Google Git
Sign in
apache / syncope / c7e7c1b4cee0ca69866989f47797d5cec6232287 / . / fit / wa-reference / src / test / java / org / apache / syncope / fit / sra / SAML2SRAITCase.java
blob: aa772a5a7ab6194aa36a19a67e37caa16d04521a [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.syncope.fit.sra;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeoutException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.tuple.Triple;
import org.apache.http.Consts;
import org.apache.http.HttpStatus;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.apache.syncope.common.lib.to.SAML2SPClientAppTO;
import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
import org.apache.syncope.common.rest.api.RESTHeaders;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
public class SAML2SRAITCase extends AbstractSRAITCase {
@BeforeAll
public static void startSRA() throws IOException, InterruptedException, TimeoutException {
assumeTrue(SAML2SRAITCase.class.equals(MethodHandles.lookup().lookupClass()));
doStartSRA("saml2");
}
@BeforeAll
public static void clientAppSetup() {
String appName = SAML2SRAITCase.class.getName();
SAML2SPClientAppTO clientApp = CLIENT_APP_SERVICE.list(ClientAppType.SAML2SP).stream().
filter(app -> appName.equals(app.getName())).
map(SAML2SPClientAppTO.class::cast).
findFirst().
orElseGet(() -> {
SAML2SPClientAppTO app = new SAML2SPClientAppTO();
app.setName(appName);
app.setClientAppId(3L);
app.setEntityId(SRA_ADDRESS);
app.setMetadataLocation(SRA_ADDRESS + "/saml2/metadata");
Response response = CLIENT_APP_SERVICE.create(ClientAppType.SAML2SP, app);
if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) {
fail("Could not create SAML2 Client App");
}
return CLIENT_APP_SERVICE.read(
ClientAppType.SAML2SP, response.getHeaderString(RESTHeaders.RESOURCE_KEY));
});
clientApp.setSignAssertions(true);
clientApp.setSignResponses(true);
clientApp.setRequiredNameIdFormat(SAML2SPNameId.PERSISTENT);
clientApp.setAuthPolicy(getAuthPolicy().getKey());
CLIENT_APP_SERVICE.update(ClientAppType.SAML2SP, clientApp);
CLIENT_APP_SERVICE.pushToWA();
}
@Test
public void web() throws IOException {
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpClientContext context = HttpClientContext.create();
context.setCookieStore(new BasicCookieStore());
// 1. public
HttpGet get = new HttpGet(SRA_ADDRESS + "/public/get?" + QUERY_STRING);
get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
try (CloseableHttpResponse response = httpclient.execute(get, context)) {
ObjectNode headers = checkGetResponse(response, get.getURI().toASCIIString().replace("/public", ""));
assertFalse(headers.has(HttpHeaders.COOKIE));
}
// 2. protected
get = new HttpGet(SRA_ADDRESS + "/protected/get?" + QUERY_STRING);
String originalRequestURI = get.getURI().toASCIIString();
get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
String responseBody;
try (CloseableHttpResponse response = httpclient.execute(get, context)) {
assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
responseBody = EntityUtils.toString(response.getEntity());
}
// 2a. post SAML request
Triple<String, String, String> parsed = parseSAMLRequestForm(responseBody);
HttpPost post = new HttpPost(parsed.getLeft());
post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
post.setEntity(new UrlEncodedFormEntity(
List.of(new BasicNameValuePair("RelayState", parsed.getMiddle()),
new BasicNameValuePair("SAMLRequest", parsed.getRight())), Consts.UTF_8));
String location;
try (CloseableHttpResponse response = httpclient.execute(post, context)) {
assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode());
location = response.getFirstHeader(HttpHeaders.LOCATION).getValue();
}
// 2b. authenticate
post = new HttpPost(location);
post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
try (CloseableHttpResponse response = httpclient.execute(post, context)) {
assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
responseBody = EntityUtils.toString(response.getEntity());
}
boolean isOk = false;
try (CloseableHttpResponse response =
authenticateToWA("bellini", "password", responseBody, httpclient, context)) {
switch (response.getStatusLine().getStatusCode()) {
case HttpStatus.SC_OK:
isOk = true;
responseBody = EntityUtils.toString(response.getEntity());
break;
case HttpStatus.SC_MOVED_TEMPORARILY:
location = response.getFirstHeader(HttpHeaders.LOCATION).getValue();
break;
default:
fail();
}
}
// 2c. WA attribute consent screen
if (isOk) {
String execution = extractWAExecution(responseBody);
List<NameValuePair> form = new ArrayList<>();
form.add(new BasicNameValuePair("_eventId", "confirm"));
form.add(new BasicNameValuePair("execution", execution));
form.add(new BasicNameValuePair("option", "1"));
form.add(new BasicNameValuePair("reminder", "30"));
form.add(new BasicNameValuePair("reminderTimeUnit", "days"));
post = new HttpPost(WA_ADDRESS + "/login");
post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
post.setEntity(new UrlEncodedFormEntity(form, Consts.UTF_8));
try (CloseableHttpResponse response = httpclient.execute(post, context)) {
assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode());
location = response.getFirstHeader(HttpHeaders.LOCATION).getValue().
replace("http://", "https://").replace(":8080", ":9443");
}
}
get = new HttpGet(location);
get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
try (CloseableHttpResponse response = httpclient.execute(get, context)) {
assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
responseBody = EntityUtils.toString(response.getEntity());
}
// 2d. post SAML response
parsed = parseSAMLResponseForm(responseBody);
post = new HttpPost(parsed.getLeft());
post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
post.setEntity(new UrlEncodedFormEntity(
List.of(new BasicNameValuePair("RelayState", parsed.getMiddle()),
new BasicNameValuePair("SAMLResponse", parsed.getRight())), Consts.UTF_8));
try (CloseableHttpResponse response = httpclient.execute(post, context)) {
assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode());
location = response.getFirstHeader(HttpHeaders.LOCATION).getValue();
}
// 2e. finally get requested content
get = new HttpGet(location);
get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
try (CloseableHttpResponse response = httpclient.execute(get, context)) {
ObjectNode headers = checkGetResponse(response, originalRequestURI.replace("/protected", ""));
assertFalse(headers.get(HttpHeaders.COOKIE).asText().isBlank());
}
// 3. logout
get = new HttpGet(SRA_ADDRESS + "/protected/logout");
get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
try (CloseableHttpResponse response = httpclient.execute(get, context)) {
responseBody = EntityUtils.toString(response.getEntity());
}
// 3a. post SAML request
parsed = parseSAMLRequestForm(responseBody);
post = new HttpPost(parsed.getLeft());
post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
post.setEntity(new UrlEncodedFormEntity(
List.of(new BasicNameValuePair("RelayState", parsed.getMiddle()),
new BasicNameValuePair("SAMLRequest", parsed.getRight())), Consts.UTF_8));
try (CloseableHttpResponse response = httpclient.execute(post, context)) {
assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode());
location = response.getFirstHeader(HttpHeaders.LOCATION).getValue();
}
get = new HttpGet(location);
get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
// 3b. check logout
try (CloseableHttpResponse response = httpclient.execute(get, context)) {
checkLogout(response);
}
}
}