Examples with AttributeType org.keycloak.dom.saml.v2.assertion.AttributeType used on opensource projects

Example 16 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLAssertionWriter method write.

public void write(AttributeStatementType statement) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(), ASSERTION_NSURI.get());
    List<ASTChoiceType> attributes = statement.getAttributes();
    if (attributes != null) {
        for (ASTChoiceType attr : attributes) {
            AttributeType attributeType = attr.getAttribute();
            if (attributeType != null) {
                write(attributeType);
            }
            EncryptedElementType encType = attr.getEncryptedAssertion();
            if (encType != null)
                throw logger.notImplementedYet("EncryptedElementType");
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}

Example 17 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLRequestWriter method write.

public void write(AttributeQueryType request) throws ProcessingException {
    StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ATTRIBUTE_QUERY.get(), PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
    // Attributes
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), request.getID());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), request.getVersion());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), request.getIssueInstant().toString());
    URI destination = request.getDestination();
    if (destination != null)
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString());
    String consent = request.getConsent();
    if (StringUtil.isNotNull(consent))
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent);
    NameIDType issuer = request.getIssuer();
    if (issuer != null) {
        write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    }
    Element sig = request.getSignature();
    if (sig != null) {
        StaxUtil.writeDOMElement(writer, sig);
    }
    ExtensionsType extensions = request.getExtensions();
    if (extensions != null && !extensions.getAny().isEmpty()) {
        write(extensions);
    }
    SubjectType subject = request.getSubject();
    if (subject != null) {
        write(subject);
    }
    List<AttributeType> attributes = request.getAttribute();
    for (AttributeType attr : attributes) {
        write(attr);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}

Example 18 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class AssertionUtil method createAttribute.

/**
 * Create an attribute type
 *
 * @param name Name of the attribute
 * @param nameFormat name format uri
 * @param attributeValues an object array of attribute values
 *
 * @return
 */
public static AttributeType createAttribute(String name, String nameFormat, Object... attributeValues) {
    AttributeType att = new AttributeType(name);
    att.setNameFormat(nameFormat);
    if (attributeValues != null && attributeValues.length > 0) {
        for (Object attributeValue : attributeValues) {
            att.addAttributeValue(attributeValue);
        }
    }
    return att;
}

Example 19 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLIdentityProviderFactory method parseConfig.

