Search in sources :

Example 11 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class OpenSamlLogoutResponseValidatorTests method handleWhenInvalidIssuerThenInvalidSignatureError.

@Test
public void handleWhenInvalidIssuerThenInvalidSignatureError() {
    RelyingPartyRegistration registration = registration().build();
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).id("id").build();
    LogoutResponse logoutResponse = TestOpenSamlObjects.assertingPartyLogoutResponse(registration);
    logoutResponse.getIssuer().setValue("wrong");
    sign(logoutResponse, registration);
    Saml2LogoutResponse response = post(logoutResponse, registration);
    Saml2LogoutResponseValidatorParameters parameters = new Saml2LogoutResponseValidatorParameters(response, logoutRequest, registration);
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isTrue();
    assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_SIGNATURE);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Test(org.junit.jupiter.api.Test)

Example 12 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenInvalidIssuerThenInvalidSignatureError.

@Test
public void handleWhenInvalidIssuerThenInvalidSignatureError() {
    RelyingPartyRegistration registration = registration().build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    logoutRequest.getIssuer().setValue("wrong");
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isTrue();
    assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_SIGNATURE);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 13 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenMismatchedUserThenInvalidRequestError.

@Test
public void handleWhenMismatchedUserThenInvalidRequestError() {
    RelyingPartyRegistration registration = registration().build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    logoutRequest.getNameID().setValue("wrong");
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isTrue();
    assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_REQUEST);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Example 14 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenRedirectBindingThenValidatesSignatureParameter.

@Test
public void handleWhenRedirectBindingThenValidatesSignatureParameter() {
    RelyingPartyRegistration registration = registration().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT)).build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    Saml2LogoutRequest request = redirect(logoutRequest, registration, OpenSamlSigningUtils.sign(registration));
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isFalse();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2ErrorCodes(org.springframework.security.saml2.core.Saml2ErrorCodes) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) QueryParametersPartial(org.springframework.security.saml2.provider.service.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial) HashMap(java.util.HashMap) TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials) StandardCharsets(java.nio.charset.StandardCharsets) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArrayList(java.util.ArrayList) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Test(org.junit.jupiter.api.Test) TestOpenSamlObjects(org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Map(java.util.Map) XMLObject(org.opensaml.core.xml.XMLObject) Authentication(org.springframework.security.core.Authentication) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Test(org.junit.jupiter.api.Test)

Aggregations

RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)14 Test (org.junit.jupiter.api.Test)10 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)8 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)4 Authentication (org.springframework.security.core.Authentication)3 Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)3 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)3 FilterChain (jakarta.servlet.FilterChain)2 ServletException (jakarta.servlet.ServletException)2 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2 IOException (java.io.IOException)2 StandardCharsets (java.nio.charset.StandardCharsets)2 Log (org.apache.commons.logging.Log)2 LogFactory (org.apache.commons.logging.LogFactory)2 LogMessage (org.springframework.core.log.LogMessage)2 Saml2ErrorCodes (org.springframework.security.saml2.core.Saml2ErrorCodes)2 Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)2 Saml2LogoutResponse (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)2 Saml2LogoutValidatorResult (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult)2