Examples with SAML2Object org.keycloak.dom.saml.v2.SAML2Object used on opensource projects

Search in sources :

Example 16 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class LogoutTest method createAuthnResponse.

private SAML2Object createAuthnResponse(SAML2Object so) {
    AuthnRequestType req = (AuthnRequestType) so;
    try {
        final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer(BROKER_SERVICE_ID).assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).nameIdentifier(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get(), "a@b.c").authMethod(JBossSAMLURIConstants.AC_UNSPECIFIED.get()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
        NameIDType nameId = (NameIDType) res.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
        nameId.setNameQualifier(NAME_QUALIFIER);
        nameId.setSPNameQualifier(SP_NAME_QUALIFIER);
        nameId.setSPProvidedID(SP_PROVIDED_ID);
        return res;
    } catch (ConfigurationException | ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 17 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class SessionNotOnOrAfterTest method checkSessionNotOnOrAfter.

private SAML2Object checkSessionNotOnOrAfter(SAML2Object ob, int ssoMaxLifespan, int accessCodeLifespan, int accessTokenLifespan) {
    assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) ob;
    Assert.assertNotNull(resp);
    Assert.assertNotNull(resp.getAssertions());
    Assert.assertThat(resp.getAssertions().size(), greaterThan(0));
    Assert.assertNotNull(resp.getAssertions().get(0));
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion());
    // session lifespan
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getStatements());
    Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
    AuthnStatementType authType = statements.stream().filter(statement -> statement instanceof AuthnStatementType).map(s -> (AuthnStatementType) s).findFirst().orElse(null);
    assertThat(authType, notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), is(XMLTimeUtil.add(authType.getAuthnInstant(), ssoMaxLifespan * 1000L)));
    // Conditions
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    ConditionsType condition = resp.getAssertions().get(0).getAssertion().getConditions();
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessCodeLifespan * 1000L), condition.getNotOnOrAfter());
    // SubjectConfirmation (confirmationData has no NotBefore, using the previous one because it's the same)
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation());
    List<SubjectConfirmationType> confirmations = resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation();
    SubjectConfirmationDataType confirmationData = confirmations.stream().map(c -> c.getSubjectConfirmationData()).filter(c -> c != null).findFirst().orElse(null);
    Assert.assertNotNull(confirmationData);
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessTokenLifespan * 1000L), confirmationData.getNotOnOrAfter());
    return null;
}
Also used : AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Set(java.util.Set) Test(org.junit.Test) SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) Assert.assertThat(org.junit.Assert.assertThat) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) List(java.util.List) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) SamlClient(org.keycloak.testsuite.util.SamlClient) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) Assert(org.junit.Assert) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 18 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLogoutFullWithPost.

@Test
public void testReceiveArtifactLogoutFullWithPost() throws InterruptedException {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
    SamlClientBuilder builder = new SamlClientBuilder();
    CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, POST, builder);
    ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/");
    Thread arsThread = new Thread(ars);
    try {
        arsThread.start();
        synchronized (ars) {
            ars.wait();
            SAMLDocumentHolder samlResponse = builder.authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(x -> {
                SAML2Object samlObj = extractNameIdAndSessionIndexAndTerminate(x);
                setArtifactResolutionServiceLogoutRequest(ars);
                return samlObj;
            }).build().artifactMessage(camb).build().getSamlResponse(POST);
            assertThat(samlResponse.getSamlObject(), instanceOf(StatusResponseType.class));
            StatusResponseType srt = (StatusResponseType) samlResponse.getSamlObject();
            assertThat(srt, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
        }
    } finally {
        ars.stop();
        arsThread.join();
    }
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService) CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 19 with SAML2Object

use of org.keycloak.dom.saml.v2.SAML2Object in project keycloak by keycloak.

the class AbstractSamlTest method extractNameIdAndSessionIndexAndTerminate.

protected SAML2Object extractNameIdAndSessionIndexAndTerminate(SAML2Object so) {
    assertThat(so, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType loginResp1 = (ResponseType) so;
    final AssertionType firstAssertion = loginResp1.getAssertions().get(0).getAssertion();
    assertThat(firstAssertion, org.hamcrest.Matchers.notNullValue());
    assertThat(firstAssertion.getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
    NameIDType nameId = (NameIDType) firstAssertion.getSubject().getSubType().getBaseID();
    AuthnStatementType firstAssertionStatement = (AuthnStatementType) firstAssertion.getStatements().iterator().next();
    nameIdRef.set(nameId);
    sessionIndexRef.set(firstAssertionStatement.getSessionIndex());
    return null;
}
Also used : AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Aggregations

ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)12 Test (org.junit.Test)10 SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)9 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)9 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)8 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)5 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)5 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)4 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)4 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)4 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)4 SamlClient (org.keycloak.testsuite.util.SamlClient)4 URI (java.net.URI)3 List (java.util.List)3 AtomicReference (java.util.concurrent.atomic.AtomicReference)3 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)3 Matchers.is (org.hamcrest.Matchers.is)3 Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)3 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial