Examples with Saml2Authentication org.springframework.security.saml2.provider.service.authentication.Saml2Authentication used on opensource projects

Example 6 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project spring-security by spring-projects.

the class OpenSamlLogoutRequestResolverTests method resolveRedirectWhenAuthenticatedThenIncludesName.

@Test
public void resolveRedirectWhenAuthenticatedThenIncludesName() {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
    Saml2Authentication authentication = authentication(registration);
    HttpServletRequest request = new MockHttpServletRequest();
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutRequest saml2LogoutRequest = this.logoutRequestResolver.resolve(request, authentication);
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIG_ALG)).isNotNull();
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIGNATURE)).isNotNull();
    assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.RELAY_STATE)).isNotNull();
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
    LogoutRequest logoutRequest = getLogoutRequest(saml2LogoutRequest.getSamlRequest(), binding);
    assertThat(logoutRequest.getNameID().getValue()).isEqualTo(authentication.getName());
}

Example 7 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project midpoint by Evolveum.

the class MidpointSaml2LogoutRequestResolver method resolve.

@Override
public Saml2LogoutRequest resolve(HttpServletRequest httpServletRequest, Authentication authentication) {
    Saml2AuthenticationToken token = null;
    if (authentication instanceof MidpointAuthentication) {
        ModuleAuthentication authModule = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
        if (authModule instanceof Saml2ModuleAuthenticationImpl) {
            if (authModule.getAuthentication() instanceof Saml2AuthenticationToken) {
                token = (Saml2AuthenticationToken) authModule.getAuthentication();
            } else if ((authModule.getAuthentication() instanceof PreAuthenticatedAuthenticationToken || authModule.getAuthentication() instanceof AnonymousAuthenticationToken) && authModule.getAuthentication().getDetails() instanceof Saml2AuthenticationToken) {
                token = (Saml2AuthenticationToken) authModule.getAuthentication().getDetails();
            }
        }
    } else if (authentication instanceof AnonymousAuthenticationToken && authentication.getDetails() instanceof Saml2AuthenticationToken) {
        token = (Saml2AuthenticationToken) authentication.getDetails();
    }
    if (token != null) {
        AuthenticatedPrincipal principal = token.getDetails() instanceof AuthenticatedPrincipal ? (AuthenticatedPrincipal) token.getDetails() : null;
        if (!(principal instanceof Saml2AuthenticatedPrincipal)) {
            String name = token.getRelyingPartyRegistration().getEntityId();
            String relyingPartyRegistrationId = token.getRelyingPartyRegistration().getRegistrationId();
            principal = new Saml2AuthenticatedPrincipal() {

                @Override
                public String getName() {
                    return name;
                }

                @Override
                public String getRelyingPartyRegistrationId() {
                    return relyingPartyRegistrationId;
                }
            };
        }
        return resolver.resolve(httpServletRequest, new Saml2Authentication(principal, token.getSaml2Response(), null));
    }
    return resolver.resolve(httpServletRequest, authentication);
}

Example 8 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project midpoint by Evolveum.

the class Saml2Provider method internalAuthentication.

@Override
protected Authentication internalAuthentication(Authentication authentication, List requireAssignment, AuthenticationChannel channel, Class focusType) throws AuthenticationException {
    Authentication token;
    if (authentication instanceof Saml2AuthenticationToken) {
        Saml2AuthenticationToken samlAuthenticationToken = (Saml2AuthenticationToken) authentication;
        Saml2Authentication samlAuthentication;
        try {
            samlAuthentication = (Saml2Authentication) openSamlProvider.authenticate(samlAuthenticationToken);
        } catch (AuthenticationException e) {
            getAuditProvider().auditLoginFailure(null, null, createConnectEnvironment(getChannel()), e.getMessage());
            throw e;
        }
        Saml2ModuleAuthenticationImpl samlModule = (Saml2ModuleAuthenticationImpl) AuthUtil.getProcessingModule();
        try {
            DefaultSaml2AuthenticatedPrincipal principal = (DefaultSaml2AuthenticatedPrincipal) samlAuthentication.getPrincipal();
            samlAuthenticationToken.setDetails(principal);
            Map<String, List<Object>> attributes = principal.getAttributes();
            String enteredUsername;
            SamlAdditionalConfiguration config = samlModule.getAdditionalConfiguration().get(samlAuthenticationToken.getRelyingPartyRegistration().getRegistrationId());
            String nameOfSamlAttribute = config.getNameOfUsernameAttribute();
            enteredUsername = defineEnteredUsername(attributes, nameOfSamlAttribute);
            token = getPreAuthenticationToken(enteredUsername, focusType, requireAssignment, channel);
        } catch (AuthenticationException e) {
            samlModule.setAuthentication(samlAuthenticationToken);
            LOGGER.info("Authentication with saml module failed: {}", e.getMessage());
            throw e;
        }
    } else {
        LOGGER.error("Unsupported authentication {}", authentication);
        throw new AuthenticationServiceException("web.security.provider.unavailable");
    }
    MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
    LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
    return token;
}

Example 9 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project midpoint by Evolveum.

the class Saml2Provider method initSamlProvider.

private void initSamlProvider() {
    openSamlProvider.setResponseAuthenticationConverter((responseToken) -> {
        Saml2Authentication authentication = defaultConverter.convert(responseToken);
        if (authentication == null) {
            return null;
        }
        DefaultSaml2AuthenticatedPrincipal principal = (DefaultSaml2AuthenticatedPrincipal) authentication.getPrincipal();
        Map<String, List<Object>> originalAttributes = principal.getAttributes();
        Response response = responseToken.getResponse();
        Assertion assertion = CollectionUtils.firstElement(response.getAssertions());
        if (assertion == null) {
            return authentication;
        }
        Map<String, List<Object>> attributes = new LinkedHashMap<>();
        for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
            for (Attribute attribute : attributeStatement.getAttributes()) {
                if (originalAttributes.containsKey(attribute.getName())) {
                    List<Object> attributeValues = originalAttributes.get(attribute.getName());
                    attributes.put(attribute.getName(), attributeValues);
                    if (StringUtils.isNotEmpty(attribute.getFriendlyName())) {
                        attributes.put(attribute.getFriendlyName(), attributeValues);
                    }
                }
            }
        }
        MidpointSaml2AuthenticatedPrincipal newPrincipal = new MidpointSaml2AuthenticatedPrincipal(principal.getName(), attributes, assertion.getSubject().getNameID());
        newPrincipal.setRelyingPartyRegistrationId(responseToken.getToken().getRelyingPartyRegistration().getRegistrationId());
        Saml2Authentication saml2Authentication = new Saml2Authentication(newPrincipal, authentication.getSaml2Response(), authentication.getAuthorities());
        saml2Authentication.setDetails(assertion.getSubject().getNameID());
        return saml2Authentication;
    });
}

Example 10 with Saml2Authentication

use of org.springframework.security.saml2.provider.service.authentication.Saml2Authentication in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method saml2LogoutWhenNoRegistrationThen401.

@Test
public void saml2LogoutWhenNoRegistrationThen401() throws Exception {
    this.spring.register(Saml2LogoutDefaultsConfig.class).autowire();
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", Collections.emptyMap());
    principal.setRelyingPartyRegistrationId("wrong");
    Saml2Authentication authentication = new Saml2Authentication(principal, "response", AuthorityUtils.createAuthorityList("ROLE_USER"));
    this.mvc.perform(post("/logout").with(authentication(authentication)).with(csrf())).andExpect(status().isUnauthorized());
}