package org.pac4j.saml.client; import org.apache.commons.lang.StringUtils; import org.junit.Test; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.pac4j.core.redirect.RedirectAction; import org.pac4j.core.context.HttpConstants; import org.pac4j.core.context.J2EContext; import org.pac4j.core.context.WebContext; import org.pac4j.core.exception.HttpAction; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import java.util.Base64; import static org.junit.Assert.*; /** * POST tests on the {@link SAML2Client}. */ public final class PostSAML2ClientTests extends AbstractSAML2ClientTests { public PostSAML2ClientTests() { super(); } @Test public void testCustomSpEntityIdForPostBinding() throws Exception { final SAML2Client client = getClient(); client.getConfiguration().setServiceProviderEntityId("http://localhost:8080/callback"); final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse()); final RedirectAction action = client.getRedirectAction(context); assertTrue(getDecodedAuthnRequest(action.getContent()) .contains( "<saml2:Issuer xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">http://localhost:8080/callback</saml2:Issuer>")); } @Test public void testForceAuthIsSetForPostBinding() throws Exception { final SAML2Client client = getClient(); client.getConfiguration().setForceAuth(true); final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse()); final RedirectAction action = client.getRedirectAction(context); assertTrue(getDecodedAuthnRequest(action.getContent()).contains("ForceAuthn=\"true\"")); } @Test public void testSetComparisonTypeWithPostBinding() throws Exception { final SAML2Client client = getClient(); client.getConfiguration().setComparisonType(AuthnContextComparisonTypeEnumeration.EXACT.toString()); final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse()); final RedirectAction action = client.getRedirectAction(context); assertTrue(getDecodedAuthnRequest(action.getContent()).contains("Comparison=\"exact\"")); } @Test public void testRelayState() throws HttpAction { final SAML2Client client = getClient(); final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse()); context.setSessionAttribute(SAML2Client.SAML_RELAY_STATE_ATTRIBUTE, "relayState"); final RedirectAction action = client.getRedirectAction(context); assertTrue(action.getContent().contains("<input type=\"hidden\" name=\"RelayState\" value=\"relayState\"/>")); } @Override protected String getCallbackUrl() { return "http://localhost:8080/callback?client_name=" + SAML2Client.class.getSimpleName(); } @Override protected String getDestinationBindingType() { return SAMLConstants.SAML2_POST_BINDING_URI; } private String getDecodedAuthnRequest(final String content) throws Exception { assertTrue(content.contains("<form")); final String samlRequestField = StringUtils.substringBetween(content, "SAMLRequest", "</div"); final String value = StringUtils.substringBetween(samlRequestField, "value=\"", "\""); return new String(Base64.getDecoder().decode(value), HttpConstants.UTF8_ENCODING); } }