Examples with AttributeStatementType org.keycloak.dom.saml.v2.assertion.AttributeStatementType used on opensource projects

Example 6 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method testProviderIdpInitiatedLoginWithPrincipalAttribute.

// KEYCLOAK-7969
@Test
public void testProviderIdpInitiatedLoginWithPrincipalAttribute() throws Exception {
    IdentityProviderResource idp = adminClient.realm(REALM_CONS_NAME).identityProviders().get("saml-leaf");
    IdentityProviderRepresentation rep = idp.toRepresentation();
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.name());
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, X500SAMLProfileConstants.UID.get());
    idp.update(rep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")).login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"));
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(X500SAMLProfileConstants.UID.get());
        attr.addAttributeValue(PROVIDER_REALM_USER_NAME);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth"));
    assertAudience(resp, urlRealmConsumer + "/app/auth");
    UsersResource users = adminClient.realm(REALM_CONS_NAME).users();
    String id = users.search(CONSUMER_CHOSEN_USERNAME).get(0).getId();
    FederatedIdentityRepresentation fed = users.get(id).getFederatedIdentity().get(0);
    assertThat(fed.getUserId(), is(PROVIDER_REALM_USER_NAME));
    assertThat(fed.getUserName(), is(PROVIDER_REALM_USER_NAME));
}

Example 7 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class KcSamlBrokerTest method emptyAttributeToRoleMapperTest.

@Test
public void emptyAttributeToRoleMapperTest() throws ParsingException, ConfigurationException, ProcessingException {
    createRolesForRealm(bc.consumerRealmName());
    createRoleMappersForConsumerRealm();
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
    Document doc = SAML2Request.convert(loginRep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
    Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
    Binding.POST).transformObject(ob -> {
        assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(EMPTY_ATTRIBUTE_NAME);
        attr.addAttributeValue(null);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
    Binding.POST);
    Assert.assertThat(samlResponse, Matchers.notNullValue());
    Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertionTypeStream = assertionsUnencrypted(samlResponse.getSamlObject());
    Stream<AttributeType> attributeStatementTypeStream = attributesUnecrypted(attributeStatements(assertionTypeStream));
    Set<String> attributeValues = attributeStatementTypeStream.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
    assertThat(attributeValues, hasItems(EMPTY_ATTRIBUTE_ROLE));
}

Example 8 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class StatementUtil method createAttributeStatement.

/**
 * Given a set of roles, create an attribute statement
 *
 * @param roles
 *
 * @return
 */
public static AttributeStatementType createAttributeStatement(List<String> roles) {
    AttributeStatementType attrStatement = null;
    for (String role : roles) {
        if (attrStatement == null) {
            attrStatement = new AttributeStatementType();
        }
        AttributeType attr = new AttributeType(AttributeConstants.ROLE_IDENTIFIER_ASSERTION);
        attr.addAttributeValue(role);
        attrStatement.addAttribute(new ASTChoiceType(attr));
    }
    return attrStatement;
}

Example 9 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class StatementUtil method createAttributeStatementForRoles.

/**
 * Given a set of roles, create an attribute statement
 *
 * @param roles
 * @param multivalued if you want the attribute to be multi valued
 *
 * @return
 */
public static AttributeStatementType createAttributeStatementForRoles(List<String> roles, boolean multivalued) {
    if (!multivalued) {
        return createAttributeStatement(roles);
    }
    AttributeStatementType attrStatement = new AttributeStatementType();
    AttributeType attr = new AttributeType(AttributeConstants.ROLE_IDENTIFIER_ASSERTION);
    for (String role : roles) {
        attr.addAttributeValue(role);
    }
    attrStatement.addAttribute(new ASTChoiceType(attr));
    return attrStatement;
}

Example 10 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class StatementUtil method createAttributeStatement.

/**
 * Given an attribute type and a value, create {@link AttributeStatementType}
 *
 * @param key attribute type
 * @param value attribute value
 *
 * @return
 */
public static AttributeStatementType createAttributeStatement(String key, String value) {
    AttributeStatementType attrStatement = new AttributeStatementType();
    AttributeType attr = new AttributeType(key);
    attr.addAttributeValue(value);
    attrStatement.addAttribute(new ASTChoiceType(attr));
    return attrStatement;
}