@Test(expected = ServletException.class) public void testOnAuthenticationSuccessFailureIfIdpPeerEntityMetadataNull() throws IOException, ServletException, MetadataProviderException, MessageEncodingException, SAMLException, SecurityException, MarshallingException, SignatureException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); IdpExtendedMetadata idpExtendedMetaData = new IdpExtendedMetadata(); idpExtendedMetaData.setAssertionsSigned(true); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())).thenReturn(idpExtendedMetaData); when(metadataManager.getEntityDescriptor(context.getPeerEntityId())).thenReturn(null); when(metadataManager.getRole(context.getPeerEntityId(), context.getPeerEntityRole(), SAMLConstants.SAML20P_NS)) .thenReturn(context.getPeerEntityRoleMetadata()); successHandler.setMetadataManager(metadataManager); IdpWebSsoProfile profile = mock(IdpWebSsoProfile.class); doNothing().when(profile).sendResponse(any(), any(), any()); successHandler.setIdpWebSsoProfile(profile); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); }
protected void populatePeerContext(SAMLMessageContext samlContext) throws MetadataProviderException { String peerEntityId = samlContext.getPeerEntityId(); QName peerEntityRole = samlContext.getPeerEntityRole(); if (peerEntityId == null) { throw new MetadataProviderException("Peer entity ID wasn't specified, but is requested"); } EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(peerEntityId); RoleDescriptor roleDescriptor = metadataManager.getRole(peerEntityId, peerEntityRole, SAMLConstants.SAML20P_NS); ExtendedMetadata extendedMetadata = metadataManager.getExtendedMetadata(peerEntityId); if (entityDescriptor == null || roleDescriptor == null) { throw new MetadataProviderException( "Metadata for entity " + peerEntityId + " and role " + peerEntityRole + " wasn't found"); } samlContext.setPeerEntityMetadata(entityDescriptor); samlContext.setPeerEntityRoleMetadata(roleDescriptor); samlContext.setPeerExtendedMetadata(extendedMetadata); }
@Test public void testOnAuthenticationSuccess() throws IOException, ServletException, MetadataProviderException, MessageEncodingException, SAMLException, SecurityException, MarshallingException, SignatureException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); IdpExtendedMetadata idpExtendedMetaData = new IdpExtendedMetadata(); idpExtendedMetaData.setAssertionsSigned(true); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())).thenReturn(idpExtendedMetaData); when(metadataManager.getEntityDescriptor(context.getPeerEntityId())) .thenReturn(context.getPeerEntityMetadata()); when(metadataManager.getRole(context.getPeerEntityId(), context.getPeerEntityRole(), SAMLConstants.SAML20P_NS)) .thenReturn(context.getPeerEntityRoleMetadata()); successHandler.setMetadataManager(metadataManager); IdpWebSsoProfile profile = mock(IdpWebSsoProfile.class); doNothing().when(profile).sendResponse(any(), any(), any()); successHandler.setIdpWebSsoProfile(profile); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); }
@Test(expected = ServletException.class) public void testOnAuthenticationSuccessFailureIfIdpPeerRoleDescriptorNull() throws IOException, ServletException, MetadataProviderException, MessageEncodingException, SAMLException, SecurityException, MarshallingException, SignatureException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); IdpExtendedMetadata idpExtendedMetaData = new IdpExtendedMetadata(); idpExtendedMetaData.setAssertionsSigned(true); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())).thenReturn(idpExtendedMetaData); when(metadataManager.getEntityDescriptor(context.getPeerEntityId())) .thenReturn(context.getPeerEntityMetadata()); when(metadataManager.getRole(context.getPeerEntityId(), context.getPeerEntityRole(), SAMLConstants.SAML20P_NS)) .thenReturn(null); successHandler.setMetadataManager(metadataManager); IdpWebSsoProfile profile = mock(IdpWebSsoProfile.class); doNothing().when(profile).sendResponse(any(), any(), any()); successHandler.setIdpWebSsoProfile(profile); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); } }
