Examples with NameIDType org.keycloak.dom.saml.v2.assertion.NameIDType used on opensource projects

Example 11 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SamlService method createArtifactResolve.

/**
 * Creates an ArtifactResolve document with the given issuer and artifact
 * @param issuer the value to set as "issuer"
 * @param artifact the value to set as "artifact"
 * @return the Document of the created ArtifactResolve message
 * @throws ProcessingException
 * @throws ParsingException
 * @throws ConfigurationException
 */
private Document createArtifactResolve(String issuer, String artifact) throws ProcessingException, ParsingException, ConfigurationException {
    ArtifactResolveType artifactResolve = new ArtifactResolveType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant());
    NameIDType nameIDType = new NameIDType();
    nameIDType.setValue(issuer);
    artifactResolve.setIssuer(nameIDType);
    artifactResolve.setArtifact(artifact);
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(bos);
    new SAMLRequestWriter(xmlStreamWriter).write(artifactResolve);
    return DocumentUtil.getDocument(new ByteArrayInputStream(bos.toByteArray()));
}

Example 12 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method testProviderTransientIdpInitiatedLogin.

@Test
public void testProviderTransientIdpInitiatedLogin() throws Exception {
    IdentityProviderResource idp = adminClient.realm(REALM_CONS_NAME).identityProviders().get("saml-leaf");
    IdentityProviderRepresentation rep = idp.toRepresentation();
    rep.getConfig().put(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get());
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.name());
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, X500SAMLProfileConstants.UID.get());
    idp.update(rep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")).login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"));
        NameIDType nameId = new NameIDType();
        nameId.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get()));
        nameId.setValue("subjectId1");
        resp.getAssertions().get(0).getAssertion().getSubject().getSubType().addBaseID(nameId);
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(X500SAMLProfileConstants.UID.get());
        attr.addAttributeValue(PROVIDER_REALM_USER_NAME);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker-2")).login().sso(true).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales2")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales2"));
        NameIDType nameId = new NameIDType();
        nameId.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get()));
        nameId.setValue("subjectId2");
        resp.getAssertions().get(0).getAssertion().getSubject().getSubType().addBaseID(nameId);
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(X500SAMLProfileConstants.UID.get());
        attr.addAttributeValue(PROVIDER_REALM_USER_NAME);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth2/saml"));
    assertAudience(resp, urlRealmConsumer + "/app/auth2");
    UsersResource users = adminClient.realm(REALM_CONS_NAME).users();
    List<UserRepresentation> userList = users.search(CONSUMER_CHOSEN_USERNAME);
    assertEquals(1, userList.size());
    String id = userList.get(0).getId();
    FederatedIdentityRepresentation fed = users.get(id).getFederatedIdentity().get(0);
    assertThat(fed.getUserId(), is(PROVIDER_REALM_USER_NAME));
    assertThat(fed.getUserName(), is(PROVIDER_REALM_USER_NAME));
    // check that no user with sent subject-id was sent
    userList = users.search("subjectId1");
    assertTrue(userList.isEmpty());
    userList = users.search("subjectId2");
    assertTrue(userList.isEmpty());
}

Example 13 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SAML2LogoutRequestBuilder method userPrincipal.

/**
 * @param userPrincipal
 * @param userPrincipalFormat
 * @return
 * @deprecated Prefer {@link #nameId(org.keycloak.dom.saml.v2.assertion.NameIDType)}
 */
@Deprecated
public SAML2LogoutRequestBuilder userPrincipal(String userPrincipal, String userPrincipalFormat) {
    NameIDType nid = new NameIDType();
    nid.setValue(userPrincipal);
    if (userPrincipalFormat != null) {
        nid.setFormat(URI.create(userPrincipalFormat));
    }
    return nameId(nid);
}

Example 14 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class AuthnRequestType method getSenderURL.

public URI getSenderURL() {
    URI assertionConsumerServiceURL = getAssertionConsumerServiceURL();
    if (assertionConsumerServiceURL != null) {
        return assertionConsumerServiceURL;
    }
    NameIDType issuer = getIssuer();
    try {
        if (issuer != null) {
            return URI.create(issuer.getValue());
        }
    } catch (Exception e) {
        throw new RuntimeException("Could not resolve sender URL using the Issuer value [" + issuer.getValue() + "].", e);
    }
    throw new RuntimeException("Could not resolve sender URL. AuthnRequest must have a value for AssertionConsumerServiceURL or Issuer.");
}

Example 15 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SAMLEndpoint method getSubjectNameID.

private NameIDType getSubjectNameID(final AssertionType assertion) {
    SubjectType subject = assertion.getSubject();
    SubjectType.STSubType subType = subject.getSubType();
    return subType != null ? (NameIDType) subType.getBaseID() : null;
}