Examples with Saml2LogoutResponse org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse used on opensource projects

Search in sources :

Example 6 with Saml2LogoutResponse

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse in project spring-security by spring-projects.

the class OpenSamlLogoutResponseResolver method resolve.

Saml2LogoutResponse resolve(HttpServletRequest request, Authentication authentication, BiConsumer<RelyingPartyRegistration, LogoutResponse> logoutResponseConsumer) {
    String registrationId = getRegistrationId(authentication);
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
    if (registration == null) {
        return null;
    }
    if (registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation() == null) {
        return null;
    }
    String serialized = request.getParameter(Saml2ParameterNames.SAML_REQUEST);
    byte[] b = Saml2Utils.samlDecode(serialized);
    LogoutRequest logoutRequest = parse(inflateIfRequired(registration, b));
    LogoutResponse logoutResponse = this.logoutResponseBuilder.buildObject();
    logoutResponse.setDestination(registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation());
    Issuer issuer = this.issuerBuilder.buildObject();
    issuer.setValue(registration.getEntityId());
    logoutResponse.setIssuer(issuer);
    StatusCode code = this.statusCodeBuilder.buildObject();
    code.setValue(StatusCode.SUCCESS);
    Status status = this.statusBuilder.buildObject();
    status.setStatusCode(code);
    logoutResponse.setStatus(status);
    logoutResponse.setInResponseTo(logoutRequest.getID());
    if (logoutResponse.getID() == null) {
        logoutResponse.setID("LR" + UUID.randomUUID());
    }
    logoutResponseConsumer.accept(registration, logoutResponse);
    Saml2LogoutResponse.Builder result = Saml2LogoutResponse.withRelyingPartyRegistration(registration);
    if (registration.getAssertingPartyDetails().getSingleLogoutServiceBinding() == Saml2MessageBinding.POST) {
        String xml = serialize(OpenSamlSigningUtils.sign(logoutResponse, registration));
        String samlResponse = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
        result.samlResponse(samlResponse);
        if (request.getParameter(Saml2ParameterNames.RELAY_STATE) != null) {
            result.relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE));
        }
        return result.build();
    } else {
        String xml = serialize(logoutResponse);
        String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
        result.samlResponse(deflatedAndEncoded);
        QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_RESPONSE, deflatedAndEncoded);
        if (request.getParameter(Saml2ParameterNames.RELAY_STATE) != null) {
            partial.param(Saml2ParameterNames.RELAY_STATE, request.getParameter(Saml2ParameterNames.RELAY_STATE));
        }
        return result.parameters((params) -> params.putAll(partial.parameters())).build();
    }
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Status(org.opensaml.saml.saml2.core.Status) QueryParametersPartial(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial) LogoutResponseBuilder(org.opensaml.saml.saml2.core.impl.LogoutResponseBuilder) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Status(org.opensaml.saml.saml2.core.Status) StatusCode(org.opensaml.saml.saml2.core.StatusCode) ByteArrayInputStream(java.io.ByteArrayInputStream) SerializeSupport(net.shibboleth.utilities.java.support.xml.SerializeSupport) Document(org.w3c.dom.Document) BiConsumer(java.util.function.BiConsumer) StatusCodeBuilder(org.opensaml.saml.saml2.core.impl.StatusCodeBuilder) MarshallingException(org.opensaml.core.xml.io.MarshallingException) QueryParametersPartial(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Saml2Exception(org.springframework.security.saml2.Saml2Exception) ConfigurationService(org.opensaml.core.config.ConfigurationService) UUID(java.util.UUID) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) StatusBuilder(org.opensaml.saml.saml2.core.impl.StatusBuilder) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) ParserPool(net.shibboleth.utilities.java.support.xml.ParserPool) LogoutResponseMarshaller(org.opensaml.saml.saml2.core.impl.LogoutResponseMarshaller) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Element(org.w3c.dom.Element) Issuer(org.opensaml.saml.saml2.core.Issuer) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) Authentication(org.springframework.security.core.Authentication) Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal) LogoutRequestUnmarshaller(org.opensaml.saml.saml2.core.impl.LogoutRequestUnmarshaller) Assert(org.springframework.util.Assert) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) Issuer(org.opensaml.saml.saml2.core.Issuer) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) StatusCode(org.opensaml.saml.saml2.core.StatusCode)

Example 7 with Saml2LogoutResponse

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse in project spring-security by spring-projects.

the class OpenSaml3LogoutResponseResolverTests method resolveWhenCustomParametersConsumerThenUses.

@Test
public void resolveWhenCustomParametersConsumerThenUses() {
    OpenSaml3LogoutResponseResolver logoutResponseResolver = new OpenSaml3LogoutResponseResolver(this.relyingPartyRegistrationResolver);
    Consumer<LogoutResponseParameters> parametersConsumer = mock(Consumer.class);
    logoutResponseResolver.setParametersConsumer(parametersConsumer);
    MockHttpServletRequest request = new MockHttpServletRequest();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.relyingPartyRegistration().assertingPartyDetails((party) -> party.singleLogoutServiceResponseLocation("https://ap.example.com/logout")).build();
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    request.setParameter(Saml2ParameterNames.SAML_REQUEST, Saml2Utils.samlEncode(OpenSamlSigningUtils.serialize(logoutRequest).getBytes()));
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutResponse logoutResponse = logoutResponseResolver.resolve(request, authentication);
    assertThat(logoutResponse).isNotNull();
    verify(parametersConsumer).accept(any());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutResponseParameters(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml3LogoutResponseResolver.LogoutResponseParameters) Mockito.verify(org.mockito.Mockito.verify) Consumer(java.util.function.Consumer) Test(org.junit.jupiter.api.Test) TestOpenSamlObjects(org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) BDDMockito.given(org.mockito.BDDMockito.given) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) Authentication(org.springframework.security.core.Authentication) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) LogoutResponseParameters(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml3LogoutResponseResolver.LogoutResponseParameters) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Authentication(org.springframework.security.core.Authentication) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) Test(org.junit.jupiter.api.Test)

Example 8 with Saml2LogoutResponse

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse in project spring-security by spring-projects.

the class OpenSamlLogoutResponseValidator method validate.

