Search in sources :

Example 1 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20AssertionExample.

@Test
public void testSaml20AssertionExample() throws Exception {
    AssertionType assertion = assertParsed("saml20-assertion-example.xml", AssertionType.class);
    AttributeStatementType attributeStatementType = assertion.getAttributeStatements().iterator().next();
    assertThat(attributeStatementType.getAttributes(), hasSize(9));
    for (AttributeStatementType.ASTChoiceType choiceType : attributeStatementType.getAttributes()) {
        AttributeType attr = choiceType.getAttribute();
        String attrName = attr.getName();
        Object value = attr.getAttributeValue().get(0);
        // test selected attributes
        switch(attrName) {
            case "portal_id":
                assertEquals(value, "060D00000000SHZ");
                break;
            case "organization_id":
                assertThat(value, instanceOf(String.class));
                assertThat((String) value, containsString("<n3:stuff xmlns:n3=\"ftp://example.org\">00DD0000000F7L5</n3:stuff>"));
                break;
            case "has_sub_organization":
                assertThat(value, is((Object) "true"));
                break;
            case "anytype_test":
                assertThat(value, instanceOf(String.class));
                assertThat((String) value, containsString("<elem2>val2</elem2>"));
                break;
            case "anytype_no_xml_test":
                assertThat(value, is((Object) "value_no_xml"));
                break;
            case "logouturl":
                assertThat(value, is((Object) "http://www.salesforce.com/security/del_auth/SsoLogoutPage.html"));
                break;
            case "nil_value_attribute":
                assertNull(value);
                break;
            case "status":
                assertThat(value, is((Object) "<status><code><status>XYZ</status></code></status>"));
                break;
            default:
                break;
        }
    }
}
Also used : ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Matchers.containsString(org.hamcrest.Matchers.containsString) Test(org.junit.Test)

Example 2 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20AssertionsAdviceTag.

@Test
public void testSaml20AssertionsAdviceTag() throws Exception {
    Matcher<String>[] ATTR_NAME = new Matcher[] { is("portal_id"), is("organization_id"), is("status"), is("has_sub_organization"), is("anytype_test"), is("anytype_no_xml_test"), is("ssostartpage"), is("logouturl"), is("nil_value_attribute") };
    Matcher<List<Object>>[] ATTR_VALUE = new Matcher[] { contains(is("060D00000000SHZ")), contains(is("<n1:elem2 xmlns:n1=\"http://example.net\" xml:lang=\"en\"><n3:stuff xmlns:n3=\"ftp://example.org\">00DD0000000F7L5</n3:stuff></n1:elem2>")), contains(is("<status><code><status>XYZ</status></code></status>")), contains(is("true")), contains(is("<elem1 atttr1=\"en\"><elem2>val2</elem2></elem1>")), contains(is("value_no_xml")), contains(is("http://www.salesforce.com/security/saml/saml20-gen.jsp")), contains(is("http://www.salesforce.com/security/del_auth/SsoLogoutPage.html")), contains(nullValue()) };
    AssertionType a = assertParsed("saml20-assertion-advice.xml", AssertionType.class);
    assertThat(a.getStatements(), containsInAnyOrder(instanceOf(AuthnStatementType.class), instanceOf(AttributeStatementType.class)));
    for (StatementAbstractType statement : a.getStatements()) {
        if (statement instanceof AuthnStatementType) {
            AuthnStatementType as = (AuthnStatementType) statement;
            final AuthnContextType ac = as.getAuthnContext();
            assertThat(ac, notNullValue());
            assertThat(ac.getSequence(), notNullValue());
            assertThat(ac.getSequence().getClassRef().getValue(), is(JBossSAMLURIConstants.AC_UNSPECIFIED.getUri()));
            assertThat(ac.getSequence(), notNullValue());
            assertThat(ac.getSequence().getAuthnContextDecl(), notNullValue());
            assertThat(ac.getSequence().getAuthnContextDecl().getValue(), instanceOf(Element.class));
            final Element el = (Element) ac.getSequence().getAuthnContextDecl().getValue();
            assertThat(el.getTextContent(), is("auth.weak"));
        } else {
            AttributeStatementType as = (AttributeStatementType) statement;
            assertThat(as.getAttributes(), hasSize(9));
            for (int i = 0; i < as.getAttributes().size(); i++) {
                AttributeType attr = as.getAttributes().get(i).getAttribute();
                assertThat(attr.getName(), ATTR_NAME[i]);
                assertThat(attr.getAttributeValue(), ATTR_VALUE[i]);
            }
        }
    }
    assertThat(a.getConditions().getConditions(), contains(instanceOf(AudienceRestrictionType.class)));
}
Also used : AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) Matcher(org.hamcrest.Matcher) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) Element(org.w3c.dom.Element) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) AuthnContextType(org.keycloak.dom.saml.v2.assertion.AuthnContextType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) Test(org.junit.Test)

