use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class KcSamlIdPInitiatedSsoTest method testProviderIdpInitiatedLoginWithPrincipalAttribute.
// KEYCLOAK-7969
@Test
public void testProviderIdpInitiatedLoginWithPrincipalAttribute() throws Exception {
IdentityProviderResource idp = adminClient.realm(REALM_CONS_NAME).identityProviders().get("saml-leaf");
IdentityProviderRepresentation rep = idp.toRepresentation();
rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.name());
rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, X500SAMLProfileConstants.UID.get());
idp.update(rep);
SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")).login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType resp = (ResponseType) ob;
assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales")));
assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"));
Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
AttributeType attr = new AttributeType(X500SAMLProfileConstants.UID.get());
attr.addAttributeValue(PROVIDER_REALM_USER_NAME);
attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
return ob;
}).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(Binding.POST);
assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType resp = (ResponseType) samlResponse.getSamlObject();
assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth"));
assertAudience(resp, urlRealmConsumer + "/app/auth");
UsersResource users = adminClient.realm(REALM_CONS_NAME).users();
String id = users.search(CONSUMER_CHOSEN_USERNAME).get(0).getId();
FederatedIdentityRepresentation fed = users.get(id).getFederatedIdentity().get(0);
assertThat(fed.getUserId(), is(PROVIDER_REALM_USER_NAME));
assertThat(fed.getUserName(), is(PROVIDER_REALM_USER_NAME));
}
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class KcSamlBrokerTest method emptyAttributeToRoleMapperTest.
@Test
public void emptyAttributeToRoleMapperTest() throws ParsingException, ConfigurationException, ProcessingException {
createRolesForRealm(bc.consumerRealmName());
createRoleMappersForConsumerRealm();
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
Binding.POST).transformObject(ob -> {
assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType resp = (ResponseType) ob;
Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
AttributeType attr = new AttributeType(EMPTY_ATTRIBUTE_NAME);
attr.addAttributeValue(null);
attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
return ob;
}).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
Binding.POST);
Assert.assertThat(samlResponse, Matchers.notNullValue());
Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
Stream<AssertionType> assertionTypeStream = assertionsUnencrypted(samlResponse.getSamlObject());
Stream<AttributeType> attributeStatementTypeStream = attributesUnecrypted(attributeStatements(assertionTypeStream));
Set<String> attributeValues = attributeStatementTypeStream.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
assertThat(attributeValues, hasItems(EMPTY_ATTRIBUTE_ROLE));
}
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class StatementUtil method createAttributeStatement.
/**
* Given a set of roles, create an attribute statement
*
* @param roles
*
* @return
*/
public static AttributeStatementType createAttributeStatement(List<String> roles) {
AttributeStatementType attrStatement = null;
for (String role : roles) {
if (attrStatement == null) {
attrStatement = new AttributeStatementType();
}
AttributeType attr = new AttributeType(AttributeConstants.ROLE_IDENTIFIER_ASSERTION);
attr.addAttributeValue(role);
attrStatement.addAttribute(new ASTChoiceType(attr));
}
return attrStatement;
}
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class StatementUtil method createAttributeStatementForRoles.
/**
* Given a set of roles, create an attribute statement
*
* @param roles
* @param multivalued if you want the attribute to be multi valued
*
* @return
*/
public static AttributeStatementType createAttributeStatementForRoles(List<String> roles, boolean multivalued) {
if (!multivalued) {
return createAttributeStatement(roles);
}
AttributeStatementType attrStatement = new AttributeStatementType();
AttributeType attr = new AttributeType(AttributeConstants.ROLE_IDENTIFIER_ASSERTION);
for (String role : roles) {
attr.addAttributeValue(role);
}
attrStatement.addAttribute(new ASTChoiceType(attr));
return attrStatement;
}
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class StatementUtil method createAttributeStatement.
/**
* Given an attribute type and a value, create {@link AttributeStatementType}
*
* @param key attribute type
* @param value attribute value
*
* @return
*/
public static AttributeStatementType createAttributeStatement(String key, String value) {
AttributeStatementType attrStatement = new AttributeStatementType();
AttributeType attr = new AttributeType(key);
attr.addAttributeValue(value);
attrStatement.addAttribute(new ASTChoiceType(attr));
return attrStatement;
}
Aggregations