org.springframework.security.saml.metadata.ExtendedMetadataDelegate Java Examples

The following examples show how to use org.springframework.security.saml.metadata.ExtendedMetadataDelegate. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SAMLManager.java    From blackduck-alert with Apache License 2.0 6 votes vote down vote up
public void updateSAMLConfiguration(boolean samlEnabled, String metadataURL, String entityId, String entityBaseUrl) {
    try {
        logger.debug("SAML Config Update.");
        List<ExtendedMetadataDelegate> currentProviders = metadataManager.getAvailableProviders();
        currentProviders.forEach(ExtendedMetadataDelegate::destroy);
        metadataManager.setProviders(List.of());
        metadataManager.setDefaultIDP(null);
        metadataManager.setHostedSPName(null);
        metadataManager.afterPropertiesSet();
        metadataGenerator.setEntityId(null);
        metadataGenerator.setEntityBaseURL(null);
        logger.debug("SAML cleared configuration.");
        if (samlEnabled) {
            setupMetadataManager(metadataURL, entityId, entityBaseUrl);
        }
    } catch (Exception e) {
        logger.error("Error updating the SAML identity provider.", e);
    }
}
 
Example #2
Source File: InsightsSecurityConfigurationAdapterSAML.java    From Insights with Apache License 2.0 6 votes vote down vote up
/**
 * Provide IDP Metadata
 * 
 * @return
 * @throws MetadataProviderException
 */
@Bean
@Conditional(InsightsSAMLBeanInitializationCondition.class)
public ExtendedMetadataDelegate idpMetadata() throws MetadataProviderException {

	Timer backgroundTaskTimer = new Timer(true);

	HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(),
			singleSignOnConfig.getMetadataUrl());

	httpMetadataProvider.setParserPool(parserPool());

	ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(httpMetadataProvider,
			extendedMetadata());
	extendedMetadataDelegate.setMetadataTrustCheck(true);
	extendedMetadataDelegate.setMetadataRequireSignature(true);
	return extendedMetadataDelegate;
}
 
Example #3
Source File: MetadataManagerConfigurerTest.java    From spring-boot-security-saml with MIT License 6 votes vote down vote up
@Test
public void configure_constructor() throws Exception {
    MetadataManager metadataManager = mock(MetadataManager.class);
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer(metadataManager));
    configurer.setBuilder(builder);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
    verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties, never()).getDefaultIdp();
    verify(metadataManagerProperties, never()).getHostedSpName();
    verify(metadataManagerProperties, never()).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
    assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isExactlyInstanceOf(ResourceBackedMetadataProvider.class);
}
 
Example #4
Source File: SAMLManager.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
public void setupMetadataManager(String metadataURL, String entityId, String entityBaseUrl) throws MetadataProviderException {
    logger.debug("SAML Setup MetaData Manager");
    logger.debug("SAML - MetadataUrl: {}, EntityID: {}, EntityBaseUrl: {}", metadataURL, entityId, entityBaseUrl);
    metadataGenerator.setEntityId(entityId);
    metadataGenerator.setEntityBaseURL(entityBaseUrl);

    Optional<ExtendedMetadataDelegate> httpProvider = createHttpProvider(metadataURL);
    Optional<ExtendedMetadataDelegate> fileProvider = createFileProvider();
    List<MetadataProvider> providers = List.of(httpProvider, fileProvider).stream()
                                           .flatMap(Optional::stream)
                                           .collect(Collectors.toList());
    metadataManager.setProviders(providers);
    metadataManager.afterPropertiesSet();
}
 
Example #5
Source File: SAMLManager.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
public Optional<ExtendedMetadataDelegate> createHttpProvider(String metadataUrl) throws MetadataProviderException {
    if (StringUtils.isBlank(metadataUrl)) {
        return Optional.empty();
    }
    logger.debug("SAML - Create Http Metadata provider.");
    // The URL can not end in a '/' because it messes with the paths for saml
    String correctedMetadataURL = StringUtils.removeEnd(metadataUrl, "/");
    Timer backgroundTaskTimer = new Timer(true);
    HTTPMetadataProvider provider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(), correctedMetadataURL);
    provider.setParserPool(parserPool);
    return Optional.of(createDelegate(provider));
}
 
