use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.
the class SAML2Request method getSAML2ObjectFromDocument.
/**
* Get the Underlying SAML2Object from a document
* @param samlDocument a Document containing a SAML2Object
* @return a SAMLDocumentHolder
* @throws ProcessingException
* @throws ParsingException
*/
public static SAMLDocumentHolder getSAML2ObjectFromDocument(Document samlDocument) throws ProcessingException, ParsingException {
SAMLParser samlParser = SAMLParser.getInstance();
JAXPValidationUtil.checkSchemaValidation(samlDocument);
SAML2Object requestType = (SAML2Object) samlParser.parse(samlDocument);
return new SAMLDocumentHolder(requestType, samlDocument);
}
use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.
the class SAMLLogoutAdapterTest method employeeGlobalLogoutTest.
@Test
public void employeeGlobalLogoutTest() {
SAMLDocumentHolder b = new SamlClientBuilder().navigateTo(employeeServletPage).processSamlResponse(Binding.POST).build().login().user(bburkeUser).build().processSamlResponse(Binding.POST).targetAttributeSamlResponse().transformObject(this::extractNameId).transformObject((SAML2Object o) -> {
assertThat(o, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType rt = (ResponseType) o;
NameIDType t = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
t.setNameQualifier(NAME_QUALIFIER);
t.setSPNameQualifier(SP_NAME_QUALIFIER);
t.setSPProvidedID(SP_PROVIDED_ID);
}).build().navigateTo(employeeServletPage.getUriBuilder().clone().queryParam("GLO", "true").build()).getSamlResponse(Binding.POST);
assertThat(b.getSamlObject(), instanceOf(LogoutRequestType.class));
LogoutRequestType lr = (LogoutRequestType) b.getSamlObject();
NameIDType logoutRequestNameID = lr.getNameID();
assertThat(logoutRequestNameID.getFormat(), is(nameIdRef.get().getFormat()));
assertThat(logoutRequestNameID.getValue(), is(nameIdRef.get().getValue()));
assertThat(logoutRequestNameID.getNameQualifier(), is(NAME_QUALIFIER));
assertThat(logoutRequestNameID.getSPProvidedID(), is(SP_PROVIDED_ID));
assertThat(logoutRequestNameID.getSPNameQualifier(), is(SP_NAME_QUALIFIER));
}
use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.
the class SAMLLogoutAdapterTest method extractNameId.
private SAML2Object extractNameId(SAML2Object so) {
assertThat(so, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType loginResp1 = (ResponseType) so;
final AssertionType firstAssertion = loginResp1.getAssertions().get(0).getAssertion();
assertThat(firstAssertion, org.hamcrest.Matchers.notNullValue());
assertThat(firstAssertion.getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
NameIDType nameId = (NameIDType) firstAssertion.getSubject().getSubType().getBaseID();
AuthnStatementType firstAssertionStatement = (AuthnStatementType) firstAssertion.getStatements().iterator().next();
nameIdRef.set(nameId);
sessionIndexRef.set(firstAssertionStatement.getSessionIndex());
return so;
}
use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.
the class SAMLServletSessionTimeoutTest method addSessionNotOnOrAfter.
private SAML2Object addSessionNotOnOrAfter(SAML2Object ob) {
assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType resp = (ResponseType) ob;
Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
AuthnStatementType authType = (AuthnStatementType) statements.stream().filter(statement -> statement instanceof AuthnStatementType).findFirst().orElse(new AuthnStatementType(XMLTimeUtil.getIssueInstant()));
XMLGregorianCalendar sessionTimeout = XMLTimeUtil.add(XMLTimeUtil.getIssueInstant(), SESSION_LENGTH_IN_SECONDS * 1000);
sessionNotOnOrAfter.set(sessionTimeout.toString());
authType.setSessionNotOnOrAfter(sessionTimeout);
resp.getAssertions().get(0).getAssertion().addStatement(authType);
return ob;
}
use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.
the class KcSamlBrokerFrontendUrlTest method testKeycloakRejectsRealUrlWhenFrontendUrlConfigured.
@Test
public void testKeycloakRejectsRealUrlWhenFrontendUrlConfigured() throws URISyntaxException {
clientBuilderTrustingAllCertificates().idpInitiatedLogin(new URI(proxy.getUrl() + "/realms/" + bc.consumerRealmName() + "/protocol/saml"), "sales-post").build().login().idp(IDP_SAML_ALIAS).build().processSamlResponse(// AuthnRequest to producer IdP
SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user(USER_LOGIN, USER_PASSWORD).build().processSamlResponse(SamlClient.Binding.POST).transformObject(saml2Object -> {
assertThat(saml2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType response = (ResponseType) saml2Object;
assertThat(response.getDestination(), startsWith(proxy.getUrl()));
response.setDestination(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint");
return saml2Object;
}).build().execute(response -> {
assertThat(response, Matchers.statusCodeIsHC(Response.Status.BAD_REQUEST));
String consumerRealmId = realmsResouce().realm(bc.consumerRealmName()).toRepresentation().getId();
events.expect(EventType.IDENTITY_PROVIDER_RESPONSE_ERROR).clearDetails().session((String) null).realm(consumerRealmId).user((String) null).client((String) null).error(Errors.INVALID_SAML_RESPONSE).detail("reason", Errors.INVALID_DESTINATION).assertEvent();
events.assertEmpty();
});
}
Aggregations