Use standard setting of metadata

the feature with classpath is new in this PR.
cloudfoundry · Nov 15, 2024 · 830d481 · 830d481
1 parent 7e516ab
commit 830d481
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 14 deletions.
diff --git a/...oundry/identity/uaa/provider/saml/ConfiguratorRelyingPartyRegistrationRepositoryTest.java b/...oundry/identity/uaa/provider/saml/ConfiguratorRelyingPartyRegistrationRepositoryTest.java
@@ -139,7 +139,7 @@ void getsDefaultOnNoExactMatch() {
         when(definition.getIdpEntityAlias()).thenReturn(REGISTRATION_ID);
         when(definition.getNameID()).thenReturn(NAME_ID);
         when(definition.getMetaDataLocation()).thenReturn(metadata);
-        when(configurator.getIdentityProviderDefinitionsForZone(identityZone)).thenReturn(List.of(definition));
+        when(configurator.getIdentityProviderDefinitionsForOrigin(identityZone, "defaultRegistrationId")).thenReturn(definition);
 
         assertThat(repository.findByRegistrationId("defaultRegistrationId"))
                 .returns(REGISTRATION_ID, RelyingPartyRegistration::getRegistrationId);

diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/Saml2TestUtils.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/Saml2TestUtils.java
@@ -87,9 +87,17 @@ public static Response responseWithAssertions() {
         return responseWithAssertions(null, TestOpenSamlObjects.attributeStatements());
     }
 
+    public static Response responseWithAssertions(String issuer) {
+        return responseWithAssertions(issuer, null, TestOpenSamlObjects.attributeStatements());
+    }
+
     public static Response responseWithAssertions(String username, List<AttributeStatement> attributeStatements) {
-        Response response = response();
-        Assertion assertion = assertion(username, null);
+        return responseWithAssertions(null, username, attributeStatements);
+    }
+
+    public static Response responseWithAssertions(String issuer, String username, List<AttributeStatement> attributeStatements) {
+        Response response = response(issuer);
+        Assertion assertion = assertion(issuer, username, null);
         assertion.getAttributeStatements().addAll(attributeStatements);
 
         Assertion signedAssertion = TestOpenSamlObjects.signed(assertion,
@@ -111,8 +119,8 @@ public static String serialize(XMLObject object) {
         }
     }
 
-    public static Response response() {
-        Response response = TestOpenSamlObjects.response();
+    public static Response response(String issuer) {
+        Response response = TestOpenSamlObjects.response(issuer);
         response.setIssueInstant(Instant.now());
         return response;
     }
@@ -132,8 +140,8 @@ public static String serializedResponse(Response response) {
         return Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
     }
 
-    private static Assertion assertion(String username, String inResponseTo) {
-        Assertion assertion = TestOpenSamlObjects.assertion(username);
+    private static Assertion assertion(String issuer, String username, String inResponseTo) {
+        Assertion assertion = TestOpenSamlObjects.assertion(issuer, username);
         assertion.setIssueInstant(Instant.now());
         for (SubjectConfirmation confirmation : assertion.getSubject().getSubjectConfirmations()) {
             SubjectConfirmationData data = confirmation.getSubjectConfirmationData();

diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/TestOpenSamlObjects.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/TestOpenSamlObjects.java
@@ -112,6 +112,10 @@ public static Response response() {
         return response(DESTINATION, ASSERTING_PARTY_ENTITY_ID);
     }
 
+    public static Response response(String issuer) {
+        return response(DESTINATION, issuer != null ? issuer : ASSERTING_PARTY_ENTITY_ID);
+    }
+
     public static Response response(String destination, String issuerEntityId) {
         Response response = build(Response.DEFAULT_ELEMENT_NAME);
         response.setID("R" + UUID.randomUUID());
@@ -138,11 +142,14 @@ public static Assertion assertion() {
         return assertion(USERNAME, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID, DESTINATION);
     }
 
-    public static Assertion assertion(String username) {
+    public static Assertion assertion(String issuer, String username) {
         if (username == null) {
             username = USERNAME;
         }
-        return assertion(username, ASSERTING_PARTY_ENTITY_ID, RELYING_PARTY_ENTITY_ID, DESTINATION);
+        if (issuer == null) {
+            issuer = ASSERTING_PARTY_ENTITY_ID;
+        }
+        return assertion(username, issuer, RELYING_PARTY_ENTITY_ID, DESTINATION);
     }
 
     public static Assertion assertion(String username, String issuerEntityId, String recipientEntityId, String recipientUri) {

diff --git a/...src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java b/...src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java
@@ -301,7 +301,7 @@ void sendAuthnRequestFromNonDefaultZoneToIdpPostBindingMode() throws Exception {
     void receiveAuthnResponseFromIdpToLegacyAliasUrl() throws Exception {
 
         String encodedSamlResponse = serializedResponse(responseWithAssertions());
-        mockMvc.perform(post("/uaa/saml/SSO/alias/%s".formatted("testsaml-post-binding"))
+        mockMvc.perform(post("/uaa/saml/SSO/alias/%s".formatted("integration-saml-entity-id"))
                         .contextPath("/uaa")
                         .header(HOST, "localhost:8080")
                         .param(SAML_RESPONSE, encodedSamlResponse)
@@ -474,10 +474,10 @@ class InResponseToConfigMockMvcTests {
         @Test
         void AuthnResponseSucceedsWithWithInvalidInResponseTo() throws Exception {
 
-            Response response = responseWithAssertions();
+            Response response = responseWithAssertions("https://some.idp.test/saml/idp");
             response.setInResponseTo("incorrect");
             String encodedSamlResponse = serializedResponse(response);
-            mockMvc.perform(post("/uaa/saml/SSO/alias/%s".formatted("testsaml-post-binding"))
+            mockMvc.perform(post("/uaa/saml/SSO/alias/%s".formatted("integration-saml-entity-id"))
                             .contextPath("/uaa")
                             .header(HOST, "localhost:8080")
                             .param(SAML_RESPONSE, encodedSamlResponse)

diff --git a/uaa/src/test/resources/integration_test_properties.yml b/uaa/src/test/resources/integration_test_properties.yml
@@ -113,9 +113,11 @@ login:
     #signatureAlgorithm: SHA256
     providers:
       testsaml-redirect-binding:
-        idpMetadata: classpath:test-saml-idp-metadata-redirect-binding.xml
+        idpMetadata: |
+          <?xml version="1.0"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://some.idp.test/saml/idp"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://www.cloudfoundry.org"/></md:IDPSSODescriptor></md:EntityDescriptor>
       testsaml-post-binding:
-        idpMetadata: classpath:test-saml-idp-metadata-post-binding.xml
+        idpMetadata: |
+          <?xml version="1.0"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://some.idp.test/saml2/idp"><md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://www.cloudfoundry.org"/></md:IDPSSODescriptor></md:EntityDescriptor>
     socket:
       # URL metadata fetch - pool timeout
       connectionManagerTimeout: 10000