Fixed tests after saml migration

OpenConext · Nov 7, 2023 · c364e43 · c364e43
1 parent 883dd13
commit c364e43
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 18 deletions.
diff --git a/.gitignore b/.gitignore
@@ -20,4 +20,5 @@ local.application.yml
 .classpath
 log
 NOTES.md
-dep.tree
+dep.tree
+application-test2.yml
diff --git a/myconext-server/pom.xml b/myconext-server/pom.xml
@@ -45,15 +45,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
-        <!--        <dependency>-->
-        <!--            <groupId>org.springframework.security.extensions</groupId>-->
-        <!--            <artifactId>spring-security-saml2-core</artifactId>-->
-        <!--            <version>2.0.0.M31</version>-->
-        <!--        </dependency>-->
         <dependency>
             <groupId>org.openconext</groupId>
             <artifactId>saml-idp</artifactId>
-            <version>0.0.1-SNAPSHOT</version>
+            <version>0.0.4-SNAPSHOT</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -125,10 +120,15 @@
             <artifactId>compiler</artifactId>
             <version>0.9.10</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.13.0</version>
+        </dependency>
         <dependency>
             <groupId>org.openconext</groupId>
             <artifactId>tiqr-java-connector</artifactId>
-            <version>1.1.0</version>
+            <version>1.1.2</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>

diff --git a/myconext-server/src/main/java/myconext/security/GuestIdpAuthenticationRequestFilter.java b/myconext-server/src/main/java/myconext/security/GuestIdpAuthenticationRequestFilter.java
@@ -664,7 +664,9 @@ private void sendAssertion(HttpServletRequest request,
                     String.join(", ", authenticationContextClassReferences));
             samlStatus = SAMLStatus.NO_AUTHN_CONTEXT;
         }
-
+        if (!samlStatus.equals(SAMLStatus.SUCCESS)) {
+            authnContextClassRefValue = DefaultSAMLIdPService.authnContextClassRefUnspecified;
+        }
         Optional<Cookie> optionalCookie = cookieByName(request, BROWSER_SESSION_COOKIE_NAME);
         optionalCookie.ifPresent(cookie -> {
             cookie.setMaxAge(0);
@@ -673,7 +675,7 @@ private void sendAssertion(HttpServletRequest request,
         //Tracking cookie for user new device discovery
         this.addTrackingCookie(request, response, user);
         this.samlIdpService.sendResponse(
-                samlAuthenticationRequest.getRequesterEntityId(),
+                samlAuthenticationRequest.getIssuer(),
                 samlAuthenticationRequest.getRequestId(),
                 user.getUid(),
                 samlStatus,

diff --git a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
@@ -74,6 +74,7 @@ public SamlSecurity(@Value("${private_key_path}") Resource privateKeyPath,
                             @Value("${sso_mfa_duration_seconds}") long ssoMFADurationSeconds,
                             @Value("${mobile_app_rp_entity_id}") String mobileAppROEntityId,
                             @Value("${feature.default_remember_me}") boolean featureDefaultRememberMe,
+                            @Value("${feature.requires_signed_authn_request}") boolean requiresSignedAuthnRequest,
                             AuthenticationRequestRepository authenticationRequestRepository,
                             UserRepository userRepository,
                             UserLoginRepository userLoginRepository,

diff --git a/myconext-server/src/main/resources/application.yml b/myconext-server/src/main/resources/application.yml
@@ -61,8 +61,8 @@ idp_redirect_url: http://localhost:3000
 rp_id: localhost
 rp_origin: http://localhost:3000
 sp_redirect_url: http://localhost:3001
-sp_entity_id: https://engine.test2.surfconext.nl/authentication/sp/metadata, https://engine.test.surfconext.nl/authentication/sp/metadata
-sp_entity_metadata_url: https://engine.test2.surfconext.nl/authentication/sp/metadata, https://engine.test.surfconext.nl/authentication/sp/metadata
+sp_entity_id: https://engine.test.surfconext.nl/authentication/sp/metadata
+sp_entity_metadata_url: https://engine.test.surfconext.nl/authentication/sp/metadata
 guest_idp_entity_id: https://localhost.surf.id
 my_conext_url: https://my.test2.surfconext.nl
 domain: eduid.nl
@@ -90,6 +90,8 @@ feature:
   create_eduid_institution_landing: True
   # Do we default remember the user for a longer period
   default_remember_me: False
+  # Does the SAMLIdpService expects authn requests to be signed
+  requires_signed_authn_request: True
 
 secure_cookie: false
 idp_entity_id: https://localhost.surf.id

diff --git a/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java b/myconext-server/src/test/java/myconext/AbstractIntegrationTest.java
@@ -80,7 +80,8 @@
                 "eduid_api.oidcng_introspection_uri=http://localhost:8098/introspect",
                 "cron.service-name-resolver-initial-delay-milliseconds=60000",
                 "oidc.base-url=http://localhost:8098/",
-                "sso_mfa_duration_seconds=-1000"
+                "sso_mfa_duration_seconds=-1000",
+                "feature.requires_signed_authn_request=false"
         })
 @ActiveProfiles({"test"})
 @SuppressWarnings("unchecked")

diff --git a/myconext-server/src/test/java/myconext/geo/MaxMindGeoLocationTest.java b/myconext-server/src/test/java/myconext/geo/MaxMindGeoLocationTest.java
@@ -37,7 +37,7 @@ void before() throws IOException {
 
     @AfterEach
     void after() throws IOException {
-        File file = new File(System.getProperty("java.io.tmpdir"+ "/geo"));
+        File file = new File(System.getProperty("java.io.tmpdir") + "/geo");
         FileUtils.forceDelete(file);
     }
 

diff --git a/pom.xml b/pom.xml
@@ -14,7 +14,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.7.13</version>
+        <version>2.7.17</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
@@ -30,15 +30,15 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.9.0</version>
+                <version>3.11.0</version>
                 <configuration>
                     <release>11</release>
                 </configuration>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
-                <version>3.0.0</version>
+                <version>3.3.0</version>
                 <executions>
                     <execution>
                         <id>enforce-versions</id>
@@ -78,7 +78,7 @@
             <extension>
                 <groupId>org.apache.maven.wagon</groupId>
                 <artifactId>wagon-webdav-jackrabbit</artifactId>
-                <version>3.5.1</version>
+                <version>3.5.3</version>
             </extension>
         </extensions>
     </build>