Examples with NameIDType org.keycloak.dom.saml.v2.assertion.NameIDType used on opensource projects

Search in sources :

Example 31 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class AssertionUtil method decryptId.

public static void decryptId(final ResponseType responseType, final PrivateKey privateKey) throws ConfigurationException, ProcessingException, ParsingException {
    final STSubType subTypeElement = getSubTypeElement(responseType);
    if (subTypeElement == null) {
        return;
    }
    final EncryptedElementType encryptedID = subTypeElement.getEncryptedID();
    if (encryptedID == null) {
        return;
    }
    Element encryptedElement = encryptedID.getEncryptedElement();
    Document newDoc = DocumentUtil.createDocument();
    Node importedNode = newDoc.importNode(encryptedElement, true);
    newDoc.appendChild(importedNode);
    Element decryptedNameIdElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey);
    final XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(decryptedNameIdElement));
    NameIDType nameIDType = SAMLParserUtil.parseNameIDType(xmlEventReader);
    // Add unencrypted id, remove encrypted
    subTypeElement.addBaseID(nameIDType);
    subTypeElement.setEncryptedID(null);
}
Also used : STSubType(org.keycloak.dom.saml.v2.assertion.SubjectType.STSubType) Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) XMLEventReader(javax.xml.stream.XMLEventReader) EncryptedElementType(org.keycloak.dom.saml.v2.assertion.EncryptedElementType) Document(org.w3c.dom.Document) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Example 32 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class UsernameTemplateMapper method setUserNameFromTemplate.

private void setUserNameFromTemplate(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
    AssertionType assertion = (AssertionType) context.getContextData().get(SAMLEndpoint.SAML_ASSERTION);
    String template = mapperModel.getConfig().get(TEMPLATE);
    Matcher m = SUBSTITUTION.matcher(template);
    StringBuffer sb = new StringBuffer();
    while (m.find()) {
        String variable = m.group(1);
        UnaryOperator<String> transformer = Optional.ofNullable(m.group(2)).map(TRANSFORMERS::get).orElse(UnaryOperator.identity());
        if (variable.equals("ALIAS")) {
            m.appendReplacement(sb, transformer.apply(context.getIdpConfig().getAlias()));
        } else if (variable.equals("UUID")) {
            m.appendReplacement(sb, transformer.apply(KeycloakModelUtils.generateId()));
        } else if (variable.equals("NAMEID")) {
            SubjectType subject = assertion.getSubject();
            SubjectType.STSubType subType = subject.getSubType();
            NameIDType subjectNameID = (NameIDType) subType.getBaseID();
            m.appendReplacement(sb, transformer.apply(subjectNameID.getValue()));
        } else if (variable.startsWith("ATTRIBUTE.")) {
            String name = variable.substring("ATTRIBUTE.".length());
            String value = "";
            for (AttributeStatementType statement : assertion.getAttributeStatements()) {
                for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
                    AttributeType attr = choice.getAttribute();
                    if (name.equals(attr.getName()) || name.equals(attr.getFriendlyName())) {
                        List<Object> attributeValue = attr.getAttributeValue();
                        if (attributeValue != null && !attributeValue.isEmpty()) {
                            value = attributeValue.get(0).toString();
                        }
                        break;
                    }
                }
            }
            m.appendReplacement(sb, transformer.apply(value));
        } else {
            m.appendReplacement(sb, m.group(1));
        }
    }
    m.appendTail(sb);
    Target t = getTarget(mapperModel.getConfig().get(TARGET));
    t.set(context, sb.toString());
}
Also used : Matcher(java.util.regex.Matcher) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) ArrayList(java.util.ArrayList) List(java.util.List) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Example 33 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class ArtifactBindingWithResolutionServiceTest method setArtifactResolutionServiceLogoutRequest.

private void setArtifactResolutionServiceLogoutRequest(ArtifactResolutionService ars) throws ParsingException, ConfigurationException, ProcessingException {
    SAML2LogoutRequestBuilder builder = new SAML2LogoutRequestBuilder().destination(getAuthServerSamlEndpoint(REALM_NAME).toString()).issuer(SAML_CLIENT_ID_SALES_POST).sessionIndex(sessionIndexRef.get());
    final NameIDType nameIdValue = nameIdRef.get();
    if (nameIdValue != null) {
        builder = builder.userPrincipal(nameIdValue.getValue(), nameIdValue.getFormat() == null ? null : nameIdValue.getFormat().toString());
    }
    ars.setResponseDocument(builder.buildDocument());
}
Also used : SAML2LogoutRequestBuilder(org.keycloak.saml.SAML2LogoutRequestBuilder) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Example 34 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class AuthnRequestNameIdFormatTest method testLoginWithNameIdPolicy.

