org.opensaml.saml.saml2.core.StatusCode Java Examples

The following examples show how to use org.opensaml.saml.saml2.core.StatusCode. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleNoMatchSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(SamlStatusCode.NO_MATCH).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(NO_MATCH);
}
 
Example #2
Source File: SamlClientTest.java    From saml-client with MIT License 6 votes vote down vote up
/**
 * Decode and validate saml logout response with valid signature.
 *
 * @throws Throwable the throwable
 */
@Test
public void decodeAndValidateSamlLogoutResponseWithValidSignature() throws Throwable {
  /*
   * To avoid annoying code test, the IDP and the SP have the same public key
   */
  //Retrieve the saml client
  SamlClient client = getKeyCloakClient(true);
  //Retrieve the new encoded logout response
  String encodedLogoutResponse = client.getSamlLogoutResponse(StatusCode.SUCCESS);
  //Decode the encoded logout response to check it is signed
  String decodedResponse = decode(encodedLogoutResponse);
  assertTrue(decodedResponse.contains(Signature.DEFAULT_ELEMENT_LOCAL_NAME));
  //Decode and valid the logout response
  SamlLogoutResponse logoutResponse =
      decodeAndValidateSamlLogoutResponse(encodedLogoutResponse, "POST");
  assertTrue(logoutResponse.isValid());
}
 
Example #3
Source File: SamlClientTest.java    From saml-client with MIT License 6 votes vote down vote up
/**
 * Decode and validate saml logout response with invalid signature.
 *
 * @throws Throwable the throwable
 */
@Test
public void decodeAndValidateSamlLogoutResponseWithInvalidSignature() throws Throwable {
  SamlClient client = getKeyCloakClient(true);
  String encodedSamlLogoutResponse = client.getSamlLogoutResponse(StatusCode.SUCCESS);
  //Corrupt the signature  (decode => corrupt => encode)
  String decodedSamlLogoutResponse = decode(encodedSamlLogoutResponse);
  int index = decodedSamlLogoutResponse.indexOf("<ds:SignatureValue>") + 19;
  String s = decodedSamlLogoutResponse.substring(index);
  decodedSamlLogoutResponse = encode(decodedSamlLogoutResponse.subSequence(0, index) + "XXX" + s);

  try {
    decodeAndValidateSamlLogoutResponse(decodedSamlLogoutResponse, "POST");
    fail("We must have an exception if the signature isn't valid");
  } catch (SamlException ignore) {
  }
}
 
Example #4
Source File: SamlSingleLogoutFunction.java    From armeria with Apache License 2.0 6 votes vote down vote up
private HttpResponse fail(ServiceRequestContext ctx,
                          LogoutRequest logoutRequest,
                          SamlEndpoint sloResEndpoint) {
    // Try to send a LogoutResponse with the following status code. It's one of the top-level status code
    // which is defined in SAML 2.0 specifications.
    //
    // "urn:oasis:names:tc:SAML:2.0:status:Responder"
    // - The request could not be performed due to an error on the part of the SAML responder
    //   or SAML authority.
    final LogoutResponse failureResponse = createLogoutResponse(logoutRequest, StatusCode.RESPONDER);
    try {
        return respond(failureResponse, sloResEndpoint);
    } catch (SamlException e) {
        return fail(ctx, e);
    }
}
 
Example #5
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
private ResponseBuilder createUnsignedAttributeResponseBuilder() {
    return aResponse()
            .withStatus(
                    aStatus().
                            withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
                            .build())
            .withNoDefaultAssertion()
            .addEncryptedAssertion(aDefaultAssertion()
                    .addAttributeStatement(
                            anAttributeStatement()
                                    .addAttribute(new SimpleStringAttributeBuilder()
                                            .withName(IdaConstants.Eidas_Attributes.UnsignedAssertions.EidasSamlResponse.NAME)
                                            .withSimpleStringValue("eidasSaml")
                                            .build())
                                    .build())
                    .buildWithEncrypterCredential(encryptionCredentialFactory.getEncryptingCredential())
            );

