Example 56 with NameIDType
use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.
the class SAMLAssertionWriter method write.
/**
* Write an {@code AssertionType} to stream
*
* @param assertion
*
* @throws org.keycloak.saml.common.exceptions.ProcessingException
*/
public void write(AssertionType assertion) throws ProcessingException {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
// Attributes
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
NameIDType issuer = assertion.getIssuer();
if (issuer != null)
write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
SubjectType subject = assertion.getSubject();
if (subject != null) {
write(subject);
}
ConditionsType conditions = assertion.getConditions();
if (conditions != null) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI.get());
if (conditions.getNotBefore() != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
}
if (conditions.getNotOnOrAfter() != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
}
List<ConditionAbstractType> typeOfConditions = conditions.getConditions();
if (typeOfConditions != null) {
for (ConditionAbstractType typeCondition : typeOfConditions) {
if (typeCondition instanceof AudienceRestrictionType) {
AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), ASSERTION_NSURI.get());
List<URI> audiences = art.getAudience();
if (audiences != null) {
for (URI audience : audiences) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ASSERTION_NSURI.get());
StaxUtil.writeCharacters(writer, audience.toString());
StaxUtil.writeEndElement(writer);
}
}
StaxUtil.writeEndElement(writer);
}
if (typeCondition instanceof OneTimeUseType) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ONE_TIME_USE.get(), ASSERTION_NSURI.get());
StaxUtil.writeEndElement(writer);
}
}
}
StaxUtil.writeEndElement(writer);
}
AdviceType advice = assertion.getAdvice();
if (advice != null)
throw logger.notImplementedYet("Advice");
Set<StatementAbstractType> statements = assertion.getStatements();
if (statements != null) {
for (StatementAbstractType statement : statements) {
if (statement instanceof AuthnStatementType) {
write((AuthnStatementType) statement, false);
} else if (statement instanceof AttributeStatementType) {
write((AttributeStatementType) statement);
} else
throw logger.writerUnknownTypeError(statement.getClass().getName());
}
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
QName(javax.xml.namespace.QName)
AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
URI(java.net.URI)
ASSERTION_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI)
OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType)
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType)
SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType)
AdviceType(org.keycloak.dom.saml.v2.assertion.AdviceType)
ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
Example 57 with NameIDType
use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.
the class SAMLRequestWriter method write.
/**
* Write a {@code LogoutRequestType} to stream
*
* @param logOutRequest
*
* @throws ProcessingException
*/
public void write(LogoutRequestType logOutRequest) throws ProcessingException {
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.LOGOUT_REQUEST.get(), PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
// Attributes
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), logOutRequest.getID());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), logOutRequest.getVersion());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), logOutRequest.getIssueInstant().toString());
URI destination = logOutRequest.getDestination();
if (destination != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString());
}
String consent = logOutRequest.getConsent();
if (StringUtil.isNotNull(consent))
StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent);
NameIDType issuer = logOutRequest.getIssuer();
write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
Element signature = logOutRequest.getSignature();
if (signature != null) {
StaxUtil.writeDOMElement(writer, signature);
}
ExtensionsType extensions = logOutRequest.getExtensions();
if (extensions != null && !extensions.getAny().isEmpty()) {
write(extensions);
}
NameIDType nameID = logOutRequest.getNameID();
if (nameID != null) {
write(nameID, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
}
List<String> sessionIndexes = logOutRequest.getSessionIndex();
for (String sessionIndex : sessionIndexes) {
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.SESSION_INDEX.get(), PROTOCOL_NSURI.get());
StaxUtil.writeCharacters(writer, sessionIndex);
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
PROTOCOL_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.PROTOCOL_NSURI)
URI(java.net.URI)
ASSERTION_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI)
Example 58 with NameIDType
use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.
the class SAMLResponseWriter method write.
/**
* Write a {@code StatusResponseType}
*
* @param response
* @param qname QName of the starting element
* @param out
*
* @throws ProcessingException
*/
public void write(StatusResponseType response, QName qname) throws ProcessingException {
if (qname == null) {
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.STATUS_RESPONSE_TYPE.get(), JBossSAMLURIConstants.PROTOCOL_NSURI.get());
} else {
StaxUtil.writeStartElement(writer, qname.getPrefix(), qname.getLocalPart(), qname.getNamespaceURI());
}
StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, JBossSAMLURIConstants.ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.ASSERTION_NSURI.get());
writeBaseAttributes(response);
NameIDType issuer = response.getIssuer();
write(issuer, new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()));
Element sig = response.getSignature();
if (sig != null) {
StaxUtil.writeDOMElement(writer, sig);
}
ExtensionsType extensions = response.getExtensions();
if (extensions != null && extensions.getAny() != null && !extensions.getAny().isEmpty()) {
write(extensions);
}
StatusType status = response.getStatus();
write(status);
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
QName(javax.xml.namespace.QName)
StatusType(org.keycloak.dom.saml.v2.protocol.StatusType)
Element(org.w3c.dom.Element)
ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
Example 59 with NameIDType
use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.
the class SAMLAssertionFactory method createAssertion.
