| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.syncope.fit.ui; |
| |
| import static org.junit.jupiter.api.Assertions.assertEquals; |
| import static org.junit.jupiter.api.Assertions.assertTrue; |
| import static org.junit.jupiter.api.Assertions.assertFalse; |
| import static org.junit.jupiter.api.Assertions.fail; |
| |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.util.ArrayList; |
| import java.util.List; |
| import javax.ws.rs.core.MediaType; |
| import javax.ws.rs.core.Response; |
| import org.apache.commons.lang3.StringUtils; |
| import org.apache.commons.lang3.tuple.Triple; |
| import org.apache.cxf.jaxrs.client.WebClient; |
| import org.apache.http.Consts; |
| import org.apache.http.HttpHeaders; |
| import org.apache.http.HttpStatus; |
| import org.apache.http.NameValuePair; |
| import org.apache.http.client.entity.UrlEncodedFormEntity; |
| import org.apache.http.client.methods.CloseableHttpResponse; |
| import org.apache.http.client.methods.HttpGet; |
| import org.apache.http.client.methods.HttpPost; |
| import org.apache.http.client.protocol.HttpClientContext; |
| import org.apache.http.impl.client.BasicCookieStore; |
| import org.apache.http.impl.client.CloseableHttpClient; |
| import org.apache.http.impl.client.HttpClients; |
| import org.apache.http.message.BasicNameValuePair; |
| import org.apache.http.util.EntityUtils; |
| import org.apache.syncope.client.ui.commons.SAML2SP4UIConstants; |
| import org.apache.syncope.common.lib.SyncopeClientException; |
| import org.apache.syncope.common.lib.to.ItemTO; |
| import org.apache.syncope.common.lib.to.SAML2SP4UIIdPTO; |
| import org.apache.syncope.common.lib.to.SAML2SPClientAppTO; |
| import org.apache.syncope.common.lib.types.ClientAppType; |
| import org.apache.syncope.common.lib.types.SAML2SPNameId; |
| import org.apache.syncope.common.rest.api.RESTHeaders; |
| import org.junit.jupiter.api.BeforeAll; |
| import org.junit.jupiter.api.Test; |
| |
| public class SAML2SP4UIITCase extends AbstractUIITCase { |
| |
| private static void clientAppSetup(final String appName, final String entityId, final long appId) { |
| SAML2SPClientAppTO clientApp = clientAppService.list(ClientAppType.SAML2SP).stream(). |
| filter(app -> appName.equals(app.getName())). |
| map(SAML2SPClientAppTO.class::cast). |
| findFirst(). |
| orElseGet(() -> { |
| SAML2SPClientAppTO app = new SAML2SPClientAppTO(); |
| app.setName(appName); |
| app.setClientAppId(appId); |
| app.setEntityId(entityId); |
| app.setMetadataLocation(entityId + SAML2SP4UIConstants.URL_CONTEXT + "/metadata"); |
| |
| Response response = clientAppService.create(ClientAppType.SAML2SP, app); |
| if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) { |
| fail("Could not create SAML2 Client App"); |
| } |
| |
| return clientAppService.read( |
| ClientAppType.SAML2SP, response.getHeaderString(RESTHeaders.RESOURCE_KEY)); |
| }); |
| |
| clientApp.setSignAssertions(true); |
| clientApp.setSignResponses(true); |
| clientApp.setRequiredNameIdFormat(SAML2SPNameId.PERSISTENT); |
| clientApp.setAuthPolicy(getAuthPolicy().getKey()); |
| |
| clientAppService.update(ClientAppType.SAML2SP, clientApp); |
| clientAppService.pushToWA(); |
| } |
| |
| @BeforeAll |
| public static void consoleClientAppSetup() { |
| clientAppSetup(SAML2SP4UIITCase.class.getName() + "_Console", CONSOLE_ADDRESS, 5L); |
| } |
| |
| @BeforeAll |
| public static void enduserClientAppSetup() { |
| clientAppSetup(SAML2SP4UIITCase.class.getName() + "_Enduser", ENDUSER_ADDRESS, 6L); |
| } |
| |
| @BeforeAll |
| public static void idpSetup() { |
| WebClient.client(saml2sp4UIIdPService). |
| accept(MediaType.APPLICATION_XML_TYPE). |
| type(MediaType.APPLICATION_XML_TYPE); |
| try { |
| saml2sp4UIIdPService.importFromMetadata( |
| (InputStream) WebClient.create(WA_ADDRESS + "/idp/metadata").get().getEntity()); |
| } catch (SyncopeClientException e) { |
| // nothing bad if already imported |
| } finally { |
| WebClient.client(saml2sp4UIIdPService). |
| accept(clientFactory.getContentType().getMediaType()). |
| type(clientFactory.getContentType().getMediaType()); |
| } |
| |
| List<SAML2SP4UIIdPTO> idps = saml2sp4UIIdPService.list(); |
| assertEquals(1, idps.size()); |
| |
| SAML2SP4UIIdPTO cas = idps.get(0); |
| cas.setEntityID(WA_ADDRESS + "/saml"); |
| cas.setName("CAS"); |
| cas.setCreateUnmatching(true); |
| cas.setSelfRegUnmatching(false); |
| cas.getItems().clear(); |
| |
| ItemTO item = new ItemTO(); |
| item.setIntAttrName("username"); |
| item.setExtAttrName("NameID"); |
| item.setConnObjectKey(true); |
| cas.setConnObjectKeyItem(item); |
| |
| item = new ItemTO(); |
| item.setIntAttrName("email"); |
| item.setExtAttrName("mail"); |
| cas.add(item); |
| |
| item = new ItemTO(); |
| item.setIntAttrName("userId"); |
| item.setExtAttrName("mail"); |
| cas.add(item); |
| |
| item = new ItemTO(); |
| item.setIntAttrName("firstname"); |
| item.setExtAttrName("givenName"); |
| cas.add(item); |
| |
| item = new ItemTO(); |
| item.setIntAttrName("surname"); |
| item.setExtAttrName("sn"); |
| cas.add(item); |
| |
| item = new ItemTO(); |
| item.setIntAttrName("fullname"); |
| item.setExtAttrName("cn"); |
| cas.add(item); |
| |
| saml2sp4UIIdPService.update(cas); |
| } |
| |
| @Test |
| public void fetchSpMetadata() throws Exception { |
| try (CloseableHttpClient httpclient = HttpClients.createDefault()) { |
| HttpClientContext context = HttpClientContext.create(); |
| context.setCookieStore(new BasicCookieStore()); |
| |
| HttpGet get = new HttpGet(WA_ADDRESS + "/sp/metadata"); |
| CloseableHttpResponse response = httpclient.execute(get, context); |
| assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); |
| String responseBody = EntityUtils.toString(response.getEntity()); |
| assertFalse(responseBody.isEmpty()); |
| } |
| } |
| |
| @Override |
| protected void sso(final String baseURL, final String username, final String password) throws IOException { |
| CloseableHttpClient httpclient = HttpClients.createDefault(); |
| HttpClientContext context = HttpClientContext.create(); |
| context.setCookieStore(new BasicCookieStore()); |
| |
| // 1. fetch login page |
| HttpGet get = new HttpGet(baseURL); |
| CloseableHttpResponse response = httpclient.execute(get, context); |
| assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); |
| |
| // 2. click on the SAML 2.0 IdP |
| get = new HttpGet(baseURL + SAML2SP4UIConstants.URL_CONTEXT |
| + "/login?idp=http%3A//localhost%3A9080/syncope-wa/saml"); |
| response = httpclient.execute(get, context); |
| |
| // 2a. post SAML request |
| String responseBody = EntityUtils.toString(response.getEntity()); |
| Triple<String, String, String> parsed = parseSAMLRequestForm(responseBody); |
| |
| HttpPost post = new HttpPost(parsed.getLeft()); |
| post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML); |
| post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE); |
| post.setEntity(new UrlEncodedFormEntity( |
| List.of(new BasicNameValuePair("RelayState", parsed.getMiddle()), |
| new BasicNameValuePair("SAMLRequest", parsed.getRight())), Consts.UTF_8)); |
| response = httpclient.execute(post, context); |
| assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode()); |
| |
| // 2b. authenticate |
| get = new HttpGet(response.getFirstHeader(HttpHeaders.LOCATION).getValue()); |
| get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML); |
| get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE); |
| response = httpclient.execute(get, context); |
| assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); |
| |
| responseBody = EntityUtils.toString(response.getEntity()); |
| response = authenticateToCas(username, password, responseBody, httpclient, context); |
| |
| // 2c. WA attribute consent screen |
| if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) { |
| responseBody = EntityUtils.toString(response.getEntity()); |
| String execution = extractCASExecution(responseBody); |
| |
| List<NameValuePair> form = new ArrayList<>(); |
| form.add(new BasicNameValuePair("_eventId", "confirm")); |
| form.add(new BasicNameValuePair("execution", execution)); |
| form.add(new BasicNameValuePair("option", "1")); |
| form.add(new BasicNameValuePair("reminder", "30")); |
| form.add(new BasicNameValuePair("reminderTimeUnit", "days")); |
| |
| post = new HttpPost(WA_ADDRESS + "/login"); |
| post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML); |
| post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE); |
| post.setEntity(new UrlEncodedFormEntity(form, Consts.UTF_8)); |
| response = httpclient.execute(post, context); |
| } |
| assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode()); |
| |
| get = new HttpGet(response.getFirstHeader(HttpHeaders.LOCATION).getValue()); |
| get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML); |
| get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE); |
| response = httpclient.execute(get, context); |
| assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); |
| |
| // 2d. post SAML response |
| responseBody = EntityUtils.toString(response.getEntity()); |
| parsed = parseSAMLResponseForm(responseBody); |
| |
| post = new HttpPost(parsed.getLeft()); |
| post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML); |
| post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE); |
| post.setEntity(new UrlEncodedFormEntity( |
| List.of(new BasicNameValuePair("RelayState", parsed.getMiddle()), |
| new BasicNameValuePair("SAMLResponse", parsed.getRight())), Consts.UTF_8)); |
| response = httpclient.execute(post, context); |
| assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode()); |
| |
| // 3. verify that user is now authenticated |
| get = new HttpGet(baseURL + StringUtils.removeStart( |
| response.getFirstHeader(HttpHeaders.LOCATION).getValue(), "../")); |
| response = httpclient.execute(get, context); |
| assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); |
| assertTrue(EntityUtils.toString(response.getEntity()).contains(username)); |
| } |
| |
| @Override |
| protected void doSelfReg(final Runnable runnable) { |
| List<SAML2SP4UIIdPTO> idps = saml2sp4UIIdPService.list(); |
| assertEquals(1, idps.size()); |
| |
| SAML2SP4UIIdPTO cas = idps.get(0); |
| cas.setCreateUnmatching(false); |
| cas.setSelfRegUnmatching(true); |
| saml2sp4UIIdPService.update(cas); |
| |
| try { |
| runnable.run(); |
| } finally { |
| cas.setCreateUnmatching(true); |
| cas.setSelfRegUnmatching(false); |
| saml2sp4UIIdPService.update(cas); |
| } |
| } |
| } |