Examples with SAML2Object org.keycloak.dom.saml.v2.SAML2Object used on opensource projects

Search in sources :

Example 6 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class SamlDocumentStepBuilder method saml2Object2String.

public static String saml2Object2String(final SAML2Object transformed) {
    try {
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(bos);
        if (transformed instanceof AuthnRequestType) {
            new SAMLRequestWriter(xmlStreamWriter).write((AuthnRequestType) transformed);
        } else if (transformed instanceof LogoutRequestType) {
            new SAMLRequestWriter(xmlStreamWriter).write((LogoutRequestType) transformed);
        } else if (transformed instanceof ArtifactResolveType) {
            new SAMLRequestWriter(xmlStreamWriter).write((ArtifactResolveType) transformed);
        } else if (transformed instanceof AttributeQueryType) {
            new SAMLRequestWriter(xmlStreamWriter).write((AttributeQueryType) transformed);
        } else if (transformed instanceof ResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((ResponseType) transformed);
        } else if (transformed instanceof ArtifactResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((ArtifactResponseType) transformed);
        } else if (transformed instanceof StatusResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((StatusResponseType) transformed, SAMLProtocolQNames.LOGOUT_RESPONSE.getQName("samlp"));
        } else {
            Assert.assertNotNull("Unknown type: <null>", transformed);
            Assert.fail("Unknown type: " + transformed.getClass().getName());
        }
        return new String(bos.toByteArray(), GeneralConstants.SAML_CHARSET);
    } catch (ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}
Also used : ArtifactResolveType(org.keycloak.dom.saml.v2.protocol.ArtifactResolveType) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) ByteArrayOutputStream(java.io.ByteArrayOutputStream) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) SAMLResponseWriter(org.keycloak.saml.processing.core.saml.v2.writers.SAMLResponseWriter) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) SAMLRequestWriter(org.keycloak.saml.processing.core.saml.v2.writers.SAMLRequestWriter) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) AttributeQueryType(org.keycloak.dom.saml.v2.protocol.AttributeQueryType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 7 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class BrokerTest method createAuthnResponse.

private SAML2Object createAuthnResponse(SAML2Object so) {
    AuthnRequestType req = (AuthnRequestType) so;
    try {
        final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer("https://saml.idp/saml").assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
        AttributeStatementType attrStatement = new AttributeStatementType();
        AttributeType attribute = new AttributeType("mail");
        attribute.addAttributeValue("v@w.x");
        attrStatement.addAttribute(new ASTChoiceType(attribute));
        res.getAssertions().get(0).getAssertion().addStatement(attrStatement);
        return res;
    } catch (ConfigurationException | ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 8 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class LogoutTest method testLogoutWithPostBindingUnsetRedirectBindingSet.

@Test
public void testLogoutWithPostBindingUnsetRedirectBindingSet() {
    // https://issues.jboss.org/browse/KEYCLOAK-4779
    adminClient.realm(REALM_NAME).clients().get(sales2Rep.getId()).update(ClientBuilder.edit(sales2Rep).frontchannelLogout(true).attribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, "").attribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, "http://url-to-sales-2").build());
    SAMLDocumentHolder samlResponse = prepareLogIntoTwoApps().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, POST).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).build().processSamlResponse(REDIRECT).transformDocument(doc -> {
        // Expect logout request for sales-post2
        SAML2Object so = (SAML2Object) SAMLParser.getInstance().parse(new DOMSource(doc));
        assertThat(so, isSamlLogoutRequest("http://url-to-sales-2"));
        // Emulate successful logout response from sales-post2 logout
        return new SAML2LogoutResponseBuilder().destination(getAuthServerSamlEndpoint(REALM_NAME).toString()).issuer(SAML_CLIENT_ID_SALES_POST2).logoutRequestID(((LogoutRequestType) so).getID()).buildDocument();
    }).targetAttributeSamlResponse().targetUri(getAuthServerSamlEndpoint(REALM_NAME)).build().getSamlResponse(POST);
    // Expect final successful logout response from auth server signalling final successful logout
    assertThat(samlResponse.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    assertThat(((StatusResponseType) samlResponse.getSamlObject()).getDestination(), is("http://url"));
    assertLogoutEvent(SAML_CLIENT_ID_SALES_POST2);
}
Also used : DOMSource(javax.xml.transform.dom.DOMSource) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAML2LogoutResponseBuilder(org.keycloak.saml.SAML2LogoutResponseBuilder) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) Test(org.junit.Test)

Example 9 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class KcSamlBrokerFrontendUrlTest method testFrontendUrlInDestinationExpected.

