Examples with OneTimeUseType org.keycloak.dom.saml.v2.assertion.OneTimeUseType used on opensource projects

Search in sources :

Example 1 with OneTimeUseType

use of org.keycloak.dom.saml.v2.assertion.OneTimeUseType in project keycloak by keycloak.

the class SAMLConditionsParser method processSubElement.

@Override
protected void processSubElement(XMLEventReader xmlEventReader, ConditionsType target, SAMLAssertionQNames element, StartElement elementDetail) throws ParsingException {
    switch(element) {
        case AUDIENCE_RESTRICTION:
            AudienceRestrictionType audienceRestriction = SAMLAudienceRestrictionParser.getInstance().parse(xmlEventReader);
            target.addCondition(audienceRestriction);
            break;
        case ONE_TIME_USE:
            OneTimeUseType oneTimeUseCondition = new OneTimeUseType();
            target.addCondition(oneTimeUseCondition);
            break;
        case PROXY_RESTRICTION:
            ProxyRestrictionType proxyRestriction = SAMLProxyRestrictionParser.getInstance().parse(xmlEventReader);
            target.addCondition(proxyRestriction);
            break;
        default:
            throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
    }
}
Also used : OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) ProxyRestrictionType(org.keycloak.dom.saml.v2.assertion.ProxyRestrictionType) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)

Example 2 with OneTimeUseType

use of org.keycloak.dom.saml.v2.assertion.OneTimeUseType in project keycloak by keycloak.

the class IncludeOneTimeUseConditionTest method testOneTimeUseConditionIncluded.

private void testOneTimeUseConditionIncluded(Boolean oneTimeUseConditionShouldBeIncluded) throws IOException {
    try (Closeable c = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ONETIMEUSE_CONDITION, oneTimeUseConditionShouldBeIncluded.toString()).update()) {
        SAMLDocumentHolder res = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(Binding.POST);
        assertThat(res.getSamlObject(), notNullValue());
        assertThat(res.getSamlObject(), instanceOf(ResponseType.class));
        ResponseType rt = (ResponseType) res.getSamlObject();
        assertThat(rt.getAssertions(), not(empty()));
        final ConditionsType conditionsType = rt.getAssertions().get(0).getAssertion().getConditions();
        assertThat(conditionsType, notNullValue());
        assertThat(conditionsType.getConditions(), not(empty()));
        final List<ConditionAbstractType> conditions = conditionsType.getConditions();
        final Collection<ConditionAbstractType> oneTimeUseConditions = Collections2.filter(conditions, input -> input instanceof OneTimeUseType);
        final boolean oneTimeUseConditionAdded = !oneTimeUseConditions.isEmpty();
        assertThat(oneTimeUseConditionAdded, is(oneTimeUseConditionShouldBeIncluded));
    }
}
Also used : OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 3 with OneTimeUseType

use of org.keycloak.dom.saml.v2.assertion.OneTimeUseType in project keycloak by keycloak.

the class SAML2LoginResponseBuilder method buildModel.

public ResponseType buildModel() throws ConfigurationException, ProcessingException {
    ResponseType responseType = null;
    SAML2Response saml2Response = new SAML2Response();
    // Create a response type
    String id = IDGenerator.create("ID_");
    IssuerInfoHolder issuerHolder = new IssuerInfoHolder(issuer);
    issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
    IDPInfoHolder idp = new IDPInfoHolder();
    idp.setNameIDFormatValue(nameId);
    idp.setNameIDFormat(nameIdFormat);
    SPInfoHolder sp = new SPInfoHolder();
    sp.setResponseDestinationURI(destination);
    sp.setRequestID(requestID);
    sp.setIssuer(requestIssuer);
    responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
    AssertionType assertion = responseType.getAssertions().get(0).getAssertion();
    // Add request issuer as the audience restriction
    AudienceRestrictionType audience = new AudienceRestrictionType();
    audience.addAudience(URI.create(requestIssuer));
    assertion.getConditions().addCondition(audience);
    // Update Conditions NotOnOrAfter
    if (assertionExpiration > 0) {
        ConditionsType conditions = assertion.getConditions();
        conditions.setNotOnOrAfter(XMLTimeUtil.add(conditions.getNotBefore(), assertionExpiration * 1000L));
    }
    // Update SubjectConfirmationData NotOnOrAfter
    if (subjectExpiration > 0) {
        SubjectConfirmationDataType subjectConfirmationData = assertion.getSubject().getConfirmation().get(0).getSubjectConfirmationData();
        subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.add(assertion.getConditions().getNotBefore(), subjectExpiration * 1000L));
    }
    // Create an AuthnStatementType
    if (!disableAuthnStatement) {
        String authContextRef = JBossSAMLURIConstants.AC_UNSPECIFIED.get();
        if (isNotNull(authMethod))
            authContextRef = authMethod;
        AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(), authContextRef);
        if (sessionExpiration > 0)
            authnStatement.setSessionNotOnOrAfter(XMLTimeUtil.add(authnStatement.getAuthnInstant(), sessionExpiration * 1000L));
        if (sessionIndex != null)
            authnStatement.setSessionIndex(sessionIndex);
        else
            authnStatement.setSessionIndex(assertion.getID());
        assertion.addStatement(authnStatement);
    }
    if (includeOneTimeUseCondition) {
        assertion.getConditions().addCondition(new OneTimeUseType());
    }
    if (!this.extensions.isEmpty()) {
        ExtensionsType extensionsType = new ExtensionsType();
        for (NodeGenerator extension : this.extensions) {
            extensionsType.addExtension(extension);
        }
        responseType.setExtensions(extensionsType);
    }
    return responseType;
}
Also used : AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SPInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.SPInfoHolder) ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType) IssuerInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.IssuerInfoHolder) SAML2Response(org.keycloak.saml.processing.api.saml.v2.response.SAML2Response) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) IDPInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.IDPInfoHolder)

