Example 1 with Saml2WebSsoAuthenticationFilter
use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter in project spring-security by spring-projects.
the class Saml2LoginConfigurerTests method validateSaml2WebSsoAuthenticationFilterConfiguration.
private void validateSaml2WebSsoAuthenticationFilterConfiguration() {
// get the OpenSamlAuthenticationProvider
Saml2WebSsoAuthenticationFilter filter = getSaml2SsoFilter(this.springSecurityFilterChain);
AuthenticationManager manager = (AuthenticationManager) ReflectionTestUtils.getField(filter, "authenticationManager");
ProviderManager pm = (ProviderManager) manager;
AuthenticationProvider provider = pm.getProviders().stream().filter((p) -> p instanceof OpenSaml4AuthenticationProvider).findFirst().get();
assertThat(provider).isNotNull();
}
Also used :
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
OpenSaml4AuthenticationProvider(org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider)
ProviderManager(org.springframework.security.authentication.ProviderManager)
AuthenticationProvider(org.springframework.security.authentication.AuthenticationProvider)
OpenSamlAuthenticationProvider(org.springframework.security.saml2.provider.service.authentication.OpenSamlAuthenticationProvider)
OpenSaml4AuthenticationProvider(org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider)
Saml2WebSsoAuthenticationFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter)
Example 2 with Saml2WebSsoAuthenticationFilter
use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilterTests method setAuthenticationRequestRepositoryWhenNotExpectedAuthenticationConverterTypeThenDoNotSet.
@Test
public void setAuthenticationRequestRepositoryWhenNotExpectedAuthenticationConverterTypeThenDoNotSet() {
AuthenticationConverter authenticationConverter = mock(AuthenticationConverter.class);
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository = mock(Saml2AuthenticationRequestRepository.class);
this.filter = new Saml2WebSsoAuthenticationFilter(authenticationConverter, "/some/other/path/{registrationId}");
this.filter.setAuthenticationRequestRepository(authenticationRequestRepository);
verifyNoInteractions(authenticationConverter);
}
Also used :
AuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Test(org.junit.jupiter.api.Test)
Example 3 with Saml2WebSsoAuthenticationFilter
use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilterTests method setAuthenticationRequestRepositoryWhenExpectedAuthenticationConverterTypeThenSetLoaderIntoConverter.
@Test
public void setAuthenticationRequestRepositoryWhenExpectedAuthenticationConverterTypeThenSetLoaderIntoConverter() {
Saml2AuthenticationTokenConverter authenticationConverter = mock(Saml2AuthenticationTokenConverter.class);
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository = mock(Saml2AuthenticationRequestRepository.class);
this.filter = new Saml2WebSsoAuthenticationFilter(authenticationConverter, "/some/other/path/{registrationId}");
this.filter.setAuthenticationRequestRepository(authenticationRequestRepository);
verify(authenticationConverter).setAuthenticationRequestRepository(authenticationRequestRepository);
}
Also used :
Saml2AuthenticationTokenConverter(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Test(org.junit.jupiter.api.Test)
Example 4 with Saml2WebSsoAuthenticationFilter
use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter in project spring-security by spring-projects.
the class Saml2LoginConfigurer method init.
