/** Issue SAML 2 token with a valid requested lifetime */
@org.junit.Test
public void testSaml2ValidLifetime() throws Exception {
int requestedLifetime = 60;
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to 1 minute
Date creationTime = new Date();
Date expirationTime = new Date();
expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L));
Lifetime lifetime = new Lifetime();
XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
lifetime.setCreated(fmt.format(creationTime));
lifetime.setExpires(fmt.format(expirationTime));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
assertEquals(
requestedLifetime * 1000L,
providerResponse.getExpires().getTime() - providerResponse.getCreated().getTime());
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
}
/**
* Issue SAML 2 token with a future Created Lifetime. This should fail as we only allow a future
* dated Lifetime up to 60 seconds to avoid clock skew problems.
*/
@org.junit.Test
public void testSaml2FarFutureCreatedLifetime() throws Exception {
int requestedLifetime = 60;
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to 1 minute
Date creationTime = new Date();
creationTime.setTime(creationTime.getTime() + (60L * 2L * 1000L));
Date expirationTime = new Date();
expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L));
Lifetime lifetime = new Lifetime();
XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
lifetime.setCreated(fmt.format(creationTime));
lifetime.setExpires(fmt.format(expirationTime));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a Created Element too far in the future");
} catch (STSException ex) {
// expected
}
// Now allow this sort of Created Element
conditionsProvider.setFutureTimeToLive(60L * 60L);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
}
/**
* Issue SAML 2 token with a lifetime configured in SAMLTokenProvider No specific lifetime
* requested
*/
@org.junit.Test
public void testSaml2ProviderLifetime() throws Exception {
long providerLifetime = 10 * 600L;
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setLifetime(providerLifetime);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
assertEquals(
providerLifetime * 1000L,
providerResponse.getExpires().getTime() - providerResponse.getCreated().getTime());
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
}
public void handleMessage(Message message) throws Fault {
try {
SamlAssertionWrapper assertionWrapper = createAssertion(message);
Document doc = DOMUtils.newDocument();
Element assertionElement = assertionWrapper.toDOM(doc);
String encodedToken = encodeToken(DOM2Writer.nodeToString(assertionElement));
Map<String, List<String>> headers = getHeaders(message);
StringBuilder builder = new StringBuilder();
builder.append("SAML").append(" ").append(encodedToken);
headers.put(
"Authorization",
CastUtils.cast(Collections.singletonList(builder.toString()), String.class));
} catch (Exception ex) {
StringWriter sw = new StringWriter();
ex.printStackTrace(new PrintWriter(sw));
LOG.warning(sw.toString());
throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
}
}
