Example 26 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class OpenSamlAuthenticationRequestFactoryTests method createRedirectAuthenticationRequestWhenSignRequestThenCredentialIsRequired.
@Test
public void createRedirectAuthenticationRequestWhenSignRequestThenCredentialIsRequired() {
Saml2X509Credential credential = org.springframework.security.saml2.core.TestSaml2X509Credentials.relyingPartyVerifyingCredential();
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.noCredentials().assertingPartyDetails((party) -> party.verificationX509Credentials((c) -> c.add(credential))).build();
this.context = this.contextBuilder.relayState("Relay State Value").relyingPartyRegistration(registration).build();
assertThatExceptionOfType(Saml2Exception.class).isThrownBy(() -> this.factory.createPostAuthenticationRequest(this.context));
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
AuthnRequestUnmarshaller(org.opensaml.saml.saml2.core.impl.AuthnRequestUnmarshaller)
ByteArrayInputStream(java.io.ByteArrayInputStream)
BDDMockito.given(org.mockito.BDDMockito.given)
Document(org.w3c.dom.Document)
Assertions.assertThatExceptionOfType(org.assertj.core.api.Assertions.assertThatExceptionOfType)
SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants)
SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants)
Converter(org.springframework.core.convert.converter.Converter)
DateTime(org.joda.time.DateTime)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential)
StandardCharsets(java.nio.charset.StandardCharsets)
XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport)
Mockito.verify(org.mockito.Mockito.verify)
Test(org.junit.jupiter.api.Test)
Element(org.w3c.dom.Element)
TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials)
Assertions(org.junit.jupiter.api.Assertions)
Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException)
TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)
Mockito.mock(org.mockito.Mockito.mock)
Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
Test(org.junit.jupiter.api.Test)
Example 27 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class OpenSaml4AuthenticationRequestFactory method createAuthenticationRequest.
/**
* {@inheritDoc}
*/
@Override
@Deprecated
public String createAuthenticationRequest(Saml2AuthenticationRequest request) {
RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("noId").assertionConsumerServiceBinding(Saml2MessageBinding.POST).assertionConsumerServiceLocation(request.getAssertionConsumerServiceUrl()).entityId(request.getIssuer()).remoteIdpEntityId("noIssuer").idpWebSsoUrl("noUrl").credentials((credentials) -> credentials.addAll(request.getCredentials())).build();
Saml2AuthenticationRequestContext context = Saml2AuthenticationRequestContext.builder().relyingPartyRegistration(registration).issuer(request.getIssuer()).assertionConsumerServiceUrl(request.getAssertionConsumerServiceUrl()).build();
AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
return OpenSamlSigningUtils.serialize(OpenSamlSigningUtils.sign(authnRequest, registration));
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Converter(org.springframework.core.convert.converter.Converter)
OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ConfigurationService(org.opensaml.core.config.ConfigurationService)
NameIDPolicyBuilder(org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder)
UUID(java.util.UUID)
Instant(java.time.Instant)
StandardCharsets(java.nio.charset.StandardCharsets)
XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
AuthnRequestBuilder(org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder)
Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames)
Issuer(org.opensaml.saml.saml2.core.Issuer)
Map(java.util.Map)
Clock(java.time.Clock)
NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy)
SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants)
QueryParametersPartial(org.springframework.security.saml2.provider.service.authentication.OpenSamlSigningUtils.QueryParametersPartial)
Assert(org.springframework.util.Assert)
StringUtils(org.springframework.util.StringUtils)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Example 28 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class OpenSaml4AuthenticationRequestFactory method createPostAuthenticationRequest.
/**
* {@inheritDoc}
*/
@Override
public Saml2PostAuthenticationRequest createPostAuthenticationRequest(Saml2AuthenticationRequestContext context) {
AuthnRequest authnRequest = this.authenticationRequestContextConverter.convert(context);
RelyingPartyRegistration registration = context.getRelyingPartyRegistration();
if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
OpenSamlSigningUtils.sign(authnRequest, registration);
}
String xml = OpenSamlSigningUtils.serialize(authnRequest);
return Saml2PostAuthenticationRequest.withAuthenticationRequestContext(context).samlRequest(Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8))).build();
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Example 29 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class DefaultRelyingPartyRegistrationResolver method resolve.
/**
* {@inheritDoc}
*/
@Override
public RelyingPartyRegistration resolve(HttpServletRequest request, String relyingPartyRegistrationId) {
if (relyingPartyRegistrationId == null) {
if (this.logger.isTraceEnabled()) {
this.logger.trace("Attempting to resolve from " + this.registrationRequestMatcher + " since registrationId is null");
}
relyingPartyRegistrationId = this.registrationRequestMatcher.matcher(request).getVariables().get("registrationId");
}
if (relyingPartyRegistrationId == null) {
if (this.logger.isTraceEnabled()) {
this.logger.trace("Returning null registration since registrationId is null");
}
return null;
}
RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationRepository.findByRegistrationId(relyingPartyRegistrationId);
if (relyingPartyRegistration == null) {
return null;
}
String applicationUri = getApplicationUri(request);
Function<String, String> templateResolver = templateResolver(applicationUri, relyingPartyRegistration);
String relyingPartyEntityId = templateResolver.apply(relyingPartyRegistration.getEntityId());
String assertionConsumerServiceLocation = templateResolver.apply(relyingPartyRegistration.getAssertionConsumerServiceLocation());
String singleLogoutServiceLocation = templateResolver.apply(relyingPartyRegistration.getSingleLogoutServiceLocation());
String singleLogoutServiceResponseLocation = templateResolver.apply(relyingPartyRegistration.getSingleLogoutServiceResponseLocation());
return RelyingPartyRegistration.withRelyingPartyRegistration(relyingPartyRegistration).entityId(relyingPartyEntityId).assertionConsumerServiceLocation(assertionConsumerServiceLocation).singleLogoutServiceLocation(singleLogoutServiceLocation).singleLogoutServiceResponseLocation(singleLogoutServiceResponseLocation).build();
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Example 30 with RelyingPartyRegistration
use of org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration in project spring-security by spring-projects.
the class Saml2MetadataFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
RequestMatcher.MatchResult matcher = this.requestMatcher.matcher(request);
if (!matcher.isMatch()) {
chain.doFilter(request, response);
return;
}
String registrationId = matcher.getVariables().get("registrationId");
RelyingPartyRegistration relyingPartyRegistration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
if (relyingPartyRegistration == null) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
String metadata = this.saml2MetadataResolver.resolve(relyingPartyRegistration);
writeMetadataToResponse(response, relyingPartyRegistration.getRegistrationId(), metadata);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Aggregations
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)92
Test (org.junit.jupiter.api.Test)64
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)41
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)36
TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)36
Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)34
BDDMockito.given (org.mockito.BDDMockito.given)28
Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)27
Authentication (org.springframework.security.core.Authentication)26
StandardCharsets (java.nio.charset.StandardCharsets)24
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)24
Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)23
BeforeEach (org.junit.jupiter.api.BeforeEach)22
Mockito.mock (org.mockito.Mockito.mock)22
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)22
Saml2Exception (org.springframework.security.saml2.Saml2Exception)22
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)21
Mockito.verify (org.mockito.Mockito.verify)19
MockFilterChain (org.springframework.mock.web.MockFilterChain)19
Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)19