/**
* {@inheritDoc}
* <p>
* Initializes this filter chain for SAML 2 Login. The following actions are taken:
* <ul>
* <li>The WebSSO endpoint has CSRF disabled, typically {@code /login/saml2/sso}</li>
* <li>A {@link Saml2WebSsoAuthenticationFilter is configured}</li>
* <li>The {@code loginProcessingUrl} is set</li>
* <li>A custom login page is configured, <b>or</b></li>
* <li>A default login page with all SAML 2.0 Identity Providers is configured</li>
* <li>An {@link AuthenticationProvider} is configured</li>
* </ul>
*/
@Override
public void init(B http) throws Exception {
registerDefaultCsrfOverride(http);
relyingPartyRegistrationRepository(http);
this.saml2WebSsoAuthenticationFilter = new Saml2WebSsoAuthenticationFilter(getAuthenticationConverter(http), this.loginProcessingUrl);
setAuthenticationRequestRepository(http, this.saml2WebSsoAuthenticationFilter);
setAuthenticationFilter(this.saml2WebSsoAuthenticationFilter);
super.loginProcessingUrl(this.loginProcessingUrl);
if (StringUtils.hasText(this.loginPage)) {
// Set custom login page
super.loginPage(this.loginPage);
super.init(http);
} else {
Map<String, String> providerUrlMap = getIdentityProviderUrlMap(this.authenticationRequestUri, this.relyingPartyRegistrationRepository);
boolean singleProvider = providerUrlMap.size() == 1;
if (singleProvider) {
// Setup auto-redirect to provider login page
// when only 1 IDP is configured
this.updateAuthenticationDefaults();
this.updateAccessDefaults(http);
String loginUrl = providerUrlMap.entrySet().iterator().next().getKey();
final LoginUrlAuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint(loginUrl);
registerAuthenticationEntryPoint(http, entryPoint);
} else {
super.init(http);
}
}
this.initDefaultLoginFilter(http);
}
Also used :
LoginUrlAuthenticationEntryPoint(org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint)
Saml2WebSsoAuthenticationFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter)
Example 5 with Saml2WebSsoAuthenticationFilter
use of org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter in project spring-security by spring-projects.
the class Saml2WebSsoAuthenticationFilterTests method attemptAuthenticationWhenSavedAuthnRequestThenRemovesAuthnRequest.
@Test
public void attemptAuthenticationWhenSavedAuthnRequestThenRemovesAuthnRequest() {
Saml2AuthenticationRequestRepository<AbstractSaml2AuthenticationRequest> authenticationRequestRepository = mock(Saml2AuthenticationRequestRepository.class);
AuthenticationConverter authenticationConverter = mock(AuthenticationConverter.class);
given(authenticationConverter.convert(this.request)).willReturn(TestSaml2AuthenticationTokens.token());
this.filter = new Saml2WebSsoAuthenticationFilter(authenticationConverter, "/some/other/path/{registrationId}");
this.filter.setAuthenticationManager((authentication) -> null);
this.request.setPathInfo("/some/other/path/idp-registration-id");
this.filter.setAuthenticationRequestRepository(authenticationRequestRepository);
this.filter.attemptAuthentication(this.request, this.response);
verify(authenticationRequestRepository).removeAuthenticationRequest(this.request, this.response);
}
Also used :
AuthenticationConverter(org.springframework.security.web.authentication.AuthenticationConverter)
AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)5
AbstractSaml2AuthenticationRequest (org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)4
AuthenticationConverter (org.springframework.security.web.authentication.AuthenticationConverter)4
AuthenticationDetailsSource (org.springframework.security.authentication.AuthenticationDetailsSource)2
AuthenticationManager (org.springframework.security.authentication.AuthenticationManager)2
Saml2AuthenticationToken (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken)2
Saml2WebSsoAuthenticationFilter (org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter)2
Saml2AuthenticationTokenConverter (org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter)2
WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)2
HttpServletResponse (jakarta.servlet.http.HttpServletResponse)1
Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)1
Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)1
Assertions.assertThatNoException (org.assertj.core.api.Assertions.assertThatNoException)1
Assertions (org.junit.jupiter.api.Assertions)1
BeforeEach (org.junit.jupiter.api.BeforeEach)1
BDDMockito.given (org.mockito.BDDMockito.given)1
Mockito.mock (org.mockito.Mockito.mock)1
Mockito.verify (org.mockito.Mockito.verify)1
Mockito.verifyNoInteractions (org.mockito.Mockito.verifyNoInteractions)1
MockFilterChain (org.springframework.mock.web.MockFilterChain)1
