Search in sources :

Example 11 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class SAMLAssertionWriter method write.

public void write(AttributeStatementType statement) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(), ASSERTION_NSURI.get());
    List<ASTChoiceType> attributes = statement.getAttributes();
    if (attributes != null) {
        for (ASTChoiceType attr : attributes) {
            AttributeType attributeType = attr.getAttribute();
            if (attributeType != null) {
                write(attributeType);
            }
            EncryptedElementType encType = attr.getEncryptedAssertion();
            if (encType != null)
                throw logger.notImplementedYet("EncryptedElementType");
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) EncryptedElementType(org.keycloak.dom.saml.v2.assertion.EncryptedElementType)

Example 12 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class AdvancedAttributeToRoleMapper method applies.

protected boolean applies(final IdentityProviderMapperModel mapperModel, final BrokeredIdentityContext context) {
    Map<String, String> attributes = mapperModel.getConfigMap(ATTRIBUTE_PROPERTY_NAME);
    boolean areAttributeValuesRegexes = Boolean.parseBoolean(mapperModel.getConfig().get(ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME));
    AssertionType assertion = (AssertionType) context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
    Set<AttributeStatementType> attributeAssertions = assertion.getAttributeStatements();
    if (attributeAssertions == null) {
        return false;
    }
    for (Map.Entry<String, String> attribute : attributes.entrySet()) {
        String attributeKey = attribute.getKey();
        List<Object> attributeValues = attributeAssertions.stream().flatMap(statements -> statements.getAttributes().stream()).filter(choiceType -> attributeKey.equals(choiceType.getAttribute().getName()) || attributeKey.equals(choiceType.getAttribute().getFriendlyName())).flatMap(choiceType -> choiceType.getAttribute().getAttributeValue().stream()).collect(Collectors.toList());
        boolean attributeValueMatch = areAttributeValuesRegexes ? valueMatchesRegex(attribute.getValue(), attributeValues) : attributeValues.contains(attribute.getValue());
        if (!attributeValueMatch) {
            return false;
        }
    }
    return true;
}
Also used : RegexUtils.valueMatchesRegex(org.keycloak.utils.RegexUtils.valueMatchesRegex) Arrays(java.util.Arrays) SAMLEndpoint(org.keycloak.broker.saml.SAMLEndpoint) IdentityProviderMapperModel(org.keycloak.models.IdentityProviderMapperModel) IdentityProviderSyncMode(org.keycloak.models.IdentityProviderSyncMode) ProviderConfigProperty(org.keycloak.provider.ProviderConfigProperty) Set(java.util.Set) BrokeredIdentityContext(org.keycloak.broker.provider.BrokeredIdentityContext) ConfigConstants(org.keycloak.broker.provider.ConfigConstants) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Collectors(java.util.stream.Collectors) ArrayList(java.util.ArrayList) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) HashSet(java.util.HashSet) List(java.util.List) SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory) Map(java.util.Map) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Map(java.util.Map)

Example 13 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class AttributeToRoleMapper method applies.

protected boolean applies(final IdentityProviderMapperModel mapperModel, final BrokeredIdentityContext context) {
    String name = mapperModel.getConfig().get(ATTRIBUTE_NAME);
    if (name != null && name.trim().equals(""))
        name = null;
    String friendly = mapperModel.getConfig().get(ATTRIBUTE_FRIENDLY_NAME);
    if (friendly != null && friendly.trim().equals(""))
        friendly = null;
    String desiredValue = Optional.ofNullable(mapperModel.getConfig().get(ATTRIBUTE_VALUE)).orElse("");
    AssertionType assertion = (AssertionType) context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
    for (AttributeStatementType statement : assertion.getAttributeStatements()) {
        for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
            AttributeType attr = choice.getAttribute();
            if (name != null && !name.equals(attr.getName()))
                continue;
            if (friendly != null && !friendly.equals(attr.getFriendlyName()))
                continue;
            for (Object val : attr.getAttributeValue()) {
                val = Optional.ofNullable(val).orElse("");
                if (val.equals(desiredValue))
                    return true;
            }
        }
    }
    return false;
}
Also used : AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)

Example 14 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class UsernameTemplateMapper method setUserNameFromTemplate.

private void setUserNameFromTemplate(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
    AssertionType assertion = (AssertionType) context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
    String template = mapperModel.getConfig().get(TEMPLATE);
    Matcher m = SUBSTITUTION.matcher(template);
    StringBuffer sb = new StringBuffer();
    while (m.find()) {
        String variable = m.group(1);
        UnaryOperator<String> transformer = Optional.ofNullable(m.group(2)).map(TRANSFORMERS::get).orElse(UnaryOperator.identity());
        if (variable.equals("ALIAS")) {
            m.appendReplacement(sb, transformer.apply(context.getIdpConfig().getAlias()));
        } else if (variable.equals("UUID")) {
            m.appendReplacement(sb, transformer.apply(KeycloakModelUtils.generateId()));
        } else if (variable.equals("NAMEID")) {
            SubjectType subject = assertion.getSubject();
            SubjectType.STSubType subType = subject.getSubType();
            NameIDType subjectNameID = (NameIDType) subType.getBaseID();
            m.appendReplacement(sb, transformer.apply(subjectNameID.getValue()));
        } else if (variable.startsWith("ATTRIBUTE.")) {
            String name = variable.substring("ATTRIBUTE.".length());
            String value = "";
            for (AttributeStatementType statement : assertion.getAttributeStatements()) {
                for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
                    AttributeType attr = choice.getAttribute();
                    if (name.equals(attr.getName()) || name.equals(attr.getFriendlyName())) {
                        List<Object> attributeValue = attr.getAttributeValue();
                        if (attributeValue != null && !attributeValue.isEmpty()) {
                            value = attributeValue.get(0).toString();
                        }
                        break;
                    }
                }
            }
            m.appendReplacement(sb, transformer.apply(value));
        } else {
            m.appendReplacement(sb, m.group(1));
        }
    }
    m.appendTail(sb);
    Target t = getTarget(mapperModel.getConfig().get(TARGET));
    t.set(context, sb.toString());
}
Also used : Matcher(java.util.regex.Matcher) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) ArrayList(java.util.ArrayList) List(java.util.List) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Example 15 with AttributeStatementType

use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.

the class BrokerTest method createAuthnResponse.

private SAML2Object createAuthnResponse(SAML2Object so) {
    AuthnRequestType req = (AuthnRequestType) so;
    try {
        final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer("https://saml.idp/saml").assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
        AttributeStatementType attrStatement = new AttributeStatementType();
        AttributeType attribute = new AttributeType("mail");
        attribute.addAttributeValue("v@w.x");
        attrStatement.addAttribute(new ASTChoiceType(attribute));
        res.getAssertions().get(0).getAssertion().addStatement(attrStatement);
        return res;
    } catch (ConfigurationException | ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Aggregations

AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)27 AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)25 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)12 ASTChoiceType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)11 Test (org.junit.Test)9 StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)9 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)8 URI (java.net.URI)6 List (java.util.List)6 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)6 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 Map (java.util.Map)5 Matchers.containsString (org.hamcrest.Matchers.containsString)5 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)5 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)5 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)5 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)5 Set (java.util.Set)4 Collectors (java.util.stream.Collectors)4