You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/05/16 16:42:22 UTC
[cxf-fediz] branch master updated (e7efbec -> 89dc58c)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git.
from e7efbec Fixing failing test
new ec28922 Fix to get correct context variable in the Tomcat8 handler for SAML SSO
new 89dc58c Adding SAML SSO RP tests
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../cxf/fediz/core/handler/SigninHandler.java | 39 +++++++---
.../cxf/fediz/tomcat8/FederationAuthenticator.java | 9 +--
.../systests/custom/CustomParametersTest.java | 2 +-
.../apache/cxf/fediz/systests/ldap/LDAPTest.java | 2 +-
systests/samlsso/pom.xml | 8 ++
.../fediz/systests/samlsso/Tomcat8PluginTest.java} | 22 +++++-
.../src/test/resources/fediz_config.xml | 12 +--
.../cxf/fediz/systests/common/AbstractTests.java | 89 ++++++++++++++++++----
.../cxf/fediz/systests/common/HTTPTestUtils.java | 19 +----
9 files changed, 144 insertions(+), 58 deletions(-)
copy systests/{tomcat8/src/test/java/org/apache/cxf/fediz/systests/tomcat8/TomcatTest.java => samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/Tomcat8PluginTest.java} (91%)
copy systests/{websphere => samlsso}/src/test/resources/fediz_config.xml (88%)
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.
[cxf-fediz] 01/02: Fix to get correct context variable in the
Tomcat8 handler for SAML SSO
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit ec2892287987798e4f54639fc7d414a17534897f
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed May 16 16:04:57 2018 +0100
Fix to get correct context variable in the Tomcat8 handler for SAML SSO
---
.../cxf/fediz/core/handler/SigninHandler.java | 39 ++++++++++++++++------
.../cxf/fediz/tomcat8/FederationAuthenticator.java | 9 +++--
2 files changed, 32 insertions(+), 16 deletions(-)
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
index 125e9fc..1bf80f9 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/handler/SigninHandler.java
@@ -58,7 +58,7 @@ public class SigninHandler<T> implements RequestHandler<T> {
&& FederationConstants.ACTION_SIGNIN.equals(request.getParameter(FederationConstants.PARAM_ACTION))) {
return true;
} else if (fedizContext.getProtocol() instanceof SAMLProtocol
- && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
+ && request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
return true;
}
return false;
@@ -103,22 +103,23 @@ public class SigninHandler<T> implements RequestHandler<T> {
FedizRequest federationRequest = new FedizRequest();
String wa = req.getParameter(FederationConstants.PARAM_ACTION);
-
- String relayState = req.getParameter("RelayState");
federationRequest.setAction(wa);
federationRequest.setResponseToken(responseToken);
- federationRequest.setState(relayState);
+
+ if (fedizContext.getProtocol() instanceof SAMLProtocol) {
+ String relayState = req.getParameter("RelayState");
+ federationRequest.setState(relayState);
+ if (relayState != null) {
+ HttpSession session = req.getSession();
+ federationRequest.setRequestState((RequestState)
+ session.getAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState));
+ session.removeAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState);
+ }
+ }
federationRequest.setRequest(req);
federationRequest.setCerts((X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate"));
- if (relayState != null) {
- HttpSession session = req.getSession();
- federationRequest.setRequestState((RequestState)
- session.getAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState));
- session.removeAttribute(FederationConstants.SESSION_SAVED_REQUEST_STATE_PREFIX + relayState);
- }
-
FedizProcessor processor = FedizProcessorFactory.newFedizProcessor(fedizContext.getProtocol());
return processor.processRequest(federationRequest, fedizContext);
}
@@ -166,6 +167,22 @@ public class SigninHandler<T> implements RequestHandler<T> {
return token;
}
+ public String getContextParameter(HttpServletRequest request) {
+ String context = null;
+ if (fedizContext.getProtocol() instanceof FederationProtocol) {
+ context = request.getParameter(FederationConstants.PARAM_CONTEXT);
+ if (context == null) {
+ throw new RuntimeException("Missing required parameter 'wctx'");
+ }
+ } else if (fedizContext.getProtocol() instanceof SAMLProtocol) {
+ context = request.getParameter("RelayState");
+ if (context == null) {
+ throw new RuntimeException("Missing required parameter 'RelayState'");
+ }
+ }
+ return context;
+ }
+
public FedizContext getFedizContext() {
return fedizContext;
}
diff --git a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
index ff92c69..656f3f9 100644
--- a/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
+++ b/plugins/tomcat8/src/main/java/org/apache/cxf/fediz/tomcat8/FederationAuthenticator.java
@@ -203,7 +203,7 @@ public class FederationAuthenticator extends FormAuthenticator {
FedizPrincipal principal = signinHandler.handleRequest(request, response);
if (principal != null) {
LOG.debug("Authentication of '{}' was successful", principal);
- resumeRequest(request, response);
+ resumeRequest(signinHandler.getContextParameter(request), request, response);
} else {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
@@ -231,12 +231,11 @@ public class FederationAuthenticator extends FormAuthenticator {
return authenticate(request, response);
}
- protected void resumeRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
- String contextId = request.getParameter(FederationConstants.PARAM_CONTEXT);
+ protected void resumeRequest(String contextId, HttpServletRequest request,
+ HttpServletResponse response) throws IOException {
if (contextId == null) {
- LOG.warn("The 'wctx' parameter has not been provided back with signin request.");
+ LOG.warn("The context parameter has not been provided back with signin request.");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
} else {
Session session = ((Request)request).getSessionInternal();
String originalURL = (String)session.getNote(FederationAuthenticator.SESSION_SAVED_URI_PREFIX + contextId);
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.
[cxf-fediz] 02/02: Adding SAML SSO RP tests
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 89dc58c8c4d7fdb428d9a4111793a9036f1f21b9
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed May 16 17:42:09 2018 +0100
Adding SAML SSO RP tests
---
.../systests/custom/CustomParametersTest.java | 2 +-
.../apache/cxf/fediz/systests/ldap/LDAPTest.java | 2 +-
systests/samlsso/pom.xml | 8 ++
.../fediz/systests/samlsso/Tomcat8PluginTest.java} | 116 +++------------------
.../samlsso/src/test/resources/fediz_config.xml | 61 +++++++++++
.../cxf/fediz/systests/common/AbstractTests.java | 89 +++++++++++++---
.../cxf/fediz/systests/common/HTTPTestUtils.java | 19 +---
7 files changed, 162 insertions(+), 135 deletions(-)
diff --git a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
index 721d734..8b54d47 100644
--- a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
+++ b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
@@ -242,7 +242,7 @@ public class CustomParametersTest {
String user = "alice";
String password = "ecila";
- final String bodyTextContent = HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ final String bodyTextContent = HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), "signinresponseform");
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
diff --git a/systests/ldap/src/test/java/org/apache/cxf/fediz/systests/ldap/LDAPTest.java b/systests/ldap/src/test/java/org/apache/cxf/fediz/systests/ldap/LDAPTest.java
index a8691b7..9f4deb8 100644
--- a/systests/ldap/src/test/java/org/apache/cxf/fediz/systests/ldap/LDAPTest.java
+++ b/systests/ldap/src/test/java/org/apache/cxf/fediz/systests/ldap/LDAPTest.java
@@ -248,7 +248,7 @@ public class LDAPTest extends AbstractLdapTestUnit {
String password = "ecila";
final String bodyTextContent =
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), "signinresponseform");
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
diff --git a/systests/samlsso/pom.xml b/systests/samlsso/pom.xml
index f091627..08eb8b3 100644
--- a/systests/samlsso/pom.xml
+++ b/systests/samlsso/pom.xml
@@ -135,6 +135,14 @@
<outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory>
</artifactItem>
<artifactItem>
+ <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+ <artifactId>fediz-systests-webapps-simple</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory>
+ </artifactItem>
+ <artifactItem>
<groupId>org.apache.cxf.fediz.systests</groupId>
<artifactId>fediz-systests-tests</artifactId>
<version>${project.version}</version>
diff --git a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/Tomcat8PluginTest.java
similarity index 56%
copy from systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
copy to systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/Tomcat8PluginTest.java
index 721d734..ab9c4e1 100644
--- a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/Tomcat8PluginTest.java
@@ -17,42 +17,31 @@
* under the License.
*/
-package org.apache.cxf.fediz.systests.custom;
+package org.apache.cxf.fediz.systests.samlsso;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
-import java.net.URLEncoder;
import javax.servlet.ServletException;
-import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.html.DomElement;
-import com.gargoylesoftware.htmlunit.html.DomNodeList;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.commons.io.IOUtils;
-import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.cxf.fediz.systests.common.HTTPTestUtils;
+import org.apache.cxf.fediz.systests.common.AbstractTests;
import org.apache.cxf.fediz.tomcat8.FederationAuthenticator;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.wss4j.dom.engine.WSSConfig;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
/**
- * Some tests invoking directly on the IdP and sending custom parameters
+ * Some tests for SAML SSO with the Tomcat 8 plugin, invoking on the Fediz IdP configured for SAML SSO.
*/
-public class CustomParametersTest {
+public class Tomcat8PluginTest extends AbstractTests {
static String idpHttpsPort;
static String rpHttpsPort;
@@ -69,8 +58,6 @@ public class CustomParametersTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
-
- WSSConfig.init();
}
private static Tomcat startServer(boolean idp, String port)
@@ -161,108 +148,33 @@ public class CustomParametersTest {
}
}
+ @Override
public String getIdpHttpsPort() {
return idpHttpsPort;
}
+ @Override
public String getRpHttpsPort() {
return rpHttpsPort;
}
+ @Override
public String getServletContextName() {
return "fedizhelloworld";
}
- // Test a custom parameter that gets passed through to the STS
- @org.junit.Test
- public void testCustomParameter() throws Exception {
- String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
- url += "wa=wsignin1.0";
- url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
- url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
- String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
- url += "&wreply=" + wreply;
-
- String user = "alice";
- String password = "ecila";
-
- // Successful test
- WebClient webClient = new WebClient();
- webClient.getOptions().setUseInsecureSSL(true);
- webClient.getCredentialsProvider().setCredentials(
- new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
- new UsernamePasswordCredentials(user, password));
-
- webClient.getOptions().setJavaScriptEnabled(false);
-
- String authUrl = url + "&auth_realm="
- + URLEncoder.encode("<realm xmlns=\"http://cxf.apache.org/custom\">custom-realm</realm>", "UTF-8");
- HtmlPage idpPage = webClient.getPage(authUrl);
- webClient.getOptions().setJavaScriptEnabled(true);
- Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- // Parse the form to get the token (wresult)
- DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
-
- String wresult = null;
- for (DomElement result : results) {
- if ("wresult".equals(result.getAttributeNS(null, "name"))) {
- wresult = result.getAttributeNS(null, "value");
- break;
- }
- }
-
- Assert.assertNotNull(wresult);
-
- webClient.close();
-
- // Unsuccessful test
- webClient = new WebClient();
- webClient.getOptions().setUseInsecureSSL(true);
- webClient.getCredentialsProvider().setCredentials(
- new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
- new UsernamePasswordCredentials(user, password));
-
- webClient.getOptions().setJavaScriptEnabled(false);
- authUrl = url + "&auth_realm="
- + URLEncoder.encode("<realm xmlns=\"http://cxf.apache.org/custom\">unknown-realm</realm>", "UTF-8");
- try {
- webClient.getPage(authUrl);
- Assert.fail("Failure expected on a bad auth_realm value");
- } catch (FailingHttpStatusCodeException ex) {
- Assert.assertEquals(ex.getStatusCode(), 401);
- }
-
- webClient.close();
+ @Override
+ protected boolean isWSFederation() {
+ return false;
}
@org.junit.Test
- public void testCustomParameterViaRP() throws Exception {
+ @org.junit.Ignore
+ public void testBrowser() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
- String user = "alice";
- String password = "ecila";
-
- final String bodyTextContent = HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
-
- Assert.assertTrue("Principal not " + user,
- bodyTextContent.contains("userPrincipal=" + user));
- Assert.assertTrue("User " + user + " does not have role Admin",
- bodyTextContent.contains("role:Admin=false"));
- Assert.assertTrue("User " + user + " does not have role Manager",
- bodyTextContent.contains("role:Manager=false"));
- Assert.assertTrue("User " + user + " must have role User",
- bodyTextContent.contains("role:User=true"));
-
- String claim = ClaimTypes.FIRSTNAME.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
- bodyTextContent.contains(claim + "=Alice"));
- claim = ClaimTypes.LASTNAME.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
- bodyTextContent.contains(claim + "=Smith"));
- claim = ClaimTypes.EMAILADDRESS.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
- bodyTextContent.contains(claim + "=alice@realma.org"));
+ System.out.println("URL: " + url);
+ Thread.sleep(5 * 60 * 1000);
}
}
diff --git a/systests/samlsso/src/test/resources/fediz_config.xml b/systests/samlsso/src/test/resources/fediz_config.xml
new file mode 100644
index 0000000..232ee80
--- /dev/null
+++ b/systests/samlsso/src/test/resources/fediz_config.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
+ Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
+ keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
+-->
+<FedizConfig>
+ <contextConfig name="/fedizhelloworld">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="test-classes/clienttrust.jks"
+ password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="realma" keyPassword="realma">
+ <keyStore file="test-classes/stsrealm_a.jks" password="storepass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="samlProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <signRequest>true</signRequest>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/saml</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <disableDeflateEncoding>true</disableDeflateEncoding>
+ <claimTypesRequested>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
+</FedizConfig>
+
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/systests/common/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/systests/common/AbstractTests.java
index 5fb96f2..a310449 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/systests/common/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/systests/common/AbstractTests.java
@@ -68,6 +68,17 @@ public abstract class AbstractTests {
public abstract String getRpHttpsPort();
+ protected boolean isWSFederation() {
+ return true;
+ }
+
+ private String getLoginFormName() {
+ if (isWSFederation()) {
+ return "signinresponseform";
+ }
+ return "samlsigninresponseform";
+ }
+
@Test
public void testAlice() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
@@ -76,7 +87,7 @@ public abstract class AbstractTests {
String password = "ecila";
final String bodyTextContent =
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
@@ -107,7 +118,7 @@ public abstract class AbstractTests {
String password = "ecila";
final String bodyTextContent =
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
@@ -127,7 +138,7 @@ public abstract class AbstractTests {
String password = "ecila";
try {
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.fail("Exception expected");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 403);
@@ -142,7 +153,7 @@ public abstract class AbstractTests {
String password = "ecila";
try {
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.fail("Exception expected");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 403);
@@ -157,7 +168,7 @@ public abstract class AbstractTests {
String password = "alice";
try {
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.fail("Exception expected");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
@@ -172,7 +183,7 @@ public abstract class AbstractTests {
String password = "bob";
final String bodyTextContent =
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
@@ -202,7 +213,7 @@ public abstract class AbstractTests {
String password = "bob";
final String bodyTextContent =
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
@@ -222,7 +233,7 @@ public abstract class AbstractTests {
String password = "bob";
final String bodyTextContent =
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
@@ -242,7 +253,7 @@ public abstract class AbstractTests {
String password = "bob";
final String bodyTextContent =
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
@@ -262,7 +273,7 @@ public abstract class AbstractTests {
String password = "det";
final String bodyTextContent =
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.assertTrue("Principal not " + user,
bodyTextContent.contains("userPrincipal=" + user));
@@ -292,7 +303,7 @@ public abstract class AbstractTests {
String password = "det";
try {
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.fail("Exception expected");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 403);
@@ -307,7 +318,7 @@ public abstract class AbstractTests {
String password = "det";
try {
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.fail("Exception expected");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 403);
@@ -322,7 +333,7 @@ public abstract class AbstractTests {
String password = "det";
try {
- HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+ HTTPTestUtils.login(url, user, password, getIdpHttpsPort(), getLoginFormName());
Assert.fail("Exception expected");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 403);
@@ -331,6 +342,11 @@ public abstract class AbstractTests {
@Test
public void testRPMetadata() throws Exception {
+
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort()
+ "/" + getServletContextName() + "/FederationMetadata/2007-06/FederationMetadata.xml";
@@ -365,6 +381,10 @@ public abstract class AbstractTests {
@Test
public void testRPLogout() throws Exception {
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet";
String user = "alice";
@@ -408,6 +428,10 @@ public abstract class AbstractTests {
@Test
public void testRPLogoutViaAction() throws Exception {
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet";
String user = "alice";
@@ -451,6 +475,10 @@ public abstract class AbstractTests {
@Test
public void testIdPLogout() throws Exception {
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet";
String user = "alice";
@@ -494,6 +522,10 @@ public abstract class AbstractTests {
@Test
public void testIdPLogoutCleanup() throws Exception {
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet";
String user = "alice";
@@ -536,6 +568,11 @@ public abstract class AbstractTests {
@Test
public void testAliceModifiedSignature() throws Exception {
+
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet";
String user = "alice";
@@ -608,7 +645,7 @@ public abstract class AbstractTests {
Assert.assertEquals("IDP SignIn Response Form", idpPage2.getTitleText());
// Invoke back on the page1 RP
- final HtmlForm form = idpPage1.getFormByName("signinresponseform");
+ final HtmlForm form = idpPage1.getFormByName(getLoginFormName());
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
final HtmlPage rpPage1 = button.click();
Assert.assertTrue("WS Federation Systests Examples".equals(rpPage1.getTitleText())
@@ -620,7 +657,7 @@ public abstract class AbstractTests {
bodyTextContent1.contains("userPrincipal=" + user));
// Invoke back on the page2 RP
- final HtmlForm form2 = idpPage2.getFormByName("signinresponseform");
+ final HtmlForm form2 = idpPage2.getFormByName(getLoginFormName());
final HtmlSubmitInput button2 = form2.getInputByName("_eventId_submit");
final HtmlPage rpPage2 = button2.click();
String bodyTextContent2 = rpPage2.getBody().getTextContent();
@@ -632,6 +669,10 @@ public abstract class AbstractTests {
@org.junit.Test
public void testMaliciousRedirect() throws Exception {
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
String user = "alice";
String password = "ecila";
@@ -678,6 +719,11 @@ public abstract class AbstractTests {
@Test
public void testEntityExpansionAttack() throws Exception {
+
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
String user = "alice";
String password = "ecila";
@@ -731,6 +777,10 @@ public abstract class AbstractTests {
@Test
public void testEntityExpansionAttack2() throws Exception {
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
String user = "alice";
String password = "ecila";
@@ -784,6 +834,11 @@ public abstract class AbstractTests {
@org.junit.Test
public void testCSRFAttack() throws Exception {
+
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
csrfAttackTest(url);
}
@@ -856,6 +911,10 @@ public abstract class AbstractTests {
@org.junit.Test
public void testCSRFAttack2() throws Exception {
+ if (!isWSFederation()) {
+ return;
+ }
+
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
csrfAttackTest2(url);
}
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/systests/common/HTTPTestUtils.java b/systests/tests/src/test/java/org/apache/cxf/fediz/systests/common/HTTPTestUtils.java
index fcbcbd5..9aa73ab 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/systests/common/HTTPTestUtils.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/systests/common/HTTPTestUtils.java
@@ -42,7 +42,8 @@ public final class HTTPTestUtils {
// complete
}
- public static String login(String url, String user, String password, String idpPort) throws IOException {
+ public static String login(String url, String user, String password, String idpPort,
+ String formName) throws IOException {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
@@ -54,7 +55,7 @@ public final class HTTPTestUtils {
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- final HtmlForm form = idpPage.getFormByName("signinresponseform");
+ final HtmlForm form = idpPage.getFormByName(formName);
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
final HtmlPage rpPage = button.click();
@@ -65,20 +66,6 @@ public final class HTTPTestUtils {
return rpPage.getBody().getTextContent();
}
- public static String loginForSAMLSSO(String url, String user, String password, String idpPort) throws IOException {
- final WebClient webClient = new WebClient();
- webClient.getOptions().setUseInsecureSSL(true);
- webClient.getCredentialsProvider().setCredentials(
- new AuthScope("localhost", Integer.parseInt(idpPort)),
- new UsernamePasswordCredentials(user, password));
-
- webClient.getOptions().setJavaScriptEnabled(false);
- final HtmlPage rpPage = webClient.getPage(url);
-
- webClient.close();
- return rpPage.getBody().getTextContent();
- }
-
public static String loginWithCookieManager(String url, String user, String password,
String idpPort, CookieManager cookieManager) throws IOException {
final WebClient webClient = new WebClient();
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.