Examples with AttributeType org.keycloak.dom.saml.v2.assertion.AttributeType used on opensource projects

Example 36 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20MetadataEntityDescriptorIdP.

@Test
public void testSaml20MetadataEntityDescriptorIdP() throws Exception {
    EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-idp.xml", EntityDescriptorType.class);
    List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
    assertThat(descriptors, hasSize(2));
    // IDPSSO descriptor
    IDPSSODescriptorType idpDescriptor = descriptors.get(0).getDescriptors().get(0).getIdpDescriptor();
    assertThat(idpDescriptor, is(notNullValue()));
    assertThat(idpDescriptor.isWantAuthnRequestsSigned(), is(true));
    assertThat(idpDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
    // Key descriptor
    List<KeyDescriptorType> keyDescriptors = idpDescriptor.getKeyDescriptor();
    assertThat(keyDescriptors, hasSize(1));
    KeyDescriptorType signingKey = keyDescriptors.get(0);
    assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
    assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
    assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("IdentityProvider.com SSO Key"));
    // Single logout services
    assertThat(idpDescriptor.getSingleLogoutService(), hasSize(2));
    EndpointType singleLS1 = idpDescriptor.getSingleLogoutService().get(0);
    assertThat(singleLS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
    assertThat(singleLS1.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/SOAP")));
    assertThat(singleLS1.getResponseLocation(), is(nullValue()));
    assertThat(singleLS1.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    EndpointType singleLS2 = idpDescriptor.getSingleLogoutService().get(1);
    assertThat(singleLS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
    assertThat(singleLS2.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/Browser")));
    assertThat(singleLS2.getResponseLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/Response")));
    assertThat(singleLS2.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // NameID
    assertThat(idpDescriptor.getNameIDFormat(), containsInAnyOrder("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
    // Single sign on services
    assertThat(idpDescriptor.getSingleSignOnService(), hasSize(2));
    EndpointType singleSO1 = idpDescriptor.getSingleSignOnService().get(0);
    assertThat(singleSO1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
    assertThat(singleSO1.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SSO/Browser")));
    assertThat(singleSO1.getResponseLocation(), is(nullValue()));
    assertThat(singleSO1.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleSO1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    EndpointType singleSO2 = idpDescriptor.getSingleSignOnService().get(1);
    assertThat(singleSO2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")));
    assertThat(singleSO2.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SSO/Browser")));
    assertThat(singleSO2.getResponseLocation(), is(nullValue()));
    assertThat(singleSO2.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleSO2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // Attributes
    assertThat(idpDescriptor.getAttribute(), hasSize(2));
    AttributeType attr1 = idpDescriptor.getAttribute().get(0);
    assertThat(attr1.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(attr1.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.6"));
    assertThat(attr1.getFriendlyName(), is("eduPersonPrincipalName"));
    assertThat(attr1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    assertThat(attr1.getAttributeValue(), is(emptyCollectionOf(Object.class)));
    AttributeType attr2 = idpDescriptor.getAttribute().get(1);
    assertThat(attr2.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(attr2.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.1"));
    assertThat(attr2.getFriendlyName(), is("eduPersonAffiliation"));
    assertThat(attr2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    assertThat(attr2.getAttributeValue(), containsInAnyOrder((Object) "member", "student", "faculty", "employee", "staff"));
    // Organization
    assertThat(entityDescriptor.getOrganization().getOrganizationName(), hasSize(1));
    LocalizedNameType orgName = entityDescriptor.getOrganization().getOrganizationName().get(0);
    assertThat(orgName.getLang(), is("en"));
    assertThat(orgName.getValue(), is("Identity Providers R\n            US"));
    assertThat(entityDescriptor.getOrganization().getOrganizationDisplayName(), hasSize(1));
    LocalizedNameType orgDispName = entityDescriptor.getOrganization().getOrganizationDisplayName().get(0);
    assertThat(orgDispName.getLang(), is("en"));
    assertThat(orgDispName.getValue(), is("Identity Providers R US, a Division of Lerxst Corp."));
    assertThat(entityDescriptor.getOrganization().getOrganizationURL(), hasSize(1));
    LocalizedURIType orgURL = entityDescriptor.getOrganization().getOrganizationURL().get(0);
    assertThat(orgURL.getLang(), is("en"));
    assertThat(orgURL.getValue(), is(URI.create("https://IdentityProvider.com")));
}

Example 37 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class XUATokenWriterTest method testXUAToken.

@Test
public void testXUAToken() throws ConfigurationException, ProcessingException {
    Document document = DocumentUtil.createDocument();
    AttributeType roleAttr = new AttributeType("urn:oasis:names:tc:xacml:2.0:subject:role");
    Element role = document.createElementNS("urn:hl7-org:v3", "Role");
    role.setAttributeNS("urn:hl7-org:v3", "code", "46255001");
    role.setAttributeNS("urn:hl7-org:v3", "codeSystem", "2.16.840.1.113883.6.96");
    role.setAttributeNS("urn:hl7-org:v3", "codeSystemName", "SNOMED_CT");
    role.setAttributeNS("urn:hl7-org:v3", "displayName", "Pharmacist");
    Attr attrCEType = document.createAttributeNS(JBossSAMLURIConstants.XSI_NSURI.get(), "type");
    attrCEType.setValue("CE");
    attrCEType.setPrefix("xsi");
    role.setAttributeNodeNS(attrCEType);
    roleAttr.addAttributeValue(role);
    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
    SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream));
    AttributeStatementType attributeStatementType = new AttributeStatementType();
    attributeStatementType.addAttribute(new AttributeStatementType.ASTChoiceType(roleAttr));
    samlAssertionWriter.write(attributeStatementType);
    String serializedAssertion = new String(byteArrayOutputStream.toByteArray(), GeneralConstants.SAML_CHARSET);
    Assert.assertEquals("<saml:AttributeStatement>" + "<saml:Attribute Name=\"urn:oasis:names:tc:xacml:2.0:subject:role\">" + "<saml:AttributeValue>" + "<Role xmlns=\"urn:hl7-org:v3\" code=\"46255001\" codeSystem=\"2.16.840.1.113883.6.96\" " + "codeSystemName=\"SNOMED_CT\" displayName=\"Pharmacist\" " + "xsi:type=\"CE\"></Role></saml:AttributeValue></saml:Attribute>" + "</saml:AttributeStatement>", serializedAssertion);
}

Example 38 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class SAMLMetadataWriter method writeAttributeAuthorityDescriptor.

public void writeAttributeAuthorityDescriptor(AttributeAuthorityDescriptorType attributeAuthority) throws ProcessingException {
    StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ATTRIBUTE_AUTHORITY_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
    writeProtocolSupportEnumeration(attributeAuthority.getProtocolSupportEnumeration());
    Element signature = attributeAuthority.getSignature();
    if (signature != null) {
        StaxUtil.writeDOMElement(writer, signature);
    }
    ExtensionsType extensions = attributeAuthority.getExtensions();
    if (extensions != null) {
        write(extensions);
    }
    List<KeyDescriptorType> keyDescriptorList = attributeAuthority.getKeyDescriptor();
    for (KeyDescriptorType keyDescriptor : keyDescriptorList) {
        writeKeyDescriptor(keyDescriptor);
    }
    List<EndpointType> attributeServices = attributeAuthority.getAttributeService();
    for (EndpointType endpoint : attributeServices) {
        writeAttributeService(endpoint);
    }
    List<String> nameIDFormats = attributeAuthority.getNameIDFormat();
    for (String nameIDFormat : nameIDFormats) {
        writeNameIDFormat(nameIDFormat);
    }
    List<AttributeType> attributes = attributeAuthority.getAttribute();
    for (AttributeType attributeType : attributes) {
        write(attributeType);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}

Example 39 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class AssertionUtil method getRoles.

/**
 * Given an assertion, return the list of roles it may have
 *
 * @param assertion The {@link AssertionType}
 * @param roleKeys a list of string values representing the role keys. The list can be null.
 *
 * @return
 */
public static List<String> getRoles(AssertionType assertion, List<String> roleKeys) {
    List<String> roles = new ArrayList<>();
    Set<StatementAbstractType> statements = assertion.getStatements();
    for (StatementAbstractType statement : statements) {
        if (statement instanceof AttributeStatementType) {
            AttributeStatementType attributeStatement = (AttributeStatementType) statement;
            List<ASTChoiceType> attList = attributeStatement.getAttributes();
            for (ASTChoiceType obj : attList) {
                AttributeType attr = obj.getAttribute();
                if (roleKeys != null && roleKeys.size() > 0) {
                    if (!roleKeys.contains(attr.getName()))
                        continue;
                }
                List<Object> attributeValues = attr.getAttributeValue();
                if (attributeValues != null) {
                    for (Object attrValue : attributeValues) {
                        if (attrValue instanceof String) {
                            roles.add((String) attrValue);
                        } else if (attrValue instanceof Node) {
                            Node roleNode = (Node) attrValue;
                            roles.add(roleNode.getFirstChild().getNodeValue());
                        } else
                            throw logger.unknownObjectType(attrValue);
                    }
                }
            }
        }
    }
    return roles;
}

Example 40 with AttributeType

use of org.keycloak.dom.saml.v2.assertion.AttributeType in project keycloak by keycloak.

the class StatementUtil method createAttributeStatement.

/**
 * Create an attribute statement with all the attributes
 *
 * @param attributes a map with keys from {@link AttributeConstants}
 *
 * @return
 */
public static AttributeStatementType createAttributeStatement(Map<String, Object> attributes) {
    AttributeStatementType attrStatement = null;
    int i = 0;
    Set<String> keys = attributes.keySet();
    for (String key : keys) {
        if (i == 0) {
            // Deal with the X500 Profile of SAML2
            attrStatement = new AttributeStatementType();
            i++;
        }
        // if the attribute contains roles, add each role as an attribute.
        if (AttributeConstants.ROLES.equalsIgnoreCase(key)) {
            Object value = attributes.get(key);
            if (value instanceof Collection<?>) {
                Collection<?> roles = (Collection<?>) value;
                attrStatement = createAttributeStatement(new ArrayList(roles));
            }
        } else {
            AttributeType att;
            Object value = attributes.get(key);
            String uri = X500SAMLProfileConstants.getOID(key);
            if (StringUtil.isNotNull(uri)) {
                att = getX500Attribute(uri);
                att.setFriendlyName(key);
            } else {
                att = new AttributeType(key);
                att.setFriendlyName(key);
                att.setNameFormat(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get());
            }
            if (Collection.class.isInstance(value)) {
                Collection collection = (Collection) value;
                Iterator iterator = collection.iterator();
                while (iterator.hasNext()) {
                    att.addAttributeValue(iterator.next());
                }
            } else if (String.class.isInstance(value)) {
                att.addAttributeValue(value);
            } else {
                throw new RuntimeException("Unsupported attribute value [" + value + "]. Values must be a string, even if using a Collection.");
            }
            attrStatement.addAttribute(new ASTChoiceType(att));
        }
    }
    return attrStatement;
}