Package org.picketlink.identity.federation.web.core

Examples of org.picketlink.identity.federation.web.core.IdentityServer

284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
        }

        // The Identity Server on the servlet context gets set
        // in the implementation of IdentityServer
        // Create an Identity Server and set it on the context
        IdentityServer identityServer = (IdentityServer) context.getAttribute(GeneralConstants.IDENTITY_SERVER);
        if (identityServer == null) {
            identityServer = new IdentityServer();
            context.setAttribute(GeneralConstants.IDENTITY_SERVER, identityServer);
            String theStackParam = config.getInitParameter(GeneralConstants.IDENTITY_PARTICIPANT_STACK);
            if (StringUtil.isNotNull(theStackParam)) {
                try {
                    Class<?> stackClass = SecurityActions.loadClass(getClass(), theStackParam);
                    identityServer.setStack((IdentityParticipantStack) stackClass.newInstance());
                } catch (Exception e) {
                    log("Unable to set the Identity Participant Stack Class. Will just use the default", e);
                }
            }
        }
View Full Code Here
108
109
110
111
112
113
114
115
116
117
118
        // Lets call the IDPServlet

        MockCatalinaSession session = new MockCatalinaSession();
        servletContext = new MockCatalinaContext();
        session.setServletContext(servletContext);
        IdentityServer server = this.getIdentityServer(session);
        servletContext.setAttribute("IDENTITY_SERVER", server);

        MockCatalinaContextClassLoader mclIDP = setupTCL(profile + "/idp");
        Thread.currentThread().setContextClassLoader(mclIDP);
View Full Code Here
182
183
184
185
186
187
188
189
190
        return mcl;
    }

    // Get the Identity server
    private IdentityServer getIdentityServer(HttpSession session) {
        IdentityServer server = new IdentityServer();
        server.sessionCreated(new HttpSessionEvent(session));
        return server;
    }
View Full Code Here
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
        Thread.currentThread().setContextClassLoader(mclIDP);

        MockCatalinaContext catalinaContext = new MockCatalinaContext();
        session.setServletContext(catalinaContext);

        IdentityServer server = this.getIdentityServer(session);
        catalinaContext.setAttribute("IDENTITY_SERVER", server);

        IDPWebBrowserSSOValve idp = new IDPWebBrowserSSOValve();

        idp.setContainer(catalinaContext);
        idp.setSignOutgoingMessages(false);
        idp.setIgnoreIncomingSignatures(true);
        idp.setStrictPostBinding(false);
        idp.start();

        // Assume that we already have the principal and roles set in the session
        MockCatalinaRealm realm = new MockCatalinaRealm("anil", "test", new Principal() {
            public String getName() {
                return "anil";
            }
        });
        List<String> roles = new ArrayList<String>();
        roles.add("manager");
        roles.add("employee");

        List<String> rolesList = new ArrayList<String>();
        rolesList.add("manager");

        MockCatalinaRequest request = new MockCatalinaRequest();
        session.clear();
        request.setSession(session);

        request.addHeader("Referer", sales);

        GenericPrincipal genericPrincipal = new GenericPrincipal(realm, "anil", "test", roles);
        request.setUserPrincipal(genericPrincipal);

        //We start the workflow with the sales application sending a logout request
        String samlMessage = RedirectBindingUtil.deflateBase64Encode(createLogOutRequest(sales).getBytes());
        request.setParameter("SAMLRequest", samlMessage);

        MockCatalinaResponse response = new MockCatalinaResponse();
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        response.setWriter(new PrintWriter(baos));

        // The IDP is preloaded with 2 participants : "http://localhost:8080/sales/"
        // and "http://localhost:8080/employee"

        // Lets start the workflow with get
        request.setMethod("GET");
        idp.invoke(request, response);

        String redirectStr = response.redirectString;

        String destination = redirectStr.substring(0, redirectStr.indexOf(SAML_REQUEST_KEY) - 1);
        String relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length());
        String logoutRequest = redirectStr.substring(redirectStr.indexOf(SAML_REQUEST_KEY) + SAML_REQUEST_KEY.length(),
                redirectStr.indexOf(RELAY_STATE_KEY) - 1);

        InputStream stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutRequest);

        SAML2Request saml2Request = new SAML2Request();
        LogoutRequestType lor = (LogoutRequestType) saml2Request.getRequestType(stream);
        assertEquals("Match Employee URL", employee, destination);
        assertEquals("Destination exists", employee, lor.getDestination().toString());

        // IDP has sent a LogOutRequest which we feed to SPRedirectFormAuthenticator for Employee
        MockCatalinaContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee");
        Thread.currentThread().setContextClassLoader(mclSPEmp);

        MockCatalinaContext context = new MockCatalinaContext();
        context.setRealm(realm);
        session.setServletContext(context);

        SPRedirectFormAuthenticator sp = new SPRedirectFormAuthenticator();
        sp.setContainer(context);
        sp.testStart();
        sp.getConfiguration().setIdpUsesPostBinding(false);

        request = new MockCatalinaRequest();
        request.setSession(session);
        request.setMethod("GET");
        request.setParameter("SAMLRequest", RedirectBindingUtil.urlDecode(logoutRequest));
        request.setParameter("RelayState", relayState);

        MockCatalinaResponse filterResponse = new MockCatalinaResponse();
        ByteArrayOutputStream filterbaos = new ByteArrayOutputStream();
        filterResponse.setWriter(new PrintWriter(filterbaos));

        sp.authenticate(request, response, new LoginConfig());

        redirectStr = response.redirectString;

        destination = redirectStr.substring(0, redirectStr.indexOf(SAML_RESPONSE_KEY) - 1);
        relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length());
        assertNotNull("RelayState exists", relayState);
        String logoutResponse = redirectStr.substring(redirectStr.indexOf(SAML_RESPONSE_KEY) + SAML_RESPONSE_KEY.length(),
                redirectStr.indexOf(RELAY_STATE_KEY) - 1);

        stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse);
        StatusResponseType statusResponse = (StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream);
        assertEquals("Match IDP URL", IDP, destination);

        // Now the SP (employee app) has logged out and sending a status response to IDP
        Thread.currentThread().setContextClassLoader(mclIDP);

        session.clear();
        request.clear();

        request.setMethod("GET");
        request.setSession(session);
        request.setUserPrincipal(genericPrincipal);
        request.setParameter("SAMLResponse", RedirectBindingUtil.urlDecode(logoutResponse));
        request.setParameter("RelayState", relayState);

        baos = new ByteArrayOutputStream();
        response.setOutputStream(baos);
        response.setWriter(new PrintWriter(baos));
        idp.invoke(request, response);

        destination = redirectStr.substring(0, redirectStr.indexOf(SAML_RESPONSE_KEY) - 1);
        relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length());
        logoutResponse = redirectStr.substring(redirectStr.indexOf(SAML_RESPONSE_KEY) + SAML_RESPONSE_KEY.length(),
                redirectStr.indexOf(RELAY_STATE_KEY) - 1);

        stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse);

        SAML2Response saml2Response = new SAML2Response();
        statusResponse = (StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream);
        assertEquals("Match IDP URL", IDP, destination);

        // Now we should have got a full success report from IDP
        MockCatalinaContextClassLoader mclSPSales = setupTCL(profile + "/sp/employee");
        Thread.currentThread().setContextClassLoader(mclSPSales);
        sp = new SPRedirectFormAuthenticator();
        sp.setContainer(context);
        sp.testStart();

        session.clear();
        request.clear();
        request.setSession(session);
        request.setUserPrincipal(genericPrincipal);
        request.setParameter("SAMLResponse", RedirectBindingUtil.urlDecode(logoutResponse));
        request.setParameter("RelayState", relayState);
        request.setContext(context);

        //IDP should now send the final logout response to Sales application who sent the original request
        sp.authenticate(request, response, new LoginConfig());

        //Ensure that at the IDP we do not have any participants in the session (both employee and sales are logged out)
        IdentityParticipantStack stack = server.stack();
        assertEquals(0, stack.getParticipants(session.getId()));
        assertEquals(0, stack.getNumOfParticipantsInTransit(session.getId()));

        // Finally the session should be invalidated
        assertTrue(session.isInvalidated());
View Full Code Here
332
333
334
335
336
337
338
339
340
341
342
343
        return sw.toString();
    }

    // Get the Identity server with 2 participants
    private IdentityServer getIdentityServer(HttpSession session) {
        IdentityServer server = new IdentityServer();
        server.sessionCreated(new HttpSessionEvent(session));

        server.stack().register(session.getId(), sales, false);
        server.stack().register(session.getId(), employee, false);
        return server;
    }
View Full Code Here
57
58
59
60
61
62
63
64
65
    protected IDPWebBrowserSSOValve createIdentityProvider() {
        return AuthenticatorTestUtils.createIdentityProvider(IDP_PROFILE);
    }

    protected void addIdentityServerParticipants(IDPWebBrowserSSOValve idp, String url) {
        IdentityServer identityServer = getIdentityServer(idp);

        identityServer.stack().register(getIDPHttpSession().getId(), url, false);
    }
View Full Code Here
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
* @author Anil.Saldhana@redhat.com
* @since Oct 27, 2009
*/
public class IdentityServerUnitTestCase extends TestCase {
    public void testActiveSessionCount() {
        IdentityServer server = new IdentityServer();
        assertEquals(0, server.getActiveSessionCount());

        MockHttpSession session = new MockHttpSession();
        session.setServletContext(new MockServletContext());
        HttpSessionEvent event = new HttpSessionEvent(session);
        server.sessionCreated(event);
        assertEquals(1, server.getActiveSessionCount());

        server.sessionDestroyed(event);
        assertEquals(0, server.getActiveSessionCount());
        // 6 sessions created and 1 destroyed
        server.sessionCreated(event);
        server.sessionCreated(event);
        server.sessionCreated(event);
        server.sessionCreated(event);
        server.sessionCreated(event);
        server.sessionCreated(event);

        server.sessionDestroyed(event);
        assertEquals(5, server.getActiveSessionCount());
    }
View Full Code Here
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
        assertNotNull("roles.properties visible?", url);

        ServletContext servletContext = new MockServletContext();
        session.setServletContext(servletContext);

        IdentityServer server = this.getIdentityServer(session);
        servletContext.setAttribute("IDENTITY_SERVER", server);
        MockServletConfig servletConfig = new MockServletConfig(servletContext);

        IDPServlet idp = new IDPServlet();
        // No signing outgoing messages
        servletConfig.addInitParameter(GeneralConstants.SIGN_OUTGOING_MESSAGES, "false");

        // Initialize the servlet
        idp.init(servletConfig);

        // Assume that we already have the principal and roles set in the session
        session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal() {
            public String getName() {
                return "anil";
            }
        });
        List<String> rolesList = new ArrayList<String>();
        rolesList.add("manager");
        session.setAttribute(GeneralConstants.ROLES_ID, rolesList);

        MockHttpServletRequest request = new MockHttpServletRequest(session, "POST");
        request.addHeader("Referer", sales);

        String samlMessage = Base64.encodeBytes(createLogOutRequest(sales).getBytes());
        session.setAttribute("SAMLRequest", samlMessage);

        MockHttpServletResponse response = new MockHttpServletResponse();
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        response.setOutputStream(baos);

        // The IDP is preloaded with 2 participants : "http://localhost:8080/sales/"
        // and "http://localhost:8080/employee"

        // Lets start the workflow with post
        idp.testPost(request, response);

        String idpResponse = new String(baos.toByteArray());
        assertNotNull(idpResponse);

        Document htmlResponse = DocumentUtil.getDocument(idpResponse);
        assertNotNull(htmlResponse);
        NodeList nodes = htmlResponse.getElementsByTagName("INPUT");
        Element inputElement = (Element) nodes.item(0);
        String logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();

        String relayState = null;
        if (nodes.getLength() > 1)
            relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue();

        String logoutResponse = new String(Base64.decode(logoutOrigResponse));

        SAML2Request samlRequest = new SAML2Request();
        ByteArrayInputStream bis = new ByteArrayInputStream(logoutResponse.getBytes());
        SAML2Object samlObject = samlRequest.getSAML2ObjectFromStream(bis);
        assertTrue(samlObject instanceof LogoutRequestType);

        // Let us feed the LogOutRequest to the SPFilter
        MockContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee");
        Thread.currentThread().setContextClassLoader(mclSPEmp);
        SPFilter spEmpl = new SPFilter();
        MockFilterConfig filterConfig = new MockFilterConfig(servletContext);
        filterConfig.addInitParameter(GeneralConstants.IGNORE_SIGNATURES, "true");

        spEmpl.init(filterConfig);

        MockHttpSession filterSession = new MockHttpSession();
        MockHttpServletRequest filterRequest = new MockHttpServletRequest(filterSession, "POST");
        filterRequest.addParameter("SAMLResponse", logoutOrigResponse);
        filterRequest.addParameter("RelayState", relayState);

        MockHttpServletResponse filterResponse = new MockHttpServletResponse();
        ByteArrayOutputStream filterbaos = new ByteArrayOutputStream();
        filterResponse.setOutputStream(filterbaos);

        spEmpl.doFilter(filterRequest, filterResponse, new MockFilterChain());
        String spResponse = new String(filterbaos.toByteArray());
        Document spHTMLResponse = DocumentUtil.getDocument(spResponse);
        nodes = spHTMLResponse.getElementsByTagName("INPUT");
        inputElement = (Element) nodes.item(0);
        logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();
        relayState = null;
        if (nodes.getLength() > 1)
            relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue();

        // Now the SP (employee app) has logged out and sending a status response to IDP
        Thread.currentThread().setContextClassLoader(mclIDP);
        session.setAttribute("SAMLResponse", logoutOrigResponse);
        session.setAttribute("RelayState", relayState);

        idp.testPost(request, response);

        idpResponse = new String(filterbaos.toByteArray());
        assertNotNull(idpResponse);

        htmlResponse = DocumentUtil.getDocument(idpResponse);
        assertNotNull(htmlResponse);
        nodes = htmlResponse.getElementsByTagName("INPUT");
        inputElement = (Element) nodes.item(0);
        logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();

        relayState = null;
        if (nodes.getLength() > 1)
            relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue();

        // Now we should have got a full success report from IDP
        MockContextClassLoader mclSPSales = setupTCL(profile + "/sp/employee");
        Thread.currentThread().setContextClassLoader(mclSPSales);
        SPFilter spSales = new SPFilter();

        spSales.init(filterConfig);

        filterRequest.addParameter("SAMLResponse", logoutOrigResponse);
        filterRequest.addParameter("RelayState", relayState);

        spSales.doFilter(filterRequest, filterResponse, new MockFilterChain());

        spResponse = new String(filterbaos.toByteArray());

        assertEquals(0, server.stack().getParticipants(session.getId()));
        assertEquals(0, server.stack().getNumOfParticipantsInTransit(session.getId()));

        spHTMLResponse = DocumentUtil.getDocument(spResponse);
        nodes = spHTMLResponse.getElementsByTagName("INPUT");
        inputElement = (Element) nodes.item(0);
        logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();
View Full Code Here
304
305
306
307
308
309
310
311
312
313
314
315
        return sw.toString();
    }

    // Get the Identity server with 2 participants
    private IdentityServer getIdentityServer(HttpSession session) {
        IdentityServer server = new IdentityServer();
        server.sessionCreated(new HttpSessionEvent(session));

        server.stack().register(session.getId(), sales, false);
        server.stack().register(session.getId(), employee, false);
        return server;
    }
View Full Code Here
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
     */
    protected void initIdentityServer() {
        // The Identity Server on the servlet context gets set
        // in the implementation of IdentityServer
        // Create an Identity Server and set it on the context
        IdentityServer identityServer = (IdentityServer) getContext().getServletContext().getAttribute(
                GeneralConstants.IDENTITY_SERVER);
        if (identityServer == null) {
            identityServer = new IdentityServer();
            getContext().getServletContext().setAttribute(GeneralConstants.IDENTITY_SERVER, identityServer);
            if (StringUtil.isNotNull(this.idpConfiguration.getIdentityParticipantStack())) {
                try {
                    Class<?> clazz = SecurityActions.loadClass(getClass(), this.idpConfiguration.getIdentityParticipantStack());
                    if (clazz == null)
                        throw logger.classNotLoadedError(this.idpConfiguration.getIdentityParticipantStack());

                    identityServer.setStack((IdentityParticipantStack) clazz.newInstance());
                } catch (Exception e) {
                    logger.samlIDPUnableToSetParticipantStackUsingDefault(e);
                }
            }
        }
View Full Code Here
TOP

Related Classes of org.picketlink.identity.federation.web.core.IdentityServer

  • org.picketlink.identity.federation.bindings.tomcat.idp.AbstractIDPValve
  • org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler$IDPAuthenticationHandler
  • org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler$IDPLogOutHandler
  • org.picketlink.identity.federation.web.servlets.IDPServlet
  • org.picketlink.test.identity.federation.bindings.workflow.AbstractSAML2RedirectWithSignatureTestCase
  • org.picketlink.test.identity.federation.bindings.workflow.SAML2LogoutTomcatWorkflowUnitTestCase
  • org.picketlink.test.identity.federation.bindings.workflow.SAML2PostTomcatWorkflowUnitTestCase
  • org.picketlink.test.identity.federation.web.integration.IdentityServerUnitTestCase
  • org.picketlink.test.identity.federation.web.saml.handlers.SAML2AuthenticationHandlerUnitTestCase
  • org.picketlink.test.identity.federation.web.saml.handlers.SAML2EncryptionHandlerUnitTestCase
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.