Java Code Examples for org.opensaml.saml.saml2.core.AuthnRequest#setDestination()
The following examples show how to use
org.opensaml.saml.saml2.core.AuthnRequest#setDestination() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: SamlClient.java From saml-client with MIT License | 6 votes |
|
/**
* Builds an encoded SAML request.
*
* @return The base-64 encoded SAML request.
* @throws SamlException thrown if an unexpected error occurs.
*/
public String getSamlRequest() throws SamlException {
AuthnRequest request = (AuthnRequest) getBasicSamlRequest(AuthnRequest.DEFAULT_ELEMENT_NAME);
request.setProtocolBinding(
"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-" + this.samlBinding.toString());
request.setDestination(identityProviderUrl);
request.setAssertionConsumerServiceURL(assertionConsumerServiceUrl);
NameIDPolicy nameIDPolicy = (NameIDPolicy) buildSamlObject(NameIDPolicy.DEFAULT_ELEMENT_NAME);
nameIDPolicy.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
request.setNameIDPolicy(nameIDPolicy);
signSAMLObject(request);
return marshallAndEncodeSamlObject(request);
}
Example 2
| Source File: AuthReqBuilder.java From carbon-apimgt with Apache License 2.0 | 6 votes |
|
/**
* Generate an Signed authentication request with a custom consumer url.
*
* @return AuthnRequest Object
* @throws SSOHostObjectException error when bootstrapping
*/
public AuthnRequest buildSignedAuthRequest(String issuerId, String destination, String acsUrl, boolean isPassive,
int tenantId, String tenantDomain, String nameIdPolicy) throws SSOHostObjectException {
Util.doBootstrap();
AuthnRequest authnRequest = (AuthnRequest) Util.buildXMLObject(AuthnRequest.DEFAULT_ELEMENT_NAME);
authnRequest.setID(Util.createID());
authnRequest.setVersion(SAMLVersion.VERSION_20);
authnRequest.setIssueInstant(new DateTime());
authnRequest.setIssuer(buildIssuer(issuerId));
authnRequest.setNameIDPolicy(Util.buildNameIDPolicy(nameIdPolicy));
if (!StringUtils.isEmpty(acsUrl)) {
acsUrl = Util.processAcsUrl(acsUrl);
authnRequest.setAssertionConsumerServiceURL(acsUrl);
}
if (isPassive){
authnRequest.setIsPassive(true);
}
authnRequest.setDestination(destination);
SSOAgentCarbonX509Credential ssoAgentCarbonX509Credential =
new SSOAgentCarbonX509Credential(tenantId, tenantDomain);
setSignature(authnRequest, SignatureConstants.ALGO_ID_SIGNATURE_RSA,
new X509CredentialImpl(ssoAgentCarbonX509Credential));
return authnRequest;
}
Example 3
| Source File: AuthnRequestFactory.java From verify-service-provider with MIT License | 6 votes |
|
public AuthnRequest build(String serviceEntityId) {
AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
authnRequest.setID(String.format("_%s", UUID.randomUUID()));
authnRequest.setIssueInstant(DateTime.now());
authnRequest.setForceAuthn(false);
authnRequest.setDestination(destination.toString());
authnRequest.setExtensions(createExtensions());
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(serviceEntityId);
authnRequest.setIssuer(issuer);
authnRequest.setSignature(createSignature());
try {
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(authnRequest).marshall(authnRequest);
Signer.signObject(authnRequest.getSignature());
} catch (SignatureException | MarshallingException e) {
throw new SAMLRuntimeException("Unknown problem while signing SAML object", e);
}
return authnRequest;
}
Example 4
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testUnknownRACS() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/insecure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 5
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testEmptySeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name())
+ "&" + SSOConstants.SIGNATURE + "=";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 6
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testUnsignedRequest() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 7
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testMissingRelayState() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(url);
Assert.fail("Failure expected on not sending the RelayState");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
webClient.close();
}
Example 8
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testNoIssuer() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, null, consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 9
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@org.junit.Test
public void testBadIssuer() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 10
| Source File: AbstractServiceProviderFilter.java From cxf with Apache License 2.0 | 5 votes |
|
protected SamlRequestInfo createSamlRequestInfo(Message m) throws Exception {
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
AuthnRequest authnRequest =
authnRequestBuilder.createAuthnRequest(
m, getIssuerId(m), getAbsoluteAssertionServiceAddress(m)
);
if (isSignRequest()) {
authnRequest.setDestination(getIdpServiceAddress());
signAuthnRequest(authnRequest);
}
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
SamlRequestInfo info = new SamlRequestInfo();
info.setSamlRequest(authnRequestEncoded);
String webAppContext = getWebAppContext(m);
String originalRequestURI = new UriInfoImpl(m).getRequestUri().toString();
RequestState requestState = new RequestState(originalRequestURI,
getIdpServiceAddress(),
authnRequest.getID(),
getIssuerId(m),
webAppContext,
getWebAppDomain(),
System.currentTimeMillis(),
getStateTimeToLive());
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), StandardCharsets.UTF_8.name());
getStateProvider().setRequestState(relayState, requestState);
info.setRelayState(relayState);
info.setWebAppContext(webAppContext);
info.setWebAppDomain(getWebAppDomain());
return info;
}
Example 11
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdPWithForceAuthn() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
