SAML authentication using Rest Assured
541 views
Skip to first unread message
Tamilselvan Karunanidhy
May 5, 2017, 11:56:55 PM5/5/17
to REST assured
Hi, I have been trying to get SAML authentication using rest assured.
But so far, I have no solution at all. Is this even supported through
REST-ASSURED?
Johan Haleby
May 6, 2017, 5:50:15 AM5/6/17
to rest-a...@googlegroups.com
It's not supported out of the box. I'm not that familiar with SAML but I think you should be able to write a custom Filter (or AuthFilter) that integrates SAML authentication. It would be great if you could share the filter with us if you manage to get it working and then we can integrate it with REST Assured.
Regards,
/Johan
--
You received this message because you are subscribed to the Google Groups "REST assured" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Maciej Gawinecki
Sep 4, 2017, 11:28:22 AM9/4/17
to REST assured
Filter might not be enough, because SAML Authentication is based on multiple redirects: from service provider to identity provider and back. And filters in REST-assured are working above HTTP Redirects.
Also, SAML Authentication may involve manual steps in the middle of those redirects: Identity Provider discovery might be either automated or manual [2] and process of authentication is specific to selected Identity Provider.
In general, SAML protocol does not constrain Identity Provider to certain authentication method. It only requeries Identity Provider to handle SAMLRequest form service provider and respond back with SAML Response. Then service provider exchanges SAML Response for authentication token that is specific to a given service provider. SAML also does not constrain what authentication token should be included in requests to Service Provider.
What I have described above is only one of the bindings SAML 2.0 offer. It's called Service Provider Redirect POST Binding [1]. SAML 2.0 provides also other bindings and you SUT may actual support them. In sum, SAML 2.0 is pretty complex authentication protocol.
I have implemented a rough solution for the binding I discussed abot at my work. It does the job but it hard from perfect. If you don't need to handle full flow, you could mock Identity Provider (.e.g, with mock-server) that responds with SAML Response to service provider.
Also, SAML Authentication may involve manual steps in the middle of those redirects: Identity Provider discovery might be either automated or manual [2] and process of authentication is specific to selected Identity Provider.
In general, SAML protocol does not constrain Identity Provider to certain authentication method. It only requeries Identity Provider to handle SAMLRequest form service provider and respond back with SAML Response. Then service provider exchanges SAML Response for authentication token that is specific to a given service provider. SAML also does not constrain what authentication token should be included in requests to Service Provider.
What I have described above is only one of the bindings SAML 2.0 offer. It's called Service Provider Redirect POST Binding [1]. SAML 2.0 provides also other bindings and you SUT may actual support them. In sum, SAML 2.0 is pretty complex authentication protocol.
I have implemented a rough solution for the binding I discussed abot at my work. It does the job but it hard from perfect. If you don't need to handle full flow, you could mock Identity Provider (.e.g, with mock-server) that responds with SAML Response to service provider.
[1]: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html
[2]: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.html
W dniu sobota, 6 maja 2017 11:50:15 UTC+2 użytkownik Johan Haleby napisał:
It's not supported out of the box. I'm not that familiar with SAML but I think you should be able to write a custom Filter (or AuthFilter) that integrates SAML authentication. It would be great if you could share the filter with us if you manage to get it working and then we can integrate it with REST Assured.Regards,/Johan
On Sat, May 6, 2017 at 5:10 AM, Tamilselvan Karunanidhy <tamil...@gmail.com> wrote:
Hi, I have been trying to get SAML authentication using rest assured.But so far, I have no solution at all. Is this even supported throughREST-ASSURED?
--
You received this message because you are subscribed to the Google Groups "REST assured" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured...@googlegroups.com.
Johan Haleby
Sep 7, 2017, 1:16:51 AM9/7/17
to rest-a...@googlegroups.com
Thanks for the clarification Maciej! As you probably guessed I'm not at all familiar with how SAML works :)
To unsubscribe from this group and stop receiving emails from it, send an email to rest-assured+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages