();
    Saml2Authentication authentication = authentication(registration);
    HttpServletRequest request = new MockHttpServletRequest();
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutRequest saml2LogoutRequest = this.logoutRequestResolver.resolve(request, authentication);
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIG_ALG)).isNull();
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIGNATURE)).isNull();
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.RELAY_STATE)).isNotNull();
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
    LogoutRequest logoutRequest = getLogoutRequest(saml2LogoutRequest.getSamlRequest(), binding);
    assertThat(logoutRequest.getNameID().getValue()).isEqualTo(authentication.getName());
    assertThat(logoutRequest.getSessionIndexes()).hasSize(1);
    assertThat(logoutRequest.getSessionIndexes().get(0).getSessionIndex()).isEqualTo("session-index");
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) Arrays(java.util.Arrays) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) HashMap(java.util.HashMap) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArrayList(java.util.ArrayList) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) ByteArrayInputStream(java.io.ByteArrayInputStream) BDDMockito.given(org.mockito.BDDMockito.given) Document(org.w3c.dom.Document) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Saml2Exception(org.springframework.security.saml2.Saml2Exception) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) Test(org.junit.jupiter.api.Test) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Element(org.w3c.dom.Element) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Test(org.junit.jupiter.api.Test)

Aggregations

Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)13 DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)11 Test (org.junit.jupiter.api.Test)9 Response (org.opensaml.saml.saml2.core.Response)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 AuthenticationException (org.springframework.security.core.AuthenticationException)3 Saml2Exception (org.springframework.security.saml2.Saml2Exception)3 Saml2ModuleAuthenticationImpl (com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2 List (java.util.List)2 XSString (org.opensaml.core.xml.schema.XSString)2 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)2 ResponseToken (org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.ResponseToken)2 ResponseToken (org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider.ResponseToken)2 Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)2 Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)2 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)2 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)2 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)1 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)1