Example 1 with AuthnStatementType
use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.
the class SAMLLogoutAdapterTest method extractNameId.
private SAML2Object extractNameId(SAML2Object so) {
assertThat(so, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType loginResp1 = (ResponseType) so;
final AssertionType firstAssertion = loginResp1.getAssertions().get(0).getAssertion();
assertThat(firstAssertion, org.hamcrest.Matchers.notNullValue());
assertThat(firstAssertion.getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
NameIDType nameId = (NameIDType) firstAssertion.getSubject().getSubType().getBaseID();
AuthnStatementType firstAssertionStatement = (AuthnStatementType) firstAssertion.getStatements().iterator().next();
nameIdRef.set(nameId);
sessionIndexRef.set(firstAssertionStatement.getSessionIndex());
return so;
}
Also used :
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Example 2 with AuthnStatementType
use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.
the class SAMLServletSessionTimeoutTest method addSessionNotOnOrAfter.
private SAML2Object addSessionNotOnOrAfter(SAML2Object ob) {
assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType resp = (ResponseType) ob;
Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
AuthnStatementType authType = (AuthnStatementType) statements.stream().filter(statement -> statement instanceof AuthnStatementType).findFirst().orElse(new AuthnStatementType(XMLTimeUtil.getIssueInstant()));
XMLGregorianCalendar sessionTimeout = XMLTimeUtil.add(XMLTimeUtil.getIssueInstant(), SESSION_LENGTH_IN_SECONDS * 1000);
sessionNotOnOrAfter.set(sessionTimeout.toString());
authType.setSessionNotOnOrAfter(sessionTimeout);
resp.getAssertions().get(0).getAssertion().addStatement(authType);
return ob;
}
Also used :
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Matchers.bodyHC(org.keycloak.testsuite.util.Matchers.bodyHC)
AdapterActionsFilter(org.keycloak.testsuite.adapter.filter.AdapterActionsFilter)
Page(org.jboss.arquillian.graphene.page.Page)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
EntityUtils(org.apache.http.util.EntityUtils)
Assert.assertThat(org.junit.Assert.assertThat)
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
SamlClient(org.keycloak.testsuite.util.SamlClient)
ContainerConstants(org.keycloak.testsuite.utils.arquillian.ContainerConstants)
WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive)
Matchers.notNullValue(org.hamcrest.Matchers.notNullValue)
Matchers(org.keycloak.testsuite.util.Matchers)
Matchers.allOf(org.hamcrest.Matchers.allOf)
JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants)
REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME)
Set(java.util.Set)
Test(org.junit.Test)
Employee2Servlet(org.keycloak.testsuite.adapter.page.Employee2Servlet)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
Deployment(org.jboss.arquillian.container.test.api.Deployment)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
AppServerContainer(org.keycloak.testsuite.arquillian.annotation.AppServerContainer)
SessionTimeoutHelper(org.keycloak.models.utils.SessionTimeoutHelper)
Matchers.is(org.hamcrest.Matchers.is)
PublicKeyLocator(org.keycloak.adapters.rotation.PublicKeyLocator)
Matchers.containsString(org.hamcrest.Matchers.containsString)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Example 3 with AuthnStatementType
use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.
the class SAMLParserTest method testSaml20AssertionsAdviceTag.
@Test
public void testSaml20AssertionsAdviceTag() throws Exception {
Matcher<String>[] ATTR_NAME = new Matcher[] { is("portal_id"), is("organization_id"), is("status"), is("has_sub_organization"), is("anytype_test"), is("anytype_no_xml_test"), is("ssostartpage"), is("logouturl"), is("nil_value_attribute") };
Matcher<List<Object>>[] ATTR_VALUE = new Matcher[] { contains(is("060D00000000SHZ")), contains(is("<n1:elem2 xmlns:n1=\"http://example.net\" xml:lang=\"en\"><n3:stuff xmlns:n3=\"ftp://example.org\">00DD0000000F7L5</n3:stuff></n1:elem2>")), contains(is("<status><code><status>XYZ</status></code></status>")), contains(is("true")), contains(is("<elem1 atttr1=\"en\"><elem2>val2</elem2></elem1>")), contains(is("value_no_xml")), contains(is("http://www.salesforce.com/security/saml/saml20-gen.jsp")), contains(is("http://www.salesforce.com/security/del_auth/SsoLogoutPage.html")), contains(nullValue()) };
AssertionType a = assertParsed("saml20-assertion-advice.xml", AssertionType.class);
assertThat(a.getStatements(), containsInAnyOrder(instanceOf(AuthnStatementType.class), instanceOf(AttributeStatementType.class)));
for (StatementAbstractType statement : a.getStatements()) {
if (statement instanceof AuthnStatementType) {
AuthnStatementType as = (AuthnStatementType) statement;
final AuthnContextType ac = as.getAuthnContext();
assertThat(ac, notNullValue());
assertThat(ac.getSequence(), notNullValue());
assertThat(ac.getSequence().getClassRef().getValue(), is(JBossSAMLURIConstants.AC_UNSPECIFIED.getUri()));
assertThat(ac.getSequence(), notNullValue());
assertThat(ac.getSequence().getAuthnContextDecl(), notNullValue());
assertThat(ac.getSequence().getAuthnContextDecl().getValue(), instanceOf(Element.class));
final Element el = (Element) ac.getSequence().getAuthnContextDecl().getValue();
assertThat(el.getTextContent(), is("auth.weak"));
} else {
AttributeStatementType as = (AttributeStatementType) statement;
assertThat(as.getAttributes(), hasSize(9));
for (int i = 0; i < as.getAttributes().size(); i++) {
AttributeType attr = as.getAttributes().get(i).getAttribute();
assertThat(attr.getName(), ATTR_NAME[i]);
assertThat(attr.getAttributeValue(), ATTR_VALUE[i]);
}
}
}
assertThat(a.getConditions().getConditions(), contains(instanceOf(AudienceRestrictionType.class)));
}
Also used :
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
Matcher(org.hamcrest.Matcher)
RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
Element(org.w3c.dom.Element)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
AuthnContextType(org.keycloak.dom.saml.v2.assertion.AuthnContextType)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
Test(org.junit.Test)
Example 4 with AuthnStatementType
use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.