@Override
public Map<String, String> parseConfig(KeycloakSession session, InputStream inputStream) {
    try {
        Object parsedObject = SAMLParser.getInstance().parse(inputStream);
        EntityDescriptorType entityType;
        if (EntitiesDescriptorType.class.isInstance(parsedObject)) {
            entityType = (EntityDescriptorType) ((EntitiesDescriptorType) parsedObject).getEntityDescriptor().get(0);
        } else {
            entityType = (EntityDescriptorType) parsedObject;
        }
        List<EntityDescriptorType.EDTChoiceType> choiceType = entityType.getChoiceType();
        if (!choiceType.isEmpty()) {
            IDPSSODescriptorType idpDescriptor = null;
            // So we need to loop through to find the IDPSSODescriptor.
            for (EntityDescriptorType.EDTChoiceType edtChoiceType : entityType.getChoiceType()) {
                List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = edtChoiceType.getDescriptors();
                if (!descriptors.isEmpty() && descriptors.get(0).getIdpDescriptor() != null) {
                    idpDescriptor = descriptors.get(0).getIdpDescriptor();
                }
            }
            if (idpDescriptor != null) {
                SAMLIdentityProviderConfig samlIdentityProviderConfig = new SAMLIdentityProviderConfig();
                String singleSignOnServiceUrl = null;
                boolean postBindingResponse = false;
                boolean postBindingLogout = false;
                for (EndpointType endpoint : idpDescriptor.getSingleSignOnService()) {
                    if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
                        singleSignOnServiceUrl = endpoint.getLocation().toString();
                        postBindingResponse = true;
                        break;
                    } else if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())) {
                        singleSignOnServiceUrl = endpoint.getLocation().toString();
                    }
                }
                String singleLogoutServiceUrl = null;
                for (EndpointType endpoint : idpDescriptor.getSingleLogoutService()) {
                    if (postBindingResponse && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
                        singleLogoutServiceUrl = endpoint.getLocation().toString();
                        postBindingLogout = true;
                        break;
                    } else if (!postBindingResponse && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())) {
                        singleLogoutServiceUrl = endpoint.getLocation().toString();
                        break;
                    }
                }
                samlIdentityProviderConfig.setSingleLogoutServiceUrl(singleLogoutServiceUrl);
                samlIdentityProviderConfig.setSingleSignOnServiceUrl(singleSignOnServiceUrl);
                samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
                samlIdentityProviderConfig.setAddExtensionsElementWithKeyInfo(false);
                samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
                samlIdentityProviderConfig.setPostBindingResponse(postBindingResponse);
                samlIdentityProviderConfig.setPostBindingAuthnRequest(postBindingResponse);
                samlIdentityProviderConfig.setPostBindingLogout(postBindingLogout);
                samlIdentityProviderConfig.setLoginHint(false);
                List<String> nameIdFormatList = idpDescriptor.getNameIDFormat();
                if (nameIdFormatList != null && !nameIdFormatList.isEmpty())
                    samlIdentityProviderConfig.setNameIDPolicyFormat(nameIdFormatList.get(0));
                List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
                String defaultCertificate = null;
                if (keyDescriptor != null) {
                    for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
                        Element keyInfo = keyDescriptorType.getKeyInfo();
                        Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
                        if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
                            samlIdentityProviderConfig.addSigningCertificate(x509KeyInfo.getTextContent());
                        } else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
                            samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
                        } else if (keyDescriptorType.getUse() == null) {
                            defaultCertificate = x509KeyInfo.getTextContent();
                        }
                    }
                }
                if (defaultCertificate != null) {
                    if (samlIdentityProviderConfig.getSigningCertificates().length == 0) {
                        samlIdentityProviderConfig.addSigningCertificate(defaultCertificate);
                    }
                    if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
                        samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
                    }
                }
                samlIdentityProviderConfig.setEnabledFromMetadata(entityType.getValidUntil() == null || entityType.getValidUntil().toGregorianCalendar().getTime().after(new Date(System.currentTimeMillis())));
                // check for hide on login attribute
                if (entityType.getExtensions() != null && entityType.getExtensions().getEntityAttributes() != null) {
                    for (AttributeType attribute : entityType.getExtensions().getEntityAttributes().getAttribute()) {
                        if (MACEDIR_ENTITY_CATEGORY.equals(attribute.getName()) && attribute.getAttributeValue().contains(REFEDS_HIDE_FROM_DISCOVERY)) {
                            samlIdentityProviderConfig.setHideOnLogin(true);
                        }
                    }
                }
                return samlIdentityProviderConfig.getConfig();
            }
        }
    } catch (ParsingException pe) {
        throw new RuntimeException("Could not parse IdP SAML Metadata", pe);
    }
    return new HashMap<>();
}

Example 20 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class AttributeToRoleMapper method applies.

protected boolean applies(final IdentityProviderMapperModel mapperModel, final BrokeredIdentityContext context) {
    String name = mapperModel.getConfig().get(ATTRIBUTE_NAME);
    if (name != null && name.trim().equals(""))
        name = null;
    String friendly = mapperModel.getConfig().get(ATTRIBUTE_FRIENDLY_NAME);
    if (friendly != null && friendly.trim().equals(""))
        friendly = null;
    String desiredValue = Optional.ofNullable(mapperModel.getConfig().get(ATTRIBUTE_VALUE)).orElse("");
    AssertionType assertion = (AssertionType) context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
    for (AttributeStatementType statement : assertion.getAttributeStatements()) {
        for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
            AttributeType attr = choice.getAttribute();
            if (name != null && !name.equals(attr.getName()))
                continue;
            if (friendly != null && !friendly.equals(attr.getFriendlyName()))
                continue;
            for (Object val : attr.getAttributeValue()) {
                val = Optional.ofNullable(val).orElse("");
                if (val.equals(desiredValue))
                    return true;
            }
        }
    }
    return false;
}