@Test(expected = ServletException.class) public void testOnAuthenticationSuccessFailureIfIdpPeerEntityIdNull() throws IOException, ServletException, MetadataProviderException, MessageEncodingException, SAMLException, SecurityException, MarshallingException, SignatureException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); IdpExtendedMetadata idpExtendedMetaData = new IdpExtendedMetadata(); idpExtendedMetaData.setAssertionsSigned(true); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())).thenReturn(idpExtendedMetaData); when(metadataManager.getEntityDescriptor(context.getPeerEntityId())) .thenReturn(context.getPeerEntityMetadata()); when(metadataManager.getRole(context.getPeerEntityId(), context.getPeerEntityRole(), SAMLConstants.SAML20P_NS)) .thenReturn(context.getPeerEntityRoleMetadata()); successHandler.setMetadataManager(metadataManager); IdpWebSsoProfile profile = mock(IdpWebSsoProfile.class); doNothing().when(profile).sendResponse(any(), any(), any()); successHandler.setIdpWebSsoProfile(profile); context.setPeerEntityId(null); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); }
/** * Loads IDP descriptor for entity with the given entityID. Fails when it can't be found. * @param metadata metadata manager * @param idpId entity ID * @return descriptor * @throws MetadataProviderException in case descriptor can't be found */ public static IDPSSODescriptor getIDPDescriptor(MetadataManager metadata, String idpId) throws MetadataProviderException { if (!metadata.isIDPValid(idpId)) { log.debug("IDP name of the authenticated user is not valid", idpId); throw new MetadataProviderException("IDP with name " + idpId + " wasn't found in the list of configured IDPs"); } IDPSSODescriptor idpssoDescriptor = (IDPSSODescriptor) metadata.getRole(idpId, IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS); if (idpssoDescriptor == null) { throw new MetadataProviderException("Given IDP " + idpId + " doesn't contain any IDPSSODescriptor element"); } return idpssoDescriptor; }
/** * Populates additional information about the peer based on the previously loaded peerEntityId. * * @param samlContext to populate * @throws MetadataProviderException in case metadata problem is encountered */ protected void populatePeerContext(SAMLMessageContext samlContext) throws MetadataProviderException { String peerEntityId = samlContext.getPeerEntityId(); QName peerEntityRole = samlContext.getPeerEntityRole(); if (peerEntityId == null) { throw new MetadataProviderException("Peer entity ID wasn't specified, but is requested"); } EntityDescriptor entityDescriptor = metadata.getEntityDescriptor(peerEntityId); RoleDescriptor roleDescriptor = metadata.getRole(peerEntityId, peerEntityRole, SAMLConstants.SAML20P_NS); ExtendedMetadata extendedMetadata = metadata.getExtendedMetadata(peerEntityId); if (entityDescriptor == null || roleDescriptor == null) { throw new MetadataProviderException("Metadata for entity " + peerEntityId + " and role " + peerEntityRole + " wasn't found"); } samlContext.setPeerEntityMetadata(entityDescriptor); samlContext.setPeerEntityRoleMetadata(roleDescriptor); samlContext.setPeerExtendedMetadata(extendedMetadata); }
/** * Method populates fields localEntityId, localEntityRole, localEntityMetadata, localEntityRoleMetadata and peerEntityRole. * In case fields localAlias, localEntityId, localEntiyRole or peerEntityRole are set they are used, defaults of default SP and IDP as a peer * are used instead. * * @param samlContext context to populate * @throws org.opensaml.saml2.metadata.provider.MetadataProviderException * in case metadata do not contain expected entities or localAlias is specified but not found */ protected void populateLocalEntity(SAMLMessageContext samlContext) throws MetadataProviderException { String localEntityId = samlContext.getLocalEntityId(); QName localEntityRole = samlContext.getLocalEntityRole(); if (localEntityId == null) { throw new MetadataProviderException("No hosted service provider is configured and no alias was selected"); } EntityDescriptor entityDescriptor = metadata.getEntityDescriptor(localEntityId); RoleDescriptor roleDescriptor = metadata.getRole(localEntityId, localEntityRole, SAMLConstants.SAML20P_NS); ExtendedMetadata extendedMetadata = metadata.getExtendedMetadata(localEntityId); if (entityDescriptor == null || roleDescriptor == null) { throw new MetadataProviderException("Metadata for entity " + localEntityId + " and role " + localEntityRole + " wasn't found"); } samlContext.setLocalEntityMetadata(entityDescriptor); samlContext.setLocalEntityRoleMetadata(roleDescriptor); samlContext.setLocalExtendedMetadata(extendedMetadata); if (extendedMetadata.getSigningKey() != null) { samlContext.setLocalSigningCredential(keyManager.getCredential(extendedMetadata.getSigningKey())); } else { samlContext.setLocalSigningCredential(keyManager.getDefaultCredential()); } }