[jboss-cvs] Picketlink SVN: r1332 - federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Dec 2 09:57:51 EST 2011 

Author: pcraveiro
Date: 2011-12-02 09:57:51 -0500 (Fri, 02 Dec 2011)
New Revision: 1332

Added:
   federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutSignatureTomcatWorkflowUnitTestCase.java
Log:
Test case created: http://community.jboss.org/message/639402

Added: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutSignatureTomcatWorkflowUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutSignatureTomcatWorkflowUnitTestCase.java	                        (rev 0)
+++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutSignatureTomcatWorkflowUnitTestCase.java	2011-12-02 14:57:51 UTC (rev 1332)
@@ -0,0 +1,191 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.bindings.workflow;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+
+import junit.framework.Assert;
+
+import org.apache.catalina.LifecycleException;
+import org.junit.Test;
+import org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve;
+import org.picketlink.identity.federation.bindings.tomcat.sp.SPRedirectSignatureFormAuthenticator;
+import org.picketlink.identity.federation.web.constants.GeneralConstants;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaLoginConfig;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaRequest;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaResponse;
+import org.picketlink.test.identity.federation.bindings.mock.MockCatalinaSession;
+
+/**
+ * <p>Unit test the SAML2 Logout Mechanism for Tomcat bindings with token signature.</>
+ * <p>This test uses a scenario where there are two SPs (Employee e Sales) pointing to the same IDP. When the user sends a GLO logout request to the Employee SP
+ * Picketlink will start the logout process and invalidate the user in both SPs.</p>
+ * 
+ * @author <a href="mailto:psilva at redhat.com">Pedro Igor</a>
+ * @since Dec 1, 2011
+ */
+ at SuppressWarnings("unused")
+public class SAML2LogoutSignatureTomcatWorkflowUnitTestCase extends AbstractSAML2RedirectWithSignatureTestCase
+{
+   private static final String SP_SALES_URL = "http://192.168.1.4:8080/sales/";
+
+   private static final String SP_SALES_PROFILE = BASE_PROFILE + "/sp/sales-sig";
+
+   private static final String SP_EMPLOYEE_URL = "http://192.168.1.2:8080/employee/";
+
+   private static final String SP_EMPLOYEE_PROFILE = BASE_PROFILE + "/sp/employee-sig";
+
+   private IDPWebBrowserSSOValve idpWebBrowserSSOValve;
+
+   private MockCatalinaSession employeeHttpSession = new MockCatalinaSession();
+
+   private MockCatalinaSession salesHttpSession = new MockCatalinaSession();
+
+   private SPRedirectSignatureFormAuthenticator salesServiceProvider;
+
+   private SPRedirectSignatureFormAuthenticator employeeServiceProvider;
+
+   /**
+    * Tests the GLO logout mechanism. 
+    * 
+    * @throws LifecycleException
+    * @throws IOException
+    * @throws ServletException
+    */
+   @Test
+   public void testSAML2LogOutFromSP() throws LifecycleException, IOException, ServletException
+   {
+
+      // requests a GLO logout to the Employee SP
+      MockCatalinaRequest originalEmployeeLogoutRequest = createRequest(employeeHttpSession, true);
+
+      originalEmployeeLogoutRequest.setParameter(GeneralConstants.GLOBAL_LOGOUT, "true");
+
+      MockCatalinaResponse originalEmployeeLogoutResponse = sendSPRequest(originalEmployeeLogoutRequest,
+            getEmployeeServiceProvider());
+
+      // sends the LogoutRequest to the IDP
+      MockCatalinaRequest idpLogoutRequest = createIDPRequest(true);
+
+      setQueryStringFromResponse(originalEmployeeLogoutResponse, idpLogoutRequest);
+
+      MockCatalinaResponse idpLogoutResponse = sendIDPRequest(idpLogoutRequest);
+
+      // The IDP responds with a LogoutRequest. Send it to the Sales SP with the RelayState pointing to the Employee SP
+      MockCatalinaRequest salesLogoutRequest = createRequest(salesHttpSession, true);
+
+      setQueryStringFromResponse(idpLogoutResponse, salesLogoutRequest);
+
+      MockCatalinaResponse salesLogoutResponse = sendSPRequest(salesLogoutRequest, getSalesServiceProvider());
+      
+      // At this moment the user is not logged in Sales SP anymore.
+      assertTrue(this.salesHttpSession.isInvalidated());
+      
+      // sends the StatusResponse to the IDP to continue the logout process.
+      MockCatalinaRequest processSalesStatusResponse = createIDPRequest(true);
+
+      setQueryStringFromResponse(salesLogoutResponse, processSalesStatusResponse);
+
+      MockCatalinaResponse salesStatusResponse = sendIDPRequest(processSalesStatusResponse);
+
+      // The IDP responds with a LogoutRequest. Send it to the Employee SP.
+      MockCatalinaRequest employeeLogoutRequest = createRequest(employeeHttpSession, true);
+
+      setQueryStringFromResponse(salesStatusResponse, employeeLogoutRequest);
+
+      MockCatalinaResponse employeeLogoutResponse = sendSPRequest(employeeLogoutRequest, getEmployeeServiceProvider());
+      
+      // At this moment the user is not logged in Employee SP anymore.
+      assertTrue(this.employeeHttpSession.isInvalidated());
+      
+      Assert.assertNotNull(employeeLogoutRequest.getForwardPath());
+      Assert.assertEquals(employeeLogoutRequest.getForwardPath(), GeneralConstants.LOGOUT_PAGE_NAME);
+      assertEquals(0, getIdentityServer(getIDPWebBrowserSSOValve()).stack().getParticipants(getIDPHttpSession().getId()));
+      assertEquals(0, getIdentityServer(getIDPWebBrowserSSOValve()).stack().getNumOfParticipantsInTransit(getIDPHttpSession().getId()));
+
+      //Finally the session should be invalidated
+      assertTrue(getIDPHttpSession().isInvalidated());
+   }
+
+   private MockCatalinaResponse sendSPRequest(MockCatalinaRequest request, SPRedirectSignatureFormAuthenticator sp) throws LifecycleException,
+         IOException, ServletException
+   {
+      MockCatalinaResponse response = new MockCatalinaResponse();
+
+      sp.authenticate(request, response, new MockCatalinaLoginConfig());
+
+      return response;
+   }
+
+   private MockCatalinaResponse sendIDPRequest(MockCatalinaRequest request) throws LifecycleException, IOException,
+         ServletException
+   {
+      IDPWebBrowserSSOValve idp = getIDPWebBrowserSSOValve();
+
+      MockCatalinaResponse response = new MockCatalinaResponse();
+
+      response.setWriter(new PrintWriter(new ByteArrayOutputStream()));
+
+      idp.invoke(request, response);
+      
+      ((MockCatalinaSession) request.getSession()).clear();
+      
+      return response;
+   }
+
+   private IDPWebBrowserSSOValve getIDPWebBrowserSSOValve() throws LifecycleException
+   {
+      if (this.idpWebBrowserSSOValve == null)
+      {
+         this.idpWebBrowserSSOValve = createIdentityProvider();
+         addIdentityServerParticipants(this.idpWebBrowserSSOValve, SP_EMPLOYEE_URL);
+         addIdentityServerParticipants(this.idpWebBrowserSSOValve, SP_SALES_URL);
+      }
+
+      return this.idpWebBrowserSSOValve;
+   }
+   
+   public SPRedirectSignatureFormAuthenticator getEmployeeServiceProvider() {
+      if (this.employeeServiceProvider == null)
+      {
+         this.employeeServiceProvider = createServiceProvider(SP_EMPLOYEE_PROFILE);
+      }
+
+      return this.employeeServiceProvider;
+   }
+   
+   public SPRedirectSignatureFormAuthenticator getSalesServiceProvider() {
+      if (this.salesServiceProvider == null)
+      {
+         this.salesServiceProvider = createServiceProvider(SP_SALES_PROFILE);
+      }
+
+      return this.salesServiceProvider;
+   }
+}
\ No newline at end of file

More information about the jboss-cvs-commits mailing list