Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-30 08:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add AuthnRequstsSigned to OpenSaml implementations

Browse Source 
Issue gh-12841
This commit is contained in:
Josh Cummings 2023-03-20 13:58:58 -06:00
parent fd6aecf8da
commit fd4541be0c
2 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
View File

@ -37,8 +37,8 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
registration.getAssertionConsumerServiceLocation(), registration.getAssertionConsumerServiceBinding(),
registration.getSingleLogoutServiceLocation(), registration.getSingleLogoutServiceResponseLocation(),
registration.getSingleLogoutServiceBindings(), registration.getAssertingPartyDetails(),
registration.getNameIdFormat(), registration.getDecryptionX509Credentials(),
registration.getSigningX509Credentials());
registration.getNameIdFormat(), registration.isAuthnRequestsSigned(),
registration.getDecryptionX509Credentials(), registration.getSigningX509Credentials());
}
/**
@ -55,7 +55,7 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
.singleLogoutServiceLocation(getSingleLogoutServiceLocation())
.singleLogoutServiceResponseLocation(getSingleLogoutServiceResponseLocation())
.singleLogoutServiceBindings((c) -> c.addAll(getSingleLogoutServiceBindings()))
.nameIdFormat(getNameIdFormat())
.nameIdFormat(getNameIdFormat()).authnRequestsSigned(isAuthnRequestsSigned())
.assertingPartyDetails((assertingParty) -> ((OpenSamlAssertingPartyDetails.Builder) assertingParty)
.entityId(party.getEntityId()).wantAuthnRequestsSigned(party.getWantAuthnRequestsSigned())
.signingAlgorithms((algorithms) -> algorithms.addAll(party.getSigningAlgorithms()))
@ -152,6 +152,11 @@ public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistra
return (Builder) super.nameIdFormat(nameIdFormat);
}
@Override
public Builder authnRequestsSigned(Boolean authnRequestsSigned) {
return (Builder) super.authnRequestsSigned(authnRequestsSigned);
}
@Override
public Builder assertingPartyDetails(Consumer<AssertingPartyDetails.Builder> assertingPartyDetails) {
return (Builder) super.assertingPartyDetails(assertingPartyDetails);

26
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/authentication/OpenSamlAuthenticationRequestResolverTests.java
View File

@ -16,6 +16,8 @@
package org.springframework.security.saml2.provider.service.web.authentication;
import java.util.stream.Stream;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
@ -35,8 +37,6 @@ import org.springframework.security.saml2.provider.service.registration.TestRely
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers;
import org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationPlaceholderResolvers.UriResolver;
import java.util.stream.Stream;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
@ -54,13 +54,13 @@ public class OpenSamlAuthenticationRequestResolverTests {
@ParameterizedTest
@MethodSource("provideSignRequestFlags")
public void resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects(boolean wantAuthRequestsSigned, boolean authnRequestsSigned) {
public void resolveAuthenticationRequestWhenSignedRedirectThenSignsAndRedirects(boolean wantAuthRequestsSigned,
boolean authnRequestsSigned) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setPathInfo("/saml2/authenticate/registration-id");
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder
.authnRequestsSigned(authnRequestsSigned)
.assertingPartyDetails(party -> party.wantAuthnRequestsSigned(wantAuthRequestsSigned))
.build();
.assertingPartyDetails((party) -> party.wantAuthnRequestsSigned(wantAuthRequestsSigned)).build();
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
Saml2RedirectAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
@ -122,10 +122,9 @@ public class OpenSamlAuthenticationRequestResolverTests {
public void resolveAuthenticationRequestWhenUnsignedPostThenOnlyPosts() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setPathInfo("/saml2/authenticate/registration-id");
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder
.assertingPartyDetails((party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(false))
.authnRequestsSigned(false)
.build();
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder.assertingPartyDetails(
(party) -> party.singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(false))
.authnRequestsSigned(false).build();
OpenSamlAuthenticationRequestResolver resolver = authenticationRequestResolver(registration);
Saml2PostAuthenticationRequest result = resolver.resolve(request, (r, authnRequest) -> {
UriResolver uriResolver = RelyingPartyRegistrationPlaceholderResolvers.uriResolver(request, registration);
@ -146,7 +145,8 @@ public class OpenSamlAuthenticationRequestResolverTests {
@ParameterizedTest
@MethodSource("provideSignRequestFlags")
public void resolveAuthenticationRequestWhenSignedPostThenSignsAndPosts(boolean wantAuthRequestsSigned, boolean authnRequestsSigned) {
public void resolveAuthenticationRequestWhenSignedPostThenSignsAndPosts(boolean wantAuthRequestsSigned,
boolean authnRequestsSigned) {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setPathInfo("/saml2/authenticate/registration-id");
RelyingPartyRegistration registration = this.relyingPartyRegistrationBuilder
@ -195,11 +195,7 @@ public class OpenSamlAuthenticationRequestResolverTests {
}
private static Stream<Arguments> provideSignRequestFlags() {
return Stream.of(
Arguments.of(true, true),
Arguments.of(true, false),
Arguments.of(false, true)
);
return Stream.of(Arguments.of(true, true), Arguments.of(true, false), Arguments.of(false, true));
}
}