/** Issue SAML 2 token with a valid requested lifetime */
@org.junit.Test
public void testSaml2ValidLifetime() throws Exception {
int requestedLifetime = 60;
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to 1 minute
Date creationTime = new Date();
Date expirationTime = new Date();
expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L));
Lifetime lifetime = new Lifetime();
XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
lifetime.setCreated(fmt.format(creationTime));
lifetime.setExpires(fmt.format(expirationTime));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
assertEquals(
requestedLifetime * 1000L,
providerResponse.getExpires().getTime() - providerResponse.getCreated().getTime());
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
}
/** Issue SAML 2 token with a with a lifetime which exceeds default maximum lifetime */
@org.junit.Test
public void testSaml2ExceededDefaultMaxLifetime() throws Exception {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to Default max lifetime plus 1
long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1;
Date creationTime = new Date();
Date expirationTime = new Date();
expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L));
Lifetime lifetime = new Lifetime();
XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
lifetime.setCreated(fmt.format(creationTime));
lifetime.setExpires(fmt.format(expirationTime));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected due to exceeded lifetime");
} catch (STSException ex) {
// expected
}
}
/**
* Issue SAML 2 token with a future Created Lifetime. This should fail as we only allow a future
* dated Lifetime up to 60 seconds to avoid clock skew problems.
*/
@org.junit.Test
public void testSaml2FarFutureCreatedLifetime() throws Exception {
int requestedLifetime = 60;
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to 1 minute
Date creationTime = new Date();
creationTime.setTime(creationTime.getTime() + (60L * 2L * 1000L));
Date expirationTime = new Date();
expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L));
Lifetime lifetime = new Lifetime();
XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
lifetime.setCreated(fmt.format(creationTime));
lifetime.setExpires(fmt.format(expirationTime));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a Created Element too far in the future");
} catch (STSException ex) {
// expected
}
// Now allow this sort of Created Element
conditionsProvider.setFutureTimeToLive(60L * 60L);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
}
/**
* Issue SAML 2 token with a lifetime configured in SAMLTokenProvider No specific lifetime
* requested
*/
@org.junit.Test
public void testSaml2ProviderLifetime() throws Exception {
long providerLifetime = 10 * 600L;
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setLifetime(providerLifetime);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
assertEquals(
providerLifetime * 1000L,
providerResponse.getExpires().getTime() - providerResponse.getCreated().getTime());
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
}