Example 3 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLParserTest method testSAML20MetadataEntityDescriptorAttrA.

@Test
public void testSAML20MetadataEntityDescriptorAttrA() throws Exception {
    EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-idp.xml", EntityDescriptorType.class);
    List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
    assertThat(descriptors, hasSize(2));
    AttributeAuthorityDescriptorType aaDescriptor = descriptors.get(1).getDescriptors().get(0).getAttribDescriptor();
    assertThat(aaDescriptor, is(notNullValue()));
    assertThat(aaDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
    // Key descriptor
    List<KeyDescriptorType> keyDescriptors = aaDescriptor.getKeyDescriptor();
    assertThat(keyDescriptors, hasSize(1));
    KeyDescriptorType signingKey = keyDescriptors.get(0);
    assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
    assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
    assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("IdentityProvider.com AA Key"));
    // Attribute service
    assertThat(aaDescriptor.getAttributeService(), hasSize(1));
    EndpointType attrServ = aaDescriptor.getAttributeService().get(0);
    assertThat(attrServ.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
    assertThat(attrServ.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/AA/SOAP")));
    assertThat(attrServ.getResponseLocation(), is(nullValue()));
    assertThat(attrServ.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(attrServ.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // AssertionIDRequestService
    assertThat(aaDescriptor.getAssertionIDRequestService(), hasSize(1));
    EndpointType assertIDRServ = aaDescriptor.getAssertionIDRequestService().get(0);
    assertThat(assertIDRServ.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:URI")));
    assertThat(assertIDRServ.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/AA/URI")));
    assertThat(assertIDRServ.getResponseLocation(), is(nullValue()));
    assertThat(assertIDRServ.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(assertIDRServ.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // NameID
    assertThat(aaDescriptor.getNameIDFormat(), containsInAnyOrder("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
    assertThat(aaDescriptor.getAttribute(), hasSize(2));
    AttributeType attr1 = aaDescriptor.getAttribute().get(0);
    assertThat(attr1.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(attr1.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.6"));
    assertThat(attr1.getFriendlyName(), is("eduPersonPrincipalName"));
    assertThat(attr1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    assertThat(attr1.getAttributeValue(), is(emptyCollectionOf(Object.class)));
    AttributeType attr2 = aaDescriptor.getAttribute().get(1);
    assertThat(attr2.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(attr2.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.1"));
    assertThat(attr2.getFriendlyName(), is("eduPersonAffiliation"));
    assertThat(attr2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    assertThat(attr2.getAttributeValue(), containsInAnyOrder((Object) "member", "student", "faculty", "employee", "staff"));
}
Also used : QName(javax.xml.namespace.QName) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeAuthorityDescriptorType(org.keycloak.dom.saml.v2.metadata.AttributeAuthorityDescriptorType) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) Matchers.containsString(org.hamcrest.Matchers.containsString) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) Test(org.junit.Test)

Example 4 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class BaseWriter method writeAttributeTypeWithoutRootTag.

public void writeAttributeTypeWithoutRootTag(AttributeType attributeType) throws ProcessingException {
    String attributeName = attributeType.getName();
    if (attributeName != null) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME.get(), attributeName);
    }
    String friendlyName = attributeType.getFriendlyName();
    if (StringUtil.isNotNull(friendlyName)) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.FRIENDLY_NAME.get(), friendlyName);
    }
    String nameFormat = attributeType.getNameFormat();
    if (StringUtil.isNotNull(nameFormat)) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME_FORMAT.get(), nameFormat);
    }
    // Take care of other attributes such as x500:encoding
    Map<QName, String> otherAttribs = attributeType.getOtherAttributes();
    if (otherAttribs != null) {
        List<String> nameSpacesDealt = new ArrayList<>();
        Iterator<QName> keySet = otherAttribs.keySet().iterator();
        while (keySet != null && keySet.hasNext()) {
            QName qname = keySet.next();
            String ns = qname.getNamespaceURI();
            if (!nameSpacesDealt.contains(ns)) {
                StaxUtil.writeNameSpace(writer, qname.getPrefix(), ns);
                nameSpacesDealt.add(ns);
            }
            String attribValue = otherAttribs.get(qname);
            StaxUtil.writeAttribute(writer, qname, attribValue);
        }
    }
    List<Object> attributeValues = attributeType.getAttributeValue();
    if (attributeValues != null) {
        for (Object attributeValue : attributeValues) {
            if (attributeValue != null) {
                if (attributeValue instanceof String) {
                    writeStringAttributeValue((String) attributeValue);
                } else if (attributeValue instanceof NameIDType) {
                    writeNameIDTypeAttributeValue((NameIDType) attributeValue);
                } else if (attributeValue instanceof XMLGregorianCalendar) {
                    writeDateAttributeValue((XMLGregorianCalendar) attributeValue);
                } else if (attributeValue instanceof Element) {
                    writeElementAttributeValue((Element) attributeValue);
                } else
                    throw logger.writerUnsupportedAttributeValueError(attributeValue.getClass().getName());
            } else {
                writeStringAttributeValue(null);
            }
        }
    }
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Example 5 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLMetadataWriter method write.

public void write(IDPSSODescriptorType idpSSODescriptor) throws ProcessingException {
    if (idpSSODescriptor == null)
        throw new ProcessingException(logger.nullArgumentError("IDPSSODescriptorType"));
    StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.IDP_SSO_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
    Boolean wantsAuthnRequestsSigned = idpSSODescriptor.isWantAuthnRequestsSigned();
    if (wantsAuthnRequestsSigned != null) {
        StaxUtil.writeAttribute(writer, new QName(JBossSAMLConstants.WANT_AUTHN_REQUESTS_SIGNED.get()), wantsAuthnRequestsSigned.toString());
    }
    writeProtocolSupportEnumeration(idpSSODescriptor.getProtocolSupportEnumeration());
    // Get the key descriptors
    List<KeyDescriptorType> keyDescriptors = idpSSODescriptor.getKeyDescriptor();
    for (KeyDescriptorType keyDescriptor : keyDescriptors) {
        writeKeyDescriptor(keyDescriptor);
    }
    List<IndexedEndpointType> artifactResolutionServices = idpSSODescriptor.getArtifactResolutionService();
    for (IndexedEndpointType indexedEndpoint : artifactResolutionServices) {
        writeArtifactResolutionService(indexedEndpoint);
    }
    List<EndpointType> sloServices = idpSSODescriptor.getSingleLogoutService();
    for (EndpointType endpoint : sloServices) {
        writeSingleLogoutService(endpoint);
    }
    List<String> nameIDFormats = idpSSODescriptor.getNameIDFormat();
    for (String nameIDFormat : nameIDFormats) {
        writeNameIDFormat(nameIDFormat);
    }
    List<EndpointType> ssoServices = idpSSODescriptor.getSingleSignOnService();
    for (EndpointType endpoint : ssoServices) {
        writeSingleSignOnService(endpoint);
    }
    List<AttributeType> attributes = idpSSODescriptor.getAttribute();
    for (AttributeType attribType : attributes) {
        write(attribType);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : QName(javax.xml.namespace.QName) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Aggregations

AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)42 AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)24 Test (org.junit.Test)17 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)13 ASTChoiceType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType)12 RequestedAttributeType (org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)10 QName (javax.xml.namespace.QName)9 Element (org.w3c.dom.Element)9 Matchers.containsString (org.hamcrest.Matchers.containsString)8 StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)8 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)8 SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)7 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)7 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)7 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)7 URI (java.net.URI)6 HashMap (java.util.HashMap)6 Set (java.util.Set)6 Collectors (java.util.stream.Collectors)6 Assert.assertThat (org.junit.Assert.assertThat)6