org.jasig.cas.validation.Assertion Java Examples

/**
 * Generate the success view. The result will contain the assertion and the proxy iou.
 *
 * @param assertion the assertion
 * @param proxyIou the proxy iou
 * @param service the validated service
 * @param proxyGrantingTicket the proxy granting ticket
 * @return the model and view, pointed to the view name set by
 */
private ModelAndView generateSuccessView(final Assertion assertion, final String proxyIou,
                                         final WebApplicationService service,
                                         final TicketGrantingTicket proxyGrantingTicket) {

    final ModelAndView success = new ModelAndView(this.successView);
    success.addObject(CasViewConstants.MODEL_ATTRIBUTE_NAME_ASSERTION, assertion);
    success.addObject(CasViewConstants.MODEL_ATTRIBUTE_NAME_SERVICE, service);
    success.addObject(CasViewConstants.MODEL_ATTRIBUTE_NAME_PROXY_GRANTING_TICKET_IOU, proxyIou);
    if (proxyGrantingTicket != null) {
        success.addObject(CasViewConstants.MODEL_ATTRIBUTE_NAME_PROXY_GRANTING_TICKET, proxyGrantingTicket.getId());
    }
    final Map<String, ?> augmentedModelObjects = augmentSuccessViewModelObjects(assertion);
    if (augmentedModelObjects != null) {
        success.addAllObjects(augmentedModelObjects);
    }
    return success;
}
 

@Test
public void verifyAllowsAccessToHighSecurityServiceWithPasswordAndOTPViaRenew() throws Exception {
    // Note the original credential used to start SSO session does not satisfy security policy
    final TicketGrantingTicket tgt = cas.createTicketGrantingTicket(newUserPassCredentials("alice", "alice"));
    assertNotNull(tgt);
    final Service service = newService("https://example.com/high/");
    final ServiceTicket st = cas.grantServiceTicket(
            tgt.getId(),
            service,
            newUserPassCredentials("alice", "alice"),
            new OneTimePasswordCredential("alice", "31415"));
    assertNotNull(st);
    // Confirm the authentication in the assertion is the one that satisfies security policy
    final Assertion assertion = cas.validateServiceTicket(st.getId(), service);
    assertEquals(2, assertion.getPrimaryAuthentication().getSuccesses().size());
    assertTrue(assertion.getPrimaryAuthentication().getSuccesses().containsKey("passwordHandler"));
    assertTrue(assertion.getPrimaryAuthentication().getSuccesses().containsKey("oneTimePasswordHandler"));
    assertTrue(assertion.getPrimaryAuthentication().getAttributes().containsKey(
            SuccessfulHandlerMetaDataPopulator.SUCCESSFUL_AUTHENTICATION_HANDLERS));
}
 

@Test
public void testAllowsAccessToHighSecurityServiceWithPasswordAndOTPViaRenew() throws Exception {
    // Note the original credential used to start SSO session does not satisfy security policy
    final String tgt = cas.createTicketGrantingTicket(newUserPassCredentials("alice", "alice"));
    assertNotNull(tgt);
    final Service service = newService("https://example.com/high/");
    final String st = cas.grantServiceTicket(
            tgt,
            service,
            newUserPassCredentials("alice", "alice"),
            new OneTimePasswordCredential("alice", "31415"));
    assertNotNull(st);
    // Confirm the authentication in the assertion is the one that satisfies security policy
    final Assertion assertion = cas.validateServiceTicket(st, service);
    assertEquals(2, assertion.getPrimaryAuthentication().getSuccesses().size());
    assertTrue(assertion.getPrimaryAuthentication().getSuccesses().containsKey("passwordHandler"));
    assertTrue(assertion.getPrimaryAuthentication().getSuccesses().containsKey("oneTimePasswordHandler"));
    assertTrue(assertion.getPrimaryAuthentication().getAttributes().containsKey(
            SuccessfulHandlerMetaDataPopulator.SUCCESSFUL_AUTHENTICATION_HANDLERS));
}
 

/**
 * Gets chained authentications.
 *
 * @param model the model
 * @return the chained authentications
 */
protected final Collection<Authentication> getChainedAuthentications(final Map<String, Object> model) {
    final List<Authentication> chainedAuthenticationsToReturn = new ArrayList<>();

    final Assertion assertion = getAssertionFrom(model);
    final List<Authentication> chainedAuthentications = assertion.getChainedAuthentications();

