Search in sources :

Example 1 with DefaultRelyingPartyRegistrationResolver

use of org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver in project spring-security by spring-projects.

the class Saml2LoginConfigurer method getAuthenticationRequestContextResolver.

private Saml2AuthenticationRequestContextResolver getAuthenticationRequestContextResolver(B http) {
    Saml2AuthenticationRequestContextResolver resolver = getBeanOrNull(http, Saml2AuthenticationRequestContextResolver.class);
    if (resolver != null) {
        return resolver;
    }
    RelyingPartyRegistrationResolver registrationResolver = new DefaultRelyingPartyRegistrationResolver(this.relyingPartyRegistrationRepository);
    return new DefaultSaml2AuthenticationRequestContextResolver(registrationResolver);
}
Also used : DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) Saml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver)

Example 2 with DefaultRelyingPartyRegistrationResolver

use of org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver in project spring-security by spring-projects.

the class Saml2WebSsoAuthenticationRequestFilterTests method doFilterWhenPathStartsWithRegistrationIdThenPosts.

@Test
public void doFilterWhenPathStartsWithRegistrationIdThenPosts() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST)).build();
    RequestMatcher matcher = new AntPathRequestMatcher("/{registrationId}/saml2/authenticate");
    DefaultRelyingPartyRegistrationResolver delegate = new DefaultRelyingPartyRegistrationResolver(this.repository);
    RelyingPartyRegistrationResolver resolver = (request, id) -> {
        String registrationId = matcher.matcher(request).getVariables().get("registrationId");
        return delegate.resolve(request, registrationId);
    };
    Saml2AuthenticationRequestContextResolver authenticationRequestContextResolver = new DefaultSaml2AuthenticationRequestContextResolver(resolver);
    Saml2PostAuthenticationRequest authenticationRequest = mock(Saml2PostAuthenticationRequest.class);
    given(authenticationRequest.getAuthenticationRequestUri()).willReturn("uri");
    given(authenticationRequest.getRelayState()).willReturn("relay");
    given(authenticationRequest.getSamlRequest()).willReturn("saml");
    given(this.repository.findByRegistrationId("registration-id")).willReturn(registration);
    given(this.factory.createPostAuthenticationRequest(any())).willReturn(authenticationRequest);
    this.filter = new Saml2WebSsoAuthenticationRequestFilter(authenticationRequestContextResolver, this.factory);
    this.filter.setRedirectMatcher(matcher);
    this.request.setPathInfo("/registration-id/saml2/authenticate");
    this.filter.doFilter(this.request, this.response, new MockFilterChain());
    verify(this.repository).findByRegistrationId("registration-id");
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2AuthenticationRequestRepository(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestRepository) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BeforeEach(org.junit.jupiter.api.BeforeEach) MockFilterChain(org.springframework.mock.web.MockFilterChain) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) RelyingPartyRegistrationRepository(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository) Assertions.assertThat(org.assertj.core.api.Assertions.assertThat) Saml2AuthenticationRequestResolver(org.springframework.security.saml2.provider.service.web.authentication.Saml2AuthenticationRequestResolver) DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) ServletException(jakarta.servlet.ServletException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) HtmlUtils(org.springframework.web.util.HtmlUtils) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Mockito.verifyNoInteractions(org.mockito.Mockito.verifyNoInteractions) Saml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver) BDDMockito.given(org.mockito.BDDMockito.given) AbstractSaml2AuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest) Saml2AuthenticationRequestContext(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestContext) Saml2PostAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest) Saml2RedirectAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) Saml2AuthenticationRequestFactory(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory) ServletRequest(jakarta.servlet.ServletRequest) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) IOException(java.io.IOException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) StandardCharsets(java.nio.charset.StandardCharsets) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials) ServletResponse(jakarta.servlet.ServletResponse) Assertions.assertThatIllegalArgumentException(org.assertj.core.api.Assertions.assertThatIllegalArgumentException) UriUtils(org.springframework.web.util.UriUtils) HttpServletResponse(jakarta.servlet.http.HttpServletResponse) TestSaml2AuthenticationRequestContexts(org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationRequestContexts) TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) Mockito.mock(org.mockito.Mockito.mock) RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) Saml2PostAuthenticationRequest(org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) MockFilterChain(org.springframework.mock.web.MockFilterChain) DefaultSaml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver) Saml2AuthenticationRequestContextResolver(org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver) Test(org.junit.jupiter.api.Test)

Example 3 with DefaultRelyingPartyRegistrationResolver

use of org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver in project spring-security by spring-projects.

the class Saml2MetadataFilterTests method doFilterWhenPathStartsWithRegistrationIdThenServesMetadata.

@Test
public void doFilterWhenPathStartsWithRegistrationIdThenServesMetadata() throws Exception {
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
    given(this.repository.findByRegistrationId("registration-id")).willReturn(registration);
    given(this.resolver.resolve(any())).willReturn("metadata");
    RelyingPartyRegistrationResolver resolver = new DefaultRelyingPartyRegistrationResolver((id) -> this.repository.findByRegistrationId("registration-id"));
    this.filter = new Saml2MetadataFilter(resolver, this.resolver);
    this.filter.setRequestMatcher(new AntPathRequestMatcher("/metadata"));
    this.request.setPathInfo("/metadata");
    this.filter.doFilter(this.request, this.response, new MockFilterChain());
    verify(this.repository).findByRegistrationId("registration-id");
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher) MockFilterChain(org.springframework.mock.web.MockFilterChain) Test(org.junit.jupiter.api.Test)

Example 4 with DefaultRelyingPartyRegistrationResolver

use of org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver in project midpoint by Evolveum.

the class MidpointSaml2LoginConfigurer method configure.

public void configure(B http) throws Exception {
    Saml2AuthenticationRequestFactory authenticationRequestResolver = new OpenSaml4AuthenticationRequestFactory();
    Saml2AuthenticationRequestContextResolver contextResolver = new DefaultSaml2AuthenticationRequestContextResolver((RelyingPartyRegistrationResolver) new DefaultRelyingPartyRegistrationResolver(MidpointSaml2LoginConfigurer.this.relyingPartyRegistrationRepository));
    http.addFilter(new MidpointSaml2WebSsoAuthenticationRequestFilter(contextResolver, authenticationRequestResolver));
    super.configure(http);
    if (this.authenticationManager != null) {
        this.saml2WebSsoAuthenticationFilter.setAuthenticationManager(this.authenticationManager);
    }
}
Also used : OpenSaml4AuthenticationRequestFactory(org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationRequestFactory) Saml2AuthenticationRequestFactory(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory)

Example 5 with DefaultRelyingPartyRegistrationResolver

use of org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver in project midpoint by Evolveum.

the class SamlModuleWebSecurityConfigurer method getLogoutRequestSuccessHandler.

@Override
protected LogoutSuccessHandler getLogoutRequestSuccessHandler() {
    RelyingPartyRegistrationResolver registrationResolver = new DefaultRelyingPartyRegistrationResolver(relyingPartyRegistrations());
    Saml2LogoutRequestResolver logoutRequestResolver = new MidpointSaml2LogoutRequestResolver(new OpenSaml4LogoutRequestResolver(registrationResolver));
    Saml2RelyingPartyInitiatedLogoutSuccessHandler handler = new Saml2RelyingPartyInitiatedLogoutSuccessHandler(logoutRequestResolver);
    return getObjectPostProcessor().postProcess(new MidpointSaml2LogoutRequestSuccessHandler(handler));
}
Also used : MidpointSaml2LogoutRequestResolver(com.evolveum.midpoint.authentication.impl.saml.MidpointSaml2LogoutRequestResolver) Saml2LogoutRequestResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2LogoutRequestResolver) MidpointSaml2LogoutRequestResolver(com.evolveum.midpoint.authentication.impl.saml.MidpointSaml2LogoutRequestResolver) MidpointMetadataRelyingPartyRegistrationResolver(com.evolveum.midpoint.authentication.impl.saml.MidpointMetadataRelyingPartyRegistrationResolver) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) DefaultRelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver) OpenSaml4LogoutRequestResolver(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSaml4LogoutRequestResolver) MidpointSaml2LogoutRequestSuccessHandler(com.evolveum.midpoint.authentication.impl.saml.MidpointSaml2LogoutRequestSuccessHandler) Saml2RelyingPartyInitiatedLogoutSuccessHandler(org.springframework.security.saml2.provider.service.web.authentication.logout.Saml2RelyingPartyInitiatedLogoutSuccessHandler)

Aggregations

MockFilterChain (org.springframework.mock.web.MockFilterChain)4 DefaultRelyingPartyRegistrationResolver (org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver)4 RelyingPartyRegistrationResolver (org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver)4 BeforeEach (org.junit.jupiter.api.BeforeEach)3 Test (org.junit.jupiter.api.Test)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)3 RelyingPartyRegistrationRepository (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository)3 HttpServletResponse (jakarta.servlet.http.HttpServletResponse)2 Assertions.assertThatIllegalArgumentException (org.assertj.core.api.Assertions.assertThatIllegalArgumentException)2 BDDMockito.given (org.mockito.BDDMockito.given)2 Mockito.mock (org.mockito.Mockito.mock)2 Mockito.verify (org.mockito.Mockito.verify)2 Mockito.verifyNoInteractions (org.mockito.Mockito.verifyNoInteractions)2 AbstractSaml2AuthenticationRequest (org.springframework.security.saml2.provider.service.authentication.AbstractSaml2AuthenticationRequest)2 Saml2AuthenticationRequestFactory (org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory)2 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)2 DefaultSaml2AuthenticationRequestContextResolver (org.springframework.security.saml2.provider.service.web.DefaultSaml2AuthenticationRequestContextResolver)2 Saml2AuthenticationRequestContextResolver (org.springframework.security.saml2.provider.service.web.Saml2AuthenticationRequestContextResolver)2