Example 16 with SAML2
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project product-is by wso2.
the class TestPassiveSTSFederation method updateServiceProviderWithSAMLConfigs.
private void updateServiceProviderWithSAMLConfigs(int portOffset, String issuerName, String acsUrl, ServiceProvider serviceProvider) throws Exception {
String attributeConsumingServiceIndex = super.createSAML2WebSSOConfiguration(portOffset, getSAMLSSOServiceProviderDTO(issuerName, acsUrl));
Assert.assertNotNull(attributeConsumingServiceIndex, "Failed to create SAML2 Web SSO configuration for issuer '" + issuerName + "'");
InboundAuthenticationRequestConfig samlAuthenticationRequestConfig = new InboundAuthenticationRequestConfig();
samlAuthenticationRequestConfig.setInboundAuthKey(issuerName);
samlAuthenticationRequestConfig.setInboundAuthType(INBOUND_AUTH_TYPE);
org.wso2.carbon.identity.application.common.model.xsd.Property property = new org.wso2.carbon.identity.application.common.model.xsd.Property();
property.setName("attrConsumServiceIndex");
property.setValue(attributeConsumingServiceIndex);
samlAuthenticationRequestConfig.setProperties(new org.wso2.carbon.identity.application.common.model.xsd.Property[] { property });
serviceProvider.getInboundAuthenticationConfig().setInboundAuthenticationRequestConfigs(new InboundAuthenticationRequestConfig[] { samlAuthenticationRequestConfig });
}
Also used :
InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)
Property(org.wso2.carbon.identity.application.common.model.idp.xsd.Property)
Example 17 with SAML2
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project product-is by wso2.
the class TestPassiveSTSFederation method testCreateServiceProviderInPrimaryIS.
@Test(groups = "wso2.is", description = "Check create service provider in primary IS", dependsOnMethods = { "testCreateIdentityProviderInPrimaryIS" })
public void testCreateServiceProviderInPrimaryIS() throws Exception {
super.addServiceProvider(PORT_OFFSET_0, PRIMARY_IS_SERVICE_PROVIDER_NAME);
ServiceProvider serviceProvider = getServiceProvider(PORT_OFFSET_0, PRIMARY_IS_SERVICE_PROVIDER_NAME);
Assert.assertNotNull(serviceProvider, "Failed to create service provider 'travelocity' in primary IS");
updateServiceProviderWithSAMLConfigs(PORT_OFFSET_0, PRIMARY_IS_SAML_ISSUER_NAME, PRIMARY_IS_SAML_ACS_URL, serviceProvider);
AuthenticationStep authStep = new AuthenticationStep();
org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider idP = new org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider();
idP.setIdentityProviderName(IDENTITY_PROVIDER_NAME);
org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig saml2SSOAuthnConfig = new org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig();
saml2SSOAuthnConfig.setName("SAMLSSOAuthenticator");
saml2SSOAuthnConfig.setDisplayName("samlsso");
idP.setFederatedAuthenticatorConfigs(new org.wso2.carbon.identity.application.common.model.xsd.FederatedAuthenticatorConfig[] { saml2SSOAuthnConfig });
authStep.setFederatedIdentityProviders(new org.wso2.carbon.identity.application.common.model.xsd.IdentityProvider[] { idP });
serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationSteps(new AuthenticationStep[] { authStep });
serviceProvider.getLocalAndOutBoundAuthenticationConfig().setAuthenticationType(AUTHENTICATION_TYPE);
updateServiceProvider(PORT_OFFSET_0, serviceProvider);
serviceProvider = getServiceProvider(PORT_OFFSET_0, PRIMARY_IS_SERVICE_PROVIDER_NAME);
InboundAuthenticationRequestConfig[] configs = serviceProvider.getInboundAuthenticationConfig().getInboundAuthenticationRequestConfigs();
boolean success = false;
if (configs != null) {
for (InboundAuthenticationRequestConfig config : configs) {
if (PRIMARY_IS_SAML_ISSUER_NAME.equals(config.getInboundAuthKey()) && INBOUND_AUTH_TYPE.equals(config.getInboundAuthType())) {
success = true;
break;
}
}
}
Assert.assertTrue(success, "Failed to update service provider with inbound SAML2 configs " + "in primary IS");
}
Also used :
FederatedAuthenticatorConfig(org.wso2.carbon.identity.application.common.model.idp.xsd.FederatedAuthenticatorConfig)
AuthenticationStep(org.wso2.carbon.identity.application.common.model.xsd.AuthenticationStep)
IdentityProvider(org.wso2.carbon.identity.application.common.model.idp.xsd.IdentityProvider)
InboundAuthenticationRequestConfig(org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)
ServiceProvider(org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)
Test(org.testng.annotations.Test)
Example 18 with SAML2
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project product-is by wso2.
