Bill Burke
commit
b155382523
7 changed files with 149 additions and 5 deletions
|
|
@ -14,17 +14,20 @@ import org.openqa.selenium.WebDriver;
|
|||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SamlSignedPostBindingTest {
|
||||
public class SamlBindingTest {
|
||||
|
||||
@ClassRule
|
||||
public static SamlKeycloakRule keycloakRule = new SamlKeycloakRule() {
|
||||
@Override
|
||||
public void initWars() {
|
||||
ClassLoader classLoader = SamlSignedPostBindingTest.class.getClassLoader();
|
||||
ClassLoader classLoader = SamlBindingTest.class.getClassLoader();
|
||||
|
||||
initializeSamlSecuredWar("/saml/simple-post", "/sales-post", "post.war", classLoader);
|
||||
initializeSamlSecuredWar("/saml/signed-post", "/sales-post-sig", "post-sig.war", classLoader);
|
||||
initializeSamlSecuredWar("/saml/signed-get", "/employee-sig", "employee-sig.war", classLoader);
|
||||
initializeSamlSecuredWar("/saml/bad-client-signed-post", "/bad-client-sales-post-sig", "bad-client-post-sig.war", classLoader);
|
||||
initializeSamlSecuredWar("/saml/bad-realm-signed-post", "/bad-realm-sales-post-sig", "bad-realm-post-sig.war", classLoader);
|
||||
initializeSamlSecuredWar("/saml/encrypted-post", "/sales-post-enc", "post-enc.war", classLoader);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -49,7 +52,18 @@ public class SamlSignedPostBindingTest {
|
|||
|
||||
|
||||
@Test
|
||||
public void testSignedLoginLogout() {
|
||||
public void testPostSimpleLoginLogout() {
|
||||
driver.navigate().to("http://localhost:8081/sales-post/");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
|
||||
loginPage.login("bburke", "password");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post/");
|
||||
Assert.assertTrue(driver.getPageSource().contains("bburke"));
|
||||
driver.navigate().to("http://localhost:8081/sales-post?GLO=true");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
|
||||
|
||||
}
|
||||
@Test
|
||||
public void testPostSignedLoginLogout() {
|
||||
driver.navigate().to("http://localhost:8081/sales-post-sig/");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
|
||||
loginPage.login("bburke", "password");
|
||||
|
|
@ -60,7 +74,30 @@ public class SamlSignedPostBindingTest {
|
|||
|
||||
}
|
||||
@Test
|
||||
public void testBadClientSignature() {
|
||||
public void testRedirectSignedLoginLogout() {
|
||||
driver.navigate().to("http://localhost:8081/employee-sig/");
|
||||
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
|
||||
loginPage.login("bburke", "password");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
|
||||
Assert.assertTrue(driver.getPageSource().contains("bburke"));
|
||||
driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
|
||||
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPostEncryptedLoginLogout() {
|
||||
driver.navigate().to("http://localhost:8081/sales-post-enc/");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
|
||||
loginPage.login("bburke", "password");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-enc/");
|
||||
Assert.assertTrue(driver.getPageSource().contains("bburke"));
|
||||
driver.navigate().to("http://localhost:8081/sales-post-enc?GLO=true");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
|
||||
|
||||
}
|
||||
@Test
|
||||
public void testPostBadClientSignature() {
|
||||
driver.navigate().to("http://localhost:8081/bad-client-sales-post-sig/");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
|
||||
Assert.assertEquals(driver.getTitle(), "We're sorry...");
|
||||
|
|
@ -68,7 +105,7 @@ public class SamlSignedPostBindingTest {
|
|||
}
|
||||
|
||||
@Test
|
||||
public void testBadRealmSignature() {
|
||||
public void testPostBadRealmSignature() {
|
||||
driver.navigate().to("http://localhost:8081/bad-realm-sales-post-sig/");
|
||||
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
|
||||
loginPage.login("bburke", "password");
|
||||
Binary file not shown.
