Re-enable SAML 2.0 samples with Okta IdP

Closes gh-55
This commit is contained in:
Marcus Da Coregio
2022-03-17 09:19:45 -03:00
parent bce2126fd1
commit cb4bd098e3
26 changed files with 337 additions and 228 deletions

View File

@@ -0,0 +1,53 @@
/*
* Copyright 2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example;
import java.io.IOException;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.Page;
import com.gargoylesoftware.htmlunit.WebClient;
import org.springframework.core.env.Environment;
import org.springframework.util.Assert;
/**
* {@link WebClient} will automatically prefix relative URLs with
* <code>localhost:$&#123;local.server.port&#125;</code>.
*
* @author Phillip Webb
* @since 1.4.0
*/
public class LocalHostWebClient extends WebClient {
private final Environment environment;
public LocalHostWebClient(Environment environment) {
Assert.notNull(environment, "Environment must not be null");
this.environment = environment;
}
@Override
public <P extends Page> P getPage(String url) throws IOException, FailingHttpStatusCodeException {
if (url.startsWith("/")) {
String port = this.environment.getProperty("local.server.port", "8080");
url = "http://localhost:" + port + url;
}
return super.getPage(url);
}
}

View File

@@ -0,0 +1,112 @@
/*
* Copyright 2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package example;
import com.gargoylesoftware.htmlunit.ElementNotFoundException;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.HtmlElement;
import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlInput;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.html.HtmlPasswordInput;
import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.htmlunit.MockMvcWebClientBuilder;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.context.WebApplicationContext;
import static org.assertj.core.api.Assertions.assertThat;
@ExtendWith(SpringExtension.class)
@ContextConfiguration(locations = { "file:src/main/webapp/WEB-INF/spring-servlet.xml",
"file:src/main/webapp/WEB-INF/spring/security.xml" })
@WebAppConfiguration
public class Saml2XmlITests {
private MockMvc mvc;
private WebClient webClient;
@Autowired
WebApplicationContext webApplicationContext;
@Autowired
Environment environment;
@BeforeEach
void setup() {
this.mvc = MockMvcBuilders.webAppContextSetup(this.webApplicationContext)
.apply(SecurityMockMvcConfigurers.springSecurity()).build();
this.webClient = MockMvcWebClientBuilder.mockMvcSetup(this.mvc)
.withDelegate(new LocalHostWebClient(this.environment)).build();
this.webClient.getCookieManager().clearCookies();
}
@Test
void authenticationAttemptWhenValidThenShowsUserEmailAddress() throws Exception {
performLogin();
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
assertThat(home.asText()).contains("You're email address is testuser@spring.security.saml");
}
@Test
void logoutWhenRelyingPartyInitiatedLogoutThenLoginPageWithLogoutParam() throws Exception {
performLogin();
HtmlPage home = (HtmlPage) this.webClient.getCurrentWindow().getEnclosedPage();
HtmlElement rpLogoutButton = home.getHtmlElementById("rp_logout_button");
HtmlPage loginPage = rpLogoutButton.click();
assertThat(loginPage.getUrl().getFile()).isEqualTo("/login?logout");
}
private void performLogin() throws Exception {
HtmlPage login = this.webClient.getPage("/");
this.webClient.waitForBackgroundJavaScript(10000);
HtmlForm form = findForm(login);
HtmlInput username = form.getInputByName("username");
HtmlPasswordInput password = form.getInputByName("password");
HtmlSubmitInput submit = login.getHtmlElementById("okta-signin-submit");
username.type("testuser@spring.security.saml");
password.type("12345678");
submit.click();
this.webClient.waitForBackgroundJavaScript(10000);
}
private HtmlForm findForm(HtmlPage login) {
for (HtmlForm form : login.getForms()) {
try {
if (form.getId().equals("form19")) {
return form;
}
}
catch (ElementNotFoundException ex) {
// Continue
}
}
throw new IllegalStateException("Could not resolve login form");
}
}

View File

@@ -34,7 +34,7 @@ public class IndexController {
@GetMapping("/")
public String index(Model model, @AuthenticationPrincipal Saml2AuthenticatedPrincipal principal) {
String emailAddress = principal.getFirstAttribute("emailAddress");
String emailAddress = principal.getFirstAttribute("email");
model.addAttribute("emailAddress", emailAddress);
model.addAttribute("userAttributes", principal.getAttributes());
return "index";

View File

@@ -4,7 +4,7 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
<http>
<http auto-config="true">
<intercept-url pattern="/**" access="authenticated"/>
<saml2-login />
<saml2-logout />
@@ -14,40 +14,15 @@
<user name="user" password="{noop}password" authorities="ROLE_USER" />
</user-service>
<!-- <relying-party-registrations>-->
<!-- <relying-party-registration registration-id="one" metadata-location="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"-->
<!-- single-logout-service-location="{baseUrl}/logout/saml2/slo" single-logout-service-response-location="{baseUrl}/logout/saml2/slo">-->
<!-- <signing-credential certificate-location="classpath:credentials/rp-certificate.crt"-->
<!-- private-key-location="classpath:credentials/rp-private.key"/>-->
<!-- </relying-party-registration>-->
<!-- </relying-party-registrations>-->
<relying-party-registrations>
<relying-party-registration registration-id="one"
entity-id="{baseUrl}/saml2/service-provider-metadata/{registrationId}"
assertion-consumer-service-location="{baseUrl}/login/saml2/sso/{registrationId}"
assertion-consumer-service-binding="POST"
single-logout-service-location="{baseUrl}/logout/saml2/slo"
single-logout-service-response-location="{baseUrl}/logout/saml2/slo"
asserting-party-id="simple-saml">
metadata-location="https://dev-05937739.okta.com/app/exk46xofd8NZvFCpS5d7/sso/saml/metadata"
single-logout-service-location="https://dev-05937739.okta.com/app/dev-05937739_springgsecuritysaml2idp_1/exk46xofd8NZvFCpS5d7/slo/saml"
single-logout-service-response-location="{baseUrl}/logout/saml2/slo">
<signing-credential certificate-location="classpath:credentials/rp-certificate.crt"
private-key-location="classpath:credentials/rp-private.key"/>
</relying-party-registration>
<asserting-party asserting-party-id="simple-saml"
entity-id="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php"
single-sign-on-service-location="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php"
single-sign-on-service-binding="REDIRECT"
signing-algorithms="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
single-logout-service-location="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php"
single-logout-service-binding="POST"
single-logout-service-response-location="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php"
want-authn-requests-signed="false">
<verification-credential private-key-location="classpath:credentials/rp-private.key"
certificate-location="classpath:credentials/idp-certificate.crt"/>
<encryption-credential private-key-location="classpath:credentials/rp-private.key"
certificate-location="classpath:credentials/idp-certificate.crt"/>
</asserting-party>
</relying-party-registrations>
</b:beans>

View File

@@ -36,11 +36,6 @@
</button>
</form>
</li>
<li class="nav-item">
<a id="ap_logout_button" class="nav-link" href="https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SingleLogoutService.php?ReturnTo=http://localhost:8080/login?logout">
AP-initiated Logout
</a>
</li>
</ul>
</div>
<main role="main" class="container">