Example 26 with AttributeStatementType
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class SAMLAssertionWriter method write.
/**
* Write an {@code AssertionType} to stream
*
* @param assertion
*
* @throws org.keycloak.saml.common.exceptions.ProcessingException
*/
public void write(AssertionType assertion) throws ProcessingException {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
// Attributes
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
NameIDType issuer = assertion.getIssuer();
if (issuer != null)
write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
SubjectType subject = assertion.getSubject();
if (subject != null) {
write(subject);
}
ConditionsType conditions = assertion.getConditions();
if (conditions != null) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI.get());
if (conditions.getNotBefore() != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
}
if (conditions.getNotOnOrAfter() != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
}
List<ConditionAbstractType> typeOfConditions = conditions.getConditions();
if (typeOfConditions != null) {
for (ConditionAbstractType typeCondition : typeOfConditions) {
if (typeCondition instanceof AudienceRestrictionType) {
AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), ASSERTION_NSURI.get());
List<URI> audiences = art.getAudience();
if (audiences != null) {
for (URI audience : audiences) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ASSERTION_NSURI.get());
StaxUtil.writeCharacters(writer, audience.toString());
StaxUtil.writeEndElement(writer);
}
}
StaxUtil.writeEndElement(writer);
}
if (typeCondition instanceof OneTimeUseType) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ONE_TIME_USE.get(), ASSERTION_NSURI.get());
StaxUtil.writeEndElement(writer);
}
}
}
StaxUtil.writeEndElement(writer);
}
AdviceType advice = assertion.getAdvice();
if (advice != null)
throw logger.notImplementedYet("Advice");
Set<StatementAbstractType> statements = assertion.getStatements();
if (statements != null) {
for (StatementAbstractType statement : statements) {
if (statement instanceof AuthnStatementType) {
write((AuthnStatementType) statement, false);
} else if (statement instanceof AttributeStatementType) {
write((AttributeStatementType) statement);
} else
throw logger.writerUnknownTypeError(statement.getClass().getName());
}
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
QName(javax.xml.namespace.QName)
AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
URI(java.net.URI)
ASSERTION_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI)
OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType)
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType)
SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType)
AdviceType(org.keycloak.dom.saml.v2.assertion.AdviceType)
ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
Example 27 with AttributeStatementType
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class SAMLParserTest method testSaml20AssertionsAnyTypeAttributeValue.
@Test
public void testSaml20AssertionsAnyTypeAttributeValue() throws Exception {
AssertionType assertion = assertParsed("saml20-assertion-anytype-attribute-value.xml", AssertionType.class);
AttributeStatementType attributeStatementType = assertion.getAttributeStatements().iterator().next();
assertThat(attributeStatementType.getAttributes(), hasSize(5));
for (AttributeStatementType.ASTChoiceType choiceType : attributeStatementType.getAttributes()) {
AttributeType attr = choiceType.getAttribute();
String attrName = attr.getName();
Object value = attr.getAttributeValue().get(0);
// test selected attributes
switch(attrName) {
case "attr:type:string":
assertThat(value, is((Object) "CITIZEN"));
break;
case "attr:notype:string":
assertThat(value, instanceOf(String.class));
assertThat(value, is((Object) "CITIZEN"));
break;
case "attr:notype:element":
assertThat(value, instanceOf(String.class));
assertThat((String) value, containsString("hospitaal x"));
value = attr.getAttributeValue().get(1);
assertThat(value, instanceOf(String.class));
assertThat((String) value, containsString("hopital x"));
break;
case "founded":
assertThat(value, is((Object) XMLTimeUtil.parse("2002-05-30T09:30:10-06:00")));
break;
case "expanded":
assertThat(value, is((Object) XMLTimeUtil.parse("2002-06-30")));
break;
default:
break;
}
}
}
Also used :
ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)
RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Test(org.junit.Test)
Example 28 with AttributeStatementType
use of org.keycloak.dom.saml.v2.assertion.AttributeStatementType in project keycloak by keycloak.
the class BrokerTest method testNoNameIDAndPrincipalFromAttribute.
@Test
public void testNoNameIDAndPrincipalFromAttribute() throws IOException {
final String userName = "newUser-" + UUID.randomUUID();
final RealmResource realm = adminClient.realm(REALM_NAME);
final IdentityProviderRepresentation rep = addIdentityProvider("https://saml.idp/");
rep.getConfig().put(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, "undefined");
rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.toString());
rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, "user");
try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, rep)) {
new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).transformObject(resp -> {
final ResponseType rt = (ResponseType) resp;
final AssertionType assertion = rt.getAssertions().get(0).getAssertion();
// Remove NameID from subject
assertion.getSubject().setSubType(null);
// Add attribute to get principal from
AttributeStatementType attrStatement = new AttributeStatementType();
AttributeType attribute = new AttributeType("user");
attribute.addAttributeValue(userName);
attrStatement.addAttribute(new ASTChoiceType(attribute));
rt.getAssertions().get(0).getAssertion().addStatement(attrStatement);
return rt;
}).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().followOneRedirect().updateProfile().username(userName).firstName("someFirstName").lastName("someLastName").email("some@email.com").build().followOneRedirect().assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(200)).execute();
}
final UserRepresentation userRepresentation = realm.users().search(userName).stream().findFirst().get();
final List<UserSessionRepresentation> userSessions = realm.users().get(userRepresentation.getId()).getUserSessions();
assertThat(userSessions, hasSize(1));
}
Also used :
XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil)
KeyPair(java.security.KeyPair)
ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)
POST(org.keycloak.testsuite.util.SamlClient.Binding.POST)
Header(org.apache.http.Header)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig)
SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory)
ClientsResource(org.keycloak.admin.client.resource.ClientsResource)
ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType)
Document(org.w3c.dom.Document)
Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement)
NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)
HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName)
URI(java.net.URI)
HttpHeaders(org.apache.http.HttpHeaders)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
IdentityProviderBuilder(org.keycloak.testsuite.util.IdentityProviderBuilder)
UUID(java.util.UUID)
Objects(java.util.Objects)
List(java.util.List)
Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse)
Matchers.is(org.hamcrest.Matchers.is)
SAML_CLIENT_ID_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_SALES_POST)
QName(javax.xml.namespace.QName)
SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType)
XmlDSigQNames(org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
RSA_SHA1(org.keycloak.saml.SignatureAlgorithm.RSA_SHA1)
REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT)
SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
DOMException(org.w3c.dom.DOMException)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
UserResource(org.keycloak.admin.client.resource.UserResource)
Status(javax.ws.rs.core.Response.Status)
ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
NodeList(org.w3c.dom.NodeList)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants)
REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME)
Matchers(org.hamcrest.Matchers)
IOException(java.io.IOException)
Test(org.junit.Test)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
SAML_ASSERTION_CONSUMER_URL_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType)
IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator)
IdpReviewProfileAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticatorFactory)
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
Element(org.w3c.dom.Element)
Assert(org.junit.Assert)
UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator)
IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation)
ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Test(org.junit.Test)
Aggregations
AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)27
AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)25
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)12
ASTChoiceType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)11
Test (org.junit.Test)9
StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)9
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)8
URI (java.net.URI)6
List (java.util.List)6
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)6
IOException (java.io.IOException)5
ArrayList (java.util.ArrayList)5
Map (java.util.Map)5
Matchers.containsString (org.hamcrest.Matchers.containsString)5
JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)5
ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)5
ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)5
SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)5
Set (java.util.Set)4
Collectors (java.util.stream.Collectors)4