Example #6
Source File: SAMLManager.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
public Optional<ExtendedMetadataDelegate> createFileProvider() throws MetadataProviderException {
    Timer backgroundTaskTimer = new Timer(true);
    if (!filePersistenceUtil.uploadFileExists(AuthenticationDescriptor.SAML_METADATA_FILE)) {
        return Optional.empty();
    }
    logger.debug("SAML - Create File Metadata provider.");
    File metadataFile = filePersistenceUtil.createUploadsFile(AuthenticationDescriptor.SAML_METADATA_FILE);
    FilesystemMetadataProvider provider = new FilesystemMetadataProvider(backgroundTaskTimer, metadataFile);
    provider.setParserPool(parserPool);
    return Optional.of(createDelegate(provider));
}
 
Example #7
Source File: MetadataManagerConfigurer.java    From spring-boot-security-saml with MIT License 5 votes vote down vote up
@SneakyThrows
private ExtendedMetadataDelegate getExtendedProvider(MetadataProvider provider, ExtendedMetadata extendedMetadata, DelegateProps props, ExtendedMetadataDelegateProperties extendedDelegateConfig) {
    if (provider instanceof ExtendedMetadataDelegate) {
        return (ExtendedMetadataDelegate) provider;
    }
    ExtendedMetadataDelegate delegate = createDefaultExtendedMetadataDelegate(provider, extendedMetadata);

    delegate.setForceMetadataRevocationCheck(Optional.ofNullable(props.forceMetadataRevocationCheck)
            .orElseGet(extendedDelegateConfig::isForceMetadataRevocationCheck));

    delegate.setMetadataRequireSignature(Optional.ofNullable(props.metadataRequireSignature)
            .orElseGet(extendedDelegateConfig::isMetadataRequireSignature));

    delegate.setMetadataTrustCheck(Optional.ofNullable(props.metadataTrustCheck)
            .orElseGet(extendedDelegateConfig::isMetadataTrustCheck));

    delegate.setMetadataTrustedKeys(Optional.ofNullable(props.metadataTrustedKeys)
            .orElseGet(extendedDelegateConfig::getMetadataTrustedKeys));

    delegate.setRequireValidMetadata(Optional.ofNullable(props.requireValidMetadata)
            .orElseGet(extendedDelegateConfig::isRequireValidMetadata));

    delegate.setMetadataFilter(Optional.ofNullable(props.metadataFilter)
            .map(this::postProcess)
            .orElse(null));

    return postProcess(delegate);
}
 
Example #8
Source File: MetadataManagerConfigurerTest.java    From spring-boot-security-saml with MIT License 5 votes vote down vote up
@Test
public void configure_defaults() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    ExtendedMetadataDelegate delegate = mock(ExtendedMetadataDelegate.class);
    doReturn(delegate).when(configurer).createDefaultExtendedMetadataDelegate(any(), any());
    configurer.setBuilder(builder);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
    verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties).getDefaultIdp();
    verify(metadataManagerProperties).getHostedSpName();
    verify(metadataManagerProperties).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isEqualTo(delegate);
    verify(metadataManager).setDefaultIDP(eq(metadataManagerProperties.getDefaultIdp()));
    verify(metadataManager).setHostedSPName(eq(metadataManagerProperties.getHostedSpName()));
    verify(metadataManager).setRefreshCheckInterval(eq(metadataManagerProperties.getRefreshCheckInterval()));
    verify(delegate).setForceMetadataRevocationCheck(eq(extendedMetadataDelegateProperties.isForceMetadataRevocationCheck()));
    verify(delegate).setMetadataRequireSignature(eq(extendedMetadataDelegateProperties.isMetadataRequireSignature()));
    verify(delegate).setMetadataTrustCheck(eq(extendedMetadataDelegateProperties.isMetadataTrustCheck()));
    verify(delegate).setMetadataTrustedKeys(eq(extendedMetadataDelegateProperties.getMetadataTrustedKeys()));
    verify(delegate).setRequireValidMetadata(eq(extendedMetadataDelegateProperties.isRequireValidMetadata()));
    verify(delegate).setMetadataFilter((MetadataFilter) isNull());
}
 
