public String getAssertionConsumerURL(String sp) throws MetadataProviderException { EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(sp); SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS); List<AssertionConsumerService> assertionConsumerServices = spssoDescriptor.getAssertionConsumerServices(); Optional<AssertionConsumerService> defaultService = assertionConsumerServices.stream().filter(acs -> acs.isDefault()).findFirst(); if (defaultService.isPresent()) { return defaultService.get().getLocation(); } else { return assertionConsumerServices.get(0).getLocation(); } }
@Test public void get_assertion_consumer_service_url() throws Exception { String entityID = "validEntityID"; EntityDescriptor entityDescriptor = mock(EntityDescriptor.class); when(metadataManager.getEntityDescriptor(eq(entityID))).thenReturn(entityDescriptor); SPSSODescriptor spssoDescriptor = mock(SPSSODescriptor.class); when(entityDescriptor.getSPSSODescriptor(eq(SAML20P_NS))).thenReturn(spssoDescriptor); AssertionConsumerService service = mock(AssertionConsumerService.class); when(service.getLocation()).thenReturn("service-location"); when(service.isDefault()).thenReturn(false); AssertionConsumerService defaultService = mock(AssertionConsumerService.class); when(defaultService.getLocation()).thenReturn("default-location"); when(defaultService.isDefault()).thenReturn(true); when(spssoDescriptor.getAssertionConsumerServices()).thenReturn(Arrays.asList(service, defaultService)); String url = controller.getAssertionConsumerURL(entityID); assertEquals("default-location", url); when(defaultService.isDefault()).thenReturn(false); url = controller.getAssertionConsumerURL(entityID); assertEquals("service-location", url); }
@Test(expected = ServletException.class) public void testOnAuthenticationSuccessFailureIfIdpPeerEntityMetadataNull() throws IOException, ServletException, MetadataProviderException, MessageEncodingException, SAMLException, SecurityException, MarshallingException, SignatureException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); IdpExtendedMetadata idpExtendedMetaData = new IdpExtendedMetadata(); idpExtendedMetaData.setAssertionsSigned(true); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())).thenReturn(idpExtendedMetaData); when(metadataManager.getEntityDescriptor(context.getPeerEntityId())).thenReturn(null); when(metadataManager.getRole(context.getPeerEntityId(), context.getPeerEntityRole(), SAMLConstants.SAML20P_NS)) .thenReturn(context.getPeerEntityRoleMetadata()); successHandler.setMetadataManager(metadataManager); IdpWebSsoProfile profile = mock(IdpWebSsoProfile.class); doNothing().when(profile).sendResponse(any(), any(), any()); successHandler.setIdpWebSsoProfile(profile); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); }
protected void populatePeerContext(SAMLMessageContext samlContext) throws MetadataProviderException { String peerEntityId = samlContext.getPeerEntityId(); QName peerEntityRole = samlContext.getPeerEntityRole(); if (peerEntityId == null) { throw new MetadataProviderException("Peer entity ID wasn't specified, but is requested"); } EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(peerEntityId); RoleDescriptor roleDescriptor = metadataManager.getRole(peerEntityId, peerEntityRole, SAMLConstants.SAML20P_NS); ExtendedMetadata extendedMetadata = metadataManager.getExtendedMetadata(peerEntityId); if (entityDescriptor == null || roleDescriptor == null) { throw new MetadataProviderException( "Metadata for entity " + peerEntityId + " and role " + peerEntityRole + " wasn't found"); } samlContext.setPeerEntityMetadata(entityDescriptor); samlContext.setPeerEntityRoleMetadata(roleDescriptor); samlContext.setPeerExtendedMetadata(extendedMetadata); }
@Test public void metadata_error() throws Exception { exception.expect(ProviderNotFoundException.class); exception.expectMessage("Unable to process SAML assertion."); when(metadataManager.getEntityDescriptor(anyString())).thenThrow(new MetadataProviderException("any message")); String entityID = "validEntityID"; SamlServiceProvider provider = new SamlServiceProvider(); provider.setConfig(new SamlServiceProviderDefinition()); provider.getConfig().setEnableIdpInitiatedSso(true); provider.setActive(true); provider.setEntityId(entityID); SamlServiceProviderHolder holder = new SamlServiceProviderHolder(null, provider); when(configurator.getSamlServiceProviders()).thenReturn(Arrays.asList(holder)); controller.initiate(entityID, request, response); }
@Test public void testOnAuthenticationSuccess() throws IOException, ServletException, MetadataProviderException, MessageEncodingException, SAMLException, SecurityException, MarshallingException, SignatureException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); IdpExtendedMetadata idpExtendedMetaData = new IdpExtendedMetadata(); idpExtendedMetaData.setAssertionsSigned(true); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())).thenReturn(idpExtendedMetaData); when(metadataManager.getEntityDescriptor(context.getPeerEntityId())) .thenReturn(context.getPeerEntityMetadata()); when(metadataManager.getRole(context.getPeerEntityId(), context.getPeerEntityRole(), SAMLConstants.SAML20P_NS)) .thenReturn(context.getPeerEntityRoleMetadata()); successHandler.setMetadataManager(metadataManager); IdpWebSsoProfile profile = mock(IdpWebSsoProfile.class); doNothing().when(profile).sendResponse(any(), any(), any()); successHandler.setIdpWebSsoProfile(profile); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); }
@Test(expected = ServletException.class) public void testOnAuthenticationSuccessFailureIfIdpPeerRoleDescriptorNull() throws IOException, ServletException, MetadataProviderException, MessageEncodingException, SAMLException, SecurityException, MarshallingException, SignatureException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); IdpExtendedMetadata idpExtendedMetaData = new IdpExtendedMetadata(); idpExtendedMetaData.setAssertionsSigned(true); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())).thenReturn(idpExtendedMetaData); when(metadataManager.getEntityDescriptor(context.getPeerEntityId())) .thenReturn(context.getPeerEntityMetadata()); when(metadataManager.getRole(context.getPeerEntityId(), context.getPeerEntityRole(), SAMLConstants.SAML20P_NS)) .thenReturn(null); successHandler.setMetadataManager(metadataManager); IdpWebSsoProfile profile = mock(IdpWebSsoProfile.class); doNothing().when(profile).sendResponse(any(), any(), any()); successHandler.setIdpWebSsoProfile(profile); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); } }
@Test(expected = ServletException.class) public void testOnAuthenticationSuccessFailureIfIdpPeerEntityIdNull() throws IOException, ServletException, MetadataProviderException, MessageEncodingException, SAMLException, SecurityException, MarshallingException, SignatureException { IdpSamlAuthenticationSuccessHandler successHandler = new IdpSamlAuthenticationSuccessHandler(); SAMLMessageContext context = samlTestUtils.mockSamlMessageContext(); Authentication authentication = samlTestUtils.mockUaaAuthenticationWithSamlMessageContext(context); IdpExtendedMetadata idpExtendedMetaData = new IdpExtendedMetadata(); idpExtendedMetaData.setAssertionsSigned(true); MetadataManager metadataManager = mock(MetadataManager.class); when(metadataManager.getExtendedMetadata(context.getLocalEntityId())).thenReturn(idpExtendedMetaData); when(metadataManager.getEntityDescriptor(context.getPeerEntityId())) .thenReturn(context.getPeerEntityMetadata()); when(metadataManager.getRole(context.getPeerEntityId(), context.getPeerEntityRole(), SAMLConstants.SAML20P_NS)) .thenReturn(context.getPeerEntityRoleMetadata()); successHandler.setMetadataManager(metadataManager); IdpWebSsoProfile profile = mock(IdpWebSsoProfile.class); doNothing().when(profile).sendResponse(any(), any(), any()); successHandler.setIdpWebSsoProfile(profile); context.setPeerEntityId(null); HttpServletRequest request = new MockHttpServletRequest(); HttpServletResponse response = new MockHttpServletResponse(); successHandler.onAuthenticationSuccess(request, response, authentication); }
/** * Locates entity descriptor whose entityId SHA-1 hash equals the one in the parameter. * * @param hash hash of the entity descriptor * @return found descriptor or null * @throws MetadataProviderException in case metadata required for processing can't be loaded */ public EntityDescriptor getEntityDescriptor(byte[] hash) throws MetadataProviderException { try { lock.readLock().lock(); for (String idp : idpName) { if (SAMLUtil.compare(hash, idp)) { return getEntityDescriptor(idp); } } for (String sp : spName) { if (SAMLUtil.compare(hash, sp)) { return getEntityDescriptor(sp); } } return null; } finally { lock.readLock().unlock(); } }
/** * Method writes metadata document into given writer object. * * @param spEntityName id of entity to display metadata for * @param writer output for metadata * @throws ServletException error retrieving or writing the metadata */ protected void displayMetadata(String spEntityName, PrintWriter writer) throws ServletException { try { EntityDescriptor descriptor = manager.getEntityDescriptor(spEntityName); if (descriptor == null) { throw new ServletException("Metadata entity with ID " + manager.getHostedSPName() + " wasn't found"); } else { writer.print(getMetadataAsString(descriptor)); } } catch (MarshallingException e) { log.error("Error marshalling entity descriptor", e); throw new ServletException(e); } catch (MetadataProviderException e) { log.error("Error retrieving metadata", e); throw new ServletException("Error retrieving metadata", e); } }
/** * Populates additional information about the peer based on the previously loaded peerEntityId. * * @param samlContext to populate * @throws MetadataProviderException in case metadata problem is encountered */ protected void populatePeerContext(SAMLMessageContext samlContext) throws MetadataProviderException { String peerEntityId = samlContext.getPeerEntityId(); QName peerEntityRole = samlContext.getPeerEntityRole(); if (peerEntityId == null) { throw new MetadataProviderException("Peer entity ID wasn't specified, but is requested"); } EntityDescriptor entityDescriptor = metadata.getEntityDescriptor(peerEntityId); RoleDescriptor roleDescriptor = metadata.getRole(peerEntityId, peerEntityRole, SAMLConstants.SAML20P_NS); ExtendedMetadata extendedMetadata = metadata.getExtendedMetadata(peerEntityId); if (entityDescriptor == null || roleDescriptor == null) { throw new MetadataProviderException("Metadata for entity " + peerEntityId + " and role " + peerEntityRole + " wasn't found"); } samlContext.setPeerEntityMetadata(entityDescriptor); samlContext.setPeerEntityRoleMetadata(roleDescriptor); samlContext.setPeerExtendedMetadata(extendedMetadata); }
/** * Method populates fields localEntityId, localEntityRole, localEntityMetadata, localEntityRoleMetadata and peerEntityRole. * In case fields localAlias, localEntityId, localEntiyRole or peerEntityRole are set they are used, defaults of default SP and IDP as a peer * are used instead. * * @param samlContext context to populate * @throws org.opensaml.saml2.metadata.provider.MetadataProviderException * in case metadata do not contain expected entities or localAlias is specified but not found */ protected void populateLocalEntity(SAMLMessageContext samlContext) throws MetadataProviderException { String localEntityId = samlContext.getLocalEntityId(); QName localEntityRole = samlContext.getLocalEntityRole(); if (localEntityId == null) { throw new MetadataProviderException("No hosted service provider is configured and no alias was selected"); } EntityDescriptor entityDescriptor = metadata.getEntityDescriptor(localEntityId); RoleDescriptor roleDescriptor = metadata.getRole(localEntityId, localEntityRole, SAMLConstants.SAML20P_NS); ExtendedMetadata extendedMetadata = metadata.getExtendedMetadata(localEntityId); if (entityDescriptor == null || roleDescriptor == null) { throw new MetadataProviderException("Metadata for entity " + localEntityId + " and role " + localEntityRole + " wasn't found"); } samlContext.setLocalEntityMetadata(entityDescriptor); samlContext.setLocalEntityRoleMetadata(roleDescriptor); samlContext.setLocalExtendedMetadata(extendedMetadata); if (extendedMetadata.getSigningKey() != null) { samlContext.setLocalSigningCredential(keyManager.getCredential(extendedMetadata.getSigningKey())); } else { samlContext.setLocalSigningCredential(keyManager.getDefaultCredential()); } }
EntityDescriptor idpEntityDescriptor = metadata.getEntityDescriptor(decodedArtifact.getSourceID());