Java Code Examples for org.apache.wss4j.common.saml.OpenSAMLUtil#initSamlEngine()
The following examples show how to use
org.apache.wss4j.common.saml.OpenSAMLUtil#initSamlEngine() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: CustomClaimsHandler.java From cxf with Apache License 2.0 | 5 votes |
|
public ProcessedClaimCollection retrieveClaimValues(
ClaimCollection claims, ClaimsParameters parameters) {
if (claims != null && !claims.isEmpty()) {
ProcessedClaimCollection claimCollection = new ProcessedClaimCollection();
for (Claim requestClaim : claims) {
ProcessedClaim claim = new ProcessedClaim();
claim.setClaimType(requestClaim.getClaimType());
claim.setIssuer("Test Issuer");
claim.setOriginalIssuer("Original Issuer");
if (ROLE.equals(requestClaim.getClaimType())) {
claim.addValue("admin-user");
} else if (GIVEN_NAME.equals(requestClaim.getClaimType())) {
claim.addValue(parameters.getPrincipal().getName());
} else if (NUMBER.equals(requestClaim.getClaimType())) {
// Create and add a custom Attribute (Integer)
OpenSAMLUtil.initSamlEngine();
XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
@SuppressWarnings("unchecked")
XMLObjectBuilder<XSInteger> xsIntegerBuilder =
(XMLObjectBuilder<XSInteger>)builderFactory.getBuilder(XSInteger.TYPE_NAME);
XSInteger attributeValue =
xsIntegerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
attributeValue.setValue(5);
claim.addValue(attributeValue);
}
claimCollection.add(claim);
}
return claimCollection;
}
return null;
}
Example 2
| Source File: SAML2ITCase.java From syncope with Apache License 2.0 | 5 votes |
|
@BeforeAll
public static void setup() {
anonymous = new SyncopeClientFactoryBean().
setAddress(ADDRESS).
create(new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY));
WSSConfig.init();
OpenSAMLUtil.initSamlEngine(false);
}
Example 3
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testEmptySeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name())
+ "&" + SSOConstants.SIGNATURE + "=";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 4
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testBadIssuer() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 5
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testNoIssuer() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, null, consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 6
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testUnsignedRequest() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 7
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testMissingDestination() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 8
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testMissingRelayState() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(url);
Assert.fail("Failure expected on not sending the RelayState");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
webClient.close();
}
Example 9
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testProblemWithParsingRequest() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes(UTF_8));
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(url);
Assert.fail("Failure expected on parsing the request in the IdP");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
webClient.close();
}
Example 10
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testForceAuthnWrongCredentials() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic "
+ Base64.getEncoder().encodeToString((USER + ":" + PWD).getBytes(UTF_8)));
//
// First invocation
//
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
//
// Second invocation - change the credentials, this should fail
//
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic "
+ Base64.getEncoder().encodeToString(("mallory" + ":" + PWD).getBytes(UTF_8)));
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(url);
Assert.fail("Authentication failure expected");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
webClient.close();
}
Example 11
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSeparateSignatureWrongSignedContent() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, UTF_8.name()) + "asf=xyz";
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 12
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testChangedSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, UTF_8.name());
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
if (signBytes[1] != (byte)1) {
signBytes[1] = (byte)1;
} else {
signBytes[1] = (byte)2;
}
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 13
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testBase64DecodingErrorSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, UTF_8.name());
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name()) + "-xyz";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 14
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testBadIssuerFormat() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
String issuerId = "urn:org:apache:cxf:fediz:fedizhelloworld";
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
issuer.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest(
consumerURL,
false,
false,
protocolBinding,
SAMLVersion.VERSION_20,
issuer,
nameIDPolicy,
authnCtx
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 15
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdPWithForceAuthn() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
CookieManager cookieManager = new CookieManager();
webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
//
// First invocation
//
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
//
// Second invocation
//
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
//
// Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
// ...this should fail
//
WebClient newWebClient = new WebClient();
newWebClient.setCookieManager(cookieManager);
newWebClient.getOptions().setUseInsecureSSL(true);
newWebClient.getOptions().setJavaScriptEnabled(false);
try {
newWebClient.getPage(url);
Assert.fail("Failure expected on no credentials");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
newWebClient.close();
}
Example 16
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdP() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic "
+ Base64.getEncoder().encodeToString((USER + ":" + PWD).getBytes(UTF_8)));
//
// First invocation
//
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
//
// Second invocation - change the credentials to make sure the session is set up correctly
//
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic "
+ Base64.getEncoder().encodeToString(("mallory" + ":" + PWD).getBytes(UTF_8)));
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
Example 17
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSeparateSignatureRSASHA256() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
String encodedSignatureAlgorithm =
URLEncoder.encode("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", UTF_8.name());
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + encodedSignatureAlgorithm;
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIG_ALG + "=" + encodedSignatureAlgorithm
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
Example 18
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, UTF_8.name());
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
Example 19
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSuccessfulInvokeOnIdPUsingPOST() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up");
signAuthnRequest(authnRequest);
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes(UTF_8.name()));
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
request.getRequestParameters().add(new NameValuePair(SSOConstants.RELAY_STATE, relayState));
request.getRequestParameters().add(new NameValuePair(SSOConstants.SAML_REQUEST, authnRequestEncoded));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(request);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
Example 20
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSuccessfulInvokeOnIdP() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
