Example 61 with NameIDType
use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.
the class KcSamlLogoutTest method testProviderInitiatedLogoutCorrectlyLogsOutConsumerClients.
@Test
public void testProviderInitiatedLogoutCorrectlyLogsOutConsumerClients() throws Exception {
try (SamlMessageReceiver logoutReceiver = new SamlMessageReceiver(8082);
ClientAttributeUpdater cauConsumer = ClientAttributeUpdater.forClient(adminClient, bc.consumerRealmName(), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setFrontchannelLogout(false).setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, logoutReceiver.getUrl()).update();
ClientAttributeUpdater cauProvider = ClientAttributeUpdater.forClient(adminClient, bc.providerRealmName(), bc.getIDPClientIdInProviderRealm()).setFrontchannelLogout(true).update()) {
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
final AtomicReference<NameIDType> nameIdRef = new AtomicReference<>();
final AtomicReference<String> sessionIndexRef = new AtomicReference<>();
new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, SamlClient.Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
SamlClient.Binding.POST).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().processSamlResponse(SamlClient.Binding.POST).transformObject(saml2Object -> {
assertThat(saml2Object, Matchers.notNullValue());
assertThat(saml2Object, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
return null;
}).build().authnRequest(getProviderSamlEndpoint(bc.providerRealmName()), PROVIDER_SAML_CLIENT_ID, PROVIDER_SAML_CLIENT_ID + "saml", POST).build().followOneRedirect().processSamlResponse(POST).transformObject(saml2Object -> {
assertThat(saml2Object, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType loginResp1 = (ResponseType) saml2Object;
final AssertionType firstAssertion = loginResp1.getAssertions().get(0).getAssertion();
assertThat(firstAssertion, Matchers.notNullValue());
assertThat(firstAssertion.getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
NameIDType nameId = (NameIDType) firstAssertion.getSubject().getSubType().getBaseID();
AuthnStatementType firstAssertionStatement = (AuthnStatementType) firstAssertion.getStatements().iterator().next();
nameIdRef.set(nameId);
sessionIndexRef.set(firstAssertionStatement.getSessionIndex());
return null;
}).build().logoutRequest(getProviderSamlEndpoint(bc.providerRealmName()), PROVIDER_SAML_CLIENT_ID, POST).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).build().processSamlResponse(POST).transformObject(saml2Object -> {
assertThat(saml2Object, isSamlLogoutRequest(getConsumerRoot() + "/auth/realms/" + REALM_CONS_NAME + "/broker/" + IDP_SAML_ALIAS + "/endpoint"));
return saml2Object;
}).build().executeAndTransform(response -> {
SAMLDocumentHolder saml2ObjectHolder = POST.extractResponse(response);
assertThat(saml2ObjectHolder.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
return null;
});
// Check whether logoutReceiver contains correct LogoutRequest
assertThat(logoutReceiver.isMessageReceived(), is(true));
SAMLDocumentHolder message = logoutReceiver.getSamlDocumentHolder();
assertThat(message.getSamlObject(), isSamlLogoutRequest(logoutReceiver.getUrl()));
}
}
Also used :
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest)
ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater)
IDP_SAML_ALIAS(org.keycloak.testsuite.broker.BrokerTestConstants.IDP_SAML_ALIAS)
SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)
IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes)
POST(org.keycloak.testsuite.util.SamlClient.Binding.POST)
Matchers.isSamlLogoutRequest(org.keycloak.testsuite.util.Matchers.isSamlLogoutRequest)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
CoreMatchers.instanceOf(org.hamcrest.CoreMatchers.instanceOf)
BrokerTestTools.getConsumerRoot(org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot)
SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig)
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
Document(org.w3c.dom.Document)
SamlClient(org.keycloak.testsuite.util.SamlClient)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
Matchers.isSamlResponse(org.keycloak.testsuite.util.Matchers.isSamlResponse)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants)
Matchers(org.hamcrest.Matchers)
Test(org.junit.Test)
SamlProtocol(org.keycloak.protocol.saml.SamlProtocol)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
List(java.util.List)
UserAttributeUpdater(org.keycloak.testsuite.updaters.UserAttributeUpdater)
REALM_CONS_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME)
Closeable(java.io.Closeable)
ATTRIBUTE_TO_MAP_NAME(org.keycloak.testsuite.broker.KcOidcBrokerConfiguration.ATTRIBUTE_TO_MAP_NAME)
ClientBuilder(org.keycloak.testsuite.util.ClientBuilder)
Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse)
SamlMessageReceiver(org.keycloak.testsuite.util.saml.SamlMessageReceiver)
BrokerTestTools.getProviderRoot(org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot)
SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
Document(org.w3c.dom.Document)
SamlMessageReceiver(org.keycloak.testsuite.util.saml.SamlMessageReceiver)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater)
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest)
Test(org.junit.Test)
Example 62 with NameIDType
use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.
the class LogoutTest method createAuthnResponse.
private SAML2Object createAuthnResponse(SAML2Object so) {
AuthnRequestType req = (AuthnRequestType) so;
try {
final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer(BROKER_SERVICE_ID).assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).nameIdentifier(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get(), "a@b.c").authMethod(JBossSAMLURIConstants.AC_UNSPECIFIED.get()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
NameIDType nameId = (NameIDType) res.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
nameId.setNameQualifier(NAME_QUALIFIER);
nameId.setSPNameQualifier(SP_NAME_QUALIFIER);
nameId.setSPProvidedID(SP_PROVIDED_ID);
return res;
} catch (ConfigurationException | ProcessingException ex) {
throw new RuntimeException(ex);
}
}
Also used :
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)
SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
Example 63 with NameIDType
use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.
the class AbstractSamlTest method extractNameIdAndSessionIndexAndTerminate.
protected SAML2Object extractNameIdAndSessionIndexAndTerminate(SAML2Object so) {
assertThat(so, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType loginResp1 = (ResponseType) so;
final AssertionType firstAssertion = loginResp1.getAssertions().get(0).getAssertion();
assertThat(firstAssertion, org.hamcrest.Matchers.notNullValue());
assertThat(firstAssertion.getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
NameIDType nameId = (NameIDType) firstAssertion.getSubject().getSubType().getBaseID();
AuthnStatementType firstAssertionStatement = (AuthnStatementType) firstAssertion.getStatements().iterator().next();
nameIdRef.set(nameId);
sessionIndexRef.set(firstAssertionStatement.getSessionIndex());
return null;
}
Also used :
AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Aggregations
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)54
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)22
Element (org.w3c.dom.Element)21
Test (org.junit.Test)20
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)19
SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)15
QName (javax.xml.namespace.QName)12
List (java.util.List)11
URI (java.net.URI)9
AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)8
XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)7
ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)7
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)7
Document (org.w3c.dom.Document)7
InputStream (java.io.InputStream)5
HashMap (java.util.HashMap)5
AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)5
AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)5
EncryptedAssertionType (org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)5
