Search in sources :

Example 6 with Saml2AuthenticationRequestContext

use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext in project spring-security by spring-projects.

the class Saml2WebSsoAuthenticationRequestFilterTests method doFilterWhenNoRelayStateThenRedirectDoesNotContainParameter.

@Test
public void doFilterWhenNoRelayStateThenRedirectDoesNotContainParameter() throws ServletException, IOException {
    Saml2AuthenticationRequestContext context = authenticationRequestContext().relayState(null).build();
    Saml2RedirectAuthenticationRequest request = redirectAuthenticationRequest(context).build();
    given(this.resolver.resolve(any())).willReturn(context);
    given(this.factory.createRedirectAuthenticationRequest(any())).willReturn(request);
    this.filter.doFilterInternal(this.request, this.response, this.filterChain);
    assertThat(this.response.getHeader("Location")).doesNotContain("RelayState=").startsWith(IDP_SSO_URL);
}
Also used : Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) Saml2AuthenticationRequestContext(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext) Test(org.junit.jupiter.api.Test)

Example 7 with Saml2AuthenticationRequestContext

use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext in project spring-security by spring-projects.

the class OpenSamlAuthenticationRequestFactory method createAuthnRequest.

private AuthnRequest createAuthnRequest(Saml2AuthenticationRequestContext context) {
    String issuer = context.getIssuer();
    String destination = context.getDestination();
    String assertionConsumerServiceUrl = context.getAssertionConsumerServiceUrl();
    Saml2MessageBinding protocolBinding = this.protocolBindingResolver.convert(context);
    AuthnRequest auth = this.authnRequestBuilder.buildObject();
    if (auth.getID() == null) {
        auth.setID("ARQ" + UUID.randomUUID().toString().substring(1));
    }
    if (auth.getIssueInstant() == null) {
        auth.setIssueInstant(new DateTime(this.clock.millis()));
    }
    if (auth.isForceAuthn() == null) {
        auth.setForceAuthn(Boolean.FALSE);
    }
    if (auth.isPassive() == null) {
        auth.setIsPassive(Boolean.FALSE);
    }
    if (auth.getProtocolBinding() == null) {
        auth.setProtocolBinding(protocolBinding.getUrn());
    }
    Issuer iss = this.issuerBuilder.buildObject();
    iss.setValue(issuer);
    auth.setIssuer(iss);
    auth.setDestination(destination);
    auth.setAssertionConsumerServiceURL(assertionConsumerServiceUrl);
    return auth;
}
Also used : AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Issuer(org.opensaml.saml.saml2.core.Issuer) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) DateTime(org.joda.time.DateTime)

Example 8 with Saml2AuthenticationRequestContext

use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext in project spring-security by spring-projects.

the class OpenSaml4AuthenticationRequestFactoryTests method createPostAuthenticationRequestWhenAssertionConsumerServiceBindingThenUses.

@Test
public void createPostAuthenticationRequestWhenAssertionConsumerServiceBindingThenUses() {
    RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationBuilder.assertionConsumerServiceBinding(Saml2MessageBinding.REDIRECT).build();
    Saml2AuthenticationRequestContext context = this.contextBuilder.relyingPartyRegistration(relyingPartyRegistration).build();
    Saml2PostAuthenticationRequest request = this.factory.createPostAuthenticationRequest(context);
    String samlRequest = request.getSamlRequest();
    String inflated = new String(Saml2Utils.samlDecode(samlRequest));
    assertThat(inflated).contains("ProtocolBinding=\"" + SAMLConstants.SAML2_REDIRECT_BINDING_URI + "\"");
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Test(org.junit.jupiter.api.Test)

Example 9 with Saml2AuthenticationRequestContext

use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext in project spring-security by spring-projects.

the class OpenSaml4AuthenticationRequestFactory method createAuthenticationRequest.

/**
 * {@inheritDoc}
 */
@Override
@Deprecated
public String createAuthenticationRequest(Saml2AuthenticationRequest request) {
    RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("noId").assertionConsumerServiceBinding(Saml2MessageBinding.POST).assertionConsumerServiceLocation(request.getAssertionConsumerServiceUrl()).entityId(request.getIssuer()).remoteIdpEntityId("noIssuer").idpWebSsoUrl("noUrl").credentials((credentials) -> credentials.addAll(request.getCredentials())).build();
    Saml2AuthenticationRequestContext context = Saml2AuthenticationRequestContext.builder().relyingPartyRegistration(registration).issuer(request.getIssuer()).assertionConsumerServiceUrl(request.getAssertionConsumerServiceUrl()).build();
    AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
    return OpenSamlSigningUtils.serialize(OpenSamlSigningUtils.sign(authnRequest, registration));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Converter(org.springframework.core.convert.converter.Converter) OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) ConfigurationService(org.opensaml.core.config.ConfigurationService) NameIDPolicyBuilder(org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder) UUID(java.util.UUID) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) AuthnRequestBuilder(org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Issuer(org.opensaml.saml.saml2.core.Issuer) Map(java.util.Map) Clock(java.time.Clock) NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) QueryParametersPartial(org.springframework.security.saml2.provider.service.authentication.OpenSamlSigningUtils.QueryParametersPartial) Assert(org.springframework.util.Assert) StringUtils(org.springframework.util.StringUtils) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)

Example 10 with Saml2AuthenticationRequestContext

use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext in project spring-security by spring-projects.

the class OpenSaml4AuthenticationRequestFactory method createPostAuthenticationRequest.

/**
 * {@inheritDoc}
 */
@Override
public Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context) {
    AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
    RelyingPartyRegistration registration = context.getRelyingPartyRegistration();
    if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
        OpenSamlSigningUtils.sign(authnRequest, registration);
    }
    String xml = OpenSamlSigningUtils.serialize(authnRequest);
    return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8))).build();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)

Aggregations

Test (org.junit.jupiter.api.Test)17 Saml2AuthenticationRequestContext (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext)14 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)13 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)9 Saml2RedirectAuthenticationRequest (org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest)9 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)7 StandardCharsets (java.nio.charset.StandardCharsets)6 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)4 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)4 BeforeEach (org.junit.jupiter.api.BeforeEach)4 BDDMockito.given (org.mockito.BDDMockito.given)4 Mockito.mock (org.mockito.Mockito.mock)4 Mockito.verify (org.mockito.Mockito.verify)4 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)4 Converter (org.springframework.core.convert.converter.Converter)4 TestSaml2X509Credentials (org.springframework.security.saml2.credentials.TestSaml2X509Credentials)4 QueryParametersPartial (org.springframework.security.saml2.provider.service.authentication.OpenSamlSigningUtils.QueryParametersPartial)4 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)4 Instant (java.time.Instant)3 DateTime (org.joda.time.DateTime)3