Repository: cxf-fediz Updated Branches: refs/heads/master b2c792314 -> a8160e688
[FEDIZ-73] - Got SAML SSO federation test working Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a8160e68 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a8160e68 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a8160e68 Branch: refs/heads/master Commit: a8160e688f8dfea425c797d042b57b8d8b126bfd Parents: b2c7923 Author: Colm O hEigeartaigh <[email protected]> Authored: Sat Apr 11 14:08:54 2015 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Sat Apr 11 14:08:54 2015 +0100 ---------------------------------------------------------------------- .../WEB-INF/federation-validate-request.xml | 22 +++++++---- .../cxf/fediz/samlsso/example/SamlSso.java | 4 -- .../cxf/fediz/integrationtests/SAMLSSOTest.java | 40 ++++++++++---------- .../src/test/resources/entities-realma.xml | 8 +++- 4 files changed, 43 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a8160e68/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml index b178e09..e22f95a 100644 --- a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml +++ b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml @@ -38,23 +38,31 @@ result="flowScope.wauth" /> <set name="flowScope.idpConfig" value="config.getIDP(null)" /> </on-entry> - <if test="requestParameters.wa == null" then="viewBadRequest" /> - <if - test="requestParameters.wa != 'wsignin1.0' and requestParameters.wa != 'wsignout1.0' and requestParameters.wa != 'wsignoutcleanup1.0'" - then="viewBadRequest" /> <if test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'" then="selectSignOutProcess" /> <if - test="requestParameters.wtrealm == null or requestParameters.wtrealm.length() == 0" - then="viewBadRequest" else="selectSigninProcess" /> + test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess" + else="selectSAMLProcess" /> </decision-state> - <decision-state id="selectSigninProcess"> + <decision-state id="selectWsFedProcess"> + <if + test="requestParameters.wtrealm == null or requestParameters.wtrealm.length() == 0" + then="viewBadRequest" /> <if test="requestParameters.wresult == null or requestParameters.wresult.isEmpty()" then="signinRequest" else="signinResponse" /> </decision-state> + + <decision-state id="selectSAMLProcess"> + <if + test="requestParameters.RelayState == null or requestParameters.RelayState.length() == 0" + then="viewBadRequest" /> + <if + test="requestParameters.SAMLResponse == null or requestParameters.SAMLResponse.length() == 0" + then="viewBadRequest" else="signinResponse" /> + </decision-state> <decision-state id="selectSignOutProcess"> <on-entry> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a8160e68/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java ---------------------------------------------------------------------- diff --git a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java index d65172f..6df23c1 100644 --- a/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java +++ b/systests/federation/samlIdpWebapp/src/main/java/org/apache/cxf/fediz/samlsso/example/SamlSso.java @@ -97,10 +97,6 @@ public class SamlSso { ub.queryParam("SAMLResponse", responseStr); ub.queryParam("RelayState", relayState); - // TODO hack just to keep the Fediz IdP happy - ub.queryParam("wtrealm", "blah"); - ub.queryParam("wresult", "blah"); - return javax.ws.rs.core.Response.seeOther(ub.build()).build(); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a8160e68/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java index dd879c6..bf48c0a 100644 --- a/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java +++ b/systests/federation/samlsso/src/test/java/org/apache/cxf/fediz/integrationtests/SAMLSSOTest.java @@ -25,12 +25,15 @@ import java.io.IOException; import com.gargoylesoftware.htmlunit.CookieManager; import com.gargoylesoftware.htmlunit.WebClient; +import com.gargoylesoftware.htmlunit.html.HtmlForm; import com.gargoylesoftware.htmlunit.html.HtmlPage; +import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput; import org.apache.catalina.Context; import org.apache.catalina.LifecycleState; import org.apache.catalina.connector.Connector; import org.apache.catalina.startup.Tomcat; +import org.apache.cxf.fediz.core.ClaimTypes; import org.apache.cxf.fediz.tomcat.FederationAuthenticator; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; @@ -230,25 +233,18 @@ public class SAMLSSOTest { } @org.junit.Test - @org.junit.Ignore public void testSAMLSSO() throws Exception { String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; - System.out.println("URL: " + url); + // System.out.println("URL: " + url); // Thread.sleep(60 * 2 * 1000); - - /* - * TODO Logging in fine to the SAML SSO IdP, but when redirected the context is missing or something - * Maybe a bug with htmlunit - * String user = "ALICE"; // realm b credentials String password = "ECILA"; + final String bodyTextContent = login(url, user, password, idpSamlSSOHttpsPort, idpHttpsPort); - System.out.println("BODY: " + bodyTextContent); - - Assert.assertTrue("Principal not " + user, - bodyTextContent.contains("userPrincipal=" + user)); + Assert.assertTrue("Principal not alice", + bodyTextContent.contains("userPrincipal=alice")); Assert.assertTrue("User " + user + " does not have role Admin", bodyTextContent.contains("role:Admin=false")); Assert.assertTrue("User " + user + " does not have role Manager", @@ -265,11 +261,10 @@ public class SAMLSSOTest { claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not '[email protected]'", bodyTextContent.contains(claim + "[email protected]")); - */ } - protected static String login(String url, String user, String password, - String idpPort, String rpIdpPort) throws IOException { + private static String login(String url, String user, String password, + String idpPort, String rpIdpPort) throws IOException { // // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for // "realm b". @@ -282,13 +277,20 @@ public class SAMLSSOTest { new AuthScope("localhost", Integer.parseInt(idpPort)), new UsernamePasswordCredentials(user, password)); - //webClient.getOptions().setJavaScriptEnabled(false); + webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - //webClient.getOptions().setJavaScriptEnabled(true); - // Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - return idpPage.getBody().getTextContent(); + webClient.getOptions().setJavaScriptEnabled(true); + Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); + + // Now redirect back to the RP + final HtmlForm form = idpPage.getFormByName("signinresponseform"); + + final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); + + final HtmlPage rpPage = button.click(); + Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText()); + return rpPage.getBody().getTextContent(); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a8160e68/systests/federation/samlsso/src/test/resources/entities-realma.xml ---------------------------------------------------------------------- diff --git a/systests/federation/samlsso/src/test/resources/entities-realma.xml b/systests/federation/samlsso/src/test/resources/entities-realma.xml index 2b2b5d1..e447349 100644 --- a/systests/federation/samlsso/src/test/resources/entities-realma.xml +++ b/systests/federation/samlsso/src/test/resources/entities-realma.xml @@ -52,7 +52,13 @@ </property> <property name="authenticationURIs"> <util:map> - <entry key="default" value="/login/default" /> + <entry key="default" value="federation/up" /> + <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/SslAndKey"; + value="federation/krb" /> + <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/default"; + value="federation/up" /> + <entry key="http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl"; + value="federation/clientcert" /> </util:map> </property> <property name="serviceDisplayName" value="REALM A" />
