Examples with NameIDType org.keycloak.dom.saml.v2.assertion.NameIDType used on opensource projects

Search in sources :

Example 51 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class ClientTokenExchangeSAML2Test method testExchangeToSAML2UnsignedAndUnencryptedAssertion.

@Test
@UncaughtServerErrorExpected
public void testExchangeToSAML2UnsignedAndUnencryptedAssertion() throws Exception {
    testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
    oauth.realm(TEST);
    oauth.clientId("client-exchanger");
    OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("secret", "user", "password");
    String accessToken = response.getAccessToken();
    TokenVerifier<AccessToken> accessTokenVerifier = TokenVerifier.create(accessToken, AccessToken.class);
    AccessToken token = accessTokenVerifier.parse().getToken();
    Assert.assertEquals(token.getPreferredUsername(), "user");
    Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
    Map<String, String> params = new HashMap<>();
    params.put(OAuth2Constants.REQUESTED_TOKEN_TYPE, OAuth2Constants.SAML2_TOKEN_TYPE);
    {
        response = oauth.doTokenExchange(TEST, accessToken, SAML_UNSIGNED_AND_UNENCRYPTED_TARGET, "client-exchanger", "secret", params);
        String exchangedTokenString = response.getAccessToken();
        String assertionXML = new String(Base64Url.decode(exchangedTokenString), "UTF-8");
        // Verify issued_token_type
        Assert.assertEquals(OAuth2Constants.SAML2_TOKEN_TYPE, response.getIssuedTokenType());
        // Verify assertion
        Document assertionDoc = DocumentUtil.getDocument(assertionXML);
        Assert.assertFalse(AssertionUtil.isSignedElement(assertionDoc.getDocumentElement()));
        AssertionType assertion = (AssertionType) SAMLParser.getInstance().parse(assertionDoc);
        // Audience
        AudienceRestrictionType aud = (AudienceRestrictionType) assertion.getConditions().getConditions().get(0);
        Assert.assertEquals(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET, aud.getAudience().get(0).toString());
        // NameID
        Assert.assertEquals("user", ((NameIDType) assertion.getSubject().getSubType().getBaseID()).getValue());
        // Role mapping
        List<String> roles = AssertionUtil.getRoles(assertion, null);
        Assert.assertTrue(roles.contains("example"));
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) HashMap(java.util.HashMap) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Document(org.w3c.dom.Document) AccessToken(org.keycloak.representations.AccessToken) List(java.util.List) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Example 52 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class NameIdMapperTest method testExpectedNameId.

private void testExpectedNameId(String expectedNameId) {
    ResponseType rt = getSamlResponseObject();
    NameIDType nameId = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
    assertEquals(expectedNameId, nameId.getValue());
    assertEquals(JBossSAMLURIConstants.STATUS_SUCCESS.get(), rt.getStatus().getStatusCode().getValue().toString());
}
Also used : NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 53 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SamlProtocolUtils method buildArtifactResponse.

/**
 * Takes a saml object (an object that will be part of resulting ArtifactResponse), and inserts it as the body of
 * an ArtifactResponse. The ArtifactResponse is returned as ArtifactResponseType
 *
 * @param samlObject a Saml object
 * @param issuer issuer of the resulting ArtifactResponse, should be the same as issuer of the samlObject
 * @param statusCode status code of the resulting response
 * @return An ArtifactResponse containing the saml object.
 */
public static ArtifactResponseType buildArtifactResponse(SAML2Object samlObject, NameIDType issuer, URI statusCode) throws ConfigurationException, ProcessingException {
    ArtifactResponseType artifactResponse = new ArtifactResponseType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant());
    // Status
    StatusType statusType = new StatusType();
    StatusCodeType statusCodeType = new StatusCodeType();
    statusCodeType.setValue(statusCode);
    statusType.setStatusCode(statusCodeType);
    artifactResponse.setStatus(statusType);
    artifactResponse.setIssuer(issuer);
    artifactResponse.setAny(samlObject);
    return artifactResponse;
}
Also used : StatusType(org.keycloak.dom.saml.v2.protocol.StatusType) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) StatusCodeType(org.keycloak.dom.saml.v2.protocol.StatusCodeType)

Example 54 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class AssertionUtilTest method testSaml20DecryptId.

@Test
public void testSaml20DecryptId() throws Exception {
    try (InputStream st = getEncryptedIdTestFileInputStream()) {
        ResponseType responseType = (ResponseType) SAMLParser.getInstance().parse(st);
        STSubType subType = responseType.getAssertions().get(0).getAssertion().getSubject().getSubType();
        assertNotNull(subType.getEncryptedID());
        assertNull(subType.getBaseID());
        AssertionUtil.decryptId(responseType, extractPrivateKey());
        assertNull(subType.getEncryptedID());
        assertNotNull(subType.getBaseID());
        assertTrue(subType.getBaseID() instanceof NameIDType);
        assertEquals("myTestId", ((NameIDType) subType.getBaseID()).getValue());
    }
}
Also used : STSubType(org.keycloak.dom.saml.v2.assertion.SubjectType.STSubType) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SAMLParserTest(org.keycloak.saml.processing.core.parsers.saml.SAMLParserTest) Test(org.junit.Test)

Example 55 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class BaseWriter method write.

private void write(SubjectConfirmationType subjectConfirmationType) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(), ASSERTION_NSURI.get());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(), subjectConfirmationType.getMethod());
    BaseIDAbstractType baseID = subjectConfirmationType.getBaseID();
    if (baseID != null) {
        write(baseID);
    }
    NameIDType nameIDType = subjectConfirmationType.getNameID();
    if (nameIDType != null) {
        write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
    }
    SubjectConfirmationDataType subjectConfirmationData = subjectConfirmationType.getSubjectConfirmationData();
    if (subjectConfirmationData != null) {
        write(subjectConfirmationData);
    }
    StaxUtil.writeEndElement(writer);
}
Also used : SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) QName(javax.xml.namespace.QName) BaseIDAbstractType(org.keycloak.dom.saml.v2.assertion.BaseIDAbstractType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Aggregations

NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)54 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)22 Element (org.w3c.dom.Element)21 Test (org.junit.Test)20 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)19 SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)15 QName (javax.xml.namespace.QName)12 List (java.util.List)11 URI (java.net.URI)9 AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)8 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)7 ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)7 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)7 Document (org.w3c.dom.Document)7 InputStream (java.io.InputStream)5 HashMap (java.util.HashMap)5 AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)5 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)5 EncryptedAssertionType (org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial