Marcus Da Coregio
parent
802311ac70
commit
da6fa7a565
|
|
@ -4,5 +4,5 @@
|
|||
<component name="FrameworkDetectionExcludesConfiguration">
|
||||
<file type="web" url="file://$PROJECT_DIR$" />
|
||||
</component>
|
||||
<component name="ProjectRootManager" version="2" languageLevel="JDK_11" default="true" project-jdk-name="11" project-jdk-type="JavaSDK" />
|
||||
<component name="ProjectRootManager" version="2" languageLevel="JDK_11" default="true" project-jdk-name="temurin-11" project-jdk-type="JavaSDK" />
|
||||
</project>
|
||||
|
|
@ -16,15 +16,14 @@
|
|||
|
||||
package example;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import com.gargoylesoftware.htmlunit.ElementNotFoundException;
|
||||
import com.gargoylesoftware.htmlunit.WebClient;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlElement;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlForm;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlInput;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlPage;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlPasswordInput;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
|
|
@ -40,6 +39,8 @@ import org.springframework.test.web.servlet.htmlunit.MockMvcWebClientBuilder;
|
|||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@ContextConfiguration(classes = ApplicationConfiguration.class)
|
||||
@WebAppConfiguration
|
||||
|
|
@ -66,35 +67,45 @@ public class Saml2JavaConfigurationITests {
|
|||
|
||||
@Test
|
||||
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
|
||||
HtmlPage relyingParty = performLogin();
|
||||
Assertions.assertThat(relyingParty.asText()).contains("You're email address is testuser@spring.security.saml");
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
|
||||
}
|
||||
|
||||
@Test
|
||||
void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
|
||||
HtmlPage relyingParty = performLogin();
|
||||
HtmlElement rpLogoutButton = relyingParty.getHtmlElementById("rp_logout_button");
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
|
||||
HtmlPage loginPage = rpLogoutButton.click();
|
||||
Assertions.assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
|
||||
assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
|
||||
}
|
||||
|
||||
@Test
|
||||
void logoutWhenAssertingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
|
||||
HtmlPage relyingParty = performLogin();
|
||||
HtmlElement apLogoutButton = relyingParty.getHtmlElementById("ap_logout_button");
|
||||
HtmlPage loginPage = apLogoutButton.click();
|
||||
Assertions.assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
|
||||
}
|
||||
|
||||
private HtmlPage performLogin() throws IOException {
|
||||
private void performLogin() throws Exception {
|
||||
HtmlPage login = this.webClient.getPage("/");
|
||||
HtmlForm form = login.getFormByName("f");
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
HtmlForm form = findForm(login);
|
||||
HtmlInput username = form.getInputByName("username");
|
||||
HtmlInput password = form.getInputByName("password");
|
||||
HtmlSubmitInput submit = login.getHtmlElementById("submit_button");
|
||||
username.setValueAttribute("user");
|
||||
password.setValueAttribute("password");
|
||||
return submit.click();
|
||||
HtmlPasswordInput password = form.getInputByName("password");
|
||||
HtmlSubmitInput submit = login.getHtmlElementById("okta-signin-submit");
|
||||
username.type("testuser@spring.security.saml");
|
||||
password.type("12345678");
|
||||
submit.click();
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
}
|
||||
|
||||
private HtmlForm findForm(HtmlPage login) {
|
||||
for (HtmlForm form : login.getForms()) {
|
||||
try {
|
||||
if (form.getId().equals("form19")) {
|
||||
return form;
|
||||
}
|
||||
}
|
||||
catch (ElementNotFoundException ex) {
|
||||
// Continue
|
||||
}
|
||||
}
|
||||
throw new IllegalStateException("Could not resolve login form");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ public class IndexController {
|
|||
|
||||
@GetMapping("/")
|
||||
public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
|
||||
String emailAddress = principal.getFirstAttribute("emailAddress");
|
||||
String emailAddress = principal.getFirstAttribute("email");
|
||||
model.addAttribute("emailAddress", emailAddress);
|
||||