    /**
     * Note that the last index in the list always describes the primary authentication
     * event. All others in the chain should denote proxies. Per the CAS protocol,
     * when authentication has proceeded through multiple proxies,
     * the order in which the proxies were traversed MUST be reflected in the response.
     * The most recently-visited proxy MUST be the first proxy listed, and all the
     * other proxies MUST be shifted down as new proxies are added. I
     */
    final int numberAuthenticationsExceptPrimary = chainedAuthentications.size() - 1;
    for (int i = 0; i < numberAuthenticationsExceptPrimary; i++) {
        chainedAuthenticationsToReturn.add(chainedAuthentications.get(i));
    }
    return chainedAuthenticationsToReturn;
}
 

@Test
public void verifyValidateServiceTicketWithInvalidUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTestInvalid");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    final Authentication auth = assertion.getPrimaryAuthentication();

    /*
     * The attribute specified for this service does not resolve.
     * Therefore, we expect the default to be returned.
     */
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 

@Test
public void testValidateServiceTicketWithInvalidUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTestInvalid");
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket, svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket, svc);
    final Authentication auth = assertion.getPrimaryAuthentication();

    /*
     * The attribute specified for this service does not resolve.
     * Therefore, we expect the default to be returned.
     */
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 

@Test
public void testResponseWithoutAuthMethod() throws Exception {
    final Map<String, Object> model = new HashMap<String, Object>();

    final Map<String, Object> attributes = new HashMap<String, Object>();
    attributes.put("testAttribute", "testValue");
    final SimplePrincipal principal = new SimplePrincipal("testPrincipal", attributes);

    final Authentication primary = TestUtils.getAuthentication(principal);

    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains("testAttribute"));
    assertTrue(written.contains("testValue"));
    assertTrue(written.contains("urn:oasis:names:tc:SAML:1.0:am:unspecified"));
}
 

@Test
public void verifyChainedAuthenticationsOnValidation() throws TicketException {
    final Service svc = TestUtils.getService(SVC2_ID);
    final ServiceTicket st = this.cas.grantServiceTicket(TGT2_ID, svc);
    assertNotNull(st);
    
    final Assertion assertion = this.cas.validateServiceTicket(st.getId(), svc);
    assertNotNull(assertion);
    
    assertEquals(assertion.getService(), svc);
    assertEquals(assertion.getPrimaryAuthentication().getPrincipal().getId(), PRINCIPAL);
    assertTrue(assertion.getChainedAuthentications().size()  == 2);
    for (int i = 0; i < assertion.getChainedAuthentications().size(); i++) {
        final Authentication auth = assertion.getChainedAuthentications().get(i);
        assertEquals(auth, authentication);
    }
}
 

@Test
public void testChainedAuthenticationsOnValidation() throws TicketException {
    final Service svc = TestUtils.getService(SVC2_ID);
    final String st = this.cas.grantServiceTicket(TGT2_ID, svc);
    assertNotNull(st);
    
    final Assertion assertion = this.cas.validateServiceTicket(st, svc);
    assertNotNull(assertion);
    
    assertEquals(assertion.getService(), svc);
    assertEquals(assertion.getPrimaryAuthentication().getPrincipal().getId(), PRINCIPAL);
    assertTrue(assertion.getChainedAuthentications().size()  == 2);
    for (int i = 0; i < assertion.getChainedAuthentications().size(); i++) {
        final Authentication auth = assertion.getChainedAuthentications().get(i);
        assertEquals(auth, authentication);
    }
}
 

@Test
public void testValidateServiceTicketReturnAllAttributes() throws Exception {
    final Service service = TestUtils.getService("eduPersonTest");
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket,
            service);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket,
            service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(3, auth.getPrincipal().getAttributes().size());
}
 

@Test
public void testResponseWithNoAttributes() throws Exception {
    final Map<String, Object> model = new HashMap<String, Object>();

    final SimplePrincipal principal = new SimplePrincipal("testPrincipal");

    final Map<String, Object> authAttributes = new HashMap<String, Object>();
    authAttributes.put(
            SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD,
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");

    final Authentication primary = TestUtils.getAuthentication(principal, authAttributes);

    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod"));
}
 

public static Assertion getAssertion(final boolean fromNewLogin,
    final String[] extraPrincipals) {
    final List<Authentication> list = new ArrayList<Authentication>();
    list.add(TestUtils.getAuthentication());

    for (int i = 0; i < extraPrincipals.length; i++) {
        list.add(TestUtils.getAuthentication(extraPrincipals[i]));
    }
    return new ImmutableAssertion(TestUtils.getAuthentication(), list, TestUtils.getService(), fromNewLogin);
}
 

