cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Adding SAML SSO federation test
Date Fri, 02 Dec 2016 12:59:50 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 18ea6f481 -> 02cbf5a26


Adding SAML SSO federation test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/02cbf5a2
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/02cbf5a2
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/02cbf5a2

Branch: refs/heads/master
Commit: 02cbf5a2619fca7dfabf9917ee2a0e3f44a6fb17
Parents: 18ea6f4
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Dec 2 12:59:32 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Dec 2 12:59:32 2016 +0000

----------------------------------------------------------------------
 .../cxf/fediz/integrationtests/SAMLSSOTest.java | 70 +++++++++++++++++---
 .../test/resources/realma/entities-realma.xml   | 31 +++++++--
 .../src/test/resources/rp/cxf-service.xml       | 39 +++++++++--
 3 files changed, 117 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
index 45ddb8d..61f79d6 100644
--- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
+++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java
@@ -148,18 +148,10 @@ public class SAMLSSOTest {
             server.addWebapp("/idpoidc", idpWebapp.getAbsolutePath());
         } else {
             File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"samlssoWebapp");
-            server.addWebapp("/wsfed", rpWebapp.getAbsolutePath());
+            server.addWebapp("/samlsso", rpWebapp.getAbsolutePath());
             
             /*            
             rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"simpleWebapp");
-            cxt = server.addWebapp("/samlssocustom", rpWebapp.getAbsolutePath());
-            cxt.getPipeline().addValve(fa);
-            
-            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"simpleWebapp");
-            cxt = server.addWebapp("/samlssocustompost", rpWebapp.getAbsolutePath());
-            cxt.getPipeline().addValve(fa);
-            
-            rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"simpleWebapp");
             cxt = server.addWebapp("/oidc", rpWebapp.getAbsolutePath());
             cxt.getPipeline().addValve(fa);
             */
@@ -210,7 +202,7 @@ public class SAMLSSOTest {
     
     @org.junit.Test
     public void testWSFederation() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/wsfed/app1/services/25";
+        String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app1/services/25";
         //System.out.println(url);
         //Thread.sleep(60 * 2 * 1000);
         
@@ -223,6 +215,20 @@ public class SAMLSSOTest {
         Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
         
     }
+    
+    @org.junit.Test
+    public void testSAMLSSOFedizIdP() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/samlsso/app2/services/25";
+        // System.out.println(url);
+        // Thread.sleep(60 * 2 * 1000);
+        String user = "ALICE";  // realm b credentials
+        String password = "ECILA";
+        
+        final String bodyTextContent = 
+            login(url, user, password, getIdpRealmbHttpsPort(), getIdpHttpsPort(), true);
+        
+        Assert.assertTrue(bodyTextContent.contains("This is the double number response"));
+    }
 
     private static String login(String url, String user, String password, 
                                 String idpPort, String rpIdpPort) throws IOException {
@@ -262,4 +268,48 @@ public class SAMLSSOTest {
         webClient.close();
         return rpPage.asXml();
     }
+    
+    private static String login(String url, String user, String password, 
+                                String idpPort, String rpIdpPort, boolean postBinding) throws
IOException {
+        //
+        // Access the RP + get redirected to the IdP for "realm a". Then get redirected to
the IdP for
+        // "realm b".
+        //
+        final WebClient webClient = new WebClient();
+        CookieManager cookieManager = new CookieManager();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(idpPort)),
+            new UsernamePasswordCredentials(user, password));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        HtmlPage idpPage = webClient.getPage(url);
+        
+        if (postBinding) {
+            Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText())
+                                || "IDP SignIn Response Form".equals(idpPage.getTitleText()));
+            for (HtmlForm form : idpPage.getForms()) {
+                String name = form.getAttributeNS(null, "name");
+                if ("signinresponseform".equals(name) || "samlsigninresponseform".equals(name))
{
+                    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+                    idpPage = button.click();
+                }
+            }
+        }
+        
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        System.out.println("IDP: " + idpPage.asXml());
+        // Now redirect back to the RP
+        final HtmlForm form = idpPage.getFormByName("samlsigninresponseform");
+
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+        final XmlPage rpPage = button.click();
+
+        webClient.close();
+        return rpPage.asXml();
+    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
index 188f7a0..c0dd89b 100644
--- a/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
+++ b/systests/federation/samlsso/src/test/resources/realma/entities-realma.xml
@@ -59,7 +59,8 @@
         <property name="serviceDescription" value="IDP of Realm A" />
         <property name="applications">
             <util:list>
-                <ref bean="srv-fedizhelloworld" />
+                <ref bean="srv-fedizhelloworld-realmB" />
+                <ref bean="srv-fedizhelloworld-realmC" />
             </util:list>
         </property>
         <property name="trustedIdps">
@@ -133,7 +134,7 @@
         </property>
     </bean>
 