CookieManager cookieManager = new CookieManager();
webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
//
// First invocation
//
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
//
// Second invocation
//
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
//
// Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
// ...this should fail
//
WebClient newWebClient = new WebClient();
newWebClient.setCookieManager(cookieManager);
newWebClient.getOptions().setUseInsecureSSL(true);
newWebClient.getOptions().setJavaScriptEnabled(false);
try {
newWebClient.getPage(url);
Assert.fail("Failure expected on no credentials");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
newWebClient.close();
}
Example 12
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdP() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic "
+ Base64.getEncoder().encodeToString((USER + ":" + PWD).getBytes(UTF_8)));
//
// First invocation
//
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
//
// Second invocation - change the credentials to make sure the session is set up correctly
//
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic "
+ Base64.getEncoder().encodeToString(("mallory" + ":" + PWD).getBytes(UTF_8)));
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
Example 13
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSeparateSignatureRSASHA256() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA256withRSA");
signature.initSign(privateKey);
String encodedSignatureAlgorithm =
URLEncoder.encode("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", UTF_8.name());
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + encodedSignatureAlgorithm;
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIG_ALG + "=" + encodedSignatureAlgorithm
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
Example 14
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testBadIssuerFormat() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
String issuerId = "urn:org:apache:cxf:fediz:fedizhelloworld";
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
issuer.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
);
RequestedAuthnContext authnCtx =
SamlpRequestComponentBuilder.createRequestedAuthnCtxPolicy(
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest(
consumerURL,
false,
false,
protocolBinding,
SAMLVersion.VERSION_20,
issuer,
nameIDPolicy,
authnCtx
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 15
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, UTF_8.name());
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
Example 16
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testSuccessfulInvokeOnIdPUsingPOST() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up");
signAuthnRequest(authnRequest);
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes(UTF_8.name()));
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
request.getRequestParameters().add(new NameValuePair(SSOConstants.RELAY_STATE, relayState));
request.getRequestParameters().add(new NameValuePair(SSOConstants.SAML_REQUEST, authnRequestEncoded));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(request);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
}
Example 17
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testForceAuthnWrongCredentials() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic "
+ Base64.getEncoder().encodeToString((USER + ":" + PWD).getBytes(UTF_8)));
//
// First invocation
//
webClient.getOptions().setJavaScriptEnabled(false);
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.LASTNAME.toString();
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
//
// Second invocation - change the credentials, this should fail
//
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic "
+ Base64.getEncoder().encodeToString(("mallory" + ":" + PWD).getBytes(UTF_8)));
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(url);
Assert.fail("Authentication failure expected");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
webClient.close();
}
Example 18
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testBase64DecodingErrorSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, UTF_8.name());
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name()) + "-xyz";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 19
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testChangedSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
String authnRequestEncoded = encodeAuthnRequest(authnRequest);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, UTF_8.name());
String relayState = UUID.randomUUID().toString();
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, UTF_8.name());
signature.update(requestToSign.getBytes(UTF_8));
byte[] signBytes = signature.sign();
if (signBytes[1] != (byte)1) {
signBytes[1] = (byte)1;
} else {
signBytes[1] = (byte)2;
}
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest
+ "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
Example 20
| Source File: IdpTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
|
@org.junit.Test
public void testProblemWithParsingRequest() throws Exception {
OpenSAMLUtil.initSamlEngine();
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes(UTF_8));
String relayState = UUID.randomUUID().toString();
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"
+ SSOConstants.RELAY_STATE + "=" + relayState
+ "&" + SSOConstants.SAML_REQUEST + "=" + URLEncoder.encode(authnRequestEncoded, UTF_8.name());
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(USER, PWD));
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(url);
Assert.fail("Failure expected on parsing the request in the IdP");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
webClient.close();
}
