Examples with NameIDType - org.keycloak.dom.saml.v2.assertion.NameIDType

Example 41 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SAML2Request method createAuthnRequestType.

/**
 * Create an authentication request
 *
 * @param id
 * @param assertionConsumerURL
 * @param destination
 * @param issuerValue
 * @param protocolBindingUri
 *
 * @return
 *
 * @throws ConfigurationException
 */
public AuthnRequestType createAuthnRequestType(String id, String assertionConsumerURL, String destination, String issuerValue, URI protocolBinding) throws ConfigurationException {
    XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
    AuthnRequestType authnRequest = new AuthnRequestType(id, issueInstant);
    authnRequest.setAssertionConsumerServiceURL(URI.create(assertionConsumerURL));
    authnRequest.setProtocolBinding(protocolBinding);
    if (destination != null) {
        authnRequest.setDestination(URI.create(destination));
    }
    // Create an issuer
    NameIDType issuer = new NameIDType();
    issuer.setValue(issuerValue);
    authnRequest.setIssuer(issuer);
    // Create a default NameIDPolicy
    NameIDPolicyType nameIDPolicy = new NameIDPolicyType();
    nameIDPolicy.setAllowCreate(Boolean.TRUE);
    nameIDPolicy.setFormat(this.nameIDFormat == null ? null : URI.create(this.nameIDFormat));
    authnRequest.setNameIDPolicy(nameIDPolicy);
    return authnRequest;
}

Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Example 42 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SAML2Request method createLogoutRequest.

/**
 * Create a Logout Request
 *
 * @param issuer
 *
 * @return
 *
 * @throws ConfigurationException
 */
public static LogoutRequestType createLogoutRequest(NameIDType issuer) throws ConfigurationException {
    LogoutRequestType lrt = new LogoutRequestType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant());
    lrt.setIssuer(issuer);
    return lrt;
}

Also used : LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType)

Example 43 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SAML2Response method createResponseType.

/**
 * Create a ResponseType
 *
 * <b>NOTE:</b>: The PicketLink STS is used to issue/update the assertion
 *
 * If you want to control over the assertion being issued, then use
 * {@link #createResponseType(String, SPInfoHolder, IDPInfoHolder, IssuerInfoHolder, AssertionType)}
 *
 * @param ID id of the response
 * @param sp holder with the information about the Service Provider
 * @param idp holder with the information on the Identity Provider
 * @param issuerInfo holder with information on the issuer
 *
 * @return
 *
 * @throws ConfigurationException
 * @throws ProcessingException
 */
public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo) throws ProcessingException {
    String responseDestinationURI = sp.getResponseDestinationURI();
    XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
    // Create assertion -> subject
    SubjectType subjectType = new SubjectType();
    // subject -> nameid
    NameIDType nameIDType = new NameIDType();
    nameIDType.setFormat(idp.getNameIDFormat() == null ? null : URI.create(idp.getNameIDFormat()));
    nameIDType.setValue(idp.getNameIDFormatValue());
    SubjectType.STSubType subType = new SubjectType.STSubType();
    subType.addBaseID(nameIDType);
    subjectType.setSubType(subType);
    SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
    subjectConfirmation.setMethod(idp.getSubjectConfirmationMethod());
    SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
    subjectConfirmationData.setInResponseTo(sp.getRequestID());
    subjectConfirmationData.setRecipient(responseDestinationURI);
    // subjectConfirmationData.setNotBefore(issueInstant);
    subjectConfirmationData.setNotOnOrAfter(issueInstant);
    subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
    subjectType.addConfirmation(subjectConfirmation);
    AssertionType assertionType;
    NameIDType issuerID = issuerInfo.getIssuer();
    issueInstant = XMLTimeUtil.getIssueInstant();
    ConditionsType conditions = null;
    List<StatementAbstractType> statements = new LinkedList<>();
    // generate an id for the new assertion.
    String assertionID = IDGenerator.create("ID_");
    assertionType = SAMLAssertionFactory.createAssertion(assertionID, issuerID, issueInstant, conditions, subjectType, statements);
    try {
        AssertionUtil.createTimedConditions(assertionType, ASSERTION_VALIDITY, CLOCK_SKEW);
    } catch (ConfigurationException e) {
        throw logger.processingError(e);
    } catch (IssueInstantMissingException e) {
        throw logger.processingError(e);
    }
    ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
    // InResponseTo ID
    responseType.setInResponseTo(sp.getRequestID());
    // Destination
    responseType.setDestination(responseDestinationURI);
    return responseType;
}

Also used : EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) LinkedList(java.util.LinkedList) IssueInstantMissingException(org.keycloak.saml.common.exceptions.fed.IssueInstantMissingException) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)

Example 44 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SAML2AuthnRequestBuilder method createSubject.

private SubjectType createSubject(String value) {
    NameIDType nameId = new NameIDType();
    nameId.setValue(value);
    nameId.setFormat(this.authnRequestType.getNameIDPolicy() != null ? this.authnRequestType.getNameIDPolicy().getFormat() : null);
    SubjectType subject = new SubjectType();
    SubjectType.STSubType subType = new SubjectType.STSubType();
    subType.addBaseID(nameId);
    subject.setSubType(subType);
    return subject;
}

Also used : SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)

Example 45 with NameIDType

use of org.keycloak.dom.saml.v2.assertion.NameIDType in project keycloak by keycloak.

the class SAMLSubjectParser method processSubElement.

@Override
protected void processSubElement(XMLEventReader xmlEventReader, SubjectType target, SAMLAssertionQNames element, StartElement elementDetail) throws ParsingException {
    SubjectType.STSubType subType;
    switch(element) {
        case NAMEID:
            NameIDType nameID = SAMLParserUtil.parseNameIDType(xmlEventReader);
            subType = new SubjectType.STSubType();
            subType.addBaseID(nameID);
            target.setSubType(subType);
            break;
        case ENCRYPTED_ID:
            Element domElement = StaxParserUtil.getDOMElement(xmlEventReader);
            subType = new SubjectType.STSubType();
            subType.setEncryptedID(new EncryptedElementType(domElement));
            target.setSubType(subType);
            break;
        case SUBJECT_CONFIRMATION:
            target.addConfirmation(SAMLSubjectConfirmationParser.INSTANCE.parse(xmlEventReader));
            break;
        default:
            throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
    }
}

Also used : SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) Element(org.w3c.dom.Element) StartElement(javax.xml.stream.events.StartElement) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) EncryptedElementType(org.keycloak.dom.saml.v2.assertion.EncryptedElementType)

Aggregations

NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)54 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)22 Element (org.w3c.dom.Element)21 Test (org.junit.Test)20 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)19 SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)15 QName (javax.xml.namespace.QName)12 List (java.util.List)11 URI (java.net.URI)9 AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)8 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)7 ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)7 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)7 Document (org.w3c.dom.Document)7 InputStream (java.io.InputStream)5 HashMap (java.util.HashMap)5 AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)5 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)5 EncryptedAssertionType (org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)5