Example 26 with SamlAuthnResponseTranslatorDto
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldThrowExceptionIfResponseContainsPartsWithMismatchedPids.
@Test
public void shouldThrowExceptionIfResponseContainsPartsWithMismatchedPids() throws Exception {
final String ipAddressAsSeenByIdp = "256.256.256.256";
final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.aResponseFromIdpBuilder(STUB_IDP_ONE, ipAddressAsSeenByIdp, "some-pid", "some-different-pid").withDestination("http://localhost" + Urls.FrontendUrls.SAML2_SSO_RESPONSE_ENDPOINT).build();
String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId(TEST_RP_MS).build();
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
ErrorStatusDto errorStatusDto = clientResponse.readEntity(ErrorStatusDto.class);
assertThat(errorStatusDto.getExceptionType()).isEqualTo(ExceptionType.INVALID_SAML);
}
Also used :
Response(javax.ws.rs.core.Response)
ErrorStatusDto(uk.gov.ida.common.ErrorStatusDto)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
Test(org.junit.jupiter.api.Test)
Example 27 with SamlAuthnResponseTranslatorDto
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateASuccessfulIdpAuthnResponse.
@Test
public void shouldTranslateASuccessfulIdpAuthnResponse() throws Exception {
final String ipAddressAsSeenByIdp = "256.256.256.256";
final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.aResponseFromIdpBuilder(STUB_IDP_ONE, ipAddressAsSeenByIdp).withDestination(IDP_RESPONSE_ENDPOINT).build();
String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId(TEST_RP_MS).build();
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.Success);
assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
assertThat(inboundResponseFromIdpDto.getPrincipalIpAddressAsSeenByIdp().get()).isEqualTo(ipAddressAsSeenByIdp);
assertThat(inboundResponseFromIdpDto.getFraudIndicator()).isNotPresent();
assertThat(inboundResponseFromIdpDto.getIdpFraudEventId()).isNotPresent();
// TODO consider checking the actual values of the fields below, rather than just their presence
assertThat(inboundResponseFromIdpDto.getEncryptedAuthnAssertion().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getEncryptedMatchingDatasetAssertion().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getPersistentId().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getLevelOfAssurance().isPresent()).isTrue();
assertThat(inboundResponseFromIdpDto.getNotOnOrAfter().isPresent()).isTrue();
}
Also used :
Response(javax.ws.rs.core.Response)
InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
Test(org.junit.jupiter.api.Test)
Example 28 with SamlAuthnResponseTranslatorDto
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldReturnOkWhenResponseIsSignedByAnIdp.
@Test
public void shouldReturnOkWhenResponseIsSignedByAnIdp() throws Exception {
final org.opensaml.saml.saml2.core.Response samlResponse = authnResponseFactory.aResponseFromIdpBuilder(STUB_IDP_ONE, "127.0.0.1").withDestination(IDP_RESPONSE_ENDPOINT).build();
final String saml = authnResponseFactory.transformResponseToSaml(samlResponse);
final SessionId sessionId = SessionId.createNewSessionId();
SamlAuthnResponseTranslatorDto dto = new SamlAuthnResponseTranslatorDto(saml, sessionId, "127.0.0.1", TEST_RP_MS);
Response response = postToSamlEngine(dto, Urls.SamlEngineUrls.TRANSLATE_IDP_AUTHN_RESPONSE_RESOURCE);
assertThat(response.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
}
Also used :
Response(javax.ws.rs.core.Response)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
SessionId(uk.gov.ida.common.SessionId)
Test(org.junit.jupiter.api.Test)
Example 29 with SamlAuthnResponseTranslatorDto
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldTranslateARequesterErrorDeniedResponseFromIdp.
@Test
public void shouldTranslateARequesterErrorDeniedResponseFromIdp() throws Exception {
final org.opensaml.saml.saml2.core.Response samlAuthnResponse = authnResponseFactory.anAuthnFailedResponseFromIdpBuilder(STUB_IDP_ONE).withDestination(IDP_RESPONSE_ENDPOINT).withStatus(REQUESTER_ERROR_DENIED_STATUS).build();
String saml = authnResponseFactory.transformResponseToSaml(samlAuthnResponse);
SamlAuthnResponseTranslatorDto samlResponseDto = aSamlAuthnResponseTranslatorDto().withSamlResponse(saml).withMatchingServiceEntityId(TEST_RP_MS).build();
Response clientResponse = postToSamlEngine(samlResponseDto);
assertThat(clientResponse.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
InboundResponseFromIdpDto inboundResponseFromIdpDto = clientResponse.readEntity(InboundResponseFromIdpDto.class);
assertThat(inboundResponseFromIdpDto.getStatus()).isEqualTo(IdpIdaStatus.Status.RequesterError);
assertThat(inboundResponseFromIdpDto.getIssuer()).isEqualTo(samlAuthnResponse.getIssuer().getValue());
checkFieldsForUnsuccessfulResponseDTO(inboundResponseFromIdpDto);
}
Also used :
Response(javax.ws.rs.core.Response)
InboundResponseFromIdpDto(uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
Test(org.junit.jupiter.api.Test)
Example 30 with SamlAuthnResponseTranslatorDto
use of uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto in project verify-hub by alphagov.
the class IdpAuthnResponseTranslatorResourceTest method shouldThrowExceptionWhenAuthnResponseIsSignedByAnRp.
@Test
public void shouldThrowExceptionWhenAuthnResponseIsSignedByAnRp() throws Exception {
final org.opensaml.saml.saml2.core.Response samlResponse = authnResponseFactory.aResponseFromIdpBuilder(TEST_RP, "127.0.0.1").withDestination(IDP_RESPONSE_ENDPOINT).build();
final String saml = authnResponseFactory.transformResponseToSaml(samlResponse);
SamlAuthnResponseTranslatorDto dto = new SamlAuthnResponseTranslatorDto(saml, SessionId.createNewSessionId(), "127.0.0.1", TEST_RP_MS);
Response response = postToSamlEngine(dto, Urls.SamlEngineUrls.TRANSLATE_IDP_AUTHN_RESPONSE_RESOURCE);
assertThat(response.getStatus()).isEqualTo(Response.Status.BAD_REQUEST.getStatusCode());
}
Also used :
Response(javax.ws.rs.core.Response)
SamlAuthnResponseTranslatorDto(uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto(uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)
Test(org.junit.jupiter.api.Test)
Aggregations
SamlAuthnResponseTranslatorDto (uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)34
Response (javax.ws.rs.core.Response)33
Test (org.junit.jupiter.api.Test)31
SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto (uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)31
ErrorStatusDto (uk.gov.ida.common.ErrorStatusDto)17
InboundResponseFromIdpDto (uk.gov.ida.hub.samlengine.domain.InboundResponseFromIdpDto)8
BasicCredential (org.opensaml.security.credential.BasicCredential)4
HardCodedKeyStore (uk.gov.ida.saml.core.test.HardCodedKeyStore)4
Test (org.junit.Test)2
SessionId (uk.gov.ida.common.SessionId)2
InboundResponseFromCountry (uk.gov.ida.hub.samlengine.domain.InboundResponseFromCountry)1
HubTransformersFactory (uk.gov.ida.saml.hub.api.HubTransformersFactory)1
