Merge branch '5.8.x'

Closes gh-12149
This commit is contained in:
Josh Cummings 2022-11-07 16:07:32 -07:00
commit d5f30755d1
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
2 changed files with 38 additions and 4 deletions

View File

@ -432,10 +432,8 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
*/
public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator() {
return createAssertionValidator(Saml2ErrorCodes.INVALID_ASSERTION,
(assertionToken) -> SAML20AssertionValidators.attributeValidator,
(assertionToken) -> createValidationContext(assertionToken,
(params) -> params.put(SAML2AssertionValidationParameters.CLOCK_SKEW, Duration.ofMinutes(5))));
return createDefaultAssertionValidatorWithParameters(
(params) -> params.put(SAML2AssertionValidationParameters.CLOCK_SKEW, Duration.ofMinutes(5)));
}
/**
@ -444,7 +442,9 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
* @param contextConverter the conversion strategy to use to generate a
* {@link ValidationContext} for each assertion being validated
* @return the default assertion validator strategy
* @deprecated Use {@link #createDefaultAssertionValidatorWithParameters} instead
*/
@Deprecated
public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidator(
Converter<AssertionToken, ValidationContext> contextConverter) {
@ -452,6 +452,21 @@ public final class OpenSaml4AuthenticationProvider implements AuthenticationProv
(assertionToken) -> SAML20AssertionValidators.attributeValidator, contextConverter);
}
/**
* Construct a default strategy for validating each SAML 2.0 Assertion and associated
* {@link Authentication} token
* @param validationContextParameters a consumer for editing the values passed to the
* {@link ValidationContext} for each assertion being validated
* @return the default assertion validator strategy
* @since 5.8
*/
public static Converter<AssertionToken, Saml2ResponseValidatorResult> createDefaultAssertionValidatorWithParameters(
Consumer<Map<String, Object>> validationContextParameters) {
return createAssertionValidator(Saml2ErrorCodes.INVALID_ASSERTION,
(assertionToken) -> SAML20AssertionValidators.attributeValidator,
(assertionToken) -> createValidationContext(assertionToken, validationContextParameters));
}
/**
* Construct a default strategy for converting a SAML 2.0 Response and
* {@link Authentication} token into a {@link Saml2Authentication}

View File

@ -520,6 +520,25 @@ public class OpenSaml4AuthenticationProviderTests {
// @formatter:on
}
// gh-11675
@Test
public void authenticateWhenUsingCustomAssertionValidatorThenUses() {
OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider();
Consumer<Map<String, Object>> validationParameters = mock(Consumer.class);
// @formatter:off
provider.setAssertionValidator(OpenSaml4AuthenticationProvider
.createDefaultAssertionValidatorWithParameters(validationParameters));
// @formatter:on
Response response = response();
Assertion assertion = assertion();
OneTimeUse oneTimeUse = build(OneTimeUse.DEFAULT_ELEMENT_NAME);
assertion.getConditions().getConditions().add(oneTimeUse);
response.getAssertions().add(assertion);
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
provider.authenticate(token);
verify(validationParameters).accept(any());
}
@Test
public void authenticateWhenCustomAssertionValidatorThenUses() {
Converter<OpenSaml4AuthenticationProvider.AssertionToken, Saml2ResponseValidatorResult> validator = mock(