use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class SAMLAssertionWriter method write.
public void write(AttributeStatementType statement) throws ProcessingException {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(), ASSERTION_NSURI.get());
List<ASTChoiceType> attributes = statement.getAttributes();
if (attributes != null) {
for (ASTChoiceType attr : attributes) {
AttributeType attributeType = attr.getAttribute();
if (attributeType != null) {
write(attributeType);
}
EncryptedElementType encType = attr.getEncryptedAssertion();
if (encType != null)
throw logger.notImplementedYet("EncryptedElementType");
}
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class AdvancedAttributeToRoleMapper method applies.
protected boolean applies(final IdentityProviderMapperModel mapperModel, final BrokeredIdentityContext context) {
Map<String, String> attributes = mapperModel.getConfigMap(ATTRIBUTE_PROPERTY_NAME);
boolean areAttributeValuesRegexes = Boolean.parseBoolean(mapperModel.getConfig().get(ARE_ATTRIBUTE_VALUES_REGEX_PROPERTY_NAME));
AssertionType assertion = (AssertionType) context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
Set<AttributeStatementType> attributeAssertions = assertion.getAttributeStatements();
if (attributeAssertions == null) {
return false;
}
for (Map.Entry<String, String> attribute : attributes.entrySet()) {
String attributeKey = attribute.getKey();
List<Object> attributeValues = attributeAssertions.stream().flatMap(statements -> statements.getAttributes().stream()).filter(choiceType -> attributeKey.equals(choiceType.getAttribute().getName()) || attributeKey.equals(choiceType.getAttribute().getFriendlyName())).flatMap(choiceType -> choiceType.getAttribute().getAttributeValue().stream()).collect(Collectors.toList());
boolean attributeValueMatch = areAttributeValuesRegexes ? valueMatchesRegex(attribute.getValue(), attributeValues) : attributeValues.contains(attribute.getValue());
if (!attributeValueMatch) {
return false;
}
}
return true;
}
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class AttributeToRoleMapper method applies.
protected boolean applies(final IdentityProviderMapperModel mapperModel, final BrokeredIdentityContext context) {
String name = mapperModel.getConfig().get(ATTRIBUTE_NAME);
if (name != null && name.trim().equals(""))
name = null;
String friendly = mapperModel.getConfig().get(ATTRIBUTE_FRIENDLY_NAME);
if (friendly != null && friendly.trim().equals(""))
friendly = null;
String desiredValue = Optional.ofNullable(mapperModel.getConfig().get(ATTRIBUTE_VALUE)).orElse("");
AssertionType assertion = (AssertionType) context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
for (AttributeStatementType statement : assertion.getAttributeStatements()) {
for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
AttributeType attr = choice.getAttribute();
if (name != null && !name.equals(attr.getName()))
continue;
if (friendly != null && !friendly.equals(attr.getFriendlyName()))
continue;
for (Object val : attr.getAttributeValue()) {
val = Optional.ofNullable(val).orElse("");
if (val.equals(desiredValue))
return true;
}
}
}
return false;
}
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class UsernameTemplateMapper method setUserNameFromTemplate.
private void setUserNameFromTemplate(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
AssertionType assertion = (AssertionType) context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
String template = mapperModel.getConfig().get(TEMPLATE);
Matcher m = SUBSTITUTION.matcher(template);
StringBuffer sb = new StringBuffer();
while (m.find()) {
String variable = m.group(1);
UnaryOperator<String> transformer = Optional.ofNullable(m.group(2)).map(TRANSFORMERS::get).orElse(UnaryOperator.identity());
if (variable.equals("ALIAS")) {
m.appendReplacement(sb, transformer.apply(context.getIdpConfig().getAlias()));
} else if (variable.equals("UUID")) {
m.appendReplacement(sb, transformer.apply(KeycloakModelUtils.generateId()));
} else if (variable.equals("NAMEID")) {
SubjectType subject = assertion.getSubject();
SubjectType.STSubType subType = subject.getSubType();
NameIDType subjectNameID = (NameIDType) subType.getBaseID();
m.appendReplacement(sb, transformer.apply(subjectNameID.getValue()));
} else if (variable.startsWith("ATTRIBUTE.")) {
String name = variable.substring("ATTRIBUTE.".length());
String value = "";
for (AttributeStatementType statement : assertion.getAttributeStatements()) {
for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
AttributeType attr = choice.getAttribute();
if (name.equals(attr.getName()) || name.equals(attr.getFriendlyName())) {
List<Object> attributeValue = attr.getAttributeValue();
if (attributeValue != null && !attributeValue.isEmpty()) {
value = attributeValue.get(0).toString();
}
break;
}
}
}
m.appendReplacement(sb, transformer.apply(value));
} else {
m.appendReplacement(sb, m.group(1));
}
}
m.appendTail(sb);
Target t = getTarget(mapperModel.getConfig().get(TARGET));
t.set(context, sb.toString());
}
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class BrokerTest method createAuthnResponse.
private SAML2Object createAuthnResponse(SAML2Object so) {
AuthnRequestType req = (AuthnRequestType) so;
try {
final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer("https://saml.idp/saml").assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
AttributeStatementType attrStatement = new AttributeStatementType();
AttributeType attribute = new AttributeType("mail");
attribute.addAttributeValue("v@w.x");
attrStatement.addAttribute(new ASTChoiceType(attribute));
res.getAssertions().get(0).getAssertion().addStatement(attrStatement);
return res;
} catch (ConfigurationException | ProcessingException ex) {
throw new RuntimeException(ex);
}
}
Aggregations