Examples with RelyingPartyRegistration org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration used on opensource projects

Search in sources :

Example 86 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class Saml2LogoutResponseFilterTests method doFilterWhenNoRelyingPartyLogoutThen401.

@Test
public void doFilterWhenNoRelyingPartyLogoutThen401() throws Exception {
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    SecurityContextHolder.getContext().setAuthentication(authentication);
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/logout/saml2/slo");
    request.setServletPath("/logout/saml2/slo");
    request.setParameter(Saml2ParameterNames.SAML_RESPONSE, "response");
    MockHttpServletResponse response = new MockHttpServletResponse();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().singleLogoutServiceLocation(null).singleLogoutServiceResponseLocation(null).build();
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest("request").build();
    given(this.logoutRequestRepository.removeLogoutRequest(request, response)).willReturn(logoutRequest);
    this.logoutResponseProcessingFilter.doFilterInternal(request, response, new MockFilterChain());
    assertThat(response.getStatus()).isEqualTo(401);
    verifyNoInteractions(this.logoutSuccessHandler);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 87 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class Saml2LogoutResponseFilterTests method doFilterWhenValidatorFailsThenStops.

@Test
public void doFilterWhenValidatorFailsThenStops() throws Exception {
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    SecurityContextHolder.getContext().setAuthentication(authentication);
    MockHttpServletRequest request = new MockHttpServletRequest("POST", "/logout/saml2/slo");
    request.setServletPath("/logout/saml2/slo");
    request.setParameter(Saml2ParameterNames.SAML_RESPONSE, "response");
    MockHttpServletResponse response = new MockHttpServletResponse();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
    given(this.relyingPartyRegistrationResolver.resolve(request, "registration-id")).willReturn(registration);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest("request").build();
    given(this.logoutRequestRepository.removeLogoutRequest(request, response)).willReturn(logoutRequest);
    given(this.logoutResponseValidator.validate(any())).willReturn(Saml2LogoutValidatorResult.withErrors(new Saml2Error("error", "description")).build());
    this.logoutResponseProcessingFilter.doFilterInternal(request, response, new MockFilterChain());
    verify(this.logoutResponseValidator).validate(any());
    verifyNoInteractions(this.logoutSuccessHandler);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2Error(org.springframework.security.saml2.core.Saml2Error) Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 88 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class Saml2RelyingPartyInitiatedLogoutSuccessHandlerTests method authentication.

private Saml2Authentication authentication(RelyingPartyRegistration registration) {
    DefaultSaml2AuthenticatedPrincipal principal = new DefaultSaml2AuthenticatedPrincipal("user", new HashMap<>());
    principal.setRelyingPartyRegistrationId(registration.getRegistrationId());
    return new Saml2Authentication(principal, "response", new ArrayList<>());
}
Also used : Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)

Example 89 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class OpenSamlAuthenticationRequestResolverTests method resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects.

@Test
public void resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setPathInfo("/saml2/authenticate/registration-id");
    RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder.build();
    OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
    Saml2RedirectAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
        assertThat(authnRequest.getAssertionConsumerServiceURL()).isEqualTo(registration.getAssertionConsumerServiceLocation());
        assertThat(authnRequest.getProtocolBinding()).isEqualTo(registration.getAssertionConsumerServiceBinding().getUrn());
        assertThat(authnRequest.getDestination()).isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
        assertThat(authnRequest.getIssuer().getValue()).isEqualTo(registration.getEntityId());
    });
    assertThat(result.getSamlRequest()).isNotEmpty();
    assertThat(result.getRelayState()).isNotNull();
    assertThat(result.getSigAlg()).isEqualTo(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
    assertThat(result.getSignature()).isNotEmpty();
    assertThat(result.getBinding()).isEqualTo(Saml2MessageBinding.REDIRECT);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Test(org.junit.Test)

Example 90 with RelyingPartyRegistration

use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.

the class OpenSamlAuthenticationRequestResolverTests method resolveAuthenticationRequestWhenUnsignedPostThenOnlyPosts.

@Test
public void resolveAuthenticationRequestWhenUnsignedPostThenOnlyPosts() {
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setPathInfo("/saml2/authenticate/registration-id");
    RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder.assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(false)).build();
    OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
    Saml2PostAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
        assertThat(authnRequest.getAssertionConsumerServiceURL()).isEqualTo(registration.getAssertionConsumerServiceLocation());
        assertThat(authnRequest.getProtocolBinding()).isEqualTo(registration.getAssertionConsumerServiceBinding().getUrn());
        assertThat(authnRequest.getDestination()).isEqualTo(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
        assertThat(authnRequest.getIssuer().getValue()).isEqualTo(registration.getEntityId());
    });
    assertThat(result.getSamlRequest()).isNotEmpty();
    assertThat(result.getRelayState()).isNotNull();
    assertThat(result.getBinding()).isEqualTo(Saml2MessageBinding.POST);
    assertThat(new String(Saml2Utils.samlDecode(result.getSamlRequest()))).doesNotContain("Signature");
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Test(org.junit.Test) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TestSaml2X509Credentials(org.springframework.security.saml2.core.TestSaml2X509Credentials) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Saml2PostAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest) Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) Before(org.junit.Before) Saml2PostAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Test(org.junit.Test)

Aggregations

RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)97 Test (org.junit.jupiter.api.Test)68 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)41 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)36 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)36 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)34 BDDMockito.given (org.mockito.BDDMockito.given)28 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)28 Authentication (org.springframework.security.core.Authentication)26 StandardCharsets (java.nio.charset.StandardCharsets)24 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)24 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)23 BeforeEach (org.junit.jupiter.api.BeforeEach)22 Mockito.mock (org.mockito.Mockito.mock)22 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)22 Saml2Exception (org.springframework.security.saml2.Saml2Exception)22 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)21 Mockito.verify (org.mockito.Mockito.verify)19 MockFilterChain (org.springframework.mock.web.MockFilterChain)19 Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)19
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial