Examples with RelyingPartyRegistration org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration used on opensource projects

Example 1 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class Saml2LoginConfigurerTests method authenticateWhenCustomLoginProcessingUrlAndCustomAuthenticationConverterThenAuthenticate.

@Test
public void authenticateWhenCustomLoginProcessingUrlAndCustomAuthenticationConverterThenAuthenticate() throws Exception {
    this.spring.register(CustomLoginProcessingUrlCustomAuthenticationConverter.class).autowire();
    RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials().assertingPartyDetails((party) -> party.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))).build();
    String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE));
    given(AUTHENTICATION_CONVERTER.convert(any(HttpServletRequest.class))).willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
    // @formatter:off
    MockHttpServletRequestBuilder request = post("/my/custom/url").param("SAMLResponse", SIGNED_RESPONSE);
    // @formatter:on
    this.mvc.perform(request).andExpect(redirectedUrl("/"));
    verify(AUTHENTICATION_CONVERTER).convert(any(HttpServletRequest.class));
}

Example 2 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class Saml2LoginConfigurerTests method authenticateWhenCustomLoginProcessingUrlAndSaml2AuthenticationTokenConverterBeanThenAuthenticate.

@Test
public void authenticateWhenCustomLoginProcessingUrlAndSaml2AuthenticationTokenConverterBeanThenAuthenticate() throws Exception {
    this.spring.register(CustomLoginProcessingUrlSaml2AuthenticationTokenConverterBean.class).autowire();
    Saml2AuthenticationTokenConverter authenticationConverter = this.spring.getContext().getBean(Saml2AuthenticationTokenConverter.class);
    RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials().assertingPartyDetails((party) -> party.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))).build();
    String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE));
    given(authenticationConverter.convert(any(HttpServletRequest.class))).willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
    // @formatter:off
    MockHttpServletRequestBuilder request = post("/my/custom/url").param("SAMLResponse", SIGNED_RESPONSE);
    // @formatter:on
    this.mvc.perform(request).andExpect(redirectedUrl("/"));
    verify(authenticationConverter).convert(any(HttpServletRequest.class));
}

Example 3 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class Saml2WebSsoAuthenticationRequestFilterTests method doFilterWhenPathStartsWithRegistrationIdThenPosts.

@Test
public void doFilterWhenPathStartsWithRegistrationIdThenPosts() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST)).build();
    RequestMatcher matcher = new AntPathRequestMatcher("/{registrationId}/saml2/authenticate");
    DefaultRelyingPartyRegistrationResolver delegate = new DefaultRelyingPartyRegistrationResolver(this.repository);
    RelyingPartyRegistrationResolver resolver = (request, id) -> {
        String registrationId = matcher.matcher(request).getVariables().get("registrationId");
        return delegate.resolve(request, registrationId);
    };
    Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver = new DefaultSaml2AuthenticationRequestContextResolver(resolver);
    Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
    given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
    given(authenticationRequest.getRelayState()).willReturn("relay");
    given(authenticationRequest.getSamlRequest()).willReturn("saml");
    given(this.repository.findByRegistrationId("registration-id")).willReturn(registration);
    given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest);
    this.filter = new Saml2WebSsoAuthenticationRequestFilter(authenticationRequestContextResolver, this.factory);
    this.filter.setRedirectMatcher(matcher);
    this.request.setPathInfo("/registration-id/saml2/authenticate");
    this.filter.doFilter(this.request, this.response, new MockFilterChain());
    verify(this.repository).findByRegistrationId("registration-id");
}

Example 4 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class Saml2LogoutRequestFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    if (!this.logoutRequestMatcher.matches(request)) {
        chain.doFilter(request, response);
        return;
    }
    if (request.getParameter(Saml2ParameterNames.SAML_REQUEST) == null) {
        chain.doFilter(request, response);
        return;
    }
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, getRegistrationId(authentication));
    if (registration == null) {
        this.logger.trace("Did not process logout request since failed to find associated RelyingPartyRegistration");
        response.sendError(HttpServletResponse.SC_BAD_REQUEST);
        return;
    }
    if (registration.getSingleLogoutServiceLocation() == null) {
        this.logger.trace("Did not process logout request since RelyingPartyRegistration has not been configured with a logout request endpoint");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    if (!isCorrectBinding(request, registration)) {
        this.logger.trace("Did not process logout request since used incorrect binding");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    String serialized = request.getParameter(Saml2ParameterNames.SAML_REQUEST);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest(serialized).relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)).binding(registration.getSingleLogoutServiceBinding()).location(registration.getSingleLogoutServiceLocation()).parameters((params) -> params.put(Saml2ParameterNames.SIG_ALG, request.getParameter(Saml2ParameterNames.SIG_ALG))).parameters((params) -> params.put(Saml2ParameterNames.SIGNATURE, request.getParameter(Saml2ParameterNames.SIGNATURE))).build();
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(logoutRequest, registration, authentication);
    Saml2LogoutValidatorResult result = this.logoutRequestValidator.validate(parameters);
    if (result.hasErrors()) {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, result.getErrors().iterator().next().toString());
        this.logger.debug(LogMessage.format("Failed to validate LogoutRequest: %s", result.getErrors()));
        return;
    }
    this.handler.logout(request, response, authentication);
    Saml2LogoutResponse logoutResponse = this.logoutResponseResolver.resolve(request, authentication);
    if (logoutResponse == null) {
        this.logger.trace("Returning 401 since no logout response generated");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    if (logoutResponse.getBinding() == Saml2MessageBinding.REDIRECT) {
        doRedirect(request, response, logoutResponse);
    } else {
        doPost(response, logoutResponse);
    }
}

Example 5 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class OpenSamlAuthenticationProviderTests method token.

private Saml2AuthenticationToken token() {
    Response response = response();
    RelyingPartyRegistration registration = verifying(registration()).build();
    return new Saml2AuthenticationToken(registration, serialize(response));
}