Example #9
Source File: MetadataManagerConfigurerTest.java    From spring-boot-security-saml with MIT License 5 votes vote down vote up
@Test
public void configure_defaults_withProvider() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    configurer.setBuilder(builder);
    AbstractMetadataProvider provider = mock(AbstractMetadataProvider.class);
    configurer.metadataProvider(provider);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(provider).setParserPool(eq(parserPool));
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer, never()).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
    verify(configurer, never()).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties).getDefaultIdp();
    verify(metadataManagerProperties).getHostedSpName();
    verify(metadataManagerProperties).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
    assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isEqualTo(provider);
}
 
Example #10
Source File: MetadataManagerConfigurerTest.java    From spring-boot-security-saml with MIT License 5 votes vote down vote up
@Test
public void configure_defaults_withProviderDelegate() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    configurer.setBuilder(builder);
    MetadataProvider provider = mock(ExtendedMetadataDelegate.class);
    configurer.metadataProvider(provider);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer, never()).createDefaultMetadataProvider(eq(idpConfiguration.getMetadataLocation()));
    verify(configurer, never()).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties).getDefaultIdp();
    verify(metadataManagerProperties).getHostedSpName();
    verify(metadataManagerProperties).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties, never()).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties, never()).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties, never()).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties, never()).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties, never()).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isEqualTo(provider);
    assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isNull();
}
 
Example #11
Source File: MetadataManagerConfigurerTest.java    From spring-boot-security-saml with MIT License 5 votes vote down vote up
@Test
public void configure_defaults_withProviderLocation() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    configurer.setBuilder(builder);
    configurer.metadataLocations("classpath:idp-provided.xml");
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer).createDefaultMetadataProvider(eq("classpath:idp-provided.xml"));
    verify(configurer).createDefaultExtendedMetadataDelegate(any(ResourceBackedMetadataProvider.class), any());
    verify(metadataManagerProperties).getDefaultIdp();
    verify(metadataManagerProperties).getHostedSpName();
    verify(metadataManagerProperties).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isExactlyInstanceOf(ExtendedMetadataDelegate.class);
    assertThat(((ExtendedMetadataDelegate) providers.get(0)).getDelegate()).isExactlyInstanceOf(ResourceBackedMetadataProvider.class);
}
 
Example #12
Source File: WebSecurityConfig.java    From spring-boot-security-saml-sample with Apache License 2.0 5 votes vote down vote up
@Bean
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()
		throws MetadataProviderException {
	String idpSSOCircleMetadataURL = "https://idp.ssocircle.com/meta-idp.xml";
	HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(
			this.backgroundTaskTimer, httpClient(), idpSSOCircleMetadataURL);
	httpMetadataProvider.setParserPool(parserPool());
	ExtendedMetadataDelegate extendedMetadataDelegate = 
			new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());
	extendedMetadataDelegate.setMetadataTrustCheck(true);
	extendedMetadataDelegate.setMetadataRequireSignature(false);
	backgroundTaskTimer.purge();
	return extendedMetadataDelegate;
}
 
Example #13
Source File: SAMLManager.java    From blackduck-alert with Apache License 2.0 4 votes vote down vote up
private ExtendedMetadataDelegate createDelegate(MetadataProvider provider) {
    ExtendedMetadataDelegate delegate = new ExtendedMetadataDelegate(provider, extendedMetadata);
    delegate.setMetadataTrustCheck(true);
    delegate.setMetadataRequireSignature(false);
    return delegate;
}
 