-    <bean id="srv-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+    <bean id="srv-fedizhelloworld-realmB" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
         <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-B"
/>
         <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
         <property name="serviceDisplayName" value="Fedizhelloworld" />
@@ -146,23 +147,41 @@
         <property name="validatingCertificate" value="realma.cert" />
     </bean>
     
+    <bean id="srv-fedizhelloworld-realmC" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+        <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-C"
/>
+        <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706"
/>
+        <property name="serviceDisplayName" value="Fedizhelloworld" />
+        <property name="serviceDescription" value="Web Application to illustrate WS-Federation"
/>
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
+        <property name="lifeTime" value="3600" />
+        <property name="passiveRequestorEndpointConstraint" 
+                  value="https://localhost:(\d)*/(\w)*/racs/.*" />
+        <property name="validatingCertificate" value="realma.cert" />
+    </bean>
+    
+    <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-fedizhelloworld-realmB" />
+        <property name="claim" ref="claim_role" />
+        <property name="optional" value="false" />
+    </bean>
     <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
-        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="application" ref="srv-fedizhelloworld-realmC" />
         <property name="claim" ref="claim_role" />
         <property name="optional" value="false" />
     </bean>
     <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
-        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="application" ref="srv-fedizhelloworld-realmB" />
         <property name="claim" ref="claim_givenname" />
         <property name="optional" value="false" />
     </bean>
     <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
-        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="application" ref="srv-fedizhelloworld-realmB" />
         <property name="claim" ref="claim_surname" />
         <property name="optional" value="false" />
     </bean>
     <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
-        <property name="application" ref="srv-fedizhelloworld" />
+        <property name="application" ref="srv-fedizhelloworld-realmB" />
         <property name="claim" ref="claim_email" />
         <property name="optional" value="false" />
     </bean>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02cbf5a2/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
----------------------------------------------------------------------
diff --git a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
index ec56f26..6f8d70a 100644
--- a/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
+++ b/systests/federation/samlsso/src/test/resources/rp/cxf-service.xml
@@ -57,7 +57,12 @@
        <constructor-arg ref="cxf"/>
    </bean>
 
-   <bean id="ssoFilter" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
+   <bean id="authorizationInterceptor"
+         class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
+       <property name="securedObject" ref="serviceBean" />
+   </bean>
+   
+   <bean id="ssoFilterApp1" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
        <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/>
        <property name="assertionConsumerServiceAddress" 
                  value="/racs/sso"/>
@@ -69,18 +74,38 @@
        <property name="signatureUsername" value="realma" />
        <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-B"
/>
    </bean>
-
-   <bean id="authorizationInterceptor"
-         class="org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor">
-       <property name="securedObject" ref="serviceBean" />
-   </bean>
    
    <jaxrs:server address="/app1">
        <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>
        </jaxrs:serviceBeans>
        <jaxrs:providers>
-            <ref bean="ssoFilter"/>
+            <ref bean="ssoFilterApp1"/>
+       </jaxrs:providers>
+       <jaxrs:inInterceptors>
+            <ref bean="authorizationInterceptor"/>
+       </jaxrs:inInterceptors>
+   </jaxrs:server>
+   
+   <bean id="ssoFilterApp2" class="org.apache.cxf.rs.security.saml.sso.SamlRedirectBindingFilter">
+       <property name="idpServiceAddress" value="https://localhost:${idp.https.port}/fediz-idp/saml/up"/>
+       <property name="assertionConsumerServiceAddress" 
+                 value="/racs/sso"/>
+       <property name="stateProvider" ref="stateManager"/>
+       <property name="addEndpointAddressToContext" value="true"/>
+       <property name="signRequest" value="true"/>
+       <property name="signaturePropertiesFile" value="stsKeystoreA.properties"/>
+       <property name="callbackHandler" ref="callbackHandler"/>
+       <property name="signatureUsername" value="realma" />
+       <property name="issuerId" value="urn:org:apache:cxf:fediz:fedizhelloworld:realm-C"
/>
+   </bean>
+   
+   <jaxrs:server address="/app2">
+       <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+       </jaxrs:serviceBeans>
+       <jaxrs:providers>
+            <ref bean="ssoFilterApp2"/>
        </jaxrs:providers>
        <jaxrs:inInterceptors>
             <ref bean="authorizationInterceptor"/>


Mime
View raw message