/**
* <p>
* Creates a SAMLV2 {@code AssertionType} with the specified values.
* </p>
*
* @param id a {@code String} representing the assertion ID.
* @param issuerID a {@code NameIDType} that identifies the assertion issuer.
* @param issueInstant the assertion time of creation.
* @param conditions the {@code ConditionsType} that specify the conditions under which the assertion is to be
* considered
* valid
* @param subject the {@code SubjectType} that identifies the authenticated principal.
* @param statements a list of statements associated with the authenticated principal.
*
* @return
*/
public static AssertionType createAssertion(String id, NameIDType issuerID, XMLGregorianCalendar issueInstant, ConditionsType conditions, SubjectType subject, List<StatementAbstractType> statements) {
AssertionType assertion = new AssertionType(id, issueInstant);
assertion.setIssuer(issuerID);
if (conditions != null)
assertion.setConditions(conditions);
if (subject != null)
assertion.setSubject(subject);
if (statements != null) {
for (StatementAbstractType statement : statements) {
assertion.addStatement(statement);
}
}
return assertion;
}
Also used :
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)
Example 60 with NameIDType
use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.
the class HandleArtifactStepBuilder method perform.
/**
* Main method. Can read a response with an artifact (redirect or post) and return a POSTed SOAP message containing
* the ArtifactResolve message. The behaviour changes depending on what builder methods were called.
*
* @param client The current http client
* @param currentURI the current uri
* @param currentResponse the current response from the IdP
* @param context the current http context
* @return a POSTed SOAP message containing the ArtifactResolve message
* @throws Exception
*/
@Override
public HttpUriRequest perform(CloseableHttpClient client, URI currentURI, CloseableHttpResponse currentResponse, HttpClientContext context) throws Exception {
if (replayPost && replayPostMessage != null) {
return replayPostMessage;
}
ArtifactResolveType artifactResolve = new ArtifactResolveType(id, XMLTimeUtil.getIssueInstant());
NameIDType nameIDType = new NameIDType();
nameIDType.setValue(issuer);
artifactResolve.setIssuer(nameIDType);
String artifact = getArtifactFromResponse(currentResponse);
if (storeArtifact != null)
storeArtifact.set(artifact);
artifactResolve.setArtifact(artifact);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(bos);
new SAMLRequestWriter(xmlStreamWriter).write(artifactResolve);
Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(bos.toByteArray()));
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
if (signingPrivateKeyPem != null && signingPublicKeyPem != null) {
PrivateKey privateKey = org.keycloak.testsuite.util.KeyUtils.privateKeyFromString(signingPrivateKeyPem);
PublicKey publicKey = org.keycloak.testsuite.util.KeyUtils.publicKeyFromString(signingPublicKeyPem);
binding.signatureAlgorithm(SignatureAlgorithm.RSA_SHA256).signWith(KeyUtils.createKeyId(privateKey), privateKey, publicKey).signDocument(doc);
}
String documentAsString = DocumentUtil.getDocumentAsString(doc);
String transformed = getTransformer().transform(documentAsString);
if (transformed == null)
return null;
if (beforeStepChecker != null && beforeStepChecker instanceof SessionStateChecker) {
SessionStateChecker sessionStateChecker = (SessionStateChecker) beforeStepChecker;
sessionStateChecker.setUserSessionProvider(session -> session.getProvider(SamlArtifactSessionMappingStoreProvider.class).get(artifact).getUserSessionId());
sessionStateChecker.setClientSessionProvider(session -> session.getProvider(SamlArtifactSessionMappingStoreProvider.class).get(artifact).getClientSessionId());
}
HttpPost post = Soap.createMessage().addToBody(DocumentUtil.getDocument(transformed)).buildHttpPost(authServerSamlUrl);
replayPostMessage = post;
return post;
}
Also used :
ArtifactResolveType(org.keycloak.dom.saml.v2.protocol.ArtifactResolveType)
HttpPost(org.apache.http.client.methods.HttpPost)
PrivateKey(java.security.PrivateKey)
PublicKey(java.security.PublicKey)
BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Document(org.w3c.dom.Document)
SamlArtifactSessionMappingStoreProvider(org.keycloak.models.SamlArtifactSessionMappingStoreProvider)
ByteArrayInputStream(java.io.ByteArrayInputStream)
XMLStreamWriter(javax.xml.stream.XMLStreamWriter)
SAMLRequestWriter(org.keycloak.saml.processing.core.saml.v2.writers.SAMLRequestWriter)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
Aggregations
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)54
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)22
Element (org.w3c.dom.Element)21
Test (org.junit.Test)20
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)19
SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)15
QName (javax.xml.namespace.QName)12
List (java.util.List)11
URI (java.net.URI)9
AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)8
XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)7
ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)7
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)7
Document (org.w3c.dom.Document)7
InputStream (java.io.InputStream)5
HashMap (java.util.HashMap)5
AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)5
AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)5
EncryptedAssertionType (org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)5