private void testLoginWithNameIdPolicy(Binding requestBinding, Binding responseBinding, NameIDPolicyType nameIDPolicy, Matcher<String> nameIdMatcher) throws Exception {
    SAMLDocumentHolder res = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, requestBinding).transformObject(so -> {
        so.setProtocolBinding(requestBinding.getBindingUri());
        so.setNameIDPolicy(nameIDPolicy);
        return so;
    }).build().login().user(bburkeUser).build().getSamlResponse(responseBinding);
    assertThat(res.getSamlObject(), notNullValue());
    assertThat(res.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) res.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
    assertThat(rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
    NameIDType nameId = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
    assertThat(nameId.getValue(), nameIdMatcher);
}
Also used : JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Assert.assertThat(org.junit.Assert.assertThat) List(java.util.List) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Matcher(org.hamcrest.Matcher) SamlClient(org.keycloak.testsuite.util.SamlClient) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) ClientResource(org.keycloak.admin.client.resource.ClientResource) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 35 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class BrokerTest method assertExpired.

private void assertExpired(XMLGregorianCalendar notBefore, XMLGregorianCalendar notOnOrAfter, boolean shouldPass) throws Exception {
    Status expectedStatus = shouldPass ? Status.OK : Status.BAD_REQUEST;
    final RealmResource realm = adminClient.realm(REALM_NAME);
    try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/"))) {
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).transformObject(resp -> {
            // always invent a new user identified by a different email address
            ResponseType rt = (ResponseType) resp;
            AssertionType a = rt.getAssertions().get(0).getAssertion();
            NameIDType nameId = new NameIDType();
            nameId.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get()));
            nameId.setValue(UUID.randomUUID() + "@random.email.org");
            SubjectType subject = new SubjectType();
            SubjectType.STSubType subType = new SubjectType.STSubType();
            subType.addBaseID(nameId);
            subject.setSubType(subType);
            a.setSubject(subject);
            ConditionsType conditions = a.getConditions();
            conditions.setNotBefore(notBefore);
            conditions.setNotOnOrAfter(notOnOrAfter);
            return rt;
        }).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(expectedStatus)).execute();
    }
}
Also used : Status(javax.ws.rs.core.Response.Status) XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) KeyPair(java.security.KeyPair) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) Header(org.apache.http.Header) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) Document(org.w3c.dom.Document) Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName) URI(java.net.URI) HttpHeaders(org.apache.http.HttpHeaders) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) IdentityProviderBuilder(org.keycloak.testsuite.util.IdentityProviderBuilder) UUID(java.util.UUID) Objects(java.util.Objects) List(java.util.List) Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse) Matchers.is(org.hamcrest.Matchers.is) SAML_CLIENT_ID_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_SALES_POST) QName(javax.xml.namespace.QName) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) XmlDSigQNames(org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AtomicReference(java.util.concurrent.atomic.AtomicReference) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) RSA_SHA1(org.keycloak.saml.SignatureAlgorithm.RSA_SHA1) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) DOMException(org.w3c.dom.DOMException) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) NodeList(org.w3c.dom.NodeList) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME) Matchers(org.hamcrest.Matchers) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SAML_ASSERTION_CONSUMER_URL_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) IdpReviewProfileAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticatorFactory) BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder) Element(org.w3c.dom.Element) Assert(org.junit.Assert) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) RealmResource(org.keycloak.admin.client.resource.RealmResource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Aggregations

NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)54 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)22 Element (org.w3c.dom.Element)21 Test (org.junit.Test)20 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)19 SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)15 QName (javax.xml.namespace.QName)12 List (java.util.List)11 URI (java.net.URI)9 AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)8 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)7 ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)7 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)7 Document (org.w3c.dom.Document)7 InputStream (java.io.InputStream)5 HashMap (java.util.HashMap)5 AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)5 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)5 EncryptedAssertionType (org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial