Examples with AssertingPartyDetails org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails used on opensource projects

Example 11 with AssertingPartyDetails

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails in project spring-security by spring-projects.

the class OpenSamlLogoutResponseResolverTests method resolvePostWhenAuthenticatedThenSuccess.

@Test
public void resolvePostWhenAuthenticatedThenSuccess() {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)).build();
    MockHttpServletRequest request = new MockHttpServletRequest();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    request.setParameter(Saml2ParameterNames.SAML_REQUEST, Saml2Utils.samlEncode(OpenSamlSigningUtils.serialize(logoutRequest).getBytes()));
    request.setParameter(Saml2ParameterNames.RELAY_STATE, "abcd");
    Authentication authentication = authentication(registration);
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutResponse saml2LogoutResponse = this.logoutResponseResolver.resolve(request, authentication);
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.SIG_ALG)).isNull();
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.SIGNATURE)).isNull();
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.RELAY_STATE)).isSameAs("abcd");
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
    LogoutResponse logoutResponse = getLogoutResponse(saml2LogoutResponse.getSamlResponse(), binding);
    assertThat(logoutResponse.getStatus().getStatusCode().getValue()).isEqualTo(StatusCode.SUCCESS);
}

Example 12 with AssertingPartyDetails

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails in project spring-security by spring-projects.

the class Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests method onLogoutSuccessWhenPostThenPostsToAssertingParty.

@Test
public void onLogoutSuccessWhenPostThenPostsToAssertingParty() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)).build();
    Authentication authentication = authentication(registration);
    SecurityContextHolder.getContext().setAuthentication(authentication);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest("request").build();
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/saml2/logout");
    request.setServletPath("/saml2/logout");
    MockHttpServletResponse response = new MockHttpServletResponse();
    given(this.logoutRequestResolver.resolve(any(), any())).willReturn(logoutRequest);
    this.logoutRequestSuccessHandler.onLogoutSuccess(request, response, authentication);
    String content = response.getContentAsString();
    assertThat(content).contains(Saml2ParameterNames.SAML_REQUEST);
    assertThat(content).contains(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
}

Example 13 with AssertingPartyDetails

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails in project midpoint by Evolveum.

the class SamlModuleWebSecurityConfiguration method createRelyingPartyRegistration.

private static void createRelyingPartyRegistration(RelyingPartyRegistration.Builder registrationBuilder, SamlAdditionalConfiguration.Builder additionalConfigBuilder, Saml2ProviderAuthenticationModuleType providerType, String publicHttpUrlPattern, SamlModuleWebSecurityConfiguration configuration, Saml2KeyAuthenticationModuleType keysType, Saml2ServiceProviderAuthenticationModuleType serviceProviderType, ServletRequest request) {
    String linkText = providerType.getLinkText() == null ? providerType.getEntityId() : providerType.getLinkText();
    additionalConfigBuilder.nameOfUsernameAttribute(providerType.getNameOfUsernameAttribute()).linkText(linkText);
    String registrationId = StringUtils.isNotEmpty(serviceProviderType.getAliasForPath()) ? serviceProviderType.getAliasForPath() : (StringUtils.isNotEmpty(serviceProviderType.getAlias()) ? serviceProviderType.getAlias() : serviceProviderType.getEntityId());
    UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(StringUtils.isNotBlank(publicHttpUrlPattern) ? publicHttpUrlPattern : getBasePath((HttpServletRequest) request));
    UriComponentsBuilder ssoBuilder = builder.cloneBuilder();
    ssoBuilder.pathSegment(AuthUtil.stripSlashes(configuration.getPrefixOfModule()) + SSO_LOCATION_URL_SUFFIX);
    UriComponentsBuilder logoutBuilder = builder.cloneBuilder();
    logoutBuilder.pathSegment(AuthUtil.stripSlashes(configuration.getPrefixOfModule()) + LOGOUT_LOCATION_URL_SUFFIX);
    registrationBuilder.registrationId(registrationId).entityId(serviceProviderType.getEntityId()).assertionConsumerServiceLocation(ssoBuilder.build().toUriString()).singleLogoutServiceLocation(logoutBuilder.build().toUriString()).assertingPartyDetails(party -> {
        party.entityId(providerType.getEntityId());
        if (serviceProviderType.isSignRequests() != null) {
            party.wantAuthnRequestsSigned(Boolean.TRUE.equals(serviceProviderType.isSignRequests()));
        }
        if (providerType.getVerificationKeys() != null && !providerType.getVerificationKeys().isEmpty()) {
            party.verificationX509Credentials(c -> providerType.getVerificationKeys().forEach(verKey -> {
                byte[] certbytes = new byte[0];
                try {
                    certbytes = protector.decryptString(verKey).getBytes();
                } catch (EncryptionException e) {
                    LOGGER.error("Couldn't obtain clear string for provider verification key");
                }
                try {
                    X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certbytes));
                    c.add(new Saml2X509Credential(certificate, Saml2X509Credential.Saml2X509CredentialType.VERIFICATION));
                } catch (CertificateException e) {
                    LOGGER.error("Couldn't obtain certificate from " + verKey);
                }
            }));
        }
    });
    Saml2X509Credential activeCredential = null;
    ModuleSaml2SimpleKeyType simpleKeyType = keysType.getActiveSimpleKey();
    if (simpleKeyType != null) {
        activeCredential = getSaml2Credential(simpleKeyType, true);
    }
    ModuleSaml2KeyStoreKeyType storeKeyType = keysType.getActiveKeyStoreKey();
    if (storeKeyType != null) {
        activeCredential = getSaml2Credential(storeKeyType, true);
    }
    List<Saml2X509Credential> credentials = new ArrayList<>();
    if (activeCredential != null) {
        credentials.add(activeCredential);
    }
    if (keysType.getStandBySimpleKey() != null && !keysType.getStandBySimpleKey().isEmpty()) {
        for (ModuleSaml2SimpleKeyType standByKey : keysType.getStandBySimpleKey()) {
            Saml2X509Credential credential = getSaml2Credential(standByKey, false);
            if (credential != null) {
                credentials.add(credential);
            }
        }
    }
    if (keysType.getStandByKeyStoreKey() != null && !keysType.getStandByKeyStoreKey().isEmpty()) {
        for (ModuleSaml2KeyStoreKeyType standByKey : keysType.getStandByKeyStoreKey()) {
            Saml2X509Credential credential = getSaml2Credential(standByKey, false);
            if (credential != null) {
                credentials.add(credential);
            }
        }
    }
    if (!credentials.isEmpty()) {
        registrationBuilder.decryptionX509Credentials(c -> credentials.forEach(cred -> {
            if (cred.getCredentialTypes().contains(Saml2X509Credential.Saml2X509CredentialType.DECRYPTION)) {
                c.add(cred);
            }
        }));
        registrationBuilder.signingX509Credentials(c -> credentials.forEach(cred -> {
            if (cred.getCredentialTypes().contains(Saml2X509Credential.Saml2X509CredentialType.SIGNING)) {
                c.add(cred);
            }
        }));
    }
}

