Search in sources :

Example 6 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenMissingUserThenSubjectNotFoundError.

@Test
public void handleWhenMissingUserThenSubjectNotFoundError() {
    RelyingPartyRegistration registration = registration().build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    logoutRequest.setNameID(null);
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isTrue();
    assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.SUBJECT_NOT_FOUND);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 7 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenPostBindingThenValidates.

@Test
public void handleWhenPostBindingThenValidates() {
    RelyingPartyRegistration registration = registration().build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isFalse();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 8 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class OpenSaml4LogoutRequestResolverTests method resolveWhenCustomParametersConsumerThenUses.

@Test
public void resolveWhenCustomParametersConsumerThenUses() {
    OpenSaml4LogoutRequestResolver logoutRequestResolver = new OpenSaml4LogoutRequestResolver(this.relyingPartyRegistrationResolver);
    logoutRequestResolver.setParametersConsumer((parameters) -> parameters.getLogoutRequest().setID("myid"));
    HttpServletRequest request = new MockHttpServletRequest();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().assertingPartyDetails((party) -> party.singleLogoutServiceLocation("https://ap.example.com/logout")).build();
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutRequest logoutRequest = logoutRequestResolver.resolve(request, authentication);
    assertThat(logoutRequest.getId()).isEqualTo("myid");
}
Also used : HttpServletRequest(jakarta.servlet.http.HttpServletRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Test(org.junit.jupiter.api.Test) BDDMockito.given(org.mockito.BDDMockito.given) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 9 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method saml2LogoutResponseWhenInvalidSamlResponseThen401.

@Test
public void saml2LogoutResponseWhenInvalidSamlResponseThen401() throws Exception {
    this.spring.register(Saml2LogoutDefaultsConfig.class).autowire();
    RelyingPartyRegistration registration = this.repository.findByRegistrationId("registration-id");
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState).parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build();
    this.logoutRequestRepository.saveLogoutRequest(logoutRequest, this.request, this.response);
    String deflatedApLogoutResponse = Saml2Utils.samlEncode(Saml2Utils.samlInflate(Saml2Utils.samlDecode(this.apLogoutResponse)).getBytes(StandardCharsets.UTF_8));
    this.mvc.perform(post("/logout/saml2/slo").session((MockHttpSession) this.request.getSession()).param("SAMLResponse", deflatedApLogoutResponse).param("RelayState", this.rpLogoutRequestRelayState).param("SigAlg", this.apLogoutRequestSigAlg).param("Signature", this.apLogoutResponseSignature)).andExpect(status().reason(containsString("invalid_signature"))).andExpect(status().isUnauthorized());
    verifyNoInteractions(getBean(LogoutHandler.class));
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) BeforeEach(org.junit.jupiter.api.BeforeEach) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Autowired(org.springframework.beans.factory.annotation.Autowired) ObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2LogoutRequestResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutRequestFilter(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter) BDDMockito.verify(org.mockito.BDDMockito.verify) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) SecurityMockMvcRequestPostProcessors.authentication(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication) BDDMockito.given(org.mockito.BDDMockito.given) ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) Saml2LogoutRequestValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) BDDMockito.verifyNoInteractions(org.mockito.BDDMockito.verifyNoInteractions) MockMvcRequestBuilders.put(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) Saml2LogoutResponseResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseResolver) Collection(java.util.Collection) Mockito.atLeastOnce(org.mockito.Mockito.atLeastOnce) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) MockMvcResultMatchers.redirectedUrl(org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult) LogoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) SecurityMockMvcRequestPostProcessors.csrf(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf) Saml2LogoutResponseFilter(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) HttpSessionLogoutRequestRepository(org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) RelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository) InMemoryRelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository) Mockito.spy(org.mockito.Mockito.spy) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) TestOpenSamlObjects(org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects) MockMvc(org.springframework.test.web.servlet.MockMvc) MockMvcRequestBuilders.delete(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete) Saml2LogoutResponseValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator) MockMvcResultMatchers.status(org.springframework.test.web.servlet.result.MockMvcResultMatchers.status) MockMvcRequestBuilders.post(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post) MvcResult(org.springframework.test.web.servlet.MvcResult) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter) Saml2Utils(org.springframework.security.saml2.core.Saml2Utils) Import(org.springframework.context.annotation.Import) TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials) Saml2LogoutRequestRepository(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) Consumer(java.util.function.Consumer) AfterEach(org.junit.jupiter.api.AfterEach) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) SpringTestContext(org.springframework.security.config.test.SpringTestContext) MockMvcRequestBuilders.get(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) Bean(org.springframework.context.annotation.Bean) BDDMockito.mock(org.mockito.BDDMockito.mock) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Collections(java.util.Collections) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) Matchers.containsString(org.hamcrest.Matchers.containsString) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) Test(org.junit.jupiter.api.Test)

Example 10 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class Saml2LogoutConfigurerTests method saml2LogoutResponseWhenDefaultsThenRedirects.

