use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class KeycloakAdapterPolicyEnforcer method challenge.
@Override
protected boolean challenge(PathConfig pathConfig, PolicyEnforcerConfig.MethodConfig methodConfig, OIDCHttpFacade httpFacade) {
if (isBearerAuthorization(httpFacade)) {
HttpFacade.Response response = httpFacade.getResponse();
AuthzClient authzClient = getAuthzClient();
String ticket = getPermissionTicket(pathConfig, methodConfig, authzClient, httpFacade);
if (ticket != null) {
response.setStatus(401);
response.setHeader("WWW-Authenticate", new StringBuilder("UMA realm=\"").append(authzClient.getConfiguration().getRealm()).append("\"").append(",as_uri=\"").append(authzClient.getServerConfiguration().getIssuer()).append("\"").append(",ticket=\"").append(ticket).append("\"").toString());
} else {
response.setStatus(403);
}
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Sending challenge");
}
return true;
}
handleAccessDenied(httpFacade);
return true;
}
use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class AbstractSamlAuthenticationHandler method createChallenge.
protected AbstractInitiateLogin createChallenge() {
return new AbstractInitiateLogin(deployment, sessionStore) {
@Override
protected void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) throws ProcessingException, ConfigurationException, IOException {
if (isAutodetectedBearerOnly(httpFacade.getRequest())) {
httpFacade.getResponse().setStatus(401);
httpFacade.getResponse().end();
} else {
Document document = authnRequestBuilder.toDocument();
SamlDeployment.Binding samlBinding = deployment.getIDP().getSingleSignOnService().getRequestBinding();
SamlUtil.sendSaml(true, httpFacade, deployment.getIDP().getSingleSignOnService().getRequestBindingUrl(), binding, document, samlBinding);
}
}
};
}
use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class EcpAuthenticationHandler method createChallenge.
@Override
protected AbstractInitiateLogin createChallenge() {
return new AbstractInitiateLogin(deployment, sessionStore) {
@Override
protected void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) {
try {
MessageFactory messageFactory = MessageFactory.newInstance();
SOAPMessage message = messageFactory.createMessage();
SOAPEnvelope envelope = message.getSOAPPart().getEnvelope();
envelope.addNamespaceDeclaration(NS_PREFIX_SAML_ASSERTION, JBossSAMLURIConstants.ASSERTION_NSURI.get());
envelope.addNamespaceDeclaration(NS_PREFIX_SAML_PROTOCOL, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
envelope.addNamespaceDeclaration(NS_PREFIX_PAOS_BINDING, JBossSAMLURIConstants.PAOS_BINDING.get());
envelope.addNamespaceDeclaration(NS_PREFIX_PROFILE_ECP, JBossSAMLURIConstants.ECP_PROFILE.get());
createPaosRequestHeader(envelope);
createEcpRequestHeader(envelope);
SOAPBody body = envelope.getBody();
body.addDocument(binding.postBinding(authnRequestBuilder.toDocument()).getDocument());
message.writeTo(httpFacade.getResponse().getOutputStream());
} catch (Exception e) {
throw new RuntimeException("Could not create AuthnRequest.", e);
}
}
private void createEcpRequestHeader(SOAPEnvelope envelope) throws SOAPException {
SOAPHeader headers = envelope.getHeader();
SOAPHeaderElement ecpRequestHeader = headers.addHeaderElement(envelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PROFILE_ECP));
ecpRequestHeader.setMustUnderstand(true);
ecpRequestHeader.setActor("http://schemas.xmlsoap.org/soap/actor/next");
ecpRequestHeader.addAttribute(envelope.createName("ProviderName"), deployment.getEntityID());
ecpRequestHeader.addAttribute(envelope.createName("IsPassive"), "0");
ecpRequestHeader.addChildElement(envelope.createQName("Issuer", "saml")).setValue(deployment.getEntityID());
ecpRequestHeader.addChildElement(envelope.createQName("IDPList", "samlp")).addChildElement(envelope.createQName("IDPEntry", "samlp")).addAttribute(envelope.createName("ProviderID"), deployment.getIDP().getEntityID()).addAttribute(envelope.createName("Name"), deployment.getIDP().getEntityID()).addAttribute(envelope.createName("Loc"), deployment.getIDP().getSingleSignOnService().getRequestBindingUrl());
}
private void createPaosRequestHeader(SOAPEnvelope envelope) throws SOAPException {
SOAPHeader headers = envelope.getHeader();
SOAPHeaderElement paosRequestHeader = headers.addHeaderElement(envelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PAOS_BINDING));
paosRequestHeader.setMustUnderstand(true);
paosRequestHeader.setActor("http://schemas.xmlsoap.org/soap/actor/next");
paosRequestHeader.addAttribute(envelope.createName("service"), JBossSAMLURIConstants.ECP_PROFILE.get());
paosRequestHeader.addAttribute(envelope.createName("responseConsumerURL"), getResponseConsumerUrl());
}
private String getResponseConsumerUrl() {
return (deployment.getIDP() == null || deployment.getIDP().getSingleSignOnService() == null || deployment.getIDP().getSingleSignOnService().getAssertionConsumerServiceUrl() == null) ? null : deployment.getIDP().getSingleSignOnService().getAssertionConsumerServiceUrl().toString();
}
};
}
use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class ClaimInformationPointProviderTest method testHttpClaimInformationPointProviderWithClaims.
@Test
public void testHttpClaimInformationPointProviderWithClaims() {
HttpFacade httpFacade = createHttpFacade();
Map<String, List<String>> claims = getClaimInformationProviderForPath("/http-post-claim-provider", "http").resolve(httpFacade);
assertEquals("a-value1", claims.get("claim-a").get(0));
assertEquals("d-value1", claims.get("claim-d").get(0));
assertEquals("d-value2", claims.get("claim-d").get(1));
assertEquals("d-value1", claims.get("claim-d0").get(0));
assertEquals("d-value1", claims.get("claim-d-all").get(0));
assertEquals("d-value2", claims.get("claim-d-all").get(1));
assertNull(claims.get("a"));
assertNull(claims.get("b"));
assertNull(claims.get("d"));
}
use of org.keycloak.adapters.spi.HttpFacade in project keycloak by keycloak.
the class ClaimInformationPointProviderTest method testBodyJsonObjectClaim.
@Test
public void testBodyJsonObjectClaim() throws Exception {
Map<String, List<String>> headers = new HashMap<>();
headers.put("Content-Type", Arrays.asList("application/json"));
ObjectMapper mapper = JsonSerialization.mapper;
JsonParser parser = mapper.getFactory().createParser("{\"Individual\" : {\n" + "\n" + " \"Name\": \"John\",\n" + "\n" + " \"Lastname\": \"Doe\",\n" + "\n" + " \"individualRoles\" : [ {\n" + "\n" + " \"roleSpec\": 2342,\n" + "\n" + " \"roleId\": 4234},\n" + "\n" + "{\n" + "\n" + " \"roleSpec\": 4223,\n" + "\n" + " \"roleId\": 523\n" + "\n" + " }\n" + "\n" + " ]\n" + "\n" + "}}");
TreeNode treeNode = mapper.readTree(parser);
HttpFacade httpFacade = createHttpFacade(headers, new ByteArrayInputStream(treeNode.toString().getBytes()));
Map<String, List<String>> claims = getClaimInformationProviderForPath("/claims-from-body-json-object", "claims").resolve(httpFacade);
assertEquals(1, claims.size());
assertEquals(2, claims.get("individualRoles").size());
assertEquals("{\"roleSpec\":2342,\"roleId\":4234}", claims.get("individualRoles").get(0));
assertEquals("{\"roleSpec\":4223,\"roleId\":523}", claims.get("individualRoles").get(1));
headers.put("Content-Type", Arrays.asList("application/json; charset=utf-8"));
httpFacade = createHttpFacade(headers, new ByteArrayInputStream(treeNode.toString().getBytes()));
claims = getClaimInformationProviderForPath("/claims-from-body-json-object", "claims").resolve(httpFacade);
assertEquals(1, claims.size());
assertEquals(2, claims.get("individualRoles").size());
assertEquals("{\"roleSpec\":2342,\"roleId\":4234}", claims.get("individualRoles").get(0));
assertEquals("{\"roleSpec\":4223,\"roleId\":523}", claims.get("individualRoles").get(1));
}
Aggregations