@Test
public void testValidateServiceTicketWithoutUsernameAttribute() throws Exception {
    UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket,
            TestUtils.getService());

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket,
            TestUtils.getService());
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 

@Test
public void testValidateServiceTicketWithDefaultUsernameAttribute() throws Exception {
    UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    Service svc = TestUtils.getService("testDefault");
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket, svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket, svc);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 

@Test
public void testValidateServiceTicketWithUsernameAttribute() throws Exception {
    UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    Service svc = TestUtils.getService("eduPersonTest");
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket, svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket, svc);
    assertEquals("developer", assertion.getPrimaryAuthentication().getPrincipal().getId());
}
 

@Test
public void testValidateServiceTicketNoAttributesReturned() throws Exception {
    final Service service = TestUtils.getService();
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket,
            service);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket,
            service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(0, auth.getPrincipal().getAttributes().size());
}
 

@Test
public void testResponse() throws Exception {
    final Map<String, Object> model = new HashMap<String, Object>();

    final Map<String, Object> attributes = new HashMap<String, Object>();
    attributes.put("testAttribute", "testValue");
    attributes.put("testEmptyCollection", Collections.emptyList());
    attributes.put("testAttributeCollection", Arrays.asList(new String[] {"tac1", "tac2"}));
    final SimplePrincipal principal = new SimplePrincipal("testPrincipal", attributes);

    final Map<String, Object> authAttributes = new HashMap<String, Object>();
    authAttributes.put(
            SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD,
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");

    final Authentication primary = TestUtils.getAuthentication(principal, authAttributes);
    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains("testAttribute"));
    assertTrue(written.contains("testValue"));
    assertFalse(written.contains("testEmptyCollection"));
    assertTrue(written.contains("testAttributeCollection"));
    assertTrue(written.contains("tac1"));
    assertTrue(written.contains("tac2"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod"));
    assertTrue(written.contains("AssertionID"));
}
 

@Test
public void testValidateServiceTicketReturnOnlyAllowedAttribute() throws Exception {
    final Service service = TestUtils.getService("eduPersonTestInvalid");
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket,
            service);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket,
            service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    Map<String, Object> attributes = auth.getPrincipal().getAttributes();
    assertEquals(1, attributes.size());
    assertEquals("adopters", attributes.get("groupMembership"));
}
 

@Test
public void testValidateServiceTicketAnonymous() throws Exception {
    final Service service = TestUtils.getService("testAnonymous");
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket,
            service);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket,
            service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertNotEquals(cred.getUsername(), auth.getPrincipal().getId());
}
 

/**
 * This test simulates :
 * - a first authentication for a default service
 * - a second authentication with the renew parameter and the same service (and same credentials)
 * - a validation of the second ticket.
 * 
 * When supplemental authentications were returned with the chained authentications, the validation specification
 * failed as it only expects one authentication. Thus supplemental authentications should not be returned in the
 * chained authentications. Both concepts are orthogonal.
 *  
 * @throws TicketException
 * @throws AuthenticationException
 */
@Test
public void authenticateTwiceWithRenew() throws TicketException, AuthenticationException {
    final CentralAuthenticationService cas = getCentralAuthenticationService();
    final Service svc = TestUtils.getService("testDefault");
    final UsernamePasswordCredential goodCredential = TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String tgtId = cas.createTicketGrantingTicket(goodCredential);
    cas.grantServiceTicket(tgtId, svc);
    // simulate renew with new good same credentials
    final String st2Id = cas.grantServiceTicket(tgtId, svc, goodCredential);
    final Assertion assertion = cas.validateServiceTicket(st2Id, svc);
    final ValidationSpecification validationSpecification = new Cas20WithoutProxyingValidationSpecification();
    assertTrue(validationSpecification.isSatisfiedBy(assertion));
}
 

@Override
protected void renderMergedOutputModel(final Map model,
        final HttpServletRequest request, final HttpServletResponse response)
                throws Exception {
    final Assertion assertion = getAssertionFrom(model);

    if (this.successResponse) {
        response.getWriter().print(
                "yes\n"
                        + assertion.getPrimaryAuthentication().getPrincipal()
                        .getId() + "\n");
    } else {
        response.getWriter().print("no\n\n");
    }
}
 

@Audit(
        action="SERVICE_TICKET_VALIDATE",
        actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
        resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name="VALIDATE_SERVICE_TICKET_TIMER")
@Metered(name="VALIDATE_SERVICE_TICKET_METER")
@Counted(name="VALIDATE_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws TicketException {
    return this.delegate.validateServiceTicket(serviceTicketId, service);
}
 

/**
 * Gets authentication from assertionfinal.
 *
 * @param assertion the assertion
 * @return the authentication from assertionfinal
 */
public static Authentication getAuthenticationFromAssertion(final Assertion assertion) {
    final List<Authentication> chainedAuthentications = assertion.getChainedAuthentications();
    if (!chainedAuthentications.isEmpty()) {
        final int index = chainedAuthentications.size() - 1;
        return chainedAuthentications.get(index);
    }
    return null;
}
 

@Test
public void verifyValidateServiceTicketNoAttributesReturned() throws Exception {
    final Service service = TestUtils.getService();
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(),
            service);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(),
            service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(0, auth.getPrincipal().getAttributes().size());
}
 

@Test
public void verifyResponse() throws Exception {
    final Map<String, Object> model = new HashMap<>();

    final Map<String, Object> attributes = new HashMap<>();
    attributes.put("testAttribute", "testValue");
    attributes.put("testEmptyCollection", Collections.emptyList());
    attributes.put("testAttributeCollection", Arrays.asList("tac1", "tac2"));
    final Principal principal = new DefaultPrincipalFactory().createPrincipal("testPrincipal", attributes);

    final Map<String, Object> authAttributes = new HashMap<>();
    authAttributes.put(
            SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD,
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");

    final Authentication primary = TestUtils.getAuthentication(principal, authAttributes);
    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains("testAttribute"));
    assertTrue(written.contains("testValue"));
    assertFalse(written.contains("testEmptyCollection"));
    assertTrue(written.contains("testAttributeCollection"));
    assertTrue(written.contains("tac1"));
    assertTrue(written.contains("tac2"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod"));
    assertTrue(written.contains("AssertionID"));
}
 

@Test
public void verifyResponseWithNoAttributes() throws Exception {
    final Map<String, Object> model = new HashMap<>();

    final Principal principal = new DefaultPrincipalFactory().createPrincipal("testPrincipal");

    final Map<String, Object> authAttributes = new HashMap<>();
    authAttributes.put(
            SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD,
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");

    final Authentication primary = TestUtils.getAuthentication(principal, authAttributes);

    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod="));
}
 

@Test
public void verifyResponseWithoutAuthMethod() throws Exception {
    final Map<String, Object> model = new HashMap<>();

    final Map<String, Object> attributes = new HashMap<>();
    attributes.put("testAttribute", "testValue");
    final Principal principal = new DefaultPrincipalFactory().createPrincipal("testPrincipal", attributes);

    final Map<String, Object> authnAttributes = new HashMap<>();
    authnAttributes.put("authnAttribute1", "authnAttrbuteV1");
    authnAttributes.put("authnAttribute2", "authnAttrbuteV2");
    authnAttributes.put(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME, Boolean.TRUE);

    final Authentication primary = TestUtils.getAuthentication(principal, authnAttributes);

    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains("testAttribute"));
    assertTrue(written.contains("testValue"));
    assertTrue(written.contains("authnAttribute1"));
    assertTrue(written.contains("authnAttribute2"));
    assertTrue(written.contains(CasProtocolConstants.VALIDATION_REMEMBER_ME_ATTRIBUTE_NAME));
    assertTrue(written.contains("urn:oasis:names:tc:SAML:1.0:am:unspecified"));
}
 

public static Assertion getAssertion(final boolean fromNewLogin,
    final String[] extraPrincipals) {
    final List<Authentication> list = new ArrayList<>();
    list.add(TestUtils.getAuthentication());

    for (int i = 0; i < extraPrincipals.length; i++) {
        list.add(TestUtils.getAuthentication(extraPrincipals[i]));
    }
    return new ImmutableAssertion(TestUtils.getAuthentication(), list, TestUtils.getService(), fromNewLogin);
}
 

@Test
public void verifyValidateServiceTicketWithoutUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(),
            TestUtils.getService());

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(),
            TestUtils.getService());
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 

@Test
public void verifyValidateServiceTicketWithDefaultUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("testDefault");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}