cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: [FEDIZ-73] - Got SAML SSO federation test working
Date Sat, 11 Apr 2015 13:09:43 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master b2c792314 -> a8160e688


[FEDIZ-73] - Got SAML SSO federation test working


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a8160e68
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a8160e68
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a8160e68

Branch: refs/heads/master
Commit: a8160e688f8dfea425c797d042b57b8d8b126bfd
Parents: b2c7923
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Sat Apr 11 14:08:54 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Sat Apr 11 14:08:54 2015 +0100

----------------------------------------------------------------------
 .../WEB-INF/federation-validate-request.xml     | 22 +++++++----
 .../cxf/fediz/samlsso/example/SamlSso.java      |  4 --
 .../cxf/fediz/integrationtests/SAMLSSOTest.java | 40 ++++++++++----------
 .../src/test/resources/entities-realma.xml      |  8 +++-
 4 files changed, 43 insertions(+), 31 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a8160e68/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
index b178e09..e22f95a 100644
--- a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
@@ -38,23 +38,31 @@
                 result="flowScope.wauth" />
             <set name="flowScope.idpConfig" value="config.getIDP(null)" />
         </on-entry>
-        <if test="requestParameters.wa == null" then="viewBadRequest" />
-        <if
-            test="requestParameters.wa != 'wsignin1.0' and requestParameters.wa != 'wsignout1.0'
and requestParameters.wa != 'wsignoutcleanup1.0'"
-            then="viewBadRequest" />
         <if
             test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
             then="selectSignOutProcess" />
         <if
-            test="requestParameters.wtrealm == null or requestParameters.wtrealm.length()
== 0"
-            then="viewBadRequest" else="selectSigninProcess" />
+            test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" 
+            else="selectSAMLProcess" /> 
     </decision-state>
 
-    <decision-state id="selectSigninProcess">
+    <decision-state id="selectWsFedProcess">
+        <if
+            test="requestParameters.wtrealm == null or requestParameters.wtrealm.length()
== 0"
+            then="viewBadRequest" />
         <if
             test="requestParameters.wresult == null or requestParameters.wresult.isEmpty()"
             then="signinRequest" else="signinResponse" />
     </decision-state>
+    
+    <decision-state id="selectSAMLProcess">
+        <if
+            test="requestParameters.RelayState == null or requestParameters.RelayState.length()
== 0"
+            then="viewBadRequest" />
+        <if
+            test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.length()
== 0"
+            then="viewBadRequest" else="signinResponse" />
+    </decision-state>
 
     <decision-state id="selectSignOutProcess">
         <on-entry>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a8160e68/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
index d65172f..6df23c1 100644
--- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
+++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java
@@ -97,10 +97,6 @@ public class SamlSso {
         ub.queryParam("SAMLResponse", responseStr);
         ub.queryParam("RelayState", relayState);
         
-        // TODO hack just to keep the Fediz IdP happy
-        ub.queryParam("wtrealm", "blah");
-        ub.queryParam("wresult", "blah");
-        
         return javax.ws.rs.core.Response.seeOther(ub.build()).build();
     }
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a8160e68/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
index dd879c6..bf48c0a 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -25,12 +25,15 @@ import java.io.IOException;
 
 import com.gargoylesoftware.htmlunit.CookieManager;
 import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
 
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
@@ -230,25 +233,18 @@ public class SAMLSSOTest {
     }
     
     @org.junit.Test
-    @org.junit.Ignore
     public void testSAMLSSO() throws Exception {
         String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
-        System.out.println("URL: " + url);
+        // System.out.println("URL: " + url);
         // Thread.sleep(60 * 2 * 1000);
-        
-        /*
-         * TODO Logging in fine to the SAML SSO IdP, but when redirected the context is missing
or something
-         * Maybe a bug with htmlunit
-         *
         String user = "ALICE";  // realm b credentials
         String password = "ECILA";
+        
         final String bodyTextContent = 
             login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort);
         
-        System.out.println("BODY: " + bodyTextContent);
-        
-        Assert.assertTrue("Principal not " + user,
-                          bodyTextContent.contains("userPrincipal=" + user));
+        Assert.assertTrue("Principal not alice",
+                          bodyTextContent.contains("userPrincipal=alice"));
         Assert.assertTrue("User " + user + " does not have role Admin",
                           bodyTextContent.contains("role:Admin=false"));
         Assert.assertTrue("User " + user + " does not have role Manager",
@@ -265,11 +261,10 @@ public class SAMLSSOTest {
         claim = ClaimTypes.EMAILADDRESS.toString();
         Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
                           bodyTextContent.contains(claim + "=alice@realma.org"));
-         */
     }
     
-    protected static String login(String url, String user, String password, 
-                               String idpPort, String rpIdpPort) throws IOException {
+    private static String login(String url, String user, String password, 
+                                String idpPort, String rpIdpPort) throws IOException {
         //
         // Access the RP + get redirected to the IdP for "realm a". Then get redirected to
the IdP for
         // "realm b".
@@ -282,13 +277,20 @@ public class SAMLSSOTest {
             new AuthScope("localhost", Integer.parseInt(idpPort)),
             new UsernamePasswordCredentials(user, password));
 
-        //webClient.getOptions().setJavaScriptEnabled(false);
+        webClient.getOptions().setJavaScriptEnabled(false);
         final HtmlPage idpPage = webClient.getPage(url);
-        //webClient.getOptions().setJavaScriptEnabled(true);
-        // Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-        
-        return idpPage.getBody().getTextContent();
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        // Now redirect back to the RP
+        final HtmlForm form = idpPage.getFormByName("signinresponseform");
+
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+        final HtmlPage rpPage = button.click();
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
 
+        return rpPage.getBody().getTextContent();
     }
     
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a8160e68/systests/federation/samlsso/src/test/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/entities-realma.xml b/systests/federation/samlsso/src/test/resources/entities-realma.xml
index 2b2b5d1..e447349 100644
--- a/systests/federation/samlsso/src/test/resources/entities-realma.xml
+++ b/systests/federation/samlsso/src/test/resources/entities-realma.xml
@@ -52,7 +52,13 @@
         </property>
         <property name="authenticationURIs">
             <util:map>
-                <entry key="default" value="/login/default" />
+                <entry key="default" value="federation/up" />
+                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"

+                       value="federation/krb" />
+                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"
+                       value="federation/up" />
+                <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"
+                       value="federation/clientcert" />
             </util:map>
         </property>
         <property name="serviceDisplayName" value="REALM A" />


Mime
View raw message