model.addAttribute("userAttributes", principal.getAttributes());
|
||||
return "index";
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ import org.springframework.security.saml2.provider.service.registration.InMemory
|
|||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
|
||||
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
|
||||
@EnableWebSecurity
|
||||
|
|
@ -57,13 +58,16 @@ public class SecurityConfiguration {
|
|||
@Bean
|
||||
RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
|
||||
RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php")
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
|
||||
.registrationId("one")
|
||||
.decryptionX509Credentials(
|
||||
(c) -> c.add(Saml2X509Credential.decryption(this.privateKey, relyingPartyCertificate())))
|
||||
.signingX509Credentials(
|
||||
(c) -> c.add(Saml2X509Credential.signing(this.privateKey, relyingPartyCertificate())))
|
||||
.build();
|
||||
.singleLogoutServiceLocation(
|
||||
"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
|
||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
||||
|
||||
return new InMemoryRelyingPartyRegistrationRepository(relyingPartyRegistration);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,11 +36,6 @@
|
|||
</button>
|
||||
</form>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
|
||||
AP-initiated Logout
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<main role="main" class="container">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ dependencies {
|
|||
implementation 'org.springframework.security:spring-security-saml2-service-provider'
|
||||
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
|
||||
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit'
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
}
|
||||
|
|
@ -32,4 +32,4 @@ dependencies {
|
|||
tasks.withType(Test).configureEach {
|
||||
useJUnitPlatform()
|
||||
outputs.upToDateWhen { false }
|
||||
}
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -27,7 +27,7 @@ public class IndexController {
|
|||
|
||||
@GetMapping("/")
|
||||
public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
|
||||
String emailAddress = principal.getFirstAttribute("emailAddress");
|
||||
String emailAddress = principal.getFirstAttribute("email");
|
||||
model.addAttribute("emailAddress", emailAddress);
|
||||
model.addAttribute("userAttributes", principal.getAttributes());
|
||||
return "index";
|
||||
|
|
|
|||
|
|
@ -16,13 +16,26 @@
|
|||
|
||||
package example;
|
||||
|
||||
import java.io.InputStream;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.saml2.core.Saml2X509Credential;
|
||||
import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
|
||||
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
|
||||
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
|
||||
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter;
|
||||
|
|
@ -39,7 +52,7 @@ public class SecurityConfiguration {
|
|||
.authorizeHttpRequests((authorize) -> authorize
|
||||
.anyRequest().authenticated()
|
||||
)
|
||||
.saml2Login((saml2) -> saml2.loginProcessingUrl("/login/saml2/sso"))
|
||||
.saml2Login(Customizer.withDefaults())
|
||||
.saml2Logout(Customizer.withDefaults());
|
||||
// @formatter:on
|
||||
|
||||
|
|
@ -49,7 +62,7 @@ public class SecurityConfiguration {
|
|||
@Bean
|
||||
RelyingPartyRegistrationResolver relyingPartyRegistrationResolver(
|
||||
RelyingPartyRegistrationRepository registrations) {
|
||||
return new DefaultRelyingPartyRegistrationResolver((id) -> registrations.findByRegistrationId("metadata"));
|
||||
return new DefaultRelyingPartyRegistrationResolver((id) -> registrations.findByRegistrationId("two"));
|
||||
}
|
||||
|
||||
@Bean
|
||||
|
|
@ -65,4 +78,29 @@ public class SecurityConfiguration {
|
|||
return filter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
RelyingPartyRegistrationRepository repository(
|
||||
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
|
||||
RelyingPartyRegistration two = RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
||||
.registrationId("two")
|
||||
.signingX509Credentials(
|
||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
||||
.singleLogoutServiceLocation(
|
||||
"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
|
||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
||||
return new InMemoryRelyingPartyRegistrationRepository(two);
|
||||
}
|
||||
|
||||
X509Certificate relyingPartyCertificate() {
|
||||
Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
|
||||
try (InputStream is = resource.getInputStream()) {
|
||||
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
|
||||
}
|
||||
catch (Exception ex) {
|
||||
throw new UnsupportedOperationException(ex);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,17 +1,2 @@
|
|||
spring:
|
||||
security:
|
||||
saml2:
|
||||
relyingparty:
|
||||
registration:
|
||||
metadata:
|
||||
entity-id: "{baseUrl}/saml2/metadata"
|
||||
acs.location: "{baseUrl}/login/saml2/sso"
|
||||
signing.credentials:
|
||||
- private-key-location: classpath:credentials/rp-private.key
|
||||
certificate-location: classpath:credentials/rp-certificate.crt
|
||||
identityprovider:
|
||||
metadata-uri: https://simplesamlphp.apps.pcfone.io/saml2/idp/metadata.php
|
||||
|
||||
|
||||
logging.level:
|
||||
org.springframework.security: TRACE
|
||||
|
|
|
|||
|
|
@ -36,11 +36,6 @@
|
|||
</button>
|
||||
</form>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
|
||||
AP-initiated Logout
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<main role="main" class="container">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ dependencies {
|
|||
implementation 'org.springframework.security:spring-security-saml2-service-provider'
|
||||
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
|
||||
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit'
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
}
|
||||
|
|
@ -32,4 +32,4 @@ dependencies {
|
|||
tasks.withType(Test).configureEach {
|
||||
useJUnitPlatform()
|
||||
outputs.upToDateWhen { false }
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,2 +1,3 @@
|
|||
version=5.7.0-SNAPSHOT
|
||||
spring-security.version=5.7.0-SNAPSHOT
|
||||
selenium-htmlunit.version=2.44.0
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -27,7 +27,7 @@ public class IndexController {
|
|||
|
||||
@GetMapping("/")
|
||||
public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
|
||||
String emailAddress = principal.getFirstAttribute("emailAddress");
|
||||
String emailAddress = principal.getFirstAttribute("email");
|
||||
model.addAttribute("emailAddress", emailAddress);
|
||||
model.addAttribute("userAttributes", principal.getAttributes());
|
||||
return "index";
|
||||
|
|
|
|||
|
|
@ -16,13 +16,26 @@
|
|||
|
||||
package example;
|
||||
|
||||
import java.io.InputStream;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.security.config.Customizer;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.saml2.core.Saml2X509Credential;
|
||||
import org.springframework.security.saml2.provider.service.metadata.OpenSamlMetadataResolver;
|
||||
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
|
||||
import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
|
||||
import org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver;
|
||||
import org.springframework.security.saml2.provider.service.web.Saml2MetadataFilter;
|
||||
|
|
@ -59,4 +72,38 @@ public class SecurityConfiguration {
|
|||
return filter;
|
||||
}
|
||||
|
||||
@Bean
|
||||
RelyingPartyRegistrationRepository repository(
|
||||
@Value("classpath:credentials/rp-private.key") RSAPrivateKey privateKey) {
|
||||
RelyingPartyRegistration one = RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata")
|
||||
.registrationId("one")
|
||||
.signingX509Credentials(
|
||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
||||
.singleLogoutServiceLocation(
|
||||
"https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml")
|
||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
||||
RelyingPartyRegistration two = RelyingPartyRegistrations
|
||||
.fromMetadataLocation("https://dev-05937739.okta.com/app/exk4842vmapcMkohr5d7/sso/saml/metadata")
|
||||
.registrationId("two")
|
||||
.signingX509Credentials(
|
||||
(c) -> c.add(Saml2X509Credential.signing(privateKey, relyingPartyCertificate())))
|
||||
.singleLogoutServiceLocation(
|
||||
"https://dev-05937739.okta.com/app/dev-05937739_springsecuritysaml2idptwo_1/exk4842vmapcMkohr5d7/slo/saml")
|
||||
.singleLogoutServiceResponseLocation("http://localhost:8080/logout/saml2/slo")
|
||||
.singleLogoutServiceBinding(Saml2MessageBinding.POST).build();