|
|
@ -0,0 +1,31 @@
|
|||
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
|
||||
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
|
||||
ServerEnvironment="tomcat" BindingType="POST" SupportsSignatures="true">
|
||||
<IdentityURL>${idp-sig.url::http://localhost:8081/auth/realms/demo/protocol/saml}
|
||||
</IdentityURL>
|
||||
<ServiceURL>${sales-post-sig.url::http://localhost:8081/sales-post-enc/}
|
||||
</ServiceURL>
|
||||
<KeyProvider
|
||||
ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
|
||||
<Auth Key="KeyStoreURL" Value="saml/encrypted-post/WEB-INF/keystore.jks" />
|
||||
<Auth Key="KeyStorePass" Value="store123" />
|
||||
<Auth Key="SigningKeyPass" Value="test123" />
|
||||
<Auth Key="SigningKeyAlias" Value="http://localhost:8080/sales-post-enc/" />
|
||||
<ValidatingAlias Key="localhost" Value="demo" />
|
||||
<ValidatingAlias Key="127.0.0.1" Value="demo" />
|
||||
</KeyProvider>
|
||||
|
||||
</PicketLinkSP>
|
||||
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
|
||||
</Handlers>
|
||||
</PicketLink>
|
||||
BIN
testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/keystore.jks
Executable file
BIN
testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/keystore.jks
Executable file
Binary file not shown.
|
|
@ -0,0 +1,36 @@
|
|||
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
|
||||
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
|
||||
ServerEnvironment="tomcat" BindingType="REDIRECT" SupportsSignatures="true">
|
||||
<IdentityURL>${idp-sig.url::http://localhost:8081/auth/realms/demo/protocol/saml}
|
||||
</IdentityURL>
|
||||
<ServiceURL>${employee-sig.url::http://localhost:8081/employee-sig/}
|
||||
</ServiceURL>
|
||||
<KeyProvider
|
||||
ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
|
||||
<Auth Key="KeyStoreURL" Value="saml/signed-get/WEB-INF/keystore.jks" />
|
||||
<Auth Key="KeyStorePass" Value="store123" />
|
||||
<Auth Key="SigningKeyPass" Value="test123" />
|
||||
<Auth Key="SigningKeyAlias" Value="http://localhost:8080/employee-sig/" />
|
||||
<ValidatingAlias Key="localhost" Value="demo" />
|
||||
<ValidatingAlias Key="127.0.0.1" Value="demo" />
|
||||
</KeyProvider>
|
||||
</PicketLinkSP>
|
||||
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler">
|
||||
<!--
|
||||
This is a optional configuration. By default, method http://www.w3.org/2000/09/xmldsig#rsa-sha1
|
||||
and digest http://www.w3.org/2000/09/xmldsig#sha1 are used. -->
|
||||
<Option Key="SIGN_METHOD" Value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
|
||||
<Option Key="SIGN_DIGEST" Value="http://www.w3.org/2001/04/xmlenc#sha256"/>
|
||||
</Handler>
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler" />
|
||||
</Handlers>
|
||||
</PicketLink>
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
|
||||
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
|
||||
ServerEnvironment="tomcat" BindingType="REDIRECT" RelayState="someURL">
|
||||
<IdentityURL>${idp.url::http://localhost:8081/auth/realms/demo/protocol/saml}</IdentityURL>
|
||||
<ServiceURL>${employee.url::http://localhost:8081/employee/}
|
||||
</ServiceURL>
|
||||
</PicketLinkSP>
|
||||
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler">
|
||||
|
||||
<Option Key="ASSERTION_SESSION_ATTRIBUTE_NAME" Value="org.picketlink.sp.assertion"/>
|
||||
|
||||
</Handler>
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
|
||||
</Handlers>
|
||||
</PicketLink>
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
|
||||
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
|
||||
ServerEnvironment="tomcat" BindingType="POST">
|
||||
<IdentityURL>${idp.url::http://localhost:8081/auth/realms/demo/protocol/saml}</IdentityURL>
|
||||
<ServiceURL>${sales-post.url::http://localhost:8081/sales-post/}</ServiceURL>
|
||||
<Trust>
|
||||
<Domains>localhost,jboss.com,jboss.org,amazonaws.com</Domains>
|
||||
</Trust>
|
||||
</PicketLinkSP>
|
||||
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />
|
||||
<Handler
|
||||
class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
|
||||
</Handlers>
|
||||
</PicketLink>
|
||||
Loading…
Reference in a new issue