Example 4 with OneTimeUseType

use of org.keycloak.dom.saml.v2.assertion.OneTimeUseType in project keycloak by keycloak.

the class ConditionsValidator method validateConditions.

private Result validateConditions(ConditionsType ct, Result res) {
    Iterator<ConditionAbstractType> it = ct.getConditions() == null ? Collections.<ConditionAbstractType>emptySet().iterator() : ct.getConditions().iterator();
    while (it.hasNext() && res == Result.VALID) {
        ConditionAbstractType cond = it.next();
        Result r;
        if (cond instanceof OneTimeUseType) {
            r = validateOneTimeUse((OneTimeUseType) cond);
        } else if (cond instanceof AudienceRestrictionType) {
            r = validateAudienceRestriction((AudienceRestrictionType) cond);
        } else if (cond instanceof ProxyRestrictionType) {
            r = validateProxyRestriction((ProxyRestrictionType) cond);
        } else {
            r = Result.INDETERMINATE;
            LOG.infof("Unknown condition in assertion %s: %s", assertionId, cond == null ? "<null>" : cond.getClass());
        }
        res = r.joinResult(res);
    }
    return res;
}
Also used : OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType) ProxyRestrictionType(org.keycloak.dom.saml.v2.assertion.ProxyRestrictionType) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)

Example 5 with OneTimeUseType

use of org.keycloak.dom.saml.v2.assertion.OneTimeUseType in project keycloak by keycloak.

the class SAMLAssertionWriter method write.

/**
 * Write an {@code AssertionType} to stream
 *
 * @param assertion
 *
 * @throws org.keycloak.saml.common.exceptions.ProcessingException
 */
public void write(AssertionType assertion) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
    // Attributes
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
    NameIDType issuer = assertion.getIssuer();
    if (issuer != null)
        write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    SubjectType subject = assertion.getSubject();
    if (subject != null) {
        write(subject);
    }
    ConditionsType conditions = assertion.getConditions();
    if (conditions != null) {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI.get());
        if (conditions.getNotBefore() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
        }
        if (conditions.getNotOnOrAfter() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
        }
        List<ConditionAbstractType> typeOfConditions = conditions.getConditions();
        if (typeOfConditions != null) {
            for (ConditionAbstractType typeCondition : typeOfConditions) {
                if (typeCondition instanceof AudienceRestrictionType) {
                    AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), ASSERTION_NSURI.get());
                    List<URI> audiences = art.getAudience();
                    if (audiences != null) {
                        for (URI audience : audiences) {
                            StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ASSERTION_NSURI.get());
                            StaxUtil.writeCharacters(writer, audience.toString());
                            StaxUtil.writeEndElement(writer);
                        }
                    }
                    StaxUtil.writeEndElement(writer);
                }
                if (typeCondition instanceof OneTimeUseType) {
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ONE_TIME_USE.get(), ASSERTION_NSURI.get());
                    StaxUtil.writeEndElement(writer);
                }
            }
        }
        StaxUtil.writeEndElement(writer);
    }
    AdviceType advice = assertion.getAdvice();
    if (advice != null)
        throw logger.notImplementedYet("Advice");
    Set<StatementAbstractType> statements = assertion.getStatements();
    if (statements != null) {
        for (StatementAbstractType statement : statements) {
            if (statement instanceof AuthnStatementType) {
                write((AuthnStatementType) statement, false);
            } else if (statement instanceof AttributeStatementType) {
                write((AttributeStatementType) statement);
            } else
                throw logger.writerUnknownTypeError(statement.getClass().getName());
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : QName(javax.xml.namespace.QName) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) URI(java.net.URI) ASSERTION_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI) OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) AdviceType(org.keycloak.dom.saml.v2.assertion.AdviceType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)

Aggregations

OneTimeUseType (org.keycloak.dom.saml.v2.assertion.OneTimeUseType)5 AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)4 ConditionAbstractType (org.keycloak.dom.saml.v2.assertion.ConditionAbstractType)3 ConditionsType (org.keycloak.dom.saml.v2.assertion.ConditionsType)3 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)2 ProxyRestrictionType (org.keycloak.dom.saml.v2.assertion.ProxyRestrictionType)2 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)2 Closeable (java.io.Closeable)1 URI (java.net.URI)1 QName (javax.xml.namespace.QName)1 AdviceType (org.keycloak.dom.saml.v2.assertion.AdviceType)1 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)1 AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)1 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)1 StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)1 SubjectConfirmationDataType (org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType)1 SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)1 ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)1 ASSERTION_NSURI (org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI)1 SAML2Response (org.keycloak.saml.processing.api.saml.v2.response.SAML2Response)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial