Search in sources :

Example 6 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method testProviderIdpInitiatedLoginWithPrincipalAttribute.

// KEYCLOAK-7969
@Test
public void testProviderIdpInitiatedLoginWithPrincipalAttribute() throws Exception {
    IdentityProviderResource idp = adminClient.realm(REALM_CONS_NAME).identityProviders().get("saml-leaf");
    IdentityProviderRepresentation rep = idp.toRepresentation();
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.name());
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, X500SAMLProfileConstants.UID.get());
    idp.update(rep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")).login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"));
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(X500SAMLProfileConstants.UID.get());
        attr.addAttributeValue(PROVIDER_REALM_USER_NAME);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth"));
    assertAudience(resp, urlRealmConsumer + "/app/auth");
    UsersResource users = adminClient.realm(REALM_CONS_NAME).users();
    String id = users.search(CONSUMER_CHOSEN_USERNAME).get(0).getId();
    FederatedIdentityRepresentation fed = users.get(id).getFederatedIdentity().get(0);
    assertThat(fed.getUserId(), is(PROVIDER_REALM_USER_NAME));
    assertThat(fed.getUserName(), is(PROVIDER_REALM_USER_NAME));
}
Also used : AssertionUtil(org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil) Page(org.jboss.arquillian.graphene.page.Page) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Assert.assertThat(org.junit.Assert.assertThat) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) ByteArrayInputStream(java.io.ByteArrayInputStream) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Map(java.util.Map) REALM_PROV_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_PROV_NAME) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) Set(java.util.Set) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) IOUtil(org.keycloak.testsuite.utils.io.IOUtil) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) List(java.util.List) Response(javax.ws.rs.core.Response) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) LoginPage(org.keycloak.testsuite.pages.LoginPage) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) WebDriverWait(org.openqa.selenium.support.ui.WebDriverWait) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) Assert(org.keycloak.testsuite.Assert) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) WebDriver(org.openqa.selenium.WebDriver) X500SAMLProfileConstants(org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants) ExpectedCondition(org.openqa.selenium.support.ui.ExpectedCondition) UsersResource(org.keycloak.admin.client.resource.UsersResource) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) StringPropertyReplacer(org.keycloak.common.util.StringPropertyReplacer) UpdateAccountInformationPage(org.keycloak.testsuite.pages.UpdateAccountInformationPage) PageUtils(org.keycloak.testsuite.pages.PageUtils) Matchers.hasSize(org.hamcrest.Matchers.hasSize) StreamUtil(org.keycloak.common.util.StreamUtil) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Before(org.junit.Before) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Properties(java.util.Properties) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) By(org.openqa.selenium.By) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) REALM_CONS_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME) Binding(org.keycloak.testsuite.util.SamlClient.Binding) Assert.assertEquals(org.junit.Assert.assertEquals) InputStream(java.io.InputStream) Set(java.util.Set) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Matchers.containsString(org.hamcrest.Matchers.containsString) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) UsersResource(org.keycloak.admin.client.resource.UsersResource) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 7 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class KcSamlBrokerTest method emptyAttributeToRoleMapperTest.

