Example 6 with Saml2LogoutRequestValidatorParameters
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidator method validate.
/**
* {@inheritDoc}
*/
@Override
public Saml2LogoutValidatorResult validate(Saml2LogoutRequestValidatorParameters parameters) {
Saml2LogoutRequest request = parameters.getLogoutRequest();
RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration();
Authentication authentication = parameters.getAuthentication();
byte[] b = Saml2Utils.samlDecode(request.getSamlRequest());
LogoutRequest logoutRequest = parse(inflateIfRequired(request, b));
return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(request, logoutRequest, registration)).errors(validateRequest(logoutRequest, registration, authentication)).build();
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Authentication(org.springframework.security.core.Authentication)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Example 7 with Saml2LogoutRequestValidatorParameters
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidatorTests method handleWhenInvalidIssuerThenInvalidSignatureError.
@Test
public void handleWhenInvalidIssuerThenInvalidSignatureError() {
RelyingPartyRegistration registration = registration().build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
logoutRequest.getIssuer().setValue("wrong");
sign(logoutRequest, registration);
Saml2LogoutRequest request = post(logoutRequest, registration);
Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
Saml2LogoutValidatorResult result = this.manager.validate(parameters);
assertThat(result.hasErrors()).isTrue();
assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_SIGNATURE);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Test(org.junit.jupiter.api.Test)
Example 8 with Saml2LogoutRequestValidatorParameters
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidatorTests method handleWhenMismatchedUserThenInvalidRequestError.
@Test
public void handleWhenMismatchedUserThenInvalidRequestError() {
RelyingPartyRegistration registration = registration().build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
logoutRequest.getNameID().setValue("wrong");
sign(logoutRequest, registration);
Saml2LogoutRequest request = post(logoutRequest, registration);
Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
Saml2LogoutValidatorResult result = this.manager.validate(parameters);
assertThat(result.hasErrors()).isTrue();
assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_REQUEST);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Test(org.junit.jupiter.api.Test)
Example 9 with Saml2LogoutRequestValidatorParameters
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidatorParameters in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidatorTests method handleWhenRedirectBindingThenValidatesSignatureParameter.
@Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
RelyingPartyRegistration registration = registration().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)).build();
LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
Saml2LogoutRequest request = redirect(logoutRequest, registration, OpenSamlSigningUtils.sign(registration));
Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
Saml2LogoutValidatorResult result = this.manager.validate(parameters);
assertThat(result.hasErrors()).isFalse();
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2ErrorCodes(org.springframework.security.saml2.core.Saml2ErrorCodes)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
QueryParametersPartial(org.springframework.security.saml2.provider.service.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial)
HashMap(java.util.HashMap)
TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials)
StandardCharsets(java.nio.charset.StandardCharsets)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
ArrayList(java.util.ArrayList)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
Test(org.junit.jupiter.api.Test)
TestOpenSamlObjects(org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames)
Map(java.util.Map)
XMLObject(org.opensaml.core.xml.XMLObject)
Authentication(org.springframework.security.core.Authentication)
TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)9
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)8
Test (org.junit.jupiter.api.Test)7
Authentication (org.springframework.security.core.Authentication)3
StandardCharsets (java.nio.charset.StandardCharsets)2
Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)2
Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)2
FilterChain (jakarta.servlet.FilterChain)1
ServletException (jakarta.servlet.ServletException)1
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)1
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
Function (java.util.function.Function)1
Log (org.apache.commons.logging.Log)1
LogFactory (org.apache.commons.logging.LogFactory)1
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)1
XMLObject (org.opensaml.core.xml.XMLObject)1