|
||||
return new InMemoryRelyingPartyRegistrationRepository(one, two);
|
||||
}
|
||||
|
||||
X509Certificate relyingPartyCertificate() {
|
||||
Resource resource = new ClassPathResource("credentials/rp-certificate.crt");
|
||||
try (InputStream is = resource.getInputStream()) {
|
||||
return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
|
||||
}
|
||||
catch (Exception ex) {
|
||||
throw new UnsupportedOperationException(ex);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,20 +1,2 @@
|
|||
spring:
|
||||
security:
|
||||
saml2:
|
||||
relyingparty:
|
||||
registration:
|
||||
one:
|
||||
signing.credentials: &rp-metadata
|
||||
- private-key-location: classpath:credentials/rp-private.key
|
||||
certificate-location: classpath:credentials/rp-certificate.crt
|
||||
identityprovider:
|
||||
metadata-uri: https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php
|
||||
two:
|
||||
signing.credentials: *rp-metadata
|
||||
decryption.credentials: *rp-metadata
|
||||
identityprovider:
|
||||
metadata-uri: https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php
|
||||
|
||||
|
||||
logging.level:
|
||||
org.springframework.security: TRACE
|
||||
|
|
|
|||
|
|
@ -36,11 +36,6 @@
|
|||
</button>
|
||||
</form>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
|
||||
AP-initiated Logout
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<main role="main" class="container">
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ dependencies {
|
|||
implementation 'org.springframework.security:spring-security-saml2-service-provider'
|
||||
implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity5'
|
||||
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit'
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
|
||||
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
||||
testImplementation 'org.springframework.security:spring-security-test'
|
||||
}
|
||||
|
|
@ -32,4 +32,4 @@ dependencies {
|
|||
tasks.withType(Test).configureEach {
|
||||
useJUnitPlatform()
|
||||
outputs.upToDateWhen { false }
|
||||
}
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -27,7 +27,7 @@ public class IndexController {
|
|||
|
||||
@GetMapping("/")
|
||||
public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
|
||||
String emailAddress = principal.getFirstAttribute("emailAddress");
|
||||
String emailAddress = principal.getFirstAttribute("email");
|
||||
model.addAttribute("emailAddress", emailAddress);
|
||||
model.addAttribute("userAttributes", principal.getAttributes());
|
||||
return "index";
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ spring:
|
|||
- private-key-location: classpath:credentials/rp-private.key
|
||||
certificate-location: classpath:credentials/rp-certificate.crt
|
||||
identityprovider:
|
||||
metadata-uri: https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php
|
||||
metadata-uri: https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata
|
||||
|
||||
logging.level:
|
||||
org.springframework.security: TRACE
|
||||
|
|
|
|||
|
|
@ -36,11 +36,6 @@
|
|||
</button>
|
||||
</form>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
|
||||
AP-initiated Logout
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<main role="main" class="container">
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
plugins {
|
||||
id "java"
|
||||
id "nebula.integtest" version "8.2.0"
|
||||
id "org.gretty" version "3.0.6"
|
||||
id "war"
|
||||
}
|
||||
|
|
@ -33,7 +34,7 @@ dependencies {
|
|||
testImplementation "org.springframework:spring-test"
|
||||
testImplementation "org.springframework.security:spring-security-test"
|
||||
testImplementation "org.junit.jupiter:junit-jupiter-api"
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.49.1'
|
||||
testImplementation 'net.sourceforge.htmlunit:htmlunit:2.44.0'
|
||||
testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,53 @@
|
|||
/*
|
||||
* Copyright 2021 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
|
||||
import com.gargoylesoftware.htmlunit.Page;
|
||||
import com.gargoylesoftware.htmlunit.WebClient;
|
||||
|
||||
import org.springframework.core.env.Environment;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* {@link WebClient} will automatically prefix relative URLs with
|
||||
* <code>localhost:${local.server.port}</code>.
|
||||
*
|
||||
* @author Phillip Webb
|
||||
* @since 1.4.0
|
||||
*/
|
||||
public class LocalHostWebClient extends WebClient {
|
||||
|
||||
private final Environment environment;
|
||||
|
||||
public LocalHostWebClient(Environment environment) {
|
||||
Assert.notNull(environment, "Environment must not be null");
|
||||
this.environment = environment;
|
||||
}
|
||||
|
||||
@Override
|
||||
public <P extends Page> P getPage(String url) throws IOException, FailingHttpStatusCodeException {
|
||||
if (url.startsWith("/")) {
|
||||
String port = this.environment.getProperty("local.server.port", "8080");
|
||||
url = "http://localhost:" + port + url;
|
||||
}
|
||||
return super.getPage(url);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,112 @@
|
|||
/*
|
||||
* Copyright 2021 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package example;
|
||||
|
||||
import com.gargoylesoftware.htmlunit.ElementNotFoundException;
|
||||
import com.gargoylesoftware.htmlunit.WebClient;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlElement;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlForm;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlInput;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlPage;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlPasswordInput;
|
||||
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.core.env.Environment;
|
||||
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.htmlunit.MockMvcWebClientBuilder;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@ContextConfiguration(locations = { "file:src/main/webapp/WEB-INF/spring-servlet.xml",
|
||||
"file:src/main/webapp/WEB-INF/spring/security.xml" })
|
||||
@WebAppConfiguration
|
||||
public class Saml2XmlITests {
|
||||
|
||||
private MockMvc mvc;
|
||||
|
||||
private WebClient webClient;
|
||||
|
||||
@Autowired
|
||||
WebApplicationContext webApplicationContext;
|
||||
|
||||
@Autowired
|
||||
Environment environment;
|
||||
|
||||
@BeforeEach
|
||||
void setup() {
|
||||
this.mvc = MockMvcBuilders.webAppContextSetup(this.webApplicationContext)
|
||||
.apply(SecurityMockMvcConfigurers.springSecurity()).build();
|
||||
this.webClient = MockMvcWebClientBuilder.mockMvcSetup(this.mvc)
|
||||
.withDelegate(new LocalHostWebClient(this.environment)).build();
|
||||
this.webClient.getCookieManager().clearCookies();
|
||||
}
|
||||
|
||||
@Test
|
||||
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
|
||||
}
|
||||
|
||||
@Test
|
||||
void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
|
||||
performLogin();
|
||||
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
|
||||
HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
|
||||
HtmlPage loginPage = rpLogoutButton.click();
|
||||
assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
|
||||
}
|
||||
|
||||
private void performLogin() throws Exception {
|
||||
HtmlPage login = this.webClient.getPage("/");
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
HtmlForm form = findForm(login);
|
||||
HtmlInput username = form.getInputByName("username");
|
||||
HtmlPasswordInput password = form.getInputByName("password");
|
||||
HtmlSubmitInput submit = login.getHtmlElementById("okta-signin-submit");
|
||||
username.type("testuser@spring.security.saml");
|
||||
password.type("12345678");
|
||||
submit.click();
|
||||
this.webClient.waitForBackgroundJavaScript(10000);
|
||||
}
|
||||
|
||||
private HtmlForm findForm(HtmlPage login) {
|
||||
for (HtmlForm form : login.getForms()) {
|
||||
try {
|
||||
if (form.getId().equals("form19")) {
|
||||
return form;
|
||||
}
|
||||
}
|
||||
catch (ElementNotFoundException ex) {
|
||||
// Continue
|
||||
}
|
||||
}
|
||||
throw new IllegalStateException("Could not resolve login form");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -34,7 +34,7 @@ public class IndexController {
|
|||
|
||||
@GetMapping("/")
|
||||
public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
|
||||
String emailAddress = principal.getFirstAttribute("emailAddress");
|
||||
String emailAddress = principal.getFirstAttribute("email");
|
||||
model.addAttribute("emailAddress", emailAddress);
|
||||
model.addAttribute("userAttributes", principal.getAttributes());
|
||||
return "index";
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
|
||||
|
||||
<http>
|
||||
<http auto-config="true">
|
||||
<intercept-url pattern="/**" access="authenticated"/>
|
||||
<saml2-login />
|
||||
<saml2-logout />
|
||||
|
|
@ -14,40 +14,15 @@
|
|||
<user name="user" password="{noop}password" authorities="ROLE_USER" />
