commit
d5f30755d1
|
@ -432,10 +432,8 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
|
|||
*/
|
||||
public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator() {
|
||||
|
||||
return createAssertionValidator(Saml2ErrorCodes.INVALID_ASSERTION,
|
||||
(assertionToken) -> SAML20AssertionValidators.attributeValidator,
|
||||
(assertionToken) -> createValidationContext(assertionToken,
|
||||
(params) -> params.put(SAML2AssertionValidationParameters.CLOCK_SKEW, Duration.ofMinutes(5))));
|
||||
return createDefaultAssertionValidatorWithParameters(
|
||||
(params) -> params.put(SAML2AssertionValidationParameters.CLOCK_SKEW, Duration.ofMinutes(5)));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -444,7 +442,9 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
|
|||
* @param contextConverter the conversion strategy to use to generate a
|
||||
* {@link ValidationContext} for each assertion being validated
|
||||
* @return the default assertion validator strategy
|
||||
* @deprecated Use {@link #createDefaultAssertionValidatorWithParameters} instead
|
||||
*/
|
||||
@Deprecated
|
||||
public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator(
|
||||
Converter<AssertionToken, ValidationContext> contextConverter) {
|
||||
|
||||
|
@ -452,6 +452,21 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
|
|||
(assertionToken) -> SAML20AssertionValidators.attributeValidator, contextConverter);
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a default strategy for validating each SAML 2.0 Assertion and associated
|
||||
* {@link Authentication} token
|
||||
* @param validationContextParameters a consumer for editing the values passed to the
|
||||
* {@link ValidationContext} for each assertion being validated
|
||||
* @return the default assertion validator strategy
|
||||
* @since 5.8
|
||||
*/
|
||||
public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidatorWithParameters(
|
||||
Consumer<Map<String, Object>> validationContextParameters) {
|
||||
return createAssertionValidator(Saml2ErrorCodes.INVALID_ASSERTION,
|
||||
(assertionToken) -> SAML20AssertionValidators.attributeValidator,
|
||||
(assertionToken) -> createValidationContext(assertionToken, validationContextParameters));
|
||||
}
|
||||
|
||||
/**
|
||||
* Construct a default strategy for converting a SAML 2.0 Response and
|
||||
* {@link Authentication} token into a {@link Saml2Authentication}
|
||||
|
|
|
@ -520,6 +520,25 @@ public class OpenSaml4AuthenticationProviderTests {
|
|||
// @formatter:on
|
||||
}
|
||||
|
||||
// gh-11675
|
||||
@Test
|
||||
public void authenticateWhenUsingCustomAssertionValidatorThenUses() {
|
||||
OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider();
|
||||
Consumer<Map<String, Object>> validationParameters = mock(Consumer.class);
|
||||
// @formatter:off
|
||||
provider.setAssertionValidator(OpenSaml4AuthenticationProvider
|
||||
.createDefaultAssertionValidatorWithParameters(validationParameters));
|
||||
// @formatter:on
|
||||
Response response = response();
|
||||
Assertion assertion = assertion();
|
||||
OneTimeUse oneTimeUse = build(OneTimeUse.DEFAULT_ELEMENT_NAME);
|
||||
assertion.getConditions().getConditions().add(oneTimeUse);
|
||||
response.getAssertions().add(assertion);
|
||||
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
|
||||
provider.authenticate(token);
|
||||
verify(validationParameters).accept(any());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticateWhenCustomAssertionValidatorThenUses() {
|
||||
Converter<OpenSaml4AuthenticationProvider.AssertionToken, Saml2ResponseValidatorResult> validator = mock(
|
||||
|
|
Loading…
Reference in New Issue