}
 
Example #6
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenInResponseToDoesNotMatchRequestId() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage(String.format("Expected InResponseTo to be some-incorrect-request-id, but was %s", DEFAULT_REQUEST_ID));

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        "some-incorrect-request-id",
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #7
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailValidationWhenHubResponseIsNotSigned() throws Exception {
    expectedException.expect(SamlTransformationErrorException.class);
    expectedException.expectMessage("SAML Validation Specification: Message signature is not signed");

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = createNoAttributeResponseBuilder(successStatus).withoutSigning().build();
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);

    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #8
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailValidationWhenHubMetadataDoesNotContainCorrectCertificate() throws Exception {
    expectedException.expect(SamlTransformationErrorException.class);
    expectedException.expectMessage("SAML Validation Specification: Signature was not valid.");

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_PUBLIC_CERT);

    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #9
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldFailWhenUnrecognizedSubStatus() throws Exception {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage("Unknown SAML sub-status: UNKNOWN");

    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue("UNKNOWN").build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );
}
 
Example #10
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleAuthenticationFailedSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.AUTHN_FAILED).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(AUTHENTICATION_FAILED);
}
 
Example #11
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleNoAuthnContextSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.NO_AUTHN_CONTEXT).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(CANCELLATION);
}
 
Example #12
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void shouldHandleRequestErrorSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status noMatchStatus = aStatus().
        withStatusCode(
            aStatusCode()
                .withValue(StatusCode.RESPONDER)
                .withSubStatusCode(aStatusCode().withValue(StatusCode.REQUESTER).build())
                .build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(noMatchStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(REQUEST_ERROR);
}
 
Example #13
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void matchingResponseServiceShouldHandleAccountCreationSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createAttributeResponseBuilder(successStatus), testRpSigningCredential);

    TranslatedMatchingResponseBody result = (TranslatedMatchingResponseBody) matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result.getScenario()).isEqualTo(ACCOUNT_CREATION);
    assertThat(result.getAttributes()).isNotNull();
}
 
Example #14
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Test
public void matchingResponseServiceShouldHandleSuccessMatchSaml() throws Exception {
    EntityDescriptor entityDescriptor = createEntityDescriptorWithSigningCertificate(TEST_RP_PUBLIC_SIGNING_CERT);
    when(hubMetadataResolver.resolve(any())).thenReturn(ImmutableList.of(entityDescriptor));

    Status successStatus = aStatus().
        withStatusCode(aStatusCode().withValue(StatusCode.SUCCESS).build())
        .build();
    Response response = signResponse(createNoAttributeResponseBuilder(successStatus), testRpSigningCredential);

    TranslatedResponseBody result = matchingResponseService.convertTranslatedResponseBody(
        responseToBase64StringTransformer.apply(response),
        response.getInResponseTo(),
        LevelOfAssurance.LEVEL_2,
        VERIFY_SERVICE_PROVIDER_ENTITY_ID
    );

    assertThat(result).isEqualTo(new TranslatedMatchingResponseBody(
        SUCCESS_MATCH,
        "some-pid",
        LevelOfAssurance.LEVEL_2,
        null
    ));
}
 
Example #15
Source File: SamlSingleLogoutFunction.java    From armeria with Apache License 2.0 6 votes vote down vote up
private LogoutResponse createLogoutResponse(LogoutRequest logoutRequest,
                                            String statusCode) {
    final StatusCode success = build(StatusCode.DEFAULT_ELEMENT_NAME);
    success.setValue(statusCode);

    final Status status = build(Status.DEFAULT_ELEMENT_NAME);
    status.setStatusCode(success);

    final Issuer me = build(Issuer.DEFAULT_ELEMENT_NAME);
    me.setValue(entityId);

    final LogoutResponse logoutResponse = build(LogoutResponse.DEFAULT_ELEMENT_NAME);
    logoutResponse.setIssuer(me);
    logoutResponse.setID(requestIdManager.newId());
    logoutResponse.setIssueInstant(DateTime.now());
    logoutResponse.setStatus(status);
    logoutResponse.setInResponseTo(logoutRequest.getID());

    return logoutResponse;
}
 
Example #16
Source File: IdentityResponderCodeTranslator.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Override
public TranslatedNonMatchingResponseBody translateResponderCode(StatusCode statusCode) {
    Optional.ofNullable(statusCode.getStatusCode())
        .orElseThrow(() -> new SamlResponseValidationException("Missing status code for non-Success response"));
    String subStatus = statusCode.getStatusCode().getValue();

    switch (subStatus) {
        case StatusCode.REQUESTER:
            return new TranslatedNonMatchingResponseBody(NonMatchingScenario.REQUEST_ERROR, null, null, null);
        case StatusCode.NO_AUTHN_CONTEXT:
            return new TranslatedNonMatchingResponseBody(NonMatchingScenario.NO_AUTHENTICATION, null, null, null);
        case StatusCode.AUTHN_FAILED:
            return new TranslatedNonMatchingResponseBody(NonMatchingScenario.AUTHENTICATION_FAILED, null, null, null);
        default:
            throw new SamlResponseValidationException(String.format("Unknown SAML sub-status: %s", subStatus));
    }
}
 
Example #17
Source File: SAML2PResponseComponentBuilder.java    From syncope with Apache License 2.0 6 votes vote down vote up
public static Status createStatus(final String statusCodeValue, final String statusMessage) {
    if (statusBuilder == null) {
        statusBuilder = new StatusBuilder();
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = new StatusCodeBuilder();
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = new StatusMessageBuilder();
    }

    Status status = statusBuilder.buildObject();

    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);

    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }

    return status;
}
 
Example #18
Source File: MatchingResponderCodeTranslator.java    From verify-service-provider with MIT License 6 votes vote down vote up
@Override
public TranslatedResponseBody translateResponderCode(StatusCode statusCode) {
    Optional.ofNullable(statusCode.getStatusCode())
        .orElseThrow(() -> new SamlResponseValidationException("Missing status code for non-Success response"));
    String subStatus = statusCode.getStatusCode().getValue();

    switch (subStatus) {
        case SamlStatusCode.NO_MATCH:
            return new TranslatedMatchingResponseBody(MatchingScenario.NO_MATCH, null, null, null);
        case StatusCode.REQUESTER:
            return new TranslatedMatchingResponseBody(MatchingScenario.REQUEST_ERROR, null, null, null);
        case StatusCode.NO_AUTHN_CONTEXT:
            return new TranslatedMatchingResponseBody(MatchingScenario.CANCELLATION, null, null, null);
        case StatusCode.AUTHN_FAILED:
            return new TranslatedMatchingResponseBody(MatchingScenario.AUTHENTICATION_FAILED, null, null, null);
        default:
            throw new SamlResponseValidationException(String.format("Unknown SAML sub-status: %s", subStatus));
    }
}
 
Example #19
Source File: IdentityResponderCodeTranslatorTest.java    From verify-service-provider with MIT License 5 votes vote down vote up
@Test
public void shouldThrowExceptionWhenNonSuccessResponseCalledWithUnrecognisedStatus() {
    expectedException.expect(SamlResponseValidationException.class);
    expectedException.expectMessage("Unknown SAML sub-status: urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP");

    StatusCode statusCode = aStatusCode()
        .withValue(StatusCode.RESPONDER)
        .withSubStatusCode(aStatusCode().withValue(StatusCode.NO_AVAILABLE_IDP).build())
        .build();
    responderResponseTranslator.translateResponderCode(statusCode);
}
 
