@Test public void testBuildResponseWithSignedAssertion() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(true); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); assertNotNull(assertion.getSignature()); }
@Test public void testBuildResponseForSamlRequestWithPersistentNameID() throws Exception { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(samlTestUtils.mockAuthnRequest(NameIDType.PERSISTENT)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals(authenticationId, subject.getNameID().getValue()); assertEquals(NameIDType.PERSISTENT, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithUnspecifiedNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.UNSPECIFIED)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponseForSamlRequestWithEmailAddressNameID() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext( samlTestUtils.mockAuthnRequest(NameIDType.EMAIL)); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa@testing.org", subject.getNameID().getValue()); assertEquals(NameIDType.EMAIL, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
@Test public void testBuildResponse() throws MessageEncodingException, SAMLException, MetadataProviderException, SecurityException, MarshallingException, SignatureException { String authenticationId = UUID.randomUUID().toString(); Authentication authentication = samlTestUtils.mockUaaAuthentication(authenticationId); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions(); options.setAssertionsSigned(false); profile.buildResponse(authentication, context, options); AuthnRequest request = (AuthnRequest) context.getInboundSAMLMessage(); Response response = (Response) context.getOutboundSAMLMessage(); assertEquals(request.getID(), response.getInResponseTo()); Assertion assertion = response.getAssertions().get(0); Subject subject = assertion.getSubject(); assertEquals("marissa", subject.getNameID().getValue()); assertEquals(NameIDType.UNSPECIFIED, subject.getNameID().getFormat()); SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmations().get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); assertEquals(request.getID(), subjectConfirmationData.getInResponseTo()); verifyAssertionAttributes(authenticationId, assertion); }
if (subjectCD.getInResponseTo() != null) { domElement.setAttributeNS(null, SubjectConfirmationData.IN_RESPONSE_TO_ATTRIB_NAME, subjectCD .getInResponseTo());
public SubjectConfirmation(Authentication authentication){ SAMLCredential credential = (SAMLCredential) authentication.getCredentials(); Subject subject = credential.getAuthenticationAssertion().getSubject(); List<org.opensaml.saml2.core.SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmations(); org.opensaml.saml2.core.SubjectConfirmation subjectConfirmation = subjectConfirmations.get(0); SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); method = subjectConfirmation.getMethod(); inResponseTo = subjectConfirmationData.getInResponseTo(); notOnOrAfter = subjectConfirmationData.getNotOnOrAfter(); recipient = subjectConfirmationData.getRecipient(); }
if (!subjectConfirmationData.getInResponseTo().equals(requestId)) {
if (data.getInResponseTo() == null) { log.debug("Bearer SubjectConfirmation invalidated by missing inResponseTo field"); continue; } else { if (!data.getInResponseTo().equals(request.getID())) { log.debug("Bearer SubjectConfirmation invalidated by invalid in response to"); continue;
if (data.getInResponseTo() == null) { System.out.println("Assertion invalidated by subject confirmation - missing inResponseTo field"); throw new SAMLException("SAML Assertion is invalid"); } else { if (!data.getInResponseTo().equals(request.getID())) { System.out.println("Assertion invalidated by subject confirmation - invalid in response to"); throw new SAMLException("SAML Assertion is invalid");
if (data.getInResponseTo() != null) { if (!data.getInResponseTo().equals(request.getID())) { log.debug("HoK SubjectConfirmation invalidated by invalid in response to field"); continue;