Example 11 with Saml2AuthenticationToken
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken in project spring-security by spring-projects.
the class OpenSaml4AuthenticationProviderTests method authenticateWhenAssertionContainsAttributesThenItSucceeds.
@Test
public void authenticateWhenAssertionContainsAttributesThenItSucceeds() {
Response response = response();
Assertion assertion = assertion();
List<AttributeStatement> attributes = attributeStatements();
assertion.getAttributeStatements().addAll(attributes);
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(), RELYING_PARTY_ENTITY_ID);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(response, verifying(registration()));
Authentication authentication = this.provider.authenticate(token);
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
Map<String, Object> expected = new LinkedHashMap<>();
expected.put("email", Arrays.asList("john.doe@example.com", "doe.john@example.com"));
expected.put("name", Collections.singletonList("John Doe"));
expected.put("age", Collections.singletonList(21));
expected.put("website", Collections.singletonList("https://johndoe.com/"));
expected.put("registered", Collections.singletonList(true));
Instant registeredDate = Instant.parse("1970-01-01T00:00:00Z");
expected.put("registeredDate", Collections.singletonList(registeredDate));
assertThat((String) principal.getFirstAttribute("name")).isEqualTo("John Doe");
assertThat(principal.getAttributes()).isEqualTo(expected);
assertThat(principal.getSessionIndexes()).contains("session-index");
}
Also used :
Response(org.opensaml.saml.saml2.core.Response)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Authentication(org.springframework.security.core.Authentication)
Instant(java.time.Instant)
EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
XMLObject(org.opensaml.core.xml.XMLObject)
CustomOpenSamlObject(org.springframework.security.saml2.provider.service.authentication.TestCustomOpenSamlObjects.CustomOpenSamlObject)
LinkedHashMap(java.util.LinkedHashMap)
Test(org.junit.jupiter.api.Test)
Example 12 with Saml2AuthenticationToken
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken in project spring-security by spring-projects.
the class Saml2AuthenticationTokenConverterTests method convertWhenGetRequestThenInflates.
@Test
public void convertWhenGetRequestThenInflates() {
Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(this.relyingPartyRegistrationResolver);
given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class))).willReturn(this.relyingPartyRegistration);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setMethod("GET");
byte[] deflated = Saml2Utils.samlDeflate("response");
String encoded = Saml2Utils.samlEncode(deflated);
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, encoded);
Saml2AuthenticationToken token = converter.convert(request);
assertThat(token.getSaml2Response()).isEqualTo("response");
assertThat(token.getRelyingPartyRegistration().getRegistrationId()).isEqualTo(this.relyingPartyRegistration.getRegistrationId());
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)
Test(org.junit.jupiter.api.Test)
Example 13 with Saml2AuthenticationToken
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken in project spring-security by spring-projects.
the class Saml2AuthenticationTokenConverterTests method convertWhenSavedAuthenticationRequestThenToken.
@Test
public void convertWhenSavedAuthenticationRequestThenToken() {
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository = mock(Saml2AuthenticationRequestRepository.class);
AbstractSaml2AuthenticationRequest authenticationRequest = mock(AbstractSaml2AuthenticationRequest.class);
Saml2AuthenticationTokenConverter converter = new Saml2AuthenticationTokenConverter(this.relyingPartyRegistrationResolver);
converter.setAuthenticationRequestRepository(authenticationRequestRepository);
given(this.relyingPartyRegistrationResolver.convert(any(HttpServletRequest.class))).willReturn(this.relyingPartyRegistration);
given(authenticationRequestRepository.loadAuthenticationRequest(any(HttpServletRequest.class))).willReturn(authenticationRequest);
MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
Saml2AuthenticationToken token = converter.convert(request);
assertThat(token.getSaml2Response()).isEqualTo("response");
assertThat(token.getRelyingPartyRegistration().getRegistrationId()).isEqualTo(this.relyingPartyRegistration.getRegistrationId());
assertThat(token.getAuthenticationRequest()).isEqualTo(authenticationRequest);
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)
Test(org.junit.jupiter.api.Test)
Example 14 with Saml2AuthenticationToken
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken in project midpoint by Evolveum.
the class MidpointSaml2LogoutRequestResolver method resolve.
