use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.
the class RoleMapperTest method testExpectedRoles.
public void testExpectedRoles(String clientId, String... expectedRoles) {
SAMLDocumentHolder document = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), clientId, SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(Binding.POST);
assertThat(document.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
Stream<AssertionType> assertions = assertionsUnencrypted(document.getSamlObject());
Stream<AttributeType> attributes = attributesUnecrypted(attributeStatements(assertions));
Set<String> roles = attributes.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
assertThat(roles, containsInAnyOrder(expectedRoles));
}
use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.
the class AssertionUtil method getRoles.
/**
* Given an assertion, return the list of roles it may have
*
* @param assertion The {@link AssertionType}
* @param roleKeys a list of string values representing the role keys. The list can be null.
*
* @return
*/
public static List<String> getRoles(AssertionType assertion, List<String> roleKeys) {
List<String> roles = new ArrayList<>();
Set<StatementAbstractType> statements = assertion.getStatements();
for (StatementAbstractType statement : statements) {
if (statement instanceof AttributeStatementType) {
AttributeStatementType attributeStatement = (AttributeStatementType) statement;
List<ASTChoiceType> attList = attributeStatement.getAttributes();
for (ASTChoiceType obj : attList) {
AttributeType attr = obj.getAttribute();
if (roleKeys != null && roleKeys.size() > 0) {
if (!roleKeys.contains(attr.getName()))
continue;
}
List<Object> attributeValues = attr.getAttributeValue();
if (attributeValues != null) {
for (Object attrValue : attributeValues) {
if (attrValue instanceof String) {
roles.add((String) attrValue);
} else if (attrValue instanceof Node) {
Node roleNode = (Node) attrValue;
roles.add(roleNode.getFirstChild().getNodeValue());
} else
throw logger.unknownObjectType(attrValue);
}
}
}
}
}
return roles;
}
use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.
the class AssertionUtil method decryptAssertion.
/**
* This method modifies the given responseType, and replaces the encrypted assertion with a decrypted version.
* @param responseType a response containg an encrypted assertion
* @return the assertion element as it was decrypted. This can be used in signature verification.
*/
public static Element decryptAssertion(SAMLDocumentHolder holder, ResponseType responseType, PrivateKey privateKey) throws ParsingException, ProcessingException, ConfigurationException {
Document doc = holder.getSamlDocument();
Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get()));
if (enc == null) {
throw new ProcessingException("No encrypted assertion found.");
}
String oldID = enc.getAttribute(JBossSAMLConstants.ID.get());
Document newDoc = DocumentUtil.createDocument();
Node importedNode = newDoc.importNode(enc, true);
newDoc.appendChild(importedNode);
Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey);
SAMLParser parser = SAMLParser.getInstance();
JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement);
AssertionType assertion = (AssertionType) parser.parse(parser.createEventReader(DocumentUtil.getNodeAsStream(decryptedDocumentElement)));
responseType.replaceAssertion(oldID, new ResponseType.RTChoiceType(assertion));
return decryptedDocumentElement;
}
use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.
the class AssertionUtil method getExpiration.
/**
* Extract the expiration time from an {@link AssertionType}
*
* @param assertion
*
* @return
*/
public static XMLGregorianCalendar getExpiration(AssertionType assertion) {
XMLGregorianCalendar expiry = null;
ConditionsType conditionsType = assertion.getConditions();
if (conditionsType != null) {
expiry = conditionsType.getNotOnOrAfter();
}
return expiry;
}
use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.
the class AssertionUtil method getSubTypeElement.
private static STSubType getSubTypeElement(final ResponseType responseType) {
final List<ResponseType.RTChoiceType> assertions = responseType.getAssertions();
if (assertions.isEmpty()) {
return null;
}
final AssertionType assertion = assertions.get(0).getAssertion();
if (assertion.getSubject() == null) {
return null;
}
return assertion.getSubject().getSubType();
}
Aggregations