Example #14
Source File: MetadataManagerConfigurer.java    From spring-boot-security-saml with MIT License 4 votes vote down vote up
@VisibleForTesting
protected ExtendedMetadataDelegate createDefaultExtendedMetadataDelegate(MetadataProvider provider, ExtendedMetadata extendedMetadata) {
    return new ExtendedMetadataDelegate(provider, extendedMetadata);
}
 
Example #15
Source File: MetadataManagerConfigurerTest.java    From spring-boot-security-saml with MIT License 4 votes vote down vote up
@Test
public void configure_arguments() throws Exception {
    MetadataManagerConfigurer configurer = spy(new MetadataManagerConfigurer());
    CachingMetadataManager metadataManager = mock(CachingMetadataManager.class);
    when(configurer.createDefaultMetadataManager()).thenReturn(metadataManager);
    ResourceBackedMetadataProvider provider = mock(ResourceBackedMetadataProvider.class);
    doReturn(provider).when(configurer).createDefaultMetadataProvider("classpath:idp-provided.xml");
    ExtendedMetadataDelegate delegate = mock(ExtendedMetadataDelegate.class);
    doReturn(delegate).when(configurer).createDefaultExtendedMetadataDelegate(eq(provider), any(ExtendedMetadata.class));
    MetadataFilter metadataFilter = mock(MetadataFilter.class);
    configurer.setBuilder(builder);
    configurer
            .metadataLocations("classpath:idp-provided.xml")
            .defaultIDP("default")
            .hostedSPName("spname")
            .refreshCheckInterval(999L)
            .forceMetadataRevocationCheck(true)
            .metadataRequireSignature(true)
            .metadataTrustCheck(true)
            .requireValidMetadata(true)
            .metadataTrustedKeys("one", "two")
            .metadataFilter(metadataFilter);
    configurer.init(builder);
    configurer.configure(builder);
    verify(builder).setSharedObject(eq(MetadataManager.class), eq(metadataManager));
    ArgumentCaptor<List> providersCaptor = ArgumentCaptor.forClass(List.class);
    verify(metadataManager).setProviders((List<MetadataProvider>) providersCaptor.capture());
    verify(configurer).createDefaultMetadataProvider(eq("classpath:idp-provided.xml"));
    verify(configurer).createDefaultExtendedMetadataDelegate(eq(provider), any());
    verify(metadataManagerProperties, never()).getDefaultIdp();
    verify(metadataManagerProperties, never()).getHostedSpName();
    verify(metadataManagerProperties, never()).getRefreshCheckInterval();
    verify(extendedMetadataDelegateProperties, never()).isForceMetadataRevocationCheck();
    verify(extendedMetadataDelegateProperties, never()).isMetadataRequireSignature();
    verify(extendedMetadataDelegateProperties, never()).isMetadataTrustCheck();
    verify(extendedMetadataDelegateProperties, never()).isRequireValidMetadata();
    verify(extendedMetadataDelegateProperties, never()).getMetadataTrustedKeys();
    List<MetadataProvider> providers = providersCaptor.getValue();
    assertThat(providers).hasSize(1);
    assertThat(providers.get(0)).isEqualTo(delegate);
    verify(metadataManager).setDefaultIDP(eq("default"));
    verify(metadataManager).setHostedSPName(eq("spname"));
    verify(metadataManager).setRefreshCheckInterval(eq(999L));
    verify(delegate).setForceMetadataRevocationCheck(eq(true));
    verify(delegate).setMetadataRequireSignature(eq(true));
    verify(delegate).setMetadataTrustCheck(eq(true));
    verify(delegate).setMetadataTrustedKeys((Set<String>) MockitoHamcrest.argThat(contains("one", "two")));
    verify(delegate).setRequireValidMetadata(eq(true));
    verify(delegate).setMetadataFilter(eq(metadataFilter));
}