Example 41 with VerificationException
use of org.keycloak.common.VerificationException in project keycloak by keycloak.
the class SamlClient method extractSamlResponseFromRedirect.
/**
* Extracts and parses value of SAMLResponse query parameter from the given URI.
* If the realmPublicKey parameter is passed the response signature is
* validated.
*
* @param responseUri The redirect URI to use
* @param realmPublicKey The public realm key for validating signature in REDIRECT query parameters
* @return
*/
public static SAMLDocumentHolder extractSamlResponseFromRedirect(String responseUri, String realmPublicKey) throws IOException {
MultivaluedMap<String, String> encodedParams = parseEncodedQueryParameters(URI.create(responseUri).getRawQuery());
String samlResponse = encodedParams.getFirst(GeneralConstants.SAML_RESPONSE_KEY);
String samlRequest = encodedParams.getFirst(GeneralConstants.SAML_REQUEST_KEY);
assertTrue("Only one SAMLRequest/SAMLResponse check", (samlResponse != null && samlRequest == null) || (samlResponse == null && samlRequest != null));
String samlDoc = RedirectBindingUtil.urlDecode(samlResponse != null ? samlResponse : samlRequest);
SAMLDocumentHolder documentHolder = SAMLRequestParser.parseResponseRedirectBinding(samlDoc);
if (realmPublicKey != null) {
// if the public key is passed verify the signature of the redirect URI
try {
KeyLocator locator = new KeyLocator() {
@Override
public Key getKey(String kid) throws KeyManagementException {
return org.keycloak.testsuite.util.KeyUtils.publicKeyFromString(realmPublicKey);
}
@Override
public void refreshKeyCache() {
}
};
SamlProtocolUtils.verifyRedirectSignature(documentHolder, locator, encodedParams, samlResponse != null ? GeneralConstants.SAML_RESPONSE_KEY : GeneralConstants.SAML_REQUEST_KEY);
} catch (VerificationException e) {
throw new IOException(e);
}
}
return documentHolder;
}
Also used :
KeyLocator(org.keycloak.rotation.KeyLocator)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
VerificationException(org.keycloak.common.VerificationException)
Matchers.containsString(org.hamcrest.Matchers.containsString)
IOException(java.io.IOException)
Aggregations
VerificationException (org.keycloak.common.VerificationException)41
AccessToken (org.keycloak.representations.AccessToken)17
Test (org.junit.Test)8
JWSBuilder (org.keycloak.jose.jws.JWSBuilder)8
IOException (java.io.IOException)7
ClientModel (org.keycloak.models.ClientModel)7
SignatureProvider (org.keycloak.crypto.SignatureProvider)6
SignatureVerifierContext (org.keycloak.crypto.SignatureVerifierContext)6
UserSessionModel (org.keycloak.models.UserSessionModel)6
Response (javax.ws.rs.core.Response)4
OAuthErrorException (org.keycloak.OAuthErrorException)4
JWSInput (org.keycloak.jose.jws.JWSInput)4
UserModel (org.keycloak.models.UserModel)4
PublicKey (java.security.PublicKey)3
TokenVerifier (org.keycloak.TokenVerifier)3
AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)3
IDToken (org.keycloak.representations.IDToken)3
ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)3
ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)3
SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)3
