Author: anil.saldhana(a)jboss.com Date: 2011-11-04 14:19:34 -0400 (Fri, 04 Nov 2011) New Revision: 1318 Added: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SPRedirectFormAuthenticatorResponseTestCase.java federation/trunk/picketlink-bindings/src/test/resources/responseIDP/casidp.xml federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/ federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/ federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-handlers.xml federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-idfed.xml Log: add an example of SPRedirectFormAuthenticator handling a cas saml response Added: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SPRedirectFormAuthenticatorResponseTestCase.java =================================================================== --- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SPRedirectFormAuthenticatorResponseTestCase.java (rev 0) +++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SPRedirectFormAuthenticatorResponseTestCase.java 2011-11-04 18:19:34 UTC (rev 1318) @@ -0,0 +1,139 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.bindings.workflow; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.PrintWriter; +import java.net.URL; +import java.util.List; +import java.util.Map; + +import org.apache.catalina.deploy.LoginConfig; +import org.junit.Test; +import org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectFormAuthenticator; +import org.picketlink.identity.federation.web.constants.GeneralConstants; +import org.picketlink.identity.federation.web.util.RedirectBindingUtil; +import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaContext; +import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaContextClassLoader; +import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaRequest; +import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaResponse; +import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaSession; + +/** + * Test to validate the handling of a saml response by the + * {@link SPRedirectFormAuthenticator} + * @author Anil.Saldhana(a)redhat.com + * @since Nov 4, 2011 + */ +public class SPRedirectFormAuthenticatorResponseTestCase +{ + private final String profile = "saml2/redirect"; + + private final ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + + @SuppressWarnings("unchecked") + @Test + public void testSP() throws Exception + { + MockCatalinaSession session = new MockCatalinaSession(); + //First we go to the employee application + MockCatalinaContextClassLoader mclSPEmp = setupTCL(profile + "/responses"); + Thread.currentThread().setContextClassLoader(mclSPEmp); + SPRedirectFormAuthenticator spEmpl = new SPRedirectFormAuthenticator(); + + MockCatalinaContext context = new MockCatalinaContext(); + spEmpl.setContainer(context); + spEmpl.testStart(); + + MockCatalinaRequest catalinaRequest = new MockCatalinaRequest(); + catalinaRequest.setSession(session); + catalinaRequest.setContext(context); + + byte[] samlResponse = readIDPResponse(); + + String idpResponse = RedirectBindingUtil.deflateBase64Encode(samlResponse); + + catalinaRequest.setParameter(GeneralConstants.SAML_RESPONSE_KEY, idpResponse); + + MockCatalinaResponse catalinaResponse = new MockCatalinaResponse(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + catalinaResponse.setWriter(new PrintWriter(baos)); + + LoginConfig loginConfig = new LoginConfig(); + assertTrue(spEmpl.authenticate(catalinaRequest, catalinaResponse, loginConfig)); + + Map<String, List<Object>> sessionMap = (Map<String, List<Object>>) session + .getAttribute(GeneralConstants.SESSION_ATTRIBUTE_MAP); + assertNotNull(sessionMap); + assertEquals("sales", sessionMap.get("Role").get(0)); + } + + private byte[] readIDPResponse() throws IOException + { + File file = new File(tcl.getResource("responseIDP/casidp.xml").getPath()); + InputStream is = new FileInputStream(file); + assertNotNull(is); + + long length = file.length(); + + // Create the byte array to hold the data + byte[] bytes = new byte[(int) length]; + + // Read in the bytes + int offset = 0; + int numRead = 0; + while (offset < bytes.length && (numRead = is.read(bytes, offset, bytes.length - offset)) >= 0) + { + offset += numRead; + } + + // Ensure all the bytes have been read in + if (offset < bytes.length) + { + throw new IOException("Could not completely read file " + file.getName()); + } + + // Close the input stream and return bytes + is.close(); + return bytes; + } + + private MockCatalinaContextClassLoader setupTCL(String resource) + { + URL[] urls = new URL[] + {tcl.getResource(resource)}; + + MockCatalinaContextClassLoader mcl = new MockCatalinaContextClassLoader(urls); + mcl.setDelegate(tcl); + mcl.setProfile(resource); + return mcl; + } + +} \ No newline at end of file Added: federation/trunk/picketlink-bindings/src/test/resources/responseIDP/casidp.xml =================================================================== --- federation/trunk/picketlink-bindings/src/test/resources/responseIDP/casidp.xml (rev 0) +++ federation/trunk/picketlink-bindings/src/test/resources/responseIDP/casidp.xml 2011-11-04 18:19:34 UTC (rev 1318) @@ -0,0 +1,47 @@ +<samlp:Response ID="pmilcfianoapejannhabalcfdlmlpbhbhifalhph" + IssueInstant="2011-11-04T09:42:04Z" InResponseTo="ID_8b7b580b-592a-49ba-b55e-b2ef2bbefb51" + Destination="http://localhost:8080/sales/" Version="2.0" + xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> + <Issuer>https://localhost:8443</Issuer> + <samlp:Status> + <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> + </samlp:Status> + <Assertion ID="bndkhciapdbmobheooakhphogocfnljcnkejpgcf" + IssueInstant="2011-11-04T09:42:04Z" Version="2.0" + xmlns="urn:oasis:names:tc:SAML:2.0:assertion"> + <Issuer>https://localhost:8443</Issuer> + <Subject> + <NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">velias</NameID> + <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> + <SubjectConfirmationData Recipient="http://localhost:8080/sales/" + NotBefore="2011-11-04T09:42:04Z" NotOnOrAfter="2011-11-05T09:42:04Z" + InResponseTo="ID_8b7b580b-592a-49ba-b55e-b2ef2bbefb51" /> + </SubjectConfirmation> + </Subject> + <Conditions NotBefore="2011-11-04T09:42:04Z" NotOnOrAfter="2011-11-05T09:42:04Z" /> + <AuthnStatement AuthnInstant="2011-11-04T09:42:04Z"> + <AuthnContext> + <AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password + </AuthnContextClassRef> + </AuthnContext> + </AuthnStatement> + <AttributeStatement> + <Attribute Name="Role"> + <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">employee + </AttributeValue> + </Attribute> + <Attribute Name="Role"> + <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">manager + </AttributeValue> + </Attribute> + <Attribute Name="Role"> + <AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">sales + </AttributeValue> + </Attribute> + </AttributeStatement> + </Assertion> +</samlp:Response> \ No newline at end of file Added: federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-handlers.xml =================================================================== --- federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-handlers.xml (rev 0) +++ federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-handlers.xml 2011-11-04 18:19:34 UTC (rev 1318) @@ -0,0 +1,6 @@ +<Handlers xmlns="urn:picketlink:identity-federation:handler:config:1.0"> + <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/> + <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/> + <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/> + <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AttributeHandler"/> +</Handlers> \ No newline at end of file Property changes on: federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-handlers.xml ___________________________________________________________________ Added: svn:executable + * Added: federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-idfed.xml =================================================================== --- federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-idfed.xml (rev 0) +++ federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-idfed.xml 2011-11-04 18:19:34 UTC (rev 1318) @@ -0,0 +1,37 @@ +<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:1.0" ServerEnvironment="tomcat"> + + <IdentityURL>https://fedtst.company.com/idp/SSO.saml2</IdentityURL> + + <ServiceURL>https://201.000.000.00/gctxyz</ServiceURL> + <Trust> + + <Domains>localhost,jboss.com,jboss.org,fedtst.company.com,201.000.000.00</Domains> + + </Trust> + <KeyProvider + + ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager"> + + + + <Auth Key="KeyStoreURL" Value="/jbid_test_keystore.jks" /> + + <Auth Key="KeyStorePass" Value="store123" /> + + <Auth Key="SigningKeyPass" Value="test123" /> + + <Auth Key="SigningKeyAlias" Value="servercert" /> + + + + <ValidatingAlias Key="localhost" Value="picketlink"/> + + <ValidatingAlias Key="127.0.0.1" Value="picketlink"/> + + <ValidatingAlias Key="fedtst.company.com" Value="test"/> + + </KeyProvider> + + + +</PicketLinkSP> \ No newline at end of file Property changes on: federation/trunk/picketlink-bindings/src/test/resources/saml2/redirect/responses/WEB-INF/picketlink-idfed.xml ___________________________________________________________________ Added: svn:executable + *