Examples with Saml2MessageBinding org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding used on opensource projects

Search in sources :

Example 6 with Saml2MessageBinding

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding in project spring-security by spring-projects.

the class OpenSamlLogoutResponseResolverTests method resolvePostWhenAuthenticatedThenSuccess.

@Test
public void resolvePostWhenAuthenticatedThenSuccess() {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)).build();
    MockHttpServletRequest request = new MockHttpServletRequest();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    request.setParameter(Saml2ParameterNames.SAML_REQUEST, Saml2Utils.samlEncode(OpenSamlSigningUtils.serialize(logoutRequest).getBytes()));
    request.setParameter(Saml2ParameterNames.RELAY_STATE, "abcd");
    Authentication authentication = authentication(registration);
    given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
    Saml2LogoutResponse saml2LogoutResponse = this.logoutResponseResolver.resolve(request, authentication);
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.SIG_ALG)).isNull();
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.SIGNATURE)).isNull();
    assertThat(saml2LogoutResponse.getParameter(Saml2ParameterNames.RELAY_STATE)).isSameAs("abcd");
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
    LogoutResponse logoutResponse = getLogoutResponse(saml2LogoutResponse.getSamlResponse(), binding);
    assertThat(logoutResponse.getStatus().getStatusCode().getValue()).isEqualTo(StatusCode.SUCCESS);
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) HashMap(java.util.HashMap) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) ArrayList(java.util.ArrayList) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) TestOpenSamlObjects(org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) StatusCode(org.opensaml.saml.saml2.core.StatusCode) ByteArrayInputStream(java.io.ByteArrayInputStream) BDDMockito.given(org.mockito.BDDMockito.given) Document(org.w3c.dom.Document) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) Saml2Exception(org.springframework.security.saml2.Saml2Exception) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) StandardCharsets(java.nio.charset.StandardCharsets) XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport) Test(org.junit.jupiter.api.Test) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Element(org.w3c.dom.Element) Authentication(org.springframework.security.core.Authentication) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) Mockito.mock(org.mockito.Mockito.mock) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication) Authentication(org.springframework.security.core.Authentication) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) Test(org.junit.jupiter.api.Test)

Example 7 with Saml2MessageBinding

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding in project spring-security by spring-projects.

the class OpenSamlLogoutResponseResolverTests method getLogoutResponse.

private LogoutResponse getLogoutResponse(String saml2Response, Saml2MessageBinding binding) {
    if (binding == Saml2MessageBinding.REDIRECT) {
        saml2Response = Saml2Utils.samlInflate(Saml2Utils.samlDecode(saml2Response));
    } else {
        saml2Response = new String(Saml2Utils.samlDecode(saml2Response), StandardCharsets.UTF_8);
    }
    try {
        Document document = XMLObjectProviderRegistrySupport.getParserPool().parse(new ByteArrayInputStream(saml2Response.getBytes(StandardCharsets.UTF_8)));
        Element element = document.getDocumentElement();
        return (LogoutResponse) XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(element).unmarshall(element);
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse) ByteArrayInputStream(java.io.ByteArrayInputStream) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 8 with Saml2MessageBinding

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding in project midpoint by Evolveum.

the class MidpointAssertingPartyMetadataConverter method defineSingleSingOnService.

private void defineSingleSingOnService(IDPSSODescriptor idpssoDescriptor, String authenticationRequestBinding, RelyingPartyRegistration.Builder builder) {
    Saml2MessageBinding defaultBinding = Saml2MessageBinding.from(authenticationRequestBinding);
    if (defaultBinding == null && StringUtils.isNotEmpty(authenticationRequestBinding) && !defaultBinding.equals(Saml2MessageBinding.POST) && !defaultBinding.equals(Saml2MessageBinding.REDIRECT)) {
        throw new Saml2Exception("Default request binding '" + defaultBinding.getUrn() + "' isn't supported." + "Supported bindings are 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' and 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'.");
    }
    Saml2MessageBinding authBinding = null;
    for (SingleSignOnService singleSignOnService : idpssoDescriptor.getSingleSignOnServices()) {
        if (singleSignOnService.getBinding().equals(Saml2MessageBinding.POST.getUrn()) && allowBaseOnConsideringDefaultBinding(defaultBinding, Saml2MessageBinding.POST)) {
            authBinding = Saml2MessageBinding.POST;
        } else if (singleSignOnService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn()) && allowBaseOnConsideringDefaultBinding(defaultBinding, Saml2MessageBinding.REDIRECT)) {
            authBinding = Saml2MessageBinding.REDIRECT;
        } else {
            continue;
        }
        Saml2MessageBinding finalAuthBinding = authBinding;
        builder.assertingPartyDetails((party) -> party.singleSignOnServiceLocation(singleSignOnService.getLocation()).singleSignOnServiceBinding(finalAuthBinding));
        break;
    }
    if (authBinding == null) {
        String message = "Supported SingleSignOnService is missing in metadata response, necessary for sending authentication request. ";
        if (defaultBinding != null) {
            message = "Default SingleSignOnService '" + defaultBinding.getUrn() + "' is missing in metadata response, necessary for sending authentication request. ";
        }
        message = message + "Supported bindings are 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' and 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'.";
        throw new Saml2Exception(message);
    }
}
Also used : Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 9 with Saml2MessageBinding

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding in project midpoint by Evolveum.

the class MidpointAssertingPartyMetadataConverter method defineSingleLogoutService.

private void defineSingleLogoutService(IDPSSODescriptor idpssoDescriptor, RelyingPartyRegistration.Builder builder) {
    Saml2MessageBinding authBinding = null;
    for (SingleLogoutService singleLogoutService : idpssoDescriptor.getSingleLogoutServices()) {
        if (singleLogoutService.getBinding().equals(Saml2MessageBinding.POST.getUrn())) {
            authBinding = Saml2MessageBinding.POST;
        } else if (singleLogoutService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn())) {
            authBinding = Saml2MessageBinding.REDIRECT;
        } else {
            continue;
        }
        Saml2MessageBinding finalAuthBinding = authBinding;
        builder.assertingPartyDetails((party) -> party.singleLogoutServiceLocation(singleLogoutService.getLocation()).singleLogoutServiceBinding(finalAuthBinding));
        break;
    }
    if (authBinding == null) {
        throw new Saml2Exception("Metadata response is missing a SingleLogoutService, necessary for sending LogoutRequests");
    }
}
Also used : Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 10 with Saml2MessageBinding

use of org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding in project spring-security by spring-projects.

the class OpenSamlAuthenticationRequestResolver method resolve.

<T extends AbstractSaml2AuthenticationRequest> T resolve(HttpServletRequest request, BiConsumer<RelyingPartyRegistration, AuthnRequest> authnRequestConsumer) {
    RequestMatcher.MatchResult result = this.requestMatcher.matcher(request);
    if (!result.isMatch()) {
        return null;
    }
    String registrationId = result.getVariables().get("registrationId");
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
    if (registration == null) {
        return null;
    }
    AuthnRequest authnRequest = this.authnRequestBuilder.buildObject();
    authnRequest.setForceAuthn(Boolean.FALSE);
    authnRequest.setIsPassive(Boolean.FALSE);
    authnRequest.setProtocolBinding(registration.getAssertionConsumerServiceBinding().getUrn());
    Issuer iss = this.issuerBuilder.buildObject();
    iss.setValue(registration.getEntityId());
    authnRequest.setIssuer(iss);
    authnRequest.setDestination(registration.getAssertingPartyDetails().getSingleSignOnServiceLocation());
    authnRequest.setAssertionConsumerServiceURL(registration.getAssertionConsumerServiceLocation());
    authnRequestConsumer.accept(registration, authnRequest);
    if (authnRequest.getID() == null) {
        authnRequest.setID("ARQ" + UUID.randomUUID().toString().substring(1));
    }
    String relayState = UUID.randomUUID().toString();
    Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleSignOnServiceBinding();
    if (binding == Saml2MessageBinding.POST) {
        if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
            OpenSamlSigningUtils.sign(authnRequest, registration);
        }
        String xml = serialize(authnRequest);
        String encoded = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
        return (T) Saml2PostAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest(encoded).relayState(relayState).build();
    } else {
        String xml = serialize(authnRequest);
        String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
        Saml2RedirectAuthenticationRequest.Builder builder = Saml2RedirectAuthenticationRequest.withRelyingPartyRegistration(registration).samlRequest(deflatedAndEncoded).relayState(relayState);
        if (registration.getAssertingPartyDetails().getWantAuthnRequestsSigned()) {
            Map<String, String> parameters = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded).param(Saml2ParameterNames.RELAY_STATE, relayState).parameters();
            builder.sigAlg(parameters.get(Saml2ParameterNames.SIG_ALG)).signature(parameters.get(Saml2ParameterNames.SIGNATURE));
        }
        return (T) builder.build();
    }
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) Issuer(org.opensaml.saml.saml2.core.Issuer) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)

Aggregations

Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)10 Saml2Exception (org.springframework.security.saml2.Saml2Exception)9 Document (org.w3c.dom.Document)7 Element (org.w3c.dom.Element)7 ByteArrayInputStream (java.io.ByteArrayInputStream)6 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)6 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)5 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)5 Test (org.junit.jupiter.api.Test)4 StandardCharsets (java.nio.charset.StandardCharsets)3 ArrayList (java.util.ArrayList)3 Issuer (org.opensaml.saml.saml2.core.Issuer)3 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)3 Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)3 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2 Arrays (java.util.Arrays)2 HashMap (java.util.HashMap)2 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial