Repository: cxf-fediz Updated Branches: refs/heads/master 18ea6f481 -> 02cbf5a26
Adding SAML SSO federation test Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/02cbf5a2 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/02cbf5a2 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/02cbf5a2 Branch: refs/heads/master Commit: 02cbf5a2619fca7dfabf9917ee2a0e3f44a6fb17 Parents: 18ea6f4 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Dec 2 12:59:32 2016 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Dec 2 12:59:32 2016 +0000 ---------------------------------------------------------------------- .../cxf/fediz/integrationtests/SAMLSSOTest.java | 70 +++++++++++++++++--- .../test/resources/realma/entities-realma.xml | 31 +++++++-- .../src/test/resources/rp/cxf-service.xml | 39 +++++++++-- 3 files changed, 117 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java index 45ddb8d..61f79d6 100644 --- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java +++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java @@ -148,18 +148,10 @@ public class SAMLSSOTest { server.addWebapp("/idpoidc", idpWebapp.getAbsolutePath()); } else { File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "samlssoWebapp"); - server.addWebapp("/wsfed", rpWebapp.getAbsolutePath()); + server.addWebapp("/samlsso", rpWebapp.getAbsolutePath()); /* rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); - cxt = server.addWebapp("/samlssocustom", rpWebapp.getAbsolutePath()); - cxt.getPipeline().addValve(fa); - - rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); - cxt = server.addWebapp("/samlssocustompost", rpWebapp.getAbsolutePath()); - cxt.getPipeline().addValve(fa); - - rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); cxt = server.addWebapp("/oidc", rpWebapp.getAbsolutePath()); cxt.getPipeline().addValve(fa); */ @@ -210,7 +202,7 @@ public class SAMLSSOTest { @org.junit.Test public void testWSFederation() throws Exception { - String url = "https://localhost:" + getRpHttpsPort() + "/wsfed/app1/services/25"; + String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app1/services/25"; //System.out.println(url); //Thread.sleep(60 * 2 * 1000); @@ -223,6 +215,20 @@ public class SAMLSSOTest { Assert.assertTrue(bodyTextContent.contains("This is the double number response")); } + + @org.junit.Test + public void testSAMLSSOFedizIdP() throws Exception { + String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app2/services/25"; + // System.out.println(url); + // Thread.sleep(60 * 2 * 1000); + String user = "ALICE"; // realm b credentials + String password = "ECILA"; + + final String bodyTextContent = + login(url, user, password, getIdpRealmbHttpsPort(), getIdpHttpsPort(), true); + + Assert.assertTrue(bodyTextContent.contains("This is the double number response")); + } private static String login(String url, String user, String password, String idpPort, String rpIdpPort) throws IOException { @@ -262,4 +268,48 @@ public class SAMLSSOTest { webClient.close(); return rpPage.asXml(); } + + private static String login(String url, String user, String password, + String idpPort, String rpIdpPort, boolean postBinding) throws IOException { + // + // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for + // "realm b". + // + final WebClient webClient = new WebClient(); + CookieManager cookieManager = new CookieManager(); + webClient.setCookieManager(cookieManager); + webClient.getOptions().setUseInsecureSSL(true); + webClient.getCredentialsProvider().setCredentials( + new AuthScope("localhost", Integer.parseInt(idpPort)), + new UsernamePasswordCredentials(user, password)); + + webClient.getOptions().setJavaScriptEnabled(false); + HtmlPage idpPage = webClient.getPage(url); + + if (postBinding) { + Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText()) + || "IDP SignIn Response Form".equals(idpPage.getTitleText())); + for (HtmlForm form : idpPage.getForms()) { + String name = form.getAttributeNS(null, "name"); + if ("signinresponseform".equals(name) || "samlsigninresponseform".equals(name)) { + final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); + idpPage = button.click(); + } + } + } + + Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); + + System.out.println("IDP: " + idpPage.asXml()); + // Now redirect back to the RP + final HtmlForm form = idpPage.getFormByName("samlsigninresponseform"); + + final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); + + final XmlPage rpPage = button.click(); + + webClient.close(); + return rpPage.asXml(); + } + } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml index 188f7a0..c0dd89b 100644 --- a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml +++ b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml @@ -59,7 +59,8 @@ <property name="serviceDescription" value="IDP of Realm A" /> <property