|
||||
</user-service>
|
||||
|
||||
<!-- <relying-party-registrations>-->
|
||||
<!-- <relying-party-registration registration-id="one" metadata-location="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"-->
|
||||
<!-- single-logout-service-location="{baseUrl}/logout/saml2/slo" single-logout-service-response-location="{baseUrl}/logout/saml2/slo">-->
|
||||
<!-- <signing-credential certificate-location="classpath:credentials/rp-certificate.crt"-->
|
||||
<!-- private-key-location="classpath:credentials/rp-private.key"/>-->
|
||||
<!-- </relying-party-registration>-->
|
||||
<!-- </relying-party-registrations>-->
|
||||
|
||||
<relying-party-registrations>
|
||||
<relying-party-registration registration-id="one"
|
||||
entity-id="{baseUrl}/saml2/service-provider-metadata/{registrationId}"
|
||||
assertion-consumer-service-location="{baseUrl}/login/saml2/sso/{registrationId}"
|
||||
assertion-consumer-service-binding="POST"
|
||||
single-logout-service-location="{baseUrl}/logout/saml2/slo"
|
||||
single-logout-service-response-location="{baseUrl}/logout/saml2/slo"
|
||||
asserting-party-id="simple-saml">
|
||||
metadata-location="https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata"
|
||||
single-logout-service-location="https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml"
|
||||
single-logout-service-response-location="{baseUrl}/logout/saml2/slo">
|
||||
<signing-credential certificate-location="classpath:credentials/rp-certificate.crt"
|
||||
private-key-location="classpath:credentials/rp-private.key"/>
|
||||
</relying-party-registration>
|
||||
|
||||
<asserting-party asserting-party-id="simple-saml"
|
||||
entity-id="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"
|
||||
single-sign-on-service-location="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"
|
||||
single-sign-on-service-binding="REDIRECT"
|
||||
signing-algorithms="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
|
||||
single-logout-service-location="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php"
|
||||
single-logout-service-binding="POST"
|
||||
single-logout-service-response-location="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php"
|
||||
want-authn-requests-signed="false">
|
||||
<verification-credential private-key-location="classpath:credentials/rp-private.key"
|
||||
certificate-location="classpath:credentials/idp-certificate.crt"/>
|
||||
<encryption-credential private-key-location="classpath:credentials/rp-private.key"
|
||||
certificate-location="classpath:credentials/idp-certificate.crt"/>
|
||||
</asserting-party>
|
||||
</relying-party-registrations>
|
||||
|
||||
</b:beans>
|
||||
|
|
|
|||
|
|
@ -36,11 +36,6 @@
|
|||
</button>
|
||||
</form>
|
||||
</li>
|
||||
<li class="nav-item">
|
||||
<a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
|
||||
AP-initiated Logout
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
<main role="main" class="container">
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ include ":servlet:java-configuration:hello-mvc-security"
|
|||
include ":servlet:java-configuration:hello-security"
|
||||
include ":servlet:java-configuration:hello-security-explicit"
|
||||
include ":servlet:java-configuration:max-sessions"
|
||||
//include ":servlet:java-configuration:saml2:login"
|
||||
include ":servlet:java-configuration:saml2:login"
|
||||
include ":servlet:spring-boot:java:authentication:username-password:user-details-service:custom-user"
|
||||
include ":servlet:spring-boot:java:authentication:username-password:mfa"
|
||||
include ":servlet:spring-boot:java:hello"
|
||||
|
|
@ -55,9 +55,9 @@ include ":servlet:spring-boot:java:oauth2:resource-server:multi-tenancy"
|
|||
include ":servlet:spring-boot:java:oauth2:resource-server:opaque"
|
||||
include ":servlet:spring-boot:java:oauth2:resource-server:static"
|
||||
include ":servlet:spring-boot:java:oauth2:webclient"
|
||||
//include ":servlet:spring-boot:java:saml2:login"
|
||||
//include ":servlet:spring-boot:java:saml2:login-single-tenant"
|
||||
//include ":servlet:spring-boot:java:saml2:refreshable-metadata"
|
||||
include ":servlet:spring-boot:java:saml2:login"
|
||||
include ":servlet:spring-boot:java:saml2:login-single-tenant"
|
||||
include ":servlet:spring-boot:java:saml2:refreshable-metadata"
|
||||
include ":servlet:spring-boot:kotlin:hello-security"
|
||||
include ":servlet:xml:java:helloworld"
|
||||
include ":servlet:xml:java:preauth"
|
||||
|
|
|
|||
Loading…
Reference in New Issue