Example 14 with AssertingPartyDetails

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails in project midpoint by Evolveum.

the class MidpointAssertingPartyMetadataConverter method convert.

public RelyingPartyRegistration.Builder convert(InputStream inputStream, Saml2ProviderAuthenticationModuleType providerConfig) {
    EntityDescriptor descriptor = entityDescriptor(inputStream);
    IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
    if (idpssoDescriptor == null) {
        throw new Saml2Exception("Metadata response is missing the necessary IDPSSODescriptor element");
    }
    List<Saml2X509Credential> verification = new ArrayList<>();
    List<Saml2X509Credential> encryption = new ArrayList<>();
    for (KeyDescriptor keyDescriptor : idpssoDescriptor.getKeyDescriptors()) {
        defineKeys(keyDescriptor, verification, encryption);
    }
    if (verification.isEmpty()) {
        throw new Saml2Exception("Metadata response is missing verification certificates, necessary for verifying SAML assertions");
    }
    RelyingPartyRegistration.Builder builder = RelyingPartyRegistration.withRegistrationId(descriptor.getEntityID()).assertingPartyDetails((party) -> party.entityId(descriptor.getEntityID()).wantAuthnRequestsSigned(Boolean.TRUE.equals(idpssoDescriptor.getWantAuthnRequestsSigned())).verificationX509Credentials((c) -> c.addAll(verification)).encryptionX509Credentials((c) -> c.addAll(encryption)));
    List<SigningMethod> signingMethods = signingMethods(idpssoDescriptor);
    for (SigningMethod method : signingMethods) {
        builder.assertingPartyDetails((party) -> party.signingAlgorithms((algorithms) -> algorithms.add(method.getAlgorithm())));
    }
    defineSingleSingOnService(idpssoDescriptor, providerConfig.getAuthenticationRequestBinding(), builder);
    defineSingleLogoutService(idpssoDescriptor, builder);
    return builder;
}

Example 15 with AssertingPartyDetails

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails in project spring-security by spring-projects.

the class Saml2LoginConfigurerTests method authenticateWhenCustomAuthenticationConverterBeanThenUses.

@Test
public void authenticateWhenCustomAuthenticationConverterBeanThenUses() throws Exception {
    this.spring.register(CustomAuthenticationConverterBean.class).autowire();
    Saml2AuthenticationTokenConverter authenticationConverter = this.spring.getContext().getBean(Saml2AuthenticationTokenConverter.class);
    RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.noCredentials().assertingPartyDetails((party) -> party.verificationX509Credentials((c) -> c.add(TestSaml2X509Credentials.relyingPartyVerifyingCredential()))).build();
    String response = new String(Saml2Utils.samlDecode(SIGNED_RESPONSE));
    given(authenticationConverter.convert(any(HttpServletRequest.class))).willReturn(new Saml2AuthenticationToken(relyingPartyRegistration, response));
    // @formatter:off
    MockHttpServletRequestBuilder request = post("/login/saml2/sso/" + relyingPartyRegistration.getRegistrationId()).param("SAMLResponse", SIGNED_RESPONSE);
    // @formatter:on
    this.mvc.perform(request).andExpect(redirectedUrl("/"));
    verify(authenticationConverter).convert(any(HttpServletRequest.class));
}