You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/02 12:59:50 UTC
cxf-fediz git commit: Adding SAML SSO federation test
Repository: cxf-fediz
Updated Branches:
refs/heads/master 18ea6f481 -> 02cbf5a26
Adding SAML SSO federation test
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/02cbf5a2
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/02cbf5a2
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/02cbf5a2
Branch: refs/heads/master
Commit: 02cbf5a2619fca7dfabf9917ee2a0e3f44a6fb17
Parents: 18ea6f4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 2 12:59:32 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 2 12:59:32 2016 +0000
----------------------------------------------------------------------
.../cxf/fediz/integrationtests/SAMLSSOTest.java | 70 +++++++++++++++++---
.../test/resources/realma/entities-realma.xml | 31 +++++++--
.../src/test/resources/rp/cxf-service.xml | 39 +++++++++--
3 files changed, 117 insertions(+), 23 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
index 45ddb8d..61f79d6 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -148,18 +148,10 @@ public class SAMLSSOTest {
server.addWebapp("/idpoidc", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "samlssoWebapp");
- server.addWebapp("/wsfed", rpWebapp.getAbsolutePath());
+ server.addWebapp("/samlsso", rpWebapp.getAbsolutePath());
/*
rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
- cxt = server.addWebapp("/samlssocustom", rpWebapp.getAbsolutePath());
- cxt.getPipeline().addValve(fa);
-
- rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
- cxt = server.addWebapp("/samlssocustompost", rpWebapp.getAbsolutePath());
- cxt.getPipeline().addValve(fa);
-
- rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
cxt = server.addWebapp("/oidc", rpWebapp.getAbsolutePath());
cxt.getPipeline().addValve(fa);
*/
@@ -210,7 +202,7 @@ public class SAMLSSOTest {
@org.junit.Test
public void testWSFederation() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/wsfed/app1/services/25";
+ String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app1/services/25";
//System.out.println(url);
//Thread.sleep(60 * 2 * 1000);
@@ -223,6 +215,20 @@ public class SAMLSSOTest {
Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
}
+
+ @org.junit.Test
+ public void testSAMLSSOFedizIdP() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app2/services/25";
+ // System.out.println(url);
+ // Thread.sleep(60 * 2 * 1000);
+ String user = "ALICE"; // realm b credentials
+ String password = "ECILA";
+
+ final String bodyTextContent =
+ login(url, user, password, getIdpRealmbHttpsPort(), getIdpHttpsPort(), true);
+
+ Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
+ }
private static String login(String url, String user, String password,
String idpPort, String rpIdpPort) throws IOException {
@@ -262,4 +268,48 @@ public class SAMLSSOTest {
webClient.close();
return rpPage.asXml();
}
+
+ private static String login(String url, String user, String password,
+ String idpPort, String rpIdpPort, boolean postBinding) throws IOException {
+ //
+ // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
+ // "realm b".
+ //
+ final WebClient webClient = new WebClient();
+ CookieManager cookieManager = new CookieManager();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(idpPort)),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+
+ if (postBinding) {
+ Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText())
+ || "IDP SignIn Response Form".equals(idpPage.getTitleText()));
+ for (HtmlForm form : idpPage.getForms()) {
+ String name = form.getAttributeNS(null, "name");
+ if ("signinresponseform".equals(name) || "samlsigninresponseform".equals(name)) {
+ final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+ idpPage = button.click();
+ }
+ }
+ }
+
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+ System.out.println("IDP: " + idpPage.asXml());
+ // Now redirect back to the RP
+ final HtmlForm form = idpPage.getFormByName("samlsigninresponseform");
+
+ final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+ final XmlPage rpPage = button.click();
+
+ webClient.close();
+ return rpPage.asXml();
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
index 188f7a0..c0dd89b 100644
--- a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
+++ b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
@@ -59,7 +59,8 @@
<property name="serviceDescription" value="IDP of Realm A" />
<property name="applications">
<util:list>
- <ref bean="srv-fedizhelloworld" />
+ <ref bean="srv-fedizhelloworld-realmB" />
+ <ref bean="srv-fedizhelloworld-realmC" />
</util:list>
</property>
<property name="trustedIdps">
@@ -133,7 +134,7 @@
</property>
</bean>
- <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+ <bean id="srv-fedizhelloworld-realmB" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
<property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-B" />
<property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
<property name="serviceDisplayName" value="Fedizhelloworld" />
@@ -146,23 +147,41 @@
<property name="validatingCertificate" value="realma.cert" />
</bean>
+ <bean id="srv-fedizhelloworld-realmC" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-C" />
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="serviceDisplayName" value="Fedizhelloworld" />
+ <property name="serviceDescription" value="Web Application to illustrate WS-Federation" />
+ <property name="role" value="ApplicationServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="3600" />
+ <property name="passiveRequestorEndpointConstraint"
+ value="https://localhost:(\d)*/(\w)*/racs/.*" />
+ <property name="validatingCertificate" value="realma.cert" />
+ </bean>
+
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-fedizhelloworld-realmB" />
+ <property name="claim" ref="claim_role" />
+ <property name="optional" value="false" />
+ </bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
- <property name="application" ref="srv-fedizhelloworld" />
+ <property name="application" ref="srv-fedizhelloworld-realmC" />
<property name="claim" ref="claim_role" />
<property name="optional" value="false" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
- <property name="application" ref="srv-fedizhelloworld" />
+ <property name="application" ref="srv-fedizhelloworld-realmB" />
<property name="claim" ref="claim_givenname" />
<property name="optional" value="false" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
- <property name="application" ref="srv-fedizhelloworld" />
+ <property name="application" ref="srv-fedizhelloworld-realmB" />
<property name="claim" ref="claim_surname" />
<property name="optional" value="false" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
- <property name="application" ref="srv-fedizhelloworld" />
+ <property name="application" ref="srv-fedizhelloworld-realmB" />
<property name="claim" ref="claim_email" />
<property name="optional" value="false" />
</bean>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
index ec56f26..6f8d70a 100644
--- a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
+++ b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
@@ -57,7 +57,12 @@
<constructor-arg ref="cxf"/>
</bean>
- <bean id="ssoFilter" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
+ <bean id="authorizationInterceptor"
+ class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
+ <property name="securedObject" ref="serviceBean" />
+ </bean>
+
+ <bean id="ssoFilterApp1" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
<property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/>
<property name="assertionConsumerServiceAddress"
value="/racs/sso"/>
@@ -69,18 +74,38 @@
<property name="signatureUsername" value="realma" />
<property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-B" />
</bean>
-
- <bean id="authorizationInterceptor"
- class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
- <property name="securedObject" ref="serviceBean" />
- </bean>
<jaxrs:server address="/app1">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
- <ref bean="ssoFilter"/>
+ <ref bean="ssoFilterApp1"/>
+ </jaxrs:providers>
+ <jaxrs:inInterceptors>
+ <ref bean="authorizationInterceptor"/>
+ </jaxrs:inInterceptors>
+ </jaxrs:server>
+
+ <bean id="ssoFilterApp2" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
+ <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/>
+ <property name="assertionConsumerServiceAddress"
+ value="/racs/sso"/>
+ <property name="stateProvider" ref="stateManager"/>
+ <property name="addEndpointAddressToContext" value="true"/>
+ <property name="signRequest" value="true"/>
+ <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/>
+ <property name="callbackHandler" ref="callbackHandler"/>
+ <property name="signatureUsername" value="realma" />
+ <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-C" />
+ </bean>
+
+ <jaxrs:server address="/app2">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="ssoFilterApp2"/>
</jaxrs:providers>
<jaxrs:inInterceptors>
<ref bean="authorizationInterceptor"/>