/**
 * {@inheritDoc}
 */
@Override
public Saml2LogoutValidatorResult validate(Saml2LogoutResponseValidatorParameters parameters) {
    Saml2LogoutResponse response = parameters.getLogoutResponse();
    Saml2LogoutRequest request = parameters.getLogoutRequest();
    RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration();
    byte[] b = Saml2Utils.samlDecode(response.getSamlResponse());
    LogoutResponse logoutResponse = parse(inflateIfRequired(response, b));
    return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(response, logoutResponse, registration)).errors(validateRequest(logoutResponse, registration)).errors(validateLogoutRequest(logoutResponse, request.getId())).build();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)

Example 9 with Saml2LogoutResponse

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse in project spring-security by spring-projects.

the class OpenSamlLogoutResponseResolverTests method resolveRedirectWhenAuthenticatedThenSuccess.

@Test
public void resolveRedirectWhenAuthenticatedThenSuccess() {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
    MockHttpServletRequest request = new MockHttpServletRequest();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    request.setParameter(Saml2ParameterNames.SAML_REQUEST, Saml2Utils.samlEncode(OpenSamlSigningUtils.serialize(logoutRequest).getBytes()));
    request.setParameter(Saml2ParameterNames.RELAY_STATE, "abcd");
    Authentication authentication = authentication(registration);
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutResponse saml2LogoutResponse = this.logoutResponseResolver.resolve(request, authentication);
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.SIG_ALG)).isNotNull();
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.SIGNATURE)).isNotNull();
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.RELAY_STATE)).isSameAs("abcd");
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
    LogoutResponse logoutResponse = getLogoutResponse(saml2LogoutResponse.getSamlResponse(), binding);
    assertThat(logoutResponse.getStatus().getStatusCode().getValue()).isEqualTo(StatusCode.SUCCESS);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) Authentication(org.springframework.security.core.Authentication) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) Test(org.junit.jupiter.api.Test)

Example 10 with Saml2LogoutResponse

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse in project spring-security by spring-projects.

the class Saml2LogoutRequestFilterTests method doFilterWhenSamlRequestThenPosts.

@Test
public void doFilterWhenSamlRequestThenPosts() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)).build();
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    SecurityContextHolder.getContext().setAuthentication(authentication);
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/logout/saml2/slo");
    request.setServletPath("/logout/saml2/slo");
    request.setParameter(Saml2ParameterNames.SAML_REQUEST, "request");
    MockHttpServletResponse response = new MockHttpServletResponse();
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    given(this.logoutRequestValidator.validate(any())).willReturn(Saml2LogoutValidatorResult.success());
    Saml2LogoutResponse logoutResponse = Saml2LogoutResponse.withRelyingPartyRegistration(registration).samlResponse("response").build();
    given(this.logoutResponseResolver.resolve(any(), any())).willReturn(logoutResponse);
    this.logoutRequestProcessingFilter.doFilterInternal(request, response, new MockFilterChain());
    verify(this.logoutRequestValidator).validate(any());
    verify(this.logoutHandler).logout(any(), any(), any());
    verify(this.logoutResponseResolver).resolve(any(), any());
    String content = response.getContentAsString();
    assertThat(content).contains(Saml2ParameterNames.SAML_RESPONSE);
    assertThat(content).contains(registration.getAssertingPartyDetails().getSingleLogoutServiceResponseLocation());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) MockFilterChain(org.springframework.mock.web.MockFilterChain) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Saml2Error(org.springframework.security.saml2.core.Saml2Error) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Mockito.verify(org.mockito.Mockito.verify) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) Test(org.junit.jupiter.api.Test) Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult) AfterEach(org.junit.jupiter.api.AfterEach) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) BDDMockito.given(org.mockito.BDDMockito.given) Saml2LogoutRequestValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequestValidator) LogoutHandler(org.springframework.security.web.authentication.logout.LogoutHandler) BDDMockito.mock(org.mockito.BDDMockito.mock) Authentication(org.springframework.security.core.Authentication) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)16 Test (org.junit.jupiter.api.Test)12 Saml2LogoutResponse (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)10 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)9 Authentication (org.springframework.security.core.Authentication)8 Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)8 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)7 RelyingPartyRegistrationResolver (org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver)7 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)6 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)6 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)5 StandardCharsets (java.nio.charset.StandardCharsets)4 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)4 BDDMockito.given (org.mockito.BDDMockito.given)4 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)4 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)4 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)3 Log (org.apache.commons.logging.Log)3 LogFactory (org.apache.commons.logging.LogFactory)3 Mockito.mock (org.mockito.Mockito.mock)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial