/** Issue SAML 2 token with a valid requested lifetime */
  @org.junit.Test
  public void testSaml2ValidLifetime() throws Exception {

    int requestedLifetime = 60;
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenProvider.setConditionsProvider(conditionsProvider);

    TokenProviderParameters providerParameters =
        createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);

    // Set expected lifetime to 1 minute
    Date creationTime = new Date();
    Date expirationTime = new Date();
    expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L));
    Lifetime lifetime = new Lifetime();
    XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
    lifetime.setCreated(fmt.format(creationTime));
    lifetime.setExpires(fmt.format(expirationTime));
    providerParameters.getTokenRequirements().setLifetime(lifetime);

    assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    assertEquals(
        requestedLifetime * 1000L,
        providerResponse.getExpires().getTime() - providerResponse.getCreated().getTime());
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
  }
  /**
   * Issue SAML 2 token with a future Created Lifetime. This should fail as we only allow a future
   * dated Lifetime up to 60 seconds to avoid clock skew problems.
   */
  @org.junit.Test
  public void testSaml2FarFutureCreatedLifetime() throws Exception {

    int requestedLifetime = 60;
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenProvider.setConditionsProvider(conditionsProvider);

    TokenProviderParameters providerParameters =
        createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);

    // Set expected lifetime to 1 minute
    Date creationTime = new Date();
    creationTime.setTime(creationTime.getTime() + (60L * 2L * 1000L));
    Date expirationTime = new Date();
    expirationTime.setTime(creationTime.getTime() + (requestedLifetime * 1000L));
    Lifetime lifetime = new Lifetime();
    XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
    lifetime.setCreated(fmt.format(creationTime));
    lifetime.setExpires(fmt.format(expirationTime));
    providerParameters.getTokenRequirements().setLifetime(lifetime);

    assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
    try {
      samlTokenProvider.createToken(providerParameters);
      fail("Failure expected on a Created Element too far in the future");
    } catch (STSException ex) {
      // expected
    }

    // Now allow this sort of Created Element
    conditionsProvider.setFutureTimeToLive(60L * 60L);

    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
  }
  /**
   * Issue SAML 2 token with a lifetime configured in SAMLTokenProvider No specific lifetime
   * requested
   */
  @org.junit.Test
  public void testSaml2ProviderLifetime() throws Exception {

    long providerLifetime = 10 * 600L;
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setLifetime(providerLifetime);
    samlTokenProvider.setConditionsProvider(conditionsProvider);

    TokenProviderParameters providerParameters =
        createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);

    assertTrue(samlTokenProvider.canHandleToken(WSConstants.WSS_SAML2_TOKEN_TYPE));
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    assertEquals(
        providerLifetime * 1000L,
        providerResponse.getExpires().getTime() - providerResponse.getCreated().getTime());
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
  }
Пример #4
0
  public void handleMessage(Message message) throws Fault {
    try {
      SamlAssertionWrapper assertionWrapper = createAssertion(message);

      Document doc = DOMUtils.newDocument();
      Element assertionElement = assertionWrapper.toDOM(doc);
      String encodedToken = encodeToken(DOM2Writer.nodeToString(assertionElement));

      Map<String, List<String>> headers = getHeaders(message);

      StringBuilder builder = new StringBuilder();
      builder.append("SAML").append(" ").append(encodedToken);
      headers.put(
          "Authorization",
          CastUtils.cast(Collections.singletonList(builder.toString()), String.class));

    } catch (Exception ex) {
      StringWriter sw = new StringWriter();
      ex.printStackTrace(new PrintWriter(sw));
      LOG.warning(sw.toString());
      throw new Fault(new RuntimeException(ex.getMessage() + ", stacktrace: " + sw.toString()));
    }
  }