Examples with AssertionType org.keycloak.dom.saml.v2.assertion.AssertionType used on opensource projects

Example 16 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method assertAudience.

private void assertAudience(ResponseType resp, String expectedAudience) throws Exception {
    AssertionType a = AssertionUtil.getAssertion(null, resp, null);
    assertThat(a, notNullValue());
    assertThat(a.getConditions(), notNullValue());
    assertThat(a.getConditions().getConditions(), notNullValue());
    assertThat(a.getConditions().getConditions(), hasSize(greaterThan(0)));
    assertThat(a.getConditions().getConditions().get(0), instanceOf(AudienceRestrictionType.class));
    AudienceRestrictionType ar = (AudienceRestrictionType) a.getConditions().getConditions().get(0);
    assertThat(ar.getAudience(), contains(URI.create(expectedAudience)));
}

Example 17 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class KcSamlBrokerTest method emptyAttributeToRoleMapperTest.

@Test
public void emptyAttributeToRoleMapperTest() throws ParsingException, ConfigurationException, ProcessingException {
    createRolesForRealm(bc.consumerRealmName());
    createRoleMappersForConsumerRealm();
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
    Document doc = SAML2Request.convert(loginRep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
    Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
    Binding.POST).transformObject(ob -> {
        assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(EMPTY_ATTRIBUTE_NAME);
        attr.addAttributeValue(null);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
    Binding.POST);
    Assert.assertThat(samlResponse, Matchers.notNullValue());
    Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertionTypeStream = assertionsUnencrypted(samlResponse.getSamlObject());
    Stream<AttributeType> attributeStatementTypeStream = attributesUnecrypted(attributeStatements(assertionTypeStream));
    Set<String> attributeValues = attributeStatementTypeStream.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
    assertThat(attributeValues, hasItems(EMPTY_ATTRIBUTE_ROLE));
}

Example 18 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class SAMLEndpoint method getSubjectNameID.

private NameIDType getSubjectNameID(final AssertionType assertion) {
    SubjectType subject = assertion.getSubject();
    SubjectType.STSubType subType = subject.getSubType();
    return subType != null ? (NameIDType) subType.getBaseID() : null;
}

Example 19 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class SAMLResponseWriter method write.

/**
 * Write a {@code ResponseType} to stream
 *
 * @param response
 * @param out
 *
 * @throws org.keycloak.saml.common.exceptions.ProcessingException
 */
public void write(ResponseType response) throws ProcessingException {
    StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.RESPONSE__PROTOCOL.get(), JBossSAMLURIConstants.PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, JBossSAMLURIConstants.ASSERTION_NSURI.get());
    writeBaseAttributes(response);
    NameIDType issuer = response.getIssuer();
    if (issuer != null) {
        write(issuer, new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    }
    ExtensionsType extensions = response.getExtensions();
    if (extensions != null && extensions.getAny() != null && !extensions.getAny().isEmpty()) {
        write(extensions);
    }
    StatusType status = response.getStatus();
    write(status);
    List<ResponseType.RTChoiceType> choiceTypes = response.getAssertions();
    if (choiceTypes != null) {
        for (ResponseType.RTChoiceType choiceType : choiceTypes) {
            AssertionType assertion = choiceType.getAssertion();
            if (assertion != null) {
                assertionWriter.write(assertion);
            }
            EncryptedAssertionType encryptedAssertion = choiceType.getEncryptedAssertion();
            if (encryptedAssertion != null) {
                Element encElement = encryptedAssertion.getEncryptedElement();
                StaxUtil.writeDOMElement(writer, encElement);
            }
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}

Example 20 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class JBossSAMLAuthnResponseFactory method createResponseType.

/**
 * Create a Response Type
 *
 * @param ID
 * @param issuerInfo
 * @param assertionType
 *
 * @return
 *
 * @throws ConfigurationException
 */
public static ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertionType) {
    XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
    ResponseType responseType = new ResponseType(ID, issueInstant);
    // Issuer
    NameIDType issuer = issuerInfo.getIssuer();
    responseType.setIssuer(issuer);
    // Status
    String statusCode = issuerInfo.getStatusCode();
    if (statusCode == null)
        throw logger.issuerInfoMissingStatusCodeError();
    responseType.setStatus(createStatusType(statusCode));
    responseType.addAssertion(new RTChoiceType(assertionType));
    return responseType;
}