use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.
the class SAMLParserTest method testSaml20AssertionExample.
@Test
public void testSaml20AssertionExample() throws Exception {
AssertionType assertion = assertParsed("saml20-assertion-example.xml", AssertionType.class);
AttributeStatementType attributeStatementType = assertion.getAttributeStatements().iterator().next();
assertThat(attributeStatementType.getAttributes(), hasSize(9));
for (AttributeStatementType.ASTChoiceType choiceType : attributeStatementType.getAttributes()) {
AttributeType attr = choiceType.getAttribute();
String attrName = attr.getName();
Object value = attr.getAttributeValue().get(0);
// test selected attributes
switch(attrName) {
case "portal_id":
assertEquals(value, "060D00000000SHZ");
break;
case "organization_id":
assertThat(value, instanceOf(String.class));
assertThat((String) value, containsString("<n3:stuff xmlns:n3=\"ftp://example.org\">00DD0000000F7L5</n3:stuff>"));
break;
case "has_sub_organization":
assertThat(value, is((Object) "true"));
break;
case "anytype_test":
assertThat(value, instanceOf(String.class));
assertThat((String) value, containsString("<elem2>val2</elem2>"));
break;
case "anytype_no_xml_test":
assertThat(value, is((Object) "value_no_xml"));
break;
case "logouturl":
assertThat(value, is((Object) "http://www.salesforce.com/security/del_auth/SsoLogoutPage.html"));
break;
case "nil_value_attribute":
assertNull(value);
break;
case "status":
assertThat(value, is((Object) "<status><code><status>XYZ</status></code></status>"));
break;
default:
break;
}
}
}
use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.
the class SAMLParserTest method testSaml20AssertionsAdviceTag.
@Test
public void testSaml20AssertionsAdviceTag() throws Exception {
Matcher<String>[] ATTR_NAME = new Matcher[] { is("portal_id"), is("organization_id"), is("status"), is("has_sub_organization"), is("anytype_test"), is("anytype_no_xml_test"), is("ssostartpage"), is("logouturl"), is("nil_value_attribute") };
Matcher<List<Object>>[] ATTR_VALUE = new Matcher[] { contains(is("060D00000000SHZ")), contains(is("<n1:elem2 xmlns:n1=\"http://example.net\" xml:lang=\"en\"><n3:stuff xmlns:n3=\"ftp://example.org\">00DD0000000F7L5</n3:stuff></n1:elem2>")), contains(is("<status><code><status>XYZ</status></code></status>")), contains(is("true")), contains(is("<elem1 atttr1=\"en\"><elem2>val2</elem2></elem1>")), contains(is("value_no_xml")), contains(is("http://www.salesforce.com/security/saml/saml20-gen.jsp")), contains(is("http://www.salesforce.com/security/del_auth/SsoLogoutPage.html")), contains(nullValue()) };
AssertionType a = assertParsed("saml20-assertion-advice.xml", AssertionType.class);
assertThat(a.getStatements(), containsInAnyOrder(instanceOf(AuthnStatementType.class), instanceOf(AttributeStatementType.class)));
for (StatementAbstractType statement : a.getStatements()) {
if (statement instanceof AuthnStatementType) {
AuthnStatementType as = (AuthnStatementType) statement;
final AuthnContextType ac = as.getAuthnContext();
assertThat(ac, notNullValue());
assertThat(ac.getSequence(), notNullValue());
assertThat(ac.getSequence().getClassRef().getValue(), is(JBossSAMLURIConstants.AC_UNSPECIFIED.getUri()));
assertThat(ac.getSequence(), notNullValue());
assertThat(ac.getSequence().getAuthnContextDecl(), notNullValue());
assertThat(ac.getSequence().getAuthnContextDecl().getValue(), instanceOf(Element.class));
final Element el = (Element) ac.getSequence().getAuthnContextDecl().getValue();
assertThat(el.getTextContent(), is("auth.weak"));
} else {
AttributeStatementType as = (AttributeStatementType) statement;
assertThat(as.getAttributes(), hasSize(9));
for (int i = 0; i < as.getAttributes().size(); i++) {
AttributeType attr = as.getAttributes().get(i).getAttribute();
assertThat(attr.getName(), ATTR_NAME[i]);
assertThat(attr.getAttributeValue(), ATTR_VALUE[i]);
}
}
}
assertThat(a.getConditions().getConditions(), contains(instanceOf(AudienceRestrictionType.class)));
}
use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.
the class SAMLParserTest method testSAML20MetadataEntityDescriptorAttrA.
@Test
public void testSAML20MetadataEntityDescriptorAttrA() throws Exception {
EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-idp.xml", EntityDescriptorType.class);
List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
assertThat(descriptors, hasSize(2));
AttributeAuthorityDescriptorType aaDescriptor = descriptors.get(1).getDescriptors().get(0).getAttribDescriptor();
assertThat(aaDescriptor, is(notNullValue()));
assertThat(aaDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
// Key descriptor
List<KeyDescriptorType> keyDescriptors = aaDescriptor.getKeyDescriptor();
assertThat(keyDescriptors, hasSize(1));
KeyDescriptorType signingKey = keyDescriptors.get(0);
assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("IdentityProvider.com AA Key"));
// Attribute service
assertThat(aaDescriptor.getAttributeService(), hasSize(1));
EndpointType attrServ = aaDescriptor.getAttributeService().get(0);
assertThat(attrServ.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
assertThat(attrServ.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/AA/SOAP")));
assertThat(attrServ.getResponseLocation(), is(nullValue()));
assertThat(attrServ.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(attrServ.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// AssertionIDRequestService
assertThat(aaDescriptor.getAssertionIDRequestService(), hasSize(1));
EndpointType assertIDRServ = aaDescriptor.getAssertionIDRequestService().get(0);
assertThat(assertIDRServ.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:URI")));
assertThat(assertIDRServ.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/AA/URI")));
assertThat(assertIDRServ.getResponseLocation(), is(nullValue()));
assertThat(assertIDRServ.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(assertIDRServ.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// NameID
assertThat(aaDescriptor.getNameIDFormat(), containsInAnyOrder("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
assertThat(aaDescriptor.getAttribute(), hasSize(2));
AttributeType attr1 = aaDescriptor.getAttribute().get(0);
assertThat(attr1.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
assertThat(attr1.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.6"));
assertThat(attr1.getFriendlyName(), is("eduPersonPrincipalName"));
assertThat(attr1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
assertThat(attr1.getAttributeValue(), is(emptyCollectionOf(Object.class)));
AttributeType attr2 = aaDescriptor.getAttribute().get(1);
assertThat(attr2.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
assertThat(attr2.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.1"));
assertThat(attr2.getFriendlyName(), is("eduPersonAffiliation"));
assertThat(attr2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
assertThat(attr2.getAttributeValue(), containsInAnyOrder((Object) "member", "student", "faculty", "employee", "staff"));
}
use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.
the class BaseWriter method writeAttributeTypeWithoutRootTag.
public void writeAttributeTypeWithoutRootTag(AttributeType attributeType) throws ProcessingException {
String attributeName = attributeType.getName();
if (attributeName != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME.get(), attributeName);
}
String friendlyName = attributeType.getFriendlyName();
if (StringUtil.isNotNull(friendlyName)) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.FRIENDLY_NAME.get(), friendlyName);
}
String nameFormat = attributeType.getNameFormat();
if (StringUtil.isNotNull(nameFormat)) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME_FORMAT.get(), nameFormat);
}
// Take care of other attributes such as x500:encoding
Map<QName, String> otherAttribs = attributeType.getOtherAttributes();
if (otherAttribs != null) {
List<String> nameSpacesDealt = new ArrayList<>();
Iterator<QName> keySet = otherAttribs.keySet().iterator();
while (keySet != null && keySet.hasNext()) {
QName qname = keySet.next();
String ns = qname.getNamespaceURI();
if (!nameSpacesDealt.contains(ns)) {
StaxUtil.writeNameSpace(writer, qname.getPrefix(), ns);
nameSpacesDealt.add(ns);
}
String attribValue = otherAttribs.get(qname);
StaxUtil.writeAttribute(writer, qname, attribValue);
}
}
List<Object> attributeValues = attributeType.getAttributeValue();
if (attributeValues != null) {
for (Object attributeValue : attributeValues) {
if (attributeValue != null) {
if (attributeValue instanceof String) {
writeStringAttributeValue((String) attributeValue);
} else if (attributeValue instanceof NameIDType) {
writeNameIDTypeAttributeValue((NameIDType) attributeValue);
} else if (attributeValue instanceof XMLGregorianCalendar) {
writeDateAttributeValue((XMLGregorianCalendar) attributeValue);
} else if (attributeValue instanceof Element) {
writeElementAttributeValue((Element) attributeValue);
} else
throw logger.writerUnsupportedAttributeValueError(attributeValue.getClass().getName());
} else {
writeStringAttributeValue(null);
}
}
}
}
use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.
the class SAMLMetadataWriter method write.
public void write(IDPSSODescriptorType idpSSODescriptor) throws ProcessingException {
if (idpSSODescriptor == null)
throw new ProcessingException(logger.nullArgumentError("IDPSSODescriptorType"));
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.IDP_SSO_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
Boolean wantsAuthnRequestsSigned = idpSSODescriptor.isWantAuthnRequestsSigned();
if (wantsAuthnRequestsSigned != null) {
StaxUtil.writeAttribute(writer, new QName(JBossSAMLConstants.WANT_AUTHN_REQUESTS_SIGNED.get()), wantsAuthnRequestsSigned.toString());
}
writeProtocolSupportEnumeration(idpSSODescriptor.getProtocolSupportEnumeration());
// Get the key descriptors
List<KeyDescriptorType> keyDescriptors = idpSSODescriptor.getKeyDescriptor();
for (KeyDescriptorType keyDescriptor : keyDescriptors) {
writeKeyDescriptor(keyDescriptor);
}
List<IndexedEndpointType> artifactResolutionServices = idpSSODescriptor.getArtifactResolutionService();
for (IndexedEndpointType indexedEndpoint : artifactResolutionServices) {
writeArtifactResolutionService(indexedEndpoint);
}
List<EndpointType> sloServices = idpSSODescriptor.getSingleLogoutService();
for (EndpointType endpoint : sloServices) {
writeSingleLogoutService(endpoint);
}
List<String> nameIDFormats = idpSSODescriptor.getNameIDFormat();
for (String nameIDFormat : nameIDFormats) {
writeNameIDFormat(nameIDFormat);
}
List<EndpointType> ssoServices = idpSSODescriptor.getSingleSignOnService();
for (EndpointType endpoint : ssoServices) {
writeSingleSignOnService(endpoint);
}
List<AttributeType> attributes = idpSSODescriptor.getAttribute();
for (AttributeType attribType : attributes) {
write(attribType);
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Aggregations