Example 76 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class OpenSamlLogoutRequestValidator method validate.
/**
* {@inheritDoc}
*/
@Override
public Saml2LogoutValidatorResult validate(Saml2LogoutRequestValidatorParameters parameters) {
Saml2LogoutRequest request = parameters.getLogoutRequest();
RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration();
Authentication authentication = parameters.getAuthentication();
byte[] b = Saml2Utils.samlDecode(request.getSamlRequest());
LogoutRequest logoutRequest = parse(inflateIfRequired(request, b));
return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(request, logoutRequest, registration)).errors(validateRequest(logoutRequest, registration, authentication)).build();
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Authentication(org.springframework.security.core.Authentication)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Example 77 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class OpenSamlLogoutResponseValidator method validate.
/**
* {@inheritDoc}
*/
@Override
public Saml2LogoutValidatorResult validate(Saml2LogoutResponseValidatorParameters parameters) {
Saml2LogoutResponse response = parameters.getLogoutResponse();
Saml2LogoutRequest request = parameters.getLogoutRequest();
RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration();
byte[] b = Saml2Utils.samlDecode(response.getSamlResponse());
LogoutResponse logoutResponse = parse(inflateIfRequired(response, b));
return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(response, logoutResponse, registration)).errors(validateRequest(logoutResponse, registration)).errors(validateLogoutRequest(logoutResponse, request.getId())).build();
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Example 78 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class OpenSamlSigningUtils method resolveSigningParameters.
private static SignatureSigningParameters resolveSigningParameters(RelyingPartyRegistration relyingPartyRegistration) {
List<Credential> credentials = resolveSigningCredentials(relyingPartyRegistration);
List<String> algorithms = relyingPartyRegistration.getAssertingPartyDetails().getSigningAlgorithms();
List<String> digests = Collections.singletonList(SignatureConstants.ALGO_ID_DIGEST_SHA256);
String canonicalization = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
SignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
CriteriaSet criteria = new CriteriaSet();
BasicSignatureSigningConfiguration signingConfiguration = new BasicSignatureSigningConfiguration();
signingConfiguration.setSigningCredentials(credentials);
signingConfiguration.setSignatureAlgorithms(algorithms);
signingConfiguration.setSignatureReferenceDigestMethods(digests);
signingConfiguration.setSignatureCanonicalizationAlgorithm(canonicalization);
signingConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager());
criteria.add(new SignatureSigningConfigurationCriterion(signingConfiguration));
try {
SignatureSigningParameters parameters = resolver.resolveSingle(criteria);
Assert.notNull(parameters, "Failed to resolve any signing credential");
return parameters;
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
Also used :
BasicCredential(org.opensaml.security.credential.BasicCredential)
Credential(org.opensaml.security.credential.Credential)
Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential)
SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver)
SignatureSigningParametersResolver(org.opensaml.xmlsec.SignatureSigningParametersResolver)
SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters)
SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration)
MarshallingException(org.opensaml.core.xml.io.MarshallingException)
SecurityException(org.opensaml.security.SecurityException)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Example 79 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class OpenSamlDecryptionUtils method decryptAssertionElements.
static void decryptAssertionElements(Assertion assertion, RelyingPartyRegistration registration) {
Decrypter decrypter = decrypter(registration);
for (AttributeStatement statement : assertion.getAttributeStatements()) {
for (EncryptedAttribute encryptedAttribute : statement.getEncryptedAttributes()) {
try {
Attribute attribute = decrypter.decrypt(encryptedAttribute);
statement.getAttributes().add(attribute);
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
}
if (assertion.getSubject() == null) {
return;
}
if (assertion.getSubject().getEncryptedID() == null) {
return;
}
try {
assertion.getSubject().setNameID((NameID) decrypter.decrypt(assertion.getSubject().getEncryptedID()));
} catch (Exception ex) {
throw new Saml2Exception(ex);
}
}
Also used :
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute)
Attribute(org.opensaml.saml.saml2.core.Attribute)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Decrypter(org.opensaml.saml.saml2.encryption.Decrypter)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Example 80 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class TestRelyingPartyRegistrations method relyingPartyRegistration.
public static RelyingPartyRegistration.Builder relyingPartyRegistration() {
String registrationId = "simplesamlphp";
String rpEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
Saml2X509Credential signingCredential = TestSaml2X509Credentials.relyingPartySigningCredential();
String assertionConsumerServiceLocation = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
String apEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php";
Saml2X509Credential verificationCertificate = TestSaml2X509Credentials.relyingPartyVerifyingCredential();
String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
String singleLogoutServiceLocation = "{baseUrl}/logout/saml2/slo";
return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId).assertionConsumerServiceLocation(assertionConsumerServiceLocation).singleLogoutServiceLocation(singleLogoutServiceLocation).credentials((c) -> c.add(signingCredential)).providerDetails((c) -> c.entityId(apEntityId).webSsoUrl(singleSignOnServiceLocation)).credentials((c) -> c.add(verificationCertificate));
}
Also used :
Saml2WebSsoAuthenticationFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter)
TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials)
Saml2X509Credential(org.springframework.security.saml2.credentials.Saml2X509Credential)
Saml2X509Credential(org.springframework.security.saml2.credentials.Saml2X509Credential)
Aggregations
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)97
Test (org.junit.jupiter.api.Test)68
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)41
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)36
TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)36
Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)34
BDDMockito.given (org.mockito.BDDMockito.given)28
Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)28
Authentication (org.springframework.security.core.Authentication)26
StandardCharsets (java.nio.charset.StandardCharsets)24
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)24
Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)23
BeforeEach (org.junit.jupiter.api.BeforeEach)22
Mockito.mock (org.mockito.Mockito.mock)22
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)22
Saml2Exception (org.springframework.security.saml2.Saml2Exception)22
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)21
Mockito.verify (org.mockito.Mockito.verify)19
MockFilterChain (org.springframework.mock.web.MockFilterChain)19
Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)19
