Example 46 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class OpenSamlLogoutResponseValidatorTests method handleWhenInvalidIssuerThenInvalidSignatureError.
@Test
public void handleWhenInvalidIssuerThenInvalidSignatureError() {
RelyingPartyRegistration registration = registration().build();
Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).id("id").build();
LogoutResponse logoutResponse = TestOpenSamlObjects.assertingPartyLogoutResponse(registration);
logoutResponse.getIssuer().setValue("wrong");
sign(logoutResponse, registration);
Saml2LogoutResponse response = post(logoutResponse, registration);
Saml2LogoutResponseValidatorParameters parameters = new Saml2LogoutResponseValidatorParameters(response, logoutRequest, registration);
Saml2LogoutValidatorResult result = this.manager.validate(parameters);
assertThat(result.hasErrors()).isTrue();
assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_SIGNATURE);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Test(org.junit.jupiter.api.Test)
Example 47 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidatorTests method handleWhenInvalidIssuerThenInvalidSignatureError.
@Test
public void handleWhenInvalidIssuerThenInvalidSignatureError() {
RelyingPartyRegistration registration = registration().build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
logoutRequest.getIssuer().setValue("wrong");
sign(logoutRequest, registration);
Saml2LogoutRequest request = post(logoutRequest, registration);
Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
Saml2LogoutValidatorResult result = this.manager.validate(parameters);
assertThat(result.hasErrors()).isTrue();
assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_SIGNATURE);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Test(org.junit.jupiter.api.Test)
Example 48 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidatorTests method handleWhenMismatchedUserThenInvalidRequestError.
@Test
public void handleWhenMismatchedUserThenInvalidRequestError() {
RelyingPartyRegistration registration = registration().build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
logoutRequest.getNameID().setValue("wrong");
sign(logoutRequest, registration);
Saml2LogoutRequest request = post(logoutRequest, registration);
Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
Saml2LogoutValidatorResult result = this.manager.validate(parameters);
assertThat(result.hasErrors()).isTrue();
assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_REQUEST);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Test(org.junit.jupiter.api.Test)
Example 49 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidatorTests method handleWhenRedirectBindingThenValidatesSignatureParameter.
@Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
RelyingPartyRegistration registration = registration().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)).build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
Saml2LogoutRequest request = redirect(logoutRequest, registration, OpenSamlSigningUtils.sign(registration));
Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
Saml2LogoutValidatorResult result = this.manager.validate(parameters);
assertThat(result.hasErrors()).isFalse();
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2ErrorCodes(org.springframework.security.saml2.core.Saml2ErrorCodes)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
QueryParametersPartial(org.springframework.security.saml2.provider.service.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial)
HashMap(java.util.HashMap)
TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials)
StandardCharsets(java.nio.charset.StandardCharsets)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
ArrayList(java.util.ArrayList)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
Test(org.junit.jupiter.api.Test)
TestOpenSamlObjects(org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames)
Map(java.util.Map)
XMLObject(org.opensaml.core.xml.XMLObject)
Authentication(org.springframework.security.core.Authentication)
TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)40
Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)34
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)31
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)27
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)22
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)15
Authentication (org.springframework.security.core.Authentication)12
Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)12
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10
Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)10
TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)10
StandardCharsets (java.nio.charset.StandardCharsets)9
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8
BDDMockito.given (org.mockito.BDDMockito.given)8
Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)7
DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)7
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)6
AfterEach (org.junit.jupiter.api.AfterEach)5
BeforeEach (org.junit.jupiter.api.BeforeEach)5