@Override
public Saml2LogoutRequest resolve(HttpServletRequest httpServletRequest, Authentication authentication) {
Saml2AuthenticationToken token = null;
if (authentication instanceof MidpointAuthentication) {
ModuleAuthentication authModule = ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
if (authModule instanceof Saml2ModuleAuthenticationImpl) {
if (authModule.getAuthentication() instanceof Saml2AuthenticationToken) {
token = (Saml2AuthenticationToken) authModule.getAuthentication();
} else if ((authModule.getAuthentication() instanceof PreAuthenticatedAuthenticationToken || authModule.getAuthentication() instanceof AnonymousAuthenticationToken) && authModule.getAuthentication().getDetails() instanceof Saml2AuthenticationToken) {
token = (Saml2AuthenticationToken) authModule.getAuthentication().getDetails();
}
}
} else if (authentication instanceof AnonymousAuthenticationToken && authentication.getDetails() instanceof Saml2AuthenticationToken) {
token = (Saml2AuthenticationToken) authentication.getDetails();
}
if (token != null) {
AuthenticatedPrincipal principal = token.getDetails() instanceof AuthenticatedPrincipal ? (AuthenticatedPrincipal) token.getDetails() : null;
if (!(principal instanceof Saml2AuthenticatedPrincipal)) {
String name = token.getRelyingPartyRegistration().getEntityId();
String relyingPartyRegistrationId = token.getRelyingPartyRegistration().getRegistrationId();
principal = new Saml2AuthenticatedPrincipal() {
@Override
public String getName() {
return name;
}
@Override
public String getRelyingPartyRegistrationId() {
return relyingPartyRegistrationId;
}
};
}
return resolver.resolve(httpServletRequest, new Saml2Authentication(principal, token.getSaml2Response(), null));
}
return resolver.resolve(httpServletRequest, authentication);
}
Also used :
ModuleAuthentication(com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)
Saml2ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)
AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken)
MidpointAuthentication(com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)
Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)
Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal)
Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal)
AuthenticatedPrincipal(org.springframework.security.core.AuthenticatedPrincipal)
Example 15 with Saml2AuthenticationToken
use of org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken in project midpoint by Evolveum.
the class Saml2Provider method internalAuthentication.
@Override
protected Authentication internalAuthentication(Authentication authentication, List requireAssignment, AuthenticationChannel channel, Class focusType) throws AuthenticationException {
Authentication token;
if (authentication instanceof Saml2AuthenticationToken) {
Saml2AuthenticationToken samlAuthenticationToken = (Saml2AuthenticationToken) authentication;
Saml2Authentication samlAuthentication;
try {
samlAuthentication = (Saml2Authentication) openSamlProvider.authenticate(samlAuthenticationToken);
} catch (AuthenticationException e) {
getAuditProvider().auditLoginFailure(null, null, createConnectEnvironment(getChannel()), e.getMessage());
throw e;
}
Saml2ModuleAuthenticationImpl samlModule = (Saml2ModuleAuthenticationImpl) AuthUtil.getProcessingModule();
try {
DefaultSaml2AuthenticatedPrincipal principal = (DefaultSaml2AuthenticatedPrincipal) samlAuthentication.getPrincipal();
samlAuthenticationToken.setDetails(principal);
Map<String, List<Object>> attributes = principal.getAttributes();
String enteredUsername;
SamlAdditionalConfiguration config = samlModule.getAdditionalConfiguration().get(samlAuthenticationToken.getRelyingPartyRegistration().getRegistrationId());
String nameOfSamlAttribute = config.getNameOfUsernameAttribute();
enteredUsername = defineEnteredUsername(attributes, nameOfSamlAttribute);
token = getPreAuthenticationToken(enteredUsername, focusType, requireAssignment, channel);
} catch (AuthenticationException e) {
samlModule.setAuthentication(samlAuthenticationToken);
LOGGER.info("Authentication with saml module failed: {}", e.getMessage());
throw e;
}
} else {
LOGGER.error("Unsupported authentication {}", authentication);
throw new AuthenticationServiceException("web.security.provider.unavailable");
}
MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), principal.getAuthorities());
return token;
}
Also used :
AuthenticationException(org.springframework.security.core.AuthenticationException)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
Authentication(org.springframework.security.core.Authentication)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
SamlAdditionalConfiguration(com.evolveum.midpoint.authentication.impl.module.configuration.SamlAdditionalConfiguration)
DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)
Saml2ModuleAuthenticationImpl(com.evolveum.midpoint.authentication.impl.module.authentication.Saml2ModuleAuthenticationImpl)
List(java.util.List)
Saml2AuthenticationToken(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)
AuthenticationServiceException(org.springframework.security.authentication.AuthenticationServiceException)
MidPointPrincipal(com.evolveum.midpoint.security.api.MidPointPrincipal)
Aggregations
Test (org.junit.jupiter.api.Test)24
Response (org.opensaml.saml.saml2.core.Response)19
Assertion (org.opensaml.saml.saml2.core.Assertion)17
Authentication (org.springframework.security.core.Authentication)14
EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)13
Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)13
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)13
Instant (java.time.Instant)11
Saml2ResponseValidatorResult (org.springframework.security.saml2.core.Saml2ResponseValidatorResult)11
IOException (java.io.IOException)10
Collections (java.util.Collections)10
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10
Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)10
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)10
BDDMockito.given (org.mockito.BDDMockito.given)10
Mockito.mock (org.mockito.Mockito.mock)10
Mockito.verify (org.mockito.Mockito.verify)10
Converter (org.springframework.core.convert.converter.Converter)10
Saml2ErrorCodes (org.springframework.security.saml2.core.Saml2ErrorCodes)10
TestSaml2X509Credentials (org.springframework.security.saml2.core.TestSaml2X509Credentials)10