@Test
public void emptyAttributeToRoleMapperTest() throws ParsingException, ConfigurationException, ProcessingException {
    createRolesForRealm(bc.consumerRealmName());
    createRoleMappersForConsumerRealm();
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
    Document doc = SAML2Request.convert(loginRep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
    Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
    Binding.POST).transformObject(ob -> {
        assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(EMPTY_ATTRIBUTE_NAME);
        attr.addAttributeValue(null);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
    Binding.POST);
    Assert.assertThat(samlResponse, Matchers.notNullValue());
    Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertionTypeStream = assertionsUnencrypted(samlResponse.getSamlObject());
    Stream<AttributeType> attributeStatementTypeStream = attributesUnecrypted(attributeStatements(assertionTypeStream));
    Set<String> attributeValues = attributeStatementTypeStream.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
    assertThat(attributeValues, hasItems(EMPTY_ATTRIBUTE_ROLE));
}
Also used : AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Arrays(java.util.Arrays) Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) SamlStreams.attributesUnecrypted(org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted) Matchers.not(org.hamcrest.Matchers.not) ROLE_ATTRIBUTE_NAME(org.keycloak.testsuite.saml.RoleMapperTest.ROLE_ATTRIBUTE_NAME) Matchers.hasItems(org.hamcrest.Matchers.hasItems) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Assert.assertThat(org.junit.Assert.assertThat) Document(org.w3c.dom.Document) SamlClient(org.keycloak.testsuite.util.SamlClient) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Matchers.isSamlResponse(org.keycloak.testsuite.util.Matchers.isSamlResponse) ImmutableMap(com.google.common.collect.ImmutableMap) RealmResource(org.keycloak.admin.client.resource.RealmResource) Set(java.util.Set) Collectors(java.util.stream.Collectors) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) SAMLProtocolQNames(org.keycloak.saml.processing.core.parsers.saml.protocol.SAMLProtocolQNames) SamlStreams.attributeStatements(org.keycloak.testsuite.util.SamlStreams.attributeStatements) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderMapperModel(org.keycloak.models.IdentityProviderMapperModel) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) HashMap(java.util.HashMap) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) BrokerTestTools.getConsumerRoot(org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) UserResource(org.keycloak.admin.client.resource.UserResource) SamlStreams.assertionsUnencrypted(org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) UserAttributeMapper(org.keycloak.broker.saml.mappers.UserAttributeMapper) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Element(org.w3c.dom.Element) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) Binding(org.keycloak.testsuite.util.SamlClient.Binding) IdentityProviderMapperSyncMode(org.keycloak.models.IdentityProviderMapperSyncMode) BrokerTestTools.getProviderRoot(org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot) Assert(org.junit.Assert) Collections(java.util.Collections) AttributeToRoleMapper(org.keycloak.broker.saml.mappers.AttributeToRoleMapper) Set(java.util.Set) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Document(org.w3c.dom.Document) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 8 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class StatementUtil method createAttributeStatement.

/**
 * Given a set of roles, create an attribute statement
 *
 * @param roles
 *
 * @return
 */
public static AttributeStatementType createAttributeStatement(List<String> roles) {
    AttributeStatementType attrStatement = null;
    for (String role : roles) {
        if (attrStatement == null) {
            attrStatement = new AttributeStatementType();
        }
        AttributeType attr = new AttributeType(AttributeConstants.ROLE_IDENTIFIER_ASSERTION);
        attr.addAttributeValue(role);
        attrStatement.addAttribute(new ASTChoiceType(attr));
    }
    return attrStatement;
}
Also used : AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)

Example 9 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class StatementUtil method createAttributeStatementForRoles.

/**
 * Given a set of roles, create an attribute statement
 *
 * @param roles
 * @param multivalued if you want the attribute to be multi valued
 *
 * @return
 */
public static AttributeStatementType createAttributeStatementForRoles(List<String> roles, boolean multivalued) {
    if (!multivalued) {
        return createAttributeStatement(roles);
    }
    AttributeStatementType attrStatement = new AttributeStatementType();
    AttributeType attr = new AttributeType(AttributeConstants.ROLE_IDENTIFIER_ASSERTION);
    for (String role : roles) {
        attr.addAttributeValue(role);
    }
    attrStatement.addAttribute(new ASTChoiceType(attr));
    return attrStatement;
}
Also used : AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)

Example 10 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class StatementUtil method createAttributeStatement.

/**
 * Given an attribute type and a value, create {@link AttributeStatementType}
 *
 * @param key attribute type
 * @param value attribute value
 *
 * @return
 */
public static AttributeStatementType createAttributeStatement(String key, String value) {
    AttributeStatementType attrStatement = new AttributeStatementType();
    AttributeType attr = new AttributeType(key);
    attr.addAttributeValue(value);
    attrStatement.addAttribute(new ASTChoiceType(attr));
    return attrStatement;
}
Also used : AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)

Aggregations

AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)27 AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)25 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)12 ASTChoiceType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)11 Test (org.junit.Test)9 StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)9 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)8 URI (java.net.URI)6 List (java.util.List)6 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)6 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 Map (java.util.Map)5 Matchers.containsString (org.hamcrest.Matchers.containsString)5 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)5 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)5 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)5 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)5 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4