@Test
public void testFrontendUrlInDestinationExpected() throws URISyntaxException {
    SAMLDocumentHolder samlResponse = clientBuilderTrustingAllCertificates().idpInitiatedLogin(new URI(proxy.getUrl() + "/realms/" + bc.consumerRealmName() + "/protocol/saml"), "sales-post").build().login().idp(IDP_SAML_ALIAS).build().processSamlResponse(// AuthnRequest to producer IdP
    SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user(USER_LOGIN, USER_PASSWORD).build().processSamlResponse(SamlClient.Binding.POST).transformObject(saml2Object -> {
        assertThat(saml2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType response = (ResponseType) saml2Object;
        assertThat(response.getDestination(), startsWith(proxy.getUrl()));
        return saml2Object;
    }).build().updateProfile().username(USER_LOGIN).email(USER_EMAIL).firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(SamlClient.Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
}
Also used : ReverseProxy(org.keycloak.testsuite.util.ReverseProxy) USER_PASSWORD(org.keycloak.testsuite.broker.BrokerTestConstants.USER_PASSWORD) IDP_SAML_ALIAS(org.keycloak.testsuite.broker.BrokerTestConstants.IDP_SAML_ALIAS) URISyntaxException(java.net.URISyntaxException) AssertEvents(org.keycloak.testsuite.AssertEvents) HashMap(java.util.HashMap) CoreMatchers.startsWith(org.hamcrest.CoreMatchers.startsWith) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) KeyStoreException(java.security.KeyStoreException) USER_EMAIL(org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL) ArrayList(java.util.ArrayList) BrokerTestTools.getConsumerRoot(org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot) Map(java.util.Map) SamlClient(org.keycloak.testsuite.util.SamlClient) NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier) URI(java.net.URI) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Errors(org.keycloak.events.Errors) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) Matchers(org.keycloak.testsuite.util.Matchers) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Test(org.junit.Test) EventType(org.keycloak.events.EventType) KeyManagementException(java.security.KeyManagementException) SSLContextBuilder(org.apache.http.ssl.SSLContextBuilder) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) URLEncoder(java.net.URLEncoder) List(java.util.List) Rule(org.junit.Rule) USER_LOGIN(org.keycloak.testsuite.broker.BrokerTestConstants.USER_LOGIN) Ignore(org.junit.Ignore) Response(javax.ws.rs.core.Response) REALM_CONS_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME) BrokerTestTools.waitForPage(org.keycloak.testsuite.broker.BrokerTestTools.waitForPage) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) UnsupportedEncodingException(java.io.UnsupportedEncodingException) TrustAllStrategy(org.apache.http.conn.ssl.TrustAllStrategy) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) URI(java.net.URI) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) Test(org.junit.Test)

Example 10 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class SAML2Response method getSAML2ObjectFromStream.

/**
 * Read a {@code SAML2Object} from an input stream
 *
 * @param is
 *
 * @return
 *
 * @throws ParsingException
 * @throws ConfigurationException
 * @throws ProcessingException
 */
public SAML2Object getSAML2ObjectFromStream(InputStream is) throws ParsingException, ConfigurationException, ProcessingException {
    if (is == null)
        throw logger.nullArgumentError("InputStream");
    Document samlResponseDocument = DocumentUtil.getDocument(is);
    if (logger.isTraceEnabled()) {
        logger.trace("SAML Response Document: " + DocumentUtil.asString(samlResponseDocument));
    }
    SAMLParser samlParser = SAMLParser.getInstance();
    JAXPValidationUtil.checkSchemaValidation(samlResponseDocument);
    SAML2Object responseType = (SAML2Object) samlParser.parse(samlResponseDocument);
    samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument);
    return responseType;
}
Also used : SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) Document(org.w3c.dom.Document)

Aggregations

ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)12 Test (org.junit.Test)10 SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)9 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)9 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)8 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)5 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)5 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)4 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)4 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)4 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)4 SamlClient (org.keycloak.testsuite.util.SamlClient)4 URI (java.net.URI)3 List (java.util.List)3 AtomicReference (java.util.concurrent.atomic.AtomicReference)3 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)3 Matchers.is (org.hamcrest.Matchers.is)3 Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)3 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial