Example 11 with AudienceRestrictionType
use of org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType in project keycloak by keycloak.
the class ConditionsValidator method validateConditions.
private Result validateConditions(ConditionsType ct, Result res) {
Iterator<ConditionAbstractType> it = ct.getConditions() == null ? Collections.<ConditionAbstractType>emptySet().iterator() : ct.getConditions().iterator();
while (it.hasNext() && res == Result.VALID) {
ConditionAbstractType cond = it.next();
Result r;
if (cond instanceof OneTimeUseType) {
r = validateOneTimeUse((OneTimeUseType) cond);
} else if (cond instanceof AudienceRestrictionType) {
r = validateAudienceRestriction((AudienceRestrictionType) cond);
} else if (cond instanceof ProxyRestrictionType) {
r = validateProxyRestriction((ProxyRestrictionType) cond);
} else {
r = Result.INDETERMINATE;
LOG.infof("Unknown condition in assertion %s: %s", assertionId, cond == null ? "<null>" : cond.getClass());
}
res = r.joinResult(res);
}
return res;
}
Also used :
OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType)
ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType)
ProxyRestrictionType(org.keycloak.dom.saml.v2.assertion.ProxyRestrictionType)
AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)
Example 12 with AudienceRestrictionType
use of org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType in project keycloak by keycloak.
the class SAMLAssertionWriter method write.
/**
* Write an {@code AssertionType} to stream
*
* @param assertion
*
* @throws org.keycloak.saml.common.exceptions.ProcessingException
*/
public void write(AssertionType assertion) throws ProcessingException {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
// Attributes
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
NameIDType issuer = assertion.getIssuer();
if (issuer != null)
write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
SubjectType subject = assertion.getSubject();
if (subject != null) {
write(subject);
}
ConditionsType conditions = assertion.getConditions();
if (conditions != null) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI.get());
if (conditions.getNotBefore() != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
}
if (conditions.getNotOnOrAfter() != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
}
List<ConditionAbstractType> typeOfConditions = conditions.getConditions();
if (typeOfConditions != null) {
for (ConditionAbstractType typeCondition : typeOfConditions) {
if (typeCondition instanceof AudienceRestrictionType) {
AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), ASSERTION_NSURI.get());
List<URI> audiences = art.getAudience();
if (audiences != null) {
for (URI audience : audiences) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ASSERTION_NSURI.get());
StaxUtil.writeCharacters(writer, audience.toString());
StaxUtil.writeEndElement(writer);
}
}
StaxUtil.writeEndElement(writer);
}
if (typeCondition instanceof OneTimeUseType) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ONE_TIME_USE.get(), ASSERTION_NSURI.get());
StaxUtil.writeEndElement(writer);
}
}
}
StaxUtil.writeEndElement(writer);
}
AdviceType advice = assertion.getAdvice();
if (advice != null)
throw logger.notImplementedYet("Advice");
Set<StatementAbstractType> statements = assertion.getStatements();
if (statements != null) {
for (StatementAbstractType statement : statements) {
if (statement instanceof AuthnStatementType) {
write((AuthnStatementType) statement, false);
} else if (statement instanceof AttributeStatementType) {
write((AttributeStatementType) statement);
} else
throw logger.writerUnknownTypeError(statement.getClass().getName());
}
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
QName(javax.xml.namespace.QName)
AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
URI(java.net.URI)
ASSERTION_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI)
OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType)
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType)
SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType)
AdviceType(org.keycloak.dom.saml.v2.assertion.AdviceType)
ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
Aggregations
AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)12
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)8
List (java.util.List)7
Test (org.junit.Test)7
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)7
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)6
UncaughtServerErrorExpected (org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)6
OAuthClient (org.keycloak.testsuite.util.OAuthClient)6
HashMap (java.util.HashMap)5
AccessToken (org.keycloak.representations.AccessToken)5
Element (org.w3c.dom.Element)5
OneTimeUseType (org.keycloak.dom.saml.v2.assertion.OneTimeUseType)4
Response (javax.ws.rs.core.Response)2
AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)2
ConditionAbstractType (org.keycloak.dom.saml.v2.assertion.ConditionAbstractType)2
ConditionsType (org.keycloak.dom.saml.v2.assertion.ConditionsType)2
ProxyRestrictionType (org.keycloak.dom.saml.v2.assertion.ProxyRestrictionType)2
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)2
Document (org.w3c.dom.Document)2
IOException (java.io.IOException)1