the class SAML2SSOTestBase method extractAndProcessSAMLResponse.
/**
* Get SAML response object from the HTTP response.
*
* @param response HTTP response
* @return SAML response instance.
* @throws Exception
*/
public Response extractAndProcessSAMLResponse(HttpResponse response) throws Exception {
String encodedSAML2ResponseString = extractSAMLResponse(response);
EntityUtils.consume(response.getEntity());
String saml2ResponseString = new String(Base64.decode(encodedSAML2ResponseString), Charset.forName(StandardCharsets.UTF_8.name()));
XMLObject samlResponse = unmarshall(saml2ResponseString);
// Check for duplicate samlp:Response
NodeList list = samlResponse.getDOM().getElementsByTagNameNS(SAMLConstants.SAML20P_NS, RESPONSE_TAG_NAME);
if (list.getLength() > 0) {
log.error("Invalid schema for the SAML2 response. Multiple Response elements found.");
throw new Exception("Error occurred while processing SAML2 response.");
}
// Checking for multiple Assertions
NodeList assertionList = samlResponse.getDOM().getElementsByTagNameNS(SAMLConstants.SAML20_NS, ASSERTION_TAG_NAME);
if (assertionList.getLength() > 1) {
log.error("Invalid schema for the SAML2 response. Multiple Assertion elements found.");
throw new Exception("Error occurred while processing SAML2 response.");
}
return (Response) samlResponse;
}
Also used :
DataExtractUtil.extractValueFromResponse(org.wso2.identity.scenarios.commons.util.DataExtractUtil.extractValueFromResponse)
HttpResponse(org.apache.http.HttpResponse)
Response(org.opensaml.saml2.core.Response)
NodeList(org.w3c.dom.NodeList)
XMLObject(org.opensaml.xml.XMLObject)
IOException(java.io.IOException)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
ValidationException(org.opensaml.xml.validation.ValidationException)
IdentitySAMLSSOConfigServiceIdentityException(org.wso2.carbon.identity.sso.saml.stub.IdentitySAMLSSOConfigServiceIdentityException)
RemoteException(java.rmi.RemoteException)
SAXException(org.xml.sax.SAXException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
Example 19 with SAML2
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project product-is by wso2.
the class SAML2SSOTestBase method getAssertionFromSAMLResponse.
/**
* Extract SAML Assertion from the SAML Response.
*
* @param samlResponse SAML Response.
* @param samlssoSPDTO SAMLSSO service Provider DTO.
* @param x509Credential x509Credential instance.
* @return SAML Response instance.
