Example 1 with Saml2AuthenticationException
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException in project spring-security by spring-projects.
the class OpenSamlAuthenticationProvider method parse.
private Response parse(String response) throws Saml2Exception, Saml2AuthenticationException {
try {
Document document = this.parserPool.parse(new ByteArrayInputStream(response.getBytes(StandardCharsets.UTF_8)));
Element element = document.getDocumentElement();
return (Response) this.responseUnmarshaller.unmarshall(element);
} catch (Exception ex) {
throw createAuthenticationException(Saml2ErrorCodes.MALFORMED_RESPONSE_DATA, ex.getMessage(), ex);
}
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
AuthenticationException(org.springframework.security.core.AuthenticationException)
AssertionValidationException(org.opensaml.saml.common.assertion.AssertionValidationException)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Example 2 with Saml2AuthenticationException
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException in project spring-security by spring-projects.
the class Saml2AuthenticationTokenConverter method samlInflate.
private String samlInflate(byte[] b) {
try {
ByteArrayOutputStream out = new ByteArrayOutputStream();
InflaterOutputStream inflaterOutputStream = new InflaterOutputStream(out, new Inflater(true));
inflaterOutputStream.write(b);
inflaterOutputStream.finish();
return out.toString(StandardCharsets.UTF_8.name());
} catch (Exception ex) {
throw new Saml2AuthenticationException(new Saml2Error(Saml2ErrorCodes.INVALID_RESPONSE, "Unable to inflate string"), ex);
}
}
Also used :
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException)
InflaterOutputStream(java.util.zip.InflaterOutputStream)
Inflater(java.util.zip.Inflater)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException)
Example 3 with Saml2AuthenticationException
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException in project spring-security by spring-projects.
the class Saml2LoginConfigurerTests method authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses.
@Test
public void authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses() throws Exception {
this.spring.register(CustomAuthenticationFailureHandler.class).autowire();
byte[] invalidDeflated = "invalid".getBytes();
String encoded = Saml2Utils.samlEncode(invalidDeflated);
MockHttpServletRequestBuilder request = get("/login/saml2/sso/registration-id").queryParam("SAMLResponse", encoded);
this.mvc.perform(request);
ArgumentCaptor<Saml2AuthenticationException> captor = ArgumentCaptor.forClass(Saml2AuthenticationException.class);
verify(CustomAuthenticationFailureHandler.authenticationFailureHandler).onAuthenticationFailure(any(HttpServletRequest.class), any(HttpServletResponse.class), captor.capture());
Saml2AuthenticationException exception = captor.getValue();
assertThat(exception.getSaml2Error().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_RESPONSE);
assertThat(exception.getSaml2Error().getDescription()).isEqualTo("Unable to inflate string");
assertThat(exception.getCause()).isInstanceOf(IOException.class);
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Test(org.junit.jupiter.api.Test)
Example 4 with Saml2AuthenticationException
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilter method attemptAuthentication.
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
Authentication authentication = this.authenticationConverter.convert(request);
if (authentication == null) {
Saml2Error saml2Error = new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "No relying party registration found");
throw new Saml2AuthenticationException(saml2Error);
}
setDetails(request, authentication);
this.authenticationRequestRepository.removeAuthenticationRequest(request, response);
return getAuthenticationManager().authenticate(authentication);
}
Also used :
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
Authentication(org.springframework.security.core.Authentication)
Saml2AuthenticationException(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException)
Example 5 with Saml2AuthenticationException
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException in project spring-security by spring-projects.
the class OpenSamlAuthenticationProvider method authenticate.
/**
* @param authentication the authentication request object, must be of type
* {@link Saml2AuthenticationToken}
* @return {@link Saml2Authentication} if the assertion is valid
* @throws AuthenticationException if a validation exception occurs
*/
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
try {
Saml2AuthenticationToken token = (Saml2AuthenticationToken) authentication;
String serializedResponse = token.getSaml2Response();
Response response = parse(serializedResponse);
process(token, response);
return this.responseAuthenticationConverter.convert(new ResponseToken(response, token));
} catch (Saml2AuthenticationException ex) {
throw ex;
} catch (Exception ex) {
throw createAuthenticationException(Saml2ErrorCodes.INTERNAL_VALIDATION_ERROR, ex.getMessage(), ex);
}
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
XSString(org.opensaml.core.xml.schema.XSString)
AuthenticationException(org.springframework.security.core.AuthenticationException)
AssertionValidationException(org.opensaml.saml.common.assertion.AssertionValidationException)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Aggregations
Response (org.opensaml.saml.saml2.core.Response)4
AuthenticationException (org.springframework.security.core.AuthenticationException)4
Saml2Exception (org.springframework.security.saml2.Saml2Exception)4
Saml2AuthenticationException (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
XSString (org.opensaml.core.xml.schema.XSString)2
AssertionValidationException (org.opensaml.saml.common.assertion.AssertionValidationException)2
Saml2Error (org.springframework.security.saml2.core.Saml2Error)2
Document (org.w3c.dom.Document)2
Element (org.w3c.dom.Element)2
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
Inflater (java.util.zip.Inflater)1
InflaterOutputStream (java.util.zip.InflaterOutputStream)1
Test (org.junit.jupiter.api.Test)1
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)1
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1
AbstractAuthenticationToken (org.springframework.security.authentication.AbstractAuthenticationToken)1