Example #20
Source File: SamlClientTest.java    From saml-client with MIT License 5 votes vote down vote up
/**
 * Decode and validate saml logout invalid response.
 *
 * @throws Throwable the throwable
 */
@Test
public void decodeAndValidateSamlLogoutInvalidResponse() throws Throwable {
  //Retrieve the saml client
  SamlClient client = getKeyCloakClient(false);
  //Retrieve the new encoded logout response with error status
  String encodedLogoutResponse = client.getSamlLogoutResponse(StatusCode.NO_AVAILABLE_IDP);
  SamlLogoutResponse logoutResponse =
      decodeAndValidateSamlLogoutResponse(encodedLogoutResponse, "POST");
  assertTrue(logoutResponse.isNotValid());
}
 
Example #21
Source File: ValidatorUtils.java    From saml-client with MIT License 5 votes vote down vote up
/**
 * Validate status.
 *
 * @param response the response
 * @throws SamlException the saml exception
 */
private static void validateStatus(StatusResponseType response) throws SamlException {

  String statusCode = response.getStatus().getStatusCode().getValue();

  if (!StatusCode.SUCCESS.equals(statusCode)) {
    throw new SamlException("Invalid status code: " + statusCode);
  }
}
 
Example #22
Source File: SamlClient.java    From saml-client with MIT License 5 votes vote down vote up
/**
 * Gets saml logout response.
 *
 * @param status  the status code @See StatusCode.java
 * @param statMsg the status message
 * @return saml logout response
 * @throws SamlException the saml exception
 */
public String getSamlLogoutResponse(final String status, final String statMsg)
    throws SamlException {
  LogoutResponse response = (LogoutResponse) buildSamlObject(LogoutResponse.DEFAULT_ELEMENT_NAME);
  response.setID("z" + UUID.randomUUID().toString()); // ADFS needs IDs to start with a letter

  response.setVersion(SAMLVersion.VERSION_20);
  response.setIssueInstant(DateTime.now());

  Issuer issuer = (Issuer) buildSamlObject(Issuer.DEFAULT_ELEMENT_NAME);
  issuer.setValue(relyingPartyIdentifier);
  response.setIssuer(issuer);

  //Status
  Status stat = (Status) buildSamlObject(Status.DEFAULT_ELEMENT_NAME);
  StatusCode statCode = new StatusCodeBuilder().buildObject();
  statCode.setValue(status);
  stat.setStatusCode(statCode);
  if (statMsg != null) {
    StatusMessage statMessage = new StatusMessageBuilder().buildObject();
    statMessage.setMessage(statMsg);
    stat.setStatusMessage(statMessage);
  }
  response.setStatus(stat);
  //Add a signature into the response
  signSAMLObject(response);

  StringWriter stringWriter;
  try {
    stringWriter = marshallXmlObject(response);
  } catch (MarshallingException ex) {
    throw new SamlException("Error while marshalling SAML request to XML", ex);
  }

  logger.trace("Issuing SAML Logout request: " + stringWriter.toString());

  return Base64.encodeBase64String(stringWriter.toString().getBytes(StandardCharsets.UTF_8));
}
 
Example #23
Source File: MatchingResponderCodeTranslatorTest.java    From verify-service-provider with MIT License 5 votes vote down vote up
@Test
public void shouldReturnScenarioRequestErrorWhenRequesterStatus() {
    StatusCode statusCode = aStatusCode()
        .withValue(StatusCode.RESPONDER)
        .withSubStatusCode(aStatusCode().withValue(StatusCode.REQUESTER).build())
        .build();
    TranslatedResponseBody response = msaAssertionService.translateResponderCode(statusCode);
    assertThat(response.getScenario()).isEqualTo(MatchingScenario.REQUEST_ERROR);
}
 
Example #24
Source File: SamlClientTest.java    From saml-client with MIT License 5 votes vote down vote up
/**
 * Decode and validate saml logout valid response.
 *
 * @throws Throwable the throwable
 */
@Test
public void decodeAndValidateSamlLogoutValidResponse() throws Throwable {
  //Retrieve the saml client
  SamlClient client = getKeyCloakClient(false);
  //Retrieve the new encoded logout response with valid status
  String encodedLogoutResponse = client.getSamlLogoutResponse(StatusCode.SUCCESS);
  SamlLogoutResponse logoutResponse =
      decodeAndValidateSamlLogoutResponse(encodedLogoutResponse, "POST");
  assertTrue(logoutResponse.isValid());
}
 