* @throws Exception
*/
public Assertion getAssertionFromSAMLResponse(Response samlResponse, SAMLSSOServiceProviderDTO samlssoSPDTO, X509Credential x509Credential) throws Exception {
Assertion assertion = null;
if (samlssoSPDTO.getDoEnableEncryptedAssertion()) {
List<EncryptedAssertion> encryptedAssertions = samlResponse.getEncryptedAssertions();
EncryptedAssertion encryptedAssertion = null;
if (!CollectionUtils.isEmpty(encryptedAssertions)) {
encryptedAssertion = encryptedAssertions.get(0);
try {
assertion = getDecryptedAssertion(encryptedAssertion, x509Credential);
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debug("Assertion decryption failure : ", e);
}
throw new Exception("Unable to decrypt the SAML2 Assertion", e);
}
}
} else {
List<Assertion> assertions = samlResponse.getAssertions();
if (assertions != null && !assertions.isEmpty()) {
assertion = assertions.get(0);
}
}
if (assertion == null && !isNoPassive(samlResponse)) {
throw new Exception("SAML2 Assertion not found in the Response");
}
return assertion;
}
Also used :
EncryptedAssertion(org.opensaml.saml2.core.EncryptedAssertion)
Assertion(org.opensaml.saml2.core.Assertion)
EncryptedAssertion(org.opensaml.saml2.core.EncryptedAssertion)
IOException(java.io.IOException)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
ValidationException(org.opensaml.xml.validation.ValidationException)
IdentitySAMLSSOConfigServiceIdentityException(org.wso2.carbon.identity.sso.saml.stub.IdentitySAMLSSOConfigServiceIdentityException)
RemoteException(java.rmi.RemoteException)
SAXException(org.xml.sax.SAXException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
Example 20 with SAML2
use of org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.StandardInboundProtocols.SAML2 in project product-is by wso2.
the class SAML2SSOTestBase method validateSignature.
private void validateSignature(XMLObject signature, X509Credential x509Credential) throws Exception {
SignatureImpl signImpl = (SignatureImpl) signature;
try {
SAMLSignatureProfileValidator signatureProfileValidator = new SAMLSignatureProfileValidator();
signatureProfileValidator.validate(signImpl);
} catch (ValidationException ex) {
String logMsg = "Signature do not confirm to SAML signature profile. Possible XML Signature " + "Wrapping Attack!";
if (log.isDebugEnabled()) {
log.debug(logMsg, ex);
}
throw new Exception(logMsg, ex);
}
try {
SignatureValidator validator = new SignatureValidator(x509Credential);
validator.validate(signImpl);
} catch (ValidationException e) {
if (log.isDebugEnabled()) {
log.debug("Validation exception : ", e);
}
throw new Exception("Signature validation failed for SAML2 Element");
}
}
Also used :
ValidationException(org.opensaml.xml.validation.ValidationException)
SAMLSignatureProfileValidator(org.opensaml.security.SAMLSignatureProfileValidator)
SignatureImpl(org.opensaml.xml.signature.impl.SignatureImpl)
SignatureValidator(org.opensaml.xml.signature.SignatureValidator)
IOException(java.io.IOException)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
ValidationException(org.opensaml.xml.validation.ValidationException)
IdentitySAMLSSOConfigServiceIdentityException(org.wso2.carbon.identity.sso.saml.stub.IdentitySAMLSSOConfigServiceIdentityException)
RemoteException(java.rmi.RemoteException)
SAXException(org.xml.sax.SAXException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
Aggregations
Test (org.testng.annotations.Test)16
InboundAuthenticationRequestConfig (org.wso2.carbon.identity.application.common.model.xsd.InboundAuthenticationRequestConfig)14
HttpResponse (org.apache.http.HttpResponse)11
IOException (java.io.IOException)10
RemoteException (java.rmi.RemoteException)9
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)9
ServiceProvider (org.wso2.carbon.identity.application.common.model.xsd.ServiceProvider)9
IdentitySAMLSSOConfigServiceIdentityException (org.wso2.carbon.identity.sso.saml.stub.IdentitySAMLSSOConfigServiceIdentityException)9
SAXException (org.xml.sax.SAXException)9
UnsupportedEncodingException (java.io.UnsupportedEncodingException)8
ArrayList (java.util.ArrayList)7
XPathExpressionException (javax.xml.xpath.XPathExpressionException)7
ConfigurationException (org.opensaml.xml.ConfigurationException)7
ValidationException (org.opensaml.xml.validation.ValidationException)7
IdentityProvider (org.wso2.carbon.identity.application.common.model.IdentityProvider)7
ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)7
Property (org.wso2.carbon.identity.application.common.model.idp.xsd.Property)5
BufferedReader (java.io.BufferedReader)4
InputStreamReader (java.io.InputStreamReader)4
AuthenticatedUser (org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser)4