the class SAMLParserTest method testSaml20AssertionContents.
@Test
public void testSaml20AssertionContents() throws Exception {
AssertionType a = assertParsed("saml20-assertion-example.xml", AssertionType.class);
assertThat(a.getSubject().getConfirmation(), hasSize(1));
assertThat(a.getSubject().getConfirmation().get(0).getSubjectConfirmationData(), notNullValue());
assertThat(a.getSubject().getConfirmation().get(0).getSubjectConfirmationData().getAnyType(), instanceOf(KeyInfoType.class));
KeyInfoType kit = (KeyInfoType) a.getSubject().getConfirmation().get(0).getSubjectConfirmationData().getAnyType();
assertThat(kit.getContent(), hasItem(instanceOf(RSAKeyValueType.class)));
RSAKeyValueType rsaKit = (RSAKeyValueType) kit.getContent().get(0);
assertThat(rsaKit.getModulus(), notNullValue());
assertThat(rsaKit.getExponent(), notNullValue());
assertThat(a.getStatements(), containsInAnyOrder(instanceOf(AuthnStatementType.class), instanceOf(AttributeStatementType.class)));
for (StatementAbstractType statement : a.getStatements()) {
if (statement instanceof AuthnStatementType) {
AuthnStatementType as = (AuthnStatementType) statement;
assertThat(as.getSessionNotOnOrAfter(), notNullValue());
assertThat(as.getSessionNotOnOrAfter(), is(XMLTimeUtil.parse("2009-06-17T18:55:10.738Z")));
final AuthnContextType ac = as.getAuthnContext();
assertThat(ac, notNullValue());
assertThat(ac.getSequence(), notNullValue());
assertThat(ac.getSequence().getClassRef().getValue(), is(JBossSAMLURIConstants.AC_UNSPECIFIED.getUri()));
assertThat(ac.getSequence(), notNullValue());
assertThat(ac.getSequence().getAuthnContextDecl(), nullValue());
}
}
}
Also used :
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
AuthnContextType(org.keycloak.dom.saml.v2.assertion.AuthnContextType)
RSAKeyValueType(org.keycloak.dom.xmlsec.w3.xmldsig.RSAKeyValueType)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
KeyInfoType(org.keycloak.dom.xmlsec.w3.xmldsig.KeyInfoType)
Test(org.junit.Test)
Example 5 with AuthnStatementType
use of org.keycloak.dom.saml.v2.assertion.AuthnStatementType in project keycloak by keycloak.
the class SAMLAuthnStatementParser method processSubElement.
@Override
protected void processSubElement(XMLEventReader xmlEventReader, AuthnStatementType target, SAMLAssertionQNames element, StartElement elementDetail) throws ParsingException {
switch(element) {
case SUBJECT_LOCALITY:
StaxParserUtil.advance(xmlEventReader);
SubjectLocalityType subjectLocalityType = new SubjectLocalityType();
subjectLocalityType.setAddress(StaxParserUtil.getAttributeValue(elementDetail, SAMLAssertionQNames.ATTR_ADDRESS));
subjectLocalityType.setDNSName(StaxParserUtil.getAttributeValue(elementDetail, SAMLAssertionQNames.ATTR_DNS_NAME));
target.setSubjectLocality(subjectLocalityType);
break;
case AUTHN_CONTEXT:
target.setAuthnContext(SAMLAuthnContextParser.getInstance().parse(xmlEventReader));
break;
default:
throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
}
}
Also used :
SubjectLocalityType(org.keycloak.dom.saml.v2.assertion.SubjectLocalityType)
Aggregations
AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)18
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)10
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)9
Test (org.junit.Test)8
StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)7
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)6
XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)5
AuthnContextType (org.keycloak.dom.saml.v2.assertion.AuthnContextType)5
SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)4
JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)4
SamlClient (org.keycloak.testsuite.util.SamlClient)4
Set (java.util.Set)3
Matchers.is (org.hamcrest.Matchers.is)3
Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)3
Assert.assertThat (org.junit.Assert.assertThat)3
AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)3
ConditionsType (org.keycloak.dom.saml.v2.assertion.ConditionsType)3
SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)3
XMLTimeUtil (org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil)3
Matchers (org.keycloak.testsuite.util.Matchers)3