Example #25
Source File: SamlClientTest.java    From saml-client with MIT License 5 votes vote down vote up
/**
 * Decode and validate saml logout valid response with signature.
 *
 * @throws Throwable the throwable
 */
@Test
public void decodeAndValidateSamlLogoutValidResponseWithSignature() throws Throwable {
  //Retrieve the saml client
  SamlClient client = getKeyCloakClient(true);
  //Retrieve the new encoded logout response with valid status
  String encodedLogoutResponse = client.getSamlLogoutResponse(StatusCode.SUCCESS);
  SamlLogoutResponse logoutResponse =
      decodeAndValidateSamlLogoutResponse(encodedLogoutResponse, "POST");
  assertTrue(logoutResponse.isValid());
}
 
Example #26
Source File: SamlClientTest.java    From saml-client with MIT License 5 votes vote down vote up
/**
 * Gets saml logout response returns an encoded response.
 *
 * @throws Throwable the throwable
 */
@Test
public void getSamlLogoutResponseReturnsAnEncodedResponse() throws Throwable {
  SamlClient client = getKeyCloakClient(false);

  String decoded =
      new String(
          Base64.decodeBase64(client.getSamlLogoutResponse(StatusCode.SUCCESS, null)),
          StandardCharsets.UTF_8);
  assertTrue(decoded.contains(">myidentifier<"));
  assertTrue(decoded.contains(StatusCode.SUCCESS));
}
 
Example #27
Source File: SAML2PResponseComponentBuilder.java    From cxf with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static Status createStatus(
    String statusCodeValue,
    String statusMessage
) {
    if (statusBuilder == null) {
        statusBuilder = (SAMLObjectBuilder<Status>)
            builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = (SAMLObjectBuilder<StatusCode>)
            builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
            builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
    }

    Status status = statusBuilder.buildObject();

    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);

    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }

    return status;
}
 
Example #28
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static Status createStatus(
    String statusCodeValue,
    String statusMessage
) {
    if (statusBuilder == null) {
        statusBuilder = (SAMLObjectBuilder<Status>)
            builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = (SAMLObjectBuilder<StatusCode>)
            builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
            builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
    }

    Status status = statusBuilder.buildObject();

    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);

    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }

    return status;
}
 
Example #29
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static Status createStatus(
    String statusCodeValue,
    String statusMessage
) {
    if (statusBuilder == null) {
        statusBuilder = (SAMLObjectBuilder<Status>)
            builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = (SAMLObjectBuilder<StatusCode>)
            builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
            builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
    }

    Status status = statusBuilder.buildObject();

    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);

    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }

    return status;
}
 
Example #30
Source File: SAML2PResponseComponentBuilder.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static Status createStatus(
    String statusCodeValue,
    String statusMessage
) {
    if (statusBuilder == null) {
        statusBuilder = (SAMLObjectBuilder<Status>)
            builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME);
    }
    if (statusCodeBuilder == null) {
        statusCodeBuilder = (SAMLObjectBuilder<StatusCode>)
            builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME);
    }
    if (statusMessageBuilder == null) {
        statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>)
            builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME);
    }

    Status status = statusBuilder.buildObject();

    StatusCode statusCode = statusCodeBuilder.buildObject();
    statusCode.setValue(statusCodeValue);
    status.setStatusCode(statusCode);

    if (statusMessage != null) {
        StatusMessage statusMessageObject = statusMessageBuilder.buildObject();
        statusMessageObject.setMessage(statusMessage);
        status.setStatusMessage(statusMessageObject);
    }

    return status;
}