/** Test the Bearer SAML1 case with a Lifetime element */ @org.junit.Test public void testBearerSaml1Lifetime() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = IssueUnitTest.class.getResource("cxf-client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); // Get a token SecurityToken token = requestSecurityTokenTTL(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, DEFAULT_ADDRESS); assertTrue(SAML1_TOKEN_TYPE.equals(token.getTokenType())); assertTrue(token.getToken() != null); // Process the token List<WSSecurityEngineResult> results = processToken(token); assertTrue(results != null && results.size() == 1); SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); assertTrue(assertion != null); assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null); assertTrue(assertion.isSigned()); List<String> methods = assertion.getConfirmationMethods(); String confirmMethod = null; if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } assertTrue(confirmMethod.contains("bearer")); bus.shutdown(true); }
public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken(); if (transformedToken == null || transformedToken.getSaml2() == null || !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE); } return validatedCredential; }
/** Test the Symmetric Key SAML1 case */ @org.junit.Test public void testSymmetricKeySaml1() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = IssueUnitTest.class.getResource("cxf-client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); // Get a token SecurityToken token = requestSecurityToken(SAML1_TOKEN_TYPE, SYMMETRIC_KEY_KEYTYPE, bus, DEFAULT_ADDRESS); assertTrue(token.getSecret() != null && token.getSecret().length > 0); assertTrue(SAML1_TOKEN_TYPE.equals(token.getTokenType())); assertTrue(token.getToken() != null); // Process the token List<WSSecurityEngineResult> results = processToken(token); assertTrue(results != null && results.size() == 1); SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); assertTrue(assertion != null); assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null); assertTrue(assertion.isSigned()); List<String> methods = assertion.getConfirmationMethods(); String confirmMethod = null; if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)); SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo(); assertTrue(subjectKeyInfo.getSecret() != null); bus.shutdown(true); }
// CHECKSTYLE:OFF @org.junit.Test public void testSAMLinWSSecToOtherRealm() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = IssueUnitTest.class.getResource("cxf-client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties()); CallbackHandler callbackHandler = new CommonCallbackHandler(); // Create SAML token Element samlToken = createSAMLAssertion( WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, null, "alice", "a-issuer"); String id = null; QName elName = DOMUtils.getElementQName(samlToken); if (elName.equals(new QName(WSConstants.SAML_NS, "Assertion")) && samlToken.hasAttributeNS(null, "AssertionID")) { id = samlToken.getAttributeNS(null, "AssertionID"); } else if (elName.equals(new QName(WSConstants.SAML2_NS, "Assertion")) && samlToken.hasAttributeNS(null, "ID")) { id = samlToken.getAttributeNS(null, "ID"); } if (id == null) { id = samlToken.getAttributeNS(WSConstants.WSU_NS, "Id"); } SecurityToken wstoken = new SecurityToken(id, samlToken, null, null); Map<String, Object> properties = new HashMap<String, Object>(); properties.put(SecurityConstants.TOKEN, wstoken); properties.put(SecurityConstants.TOKEN_ID, wstoken.getId()); // Get a token SecurityToken token = requestSecurityToken( SAML2_TOKEN_TYPE, BEARER_KEYTYPE, null, bus, DEFAULT_ADDRESS, null, properties, "b-issuer", "Transport_SAML_Port"); /* SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, null, bus, DEFAULT_ADDRESS, null, properties, "b-issuer", null); */ assertTrue(SAML2_TOKEN_TYPE.equals(token.getTokenType())); assertTrue(token.getToken() != null); List<WSSecurityEngineResult> results = processToken(token); assertTrue(results != null && results.size() == 1); SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); assertTrue(assertion != null); assertTrue(assertion.isSigned()); List<String> methods = assertion.getConfirmationMethods(); String confirmMethod = null; if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } assertTrue(confirmMethod.contains("bearer")); assertTrue("b-issuer".equals(assertion.getIssuerString())); String subjectName = assertion.getSaml2().getSubject().getNameID().getValue(); assertTrue("Subject must be ALICE instead of " + subjectName, "ALICE".equals(subjectName)); }