@Test
public void saml2LogoutResponseWhenDefaultsThenRedirects() throws Exception {
    this.spring.register(Saml2LogoutDefaultsConfig.class).autowire();
    RelyingPartyRegistration registration = this.repository.findByRegistrationId("get");
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest(this.rpLogoutRequest).id(this.rpLogoutRequestId).relayState(this.rpLogoutRequestRelayState).parameters((params) -> params.put("Signature", this.rpLogoutRequestSignature)).build();
    this.logoutRequestRepository.saveLogoutRequest(logoutRequest, this.request, this.response);
    this.request.setParameter("RelayState", logoutRequest.getRelayState());
    assertThat(this.logoutRequestRepository.loadLogoutRequest(this.request)).isNotNull();
    this.mvc.perform(get("/logout/saml2/slo").session(((MockHttpSession) this.request.getSession())).param("SAMLResponse", this.apLogoutResponse).param("RelayState", this.apLogoutResponseRelayState).param("SigAlg", this.apLogoutResponseSigAlg).param("Signature", this.apLogoutResponseSignature)).andExpect(status().isFound()).andExpect(redirectedUrl("/login?logout"));
    verifyNoInteractions(getBean(LogoutHandler.class));
    assertThat(this.logoutRequestRepository.loadLogoutRequest(this.request)).isNull();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) BeforeEach(org.junit.jupiter.api.BeforeEach) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Autowired(org.springframework.beans.factory.annotation.Autowired) ObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor) HttpSecurity(org.springframework.security.config.annotation.web.builders.HttpSecurity) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2LogoutRequestResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutRequestFilter(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestFilter) BDDMockito.verify(org.mockito.BDDMockito.verify) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) SecurityMockMvcRequestPostProcessors.authentication(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication) BDDMockito.given(org.mockito.BDDMockito.given) ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) Saml2LogoutRequestValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) BDDMockito.verifyNoInteractions(org.mockito.BDDMockito.verifyNoInteractions) MockMvcRequestBuilders.put(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) Saml2LogoutResponseResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseResolver) Collection(java.util.Collection) Mockito.atLeastOnce(org.mockito.Mockito.atLeastOnce) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpSession(org.springframework.mock.web.MockHttpSession) MockMvcResultMatchers.redirectedUrl(org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl) Instant(java.time.Instant) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult) LogoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) SecurityMockMvcRequestPostProcessors.csrf(org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf) Saml2LogoutResponseFilter(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutResponseFilter) Matchers.containsString(org.hamcrest.Matchers.containsString) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) HttpSessionLogoutRequestRepository(org.springframework.security.saml2.provider.service.web.authentication.logout.HttpSessionLogoutRequestRepository) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) RelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository) InMemoryRelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository) Mockito.spy(org.mockito.Mockito.spy) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) TestOpenSamlObjects(org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects) MockMvc(org.springframework.test.web.servlet.MockMvc) MockMvcRequestBuilders.delete(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete) Saml2LogoutResponseValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator) MockMvcResultMatchers.status(org.springframework.test.web.servlet.result.MockMvcResultMatchers.status) MockMvcRequestBuilders.post(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post) MvcResult(org.springframework.test.web.servlet.MvcResult) LogoutFilter(org.springframework.security.web.authentication.logout.LogoutFilter) Saml2Utils(org.springframework.security.saml2.core.Saml2Utils) Import(org.springframework.context.annotation.Import) TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials) Saml2LogoutRequestRepository(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestRepository) SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) Consumer(java.util.function.Consumer) AfterEach(org.junit.jupiter.api.AfterEach) EnableWebSecurity(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity) SpringTestContext(org.springframework.security.config.test.SpringTestContext) MockMvcRequestBuilders.get(org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get) SpringTestContextExtension(org.springframework.security.config.test.SpringTestContextExtension) Bean(org.springframework.context.annotation.Bean) BDDMockito.mock(org.mockito.BDDMockito.mock) Customizer.withDefaults(org.springframework.security.config.Customizer.withDefaults) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Collections(java.util.Collections) AuthorityUtils(org.springframework.security.core.authority.AuthorityUtils) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)40 Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)34 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)31 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)27 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)22 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)15 Authentication (org.springframework.security.core.Authentication)12 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)12 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)10 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)10 StandardCharsets (java.nio.charset.StandardCharsets)9 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8 BDDMockito.given (org.mockito.BDDMockito.given)8 Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)7 DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)7 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)6 AfterEach (org.junit.jupiter.api.AfterEach)5 BeforeEach (org.junit.jupiter.api.BeforeEach)5