Search in sources :

Example 1 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class SAML2Request method getSAML2ObjectFromDocument.

/**
 * Get the Underlying SAML2Object from a document
 * @param samlDocument a Document containing a SAML2Object
 * @return a SAMLDocumentHolder
 * @throws ProcessingException
 * @throws ParsingException
 */
public static SAMLDocumentHolder getSAML2ObjectFromDocument(Document samlDocument) throws ProcessingException, ParsingException {
    SAMLParser samlParser = SAMLParser.getInstance();
    JAXPValidationUtil.checkSchemaValidation(samlDocument);
    SAML2Object requestType = (SAML2Object) samlParser.parse(samlDocument);
    return new SAMLDocumentHolder(requestType, samlDocument);
}
Also used : SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser)

Example 2 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class SAMLLogoutAdapterTest method employeeGlobalLogoutTest.

@Test
public void employeeGlobalLogoutTest() {
    SAMLDocumentHolder b = new SamlClientBuilder().navigateTo(employeeServletPage).processSamlResponse(Binding.POST).build().login().user(bburkeUser).build().processSamlResponse(Binding.POST).targetAttributeSamlResponse().transformObject(this::extractNameId).transformObject((SAML2Object o) -> {
        assertThat(o, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType rt = (ResponseType) o;
        NameIDType t = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
        t.setNameQualifier(NAME_QUALIFIER);
        t.setSPNameQualifier(SP_NAME_QUALIFIER);
        t.setSPProvidedID(SP_PROVIDED_ID);
    }).build().navigateTo(employeeServletPage.getUriBuilder().clone().queryParam("GLO", "true").build()).getSamlResponse(Binding.POST);
    assertThat(b.getSamlObject(), instanceOf(LogoutRequestType.class));
    LogoutRequestType lr = (LogoutRequestType) b.getSamlObject();
    NameIDType logoutRequestNameID = lr.getNameID();
    assertThat(logoutRequestNameID.getFormat(), is(nameIdRef.get().getFormat()));
    assertThat(logoutRequestNameID.getValue(), is(nameIdRef.get().getValue()));
    assertThat(logoutRequestNameID.getNameQualifier(), is(NAME_QUALIFIER));
    assertThat(logoutRequestNameID.getSPProvidedID(), is(SP_PROVIDED_ID));
    assertThat(logoutRequestNameID.getSPNameQualifier(), is(SP_NAME_QUALIFIER));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) Test(org.junit.Test) AbstractServletsAdapterTest(org.keycloak.testsuite.adapter.AbstractServletsAdapterTest)

Example 3 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class SAMLLogoutAdapterTest method extractNameId.

private SAML2Object extractNameId(SAML2Object so) {
    assertThat(so, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType loginResp1 = (ResponseType) so;
    final AssertionType firstAssertion = loginResp1.getAssertions().get(0).getAssertion();
    assertThat(firstAssertion, org.hamcrest.Matchers.notNullValue());
    assertThat(firstAssertion.getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
    NameIDType nameId = (NameIDType) firstAssertion.getSubject().getSubType().getBaseID();
    AuthnStatementType firstAssertionStatement = (AuthnStatementType) firstAssertion.getStatements().iterator().next();
    nameIdRef.set(nameId);
    sessionIndexRef.set(firstAssertionStatement.getSessionIndex());
    return so;
}
Also used : AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 4 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class SAMLServletSessionTimeoutTest method addSessionNotOnOrAfter.

private SAML2Object addSessionNotOnOrAfter(SAML2Object ob) {
    assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) ob;
    Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
    AuthnStatementType authType = (AuthnStatementType) statements.stream().filter(statement -> statement instanceof AuthnStatementType).findFirst().orElse(new AuthnStatementType(XMLTimeUtil.getIssueInstant()));
    XMLGregorianCalendar sessionTimeout = XMLTimeUtil.add(XMLTimeUtil.getIssueInstant(), SESSION_LENGTH_IN_SECONDS * 1000);
    sessionNotOnOrAfter.set(sessionTimeout.toString());
    authType.setSessionNotOnOrAfter(sessionTimeout);
    resp.getAssertions().get(0).getAssertion().addStatement(authType);
    return ob;
}
Also used : AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) Matchers.bodyHC(org.keycloak.testsuite.util.Matchers.bodyHC) AdapterActionsFilter(org.keycloak.testsuite.adapter.filter.AdapterActionsFilter) Page(org.jboss.arquillian.graphene.page.Page) AtomicReference(java.util.concurrent.atomic.AtomicReference) EntityUtils(org.apache.http.util.EntityUtils) Assert.assertThat(org.junit.Assert.assertThat) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) SamlClient(org.keycloak.testsuite.util.SamlClient) ContainerConstants(org.keycloak.testsuite.utils.arquillian.ContainerConstants) WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) Matchers.allOf(org.hamcrest.Matchers.allOf) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME) Set(java.util.Set) Test(org.junit.Test) Employee2Servlet(org.keycloak.testsuite.adapter.page.Employee2Servlet) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) Deployment(org.jboss.arquillian.container.test.api.Deployment) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) AppServerContainer(org.keycloak.testsuite.arquillian.annotation.AppServerContainer) SessionTimeoutHelper(org.keycloak.models.utils.SessionTimeoutHelper) Matchers.is(org.hamcrest.Matchers.is) PublicKeyLocator(org.keycloak.adapters.rotation.PublicKeyLocator) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 5 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class KcSamlBrokerFrontendUrlTest method testKeycloakRejectsRealUrlWhenFrontendUrlConfigured.

@Test
public void testKeycloakRejectsRealUrlWhenFrontendUrlConfigured() throws URISyntaxException {
    clientBuilderTrustingAllCertificates().idpInitiatedLogin(new URI(proxy.getUrl() + "/realms/" + bc.consumerRealmName() + "/protocol/saml"), "sales-post").build().login().idp(IDP_SAML_ALIAS).build().processSamlResponse(// AuthnRequest to producer IdP
    SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user(USER_LOGIN, USER_PASSWORD).build().processSamlResponse(SamlClient.Binding.POST).transformObject(saml2Object -> {
        assertThat(saml2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType response = (ResponseType) saml2Object;
        assertThat(response.getDestination(), startsWith(proxy.getUrl()));
        response.setDestination(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
        return saml2Object;
    }).build().execute(response -> {
        assertThat(response, Matchers.statusCodeIsHC(Response.Status.BAD_REQUEST));
        String consumerRealmId = realmsResouce().realm(bc.consumerRealmName()).toRepresentation().getId();
        events.expect(EventType.IDENTITY_PROVIDER_RESPONSE_ERROR).clearDetails().session((String) null).realm(consumerRealmId).user((String) null).client((String) null).error(Errors.INVALID_SAML_RESPONSE).detail("reason", Errors.INVALID_DESTINATION).assertEvent();
        events.assertEmpty();
    });
}
Also used : CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) URI(java.net.URI) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) Test(org.junit.Test)

Aggregations

ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)12 Test (org.junit.Test)10 SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)9 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)9 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)8 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)5 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)5 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)4 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)4 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)4 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)4 SamlClient (org.keycloak.testsuite.util.SamlClient)4 URI (java.net.URI)3 List (java.util.List)3 AtomicReference (java.util.concurrent.atomic.AtomicReference)3 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)3 Matchers.is (org.hamcrest.Matchers.is)3 Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)3 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)3