name="applications"> <util:list> - <ref bean="srv-fedizhelloworld" /> + <ref bean="srv-fedizhelloworld-realmB" /> + <ref bean="srv-fedizhelloworld-realmC" /> </util:list> </property> <property name="trustedIdps"> @@ -133,7 +134,7 @@ </property> </bean> - <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> + <bean id="srv-fedizhelloworld-realmB" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-B" /> <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" /> <property name="serviceDisplayName" value="Fedizhelloworld" /> @@ -146,23 +147,41 @@ <property name="validatingCertificate" value="realma.cert" /> </bean> + <bean id="srv-fedizhelloworld-realmC" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity"> + <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-C" /> + <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" /> + <property name="serviceDisplayName" value="Fedizhelloworld" /> + <property name="serviceDescription" value="Web Application to illustrate WS-Federation" /> + <property name="role" value="ApplicationServiceType" /> + <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" /> + <property name="lifeTime" value="3600" /> + <property name="passiveRequestorEndpointConstraint" + value="https://localhost:(\d)*/(\w)*/racs/.*" /> + <property name="validatingCertificate" value="realma.cert" /> + </bean> + + <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> + <property name="application" ref="srv-fedizhelloworld-realmB" /> + <property name="claim" ref="claim_role" /> + <property name="optional" value="false" /> + </bean> <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> - <property name="application" ref="srv-fedizhelloworld" /> + <property name="application" ref="srv-fedizhelloworld-realmC" /> <property name="claim" ref="claim_role" /> <property name="optional" value="false" /> </bean> <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> - <property name="application" ref="srv-fedizhelloworld" /> + <property name="application" ref="srv-fedizhelloworld-realmB" /> <property name="claim" ref="claim_givenname" /> <property name="optional" value="false" /> </bean> <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> - <property name="application" ref="srv-fedizhelloworld" /> + <property name="application" ref="srv-fedizhelloworld-realmB" /> <property name="claim" ref="claim_surname" /> <property name="optional" value="false" /> </bean> <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity"> - <property name="application" ref="srv-fedizhelloworld" /> + <property name="application" ref="srv-fedizhelloworld-realmB" /> <property name="claim" ref="claim_email" /> <property name="optional" value="false" /> </bean> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml index ec56f26..6f8d70a 100644 --- a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml +++ b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml @@ -57,7 +57,12 @@ <constructor-arg ref="cxf"/> </bean> - <bean id="ssoFilter" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter"> + <bean id="authorizationInterceptor" + class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor"> + <property name="securedObject" ref="serviceBean" /> + </bean> + + <bean id="ssoFilterApp1" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter"> <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/> <property name="assertionConsumerServiceAddress" value="/racs/sso"/> @@ -69,18 +74,38 @@ <property name="signatureUsername" value="realma" /> <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-B" /> </bean> - - <bean id="authorizationInterceptor" - class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor"> - <property name="securedObject" ref="serviceBean" /> - </bean> <jaxrs:server address="/app1"> <jaxrs:serviceBeans> <ref bean="serviceBean"/> </jaxrs:serviceBeans> <jaxrs:providers> - <ref bean="ssoFilter"/> + <ref bean="ssoFilterApp1"/> + </jaxrs:providers> + <jaxrs:inInterceptors> + <ref bean="authorizationInterceptor"/> + </jaxrs:inInterceptors> + </jaxrs:server> + + <bean id="ssoFilterApp2" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter"> + <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/> + <property name="assertionConsumerServiceAddress" + value="/racs/sso"/> + <property name="stateProvider" ref="stateManager"/> + <property name="addEndpointAddressToContext" value="true"/> + <property name="signRequest" value="true"/> + <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/> + <property name="callbackHandler" ref="callbackHandler"/> + <property name="signatureUsername" value="realma" /> + <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-C" /> + </bean> + + <jaxrs:server address="/app2"> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="ssoFilterApp2"/> </jaxrs:providers> <jaxrs:inInterceptors> <ref bean="authorizationInterceptor"/>