Search in sources :

Example 11 with StatementAbstractType

use of org.keycloak.dom.saml.v2.assertion.StatementAbstractType in project keycloak by keycloak.

the class StatementUtil method asMap.

public static Map<String, Object> asMap(Set<AttributeStatementType> attributeStatementTypes) {
    Map<String, Object> attrMap = new HashMap<>();
    if (attributeStatementTypes != null && !attributeStatementTypes.isEmpty()) {
        attrMap = new HashMap<>();
        for (StatementAbstractType statement : attributeStatementTypes) {
            if (statement instanceof AttributeStatementType) {
                AttributeStatementType attrStat = (AttributeStatementType) statement;
                List<ASTChoiceType> attrs = attrStat.getAttributes();
                for (ASTChoiceType attrChoice : attrs) {
                    AttributeType attr = attrChoice.getAttribute();
                    String attributeName = attr.getFriendlyName();
                    if (attributeName == null) {
                        attributeName = attr.getName();
                    }
                    List<Object> values = attr.getAttributeValue();
                    if (values != null) {
                        if (values.size() == 1) {
                            attrMap.put(attributeName, values.get(0));
                        } else {
                            attrMap.put(attributeName, values);
                        }
                    }
                }
            }
        }
    }
    return attrMap;
}
Also used : HashMap(java.util.HashMap) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)

Example 12 with StatementAbstractType

use of org.keycloak.dom.saml.v2.assertion.StatementAbstractType in project keycloak by keycloak.

the class SAMLAssertionWriter method write.

/**
 * Write an {@code AssertionType} to stream
 *
 * @param assertion
 *
 * @throws org.keycloak.saml.common.exceptions.ProcessingException
 */
public void write(AssertionType assertion) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
    // Attributes
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
    NameIDType issuer = assertion.getIssuer();
    if (issuer != null)
        write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    SubjectType subject = assertion.getSubject();
    if (subject != null) {
        write(subject);
    }
    ConditionsType conditions = assertion.getConditions();
    if (conditions != null) {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI.get());
        if (conditions.getNotBefore() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
        }
        if (conditions.getNotOnOrAfter() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
        }
        List<ConditionAbstractType> typeOfConditions = conditions.getConditions();
        if (typeOfConditions != null) {
            for (ConditionAbstractType typeCondition : typeOfConditions) {
                if (typeCondition instanceof AudienceRestrictionType) {
                    AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), ASSERTION_NSURI.get());
                    List<URI> audiences = art.getAudience();
                    if (audiences != null) {
                        for (URI audience : audiences) {
                            StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ASSERTION_NSURI.get());
                            StaxUtil.writeCharacters(writer, audience.toString());
                            StaxUtil.writeEndElement(writer);
                        }
                    }
                    StaxUtil.writeEndElement(writer);
                }
                if (typeCondition instanceof OneTimeUseType) {
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ONE_TIME_USE.get(), ASSERTION_NSURI.get());
                    StaxUtil.writeEndElement(writer);
                }
            }
        }
        StaxUtil.writeEndElement(writer);
    }
    AdviceType advice = assertion.getAdvice();
    if (advice != null)
        throw logger.notImplementedYet("Advice");
    Set<StatementAbstractType> statements = assertion.getStatements();
    if (statements != null) {
        for (StatementAbstractType statement : statements) {
            if (statement instanceof AuthnStatementType) {
                write((AuthnStatementType) statement, false);
            } else if (statement instanceof AttributeStatementType) {
                write((AttributeStatementType) statement);
            } else
                throw logger.writerUnknownTypeError(statement.getClass().getName());
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : QName(javax.xml.namespace.QName) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) URI(java.net.URI) ASSERTION_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI) OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) AdviceType(org.keycloak.dom.saml.v2.assertion.AdviceType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)

Example 13 with StatementAbstractType

use of org.keycloak.dom.saml.v2.assertion.StatementAbstractType in project keycloak by keycloak.

the class SAMLAssertionFactory method createAssertion.

/**
 * <p>
 * Creates a SAMLV2 {@code AssertionType} with the specified values.
 * </p>
 *
 * @param id a {@code String} representing the assertion ID.
 * @param issuerID a {@code NameIDType} that identifies the assertion issuer.
 * @param issueInstant the assertion time of creation.
 * @param conditions the {@code ConditionsType} that specify the conditions under which the assertion is to be
 * considered
 * valid
 * @param subject the {@code SubjectType} that identifies the authenticated principal.
 * @param statements a list of statements associated with the authenticated principal.
 *
 * @return
 */
public static AssertionType createAssertion(String id, NameIDType issuerID, XMLGregorianCalendar issueInstant, ConditionsType conditions, SubjectType subject, List<StatementAbstractType> statements) {
    AssertionType assertion = new AssertionType(id, issueInstant);
    assertion.setIssuer(issuerID);
    if (conditions != null)
        assertion.setConditions(conditions);
    if (subject != null)
        assertion.setSubject(subject);
    if (statements != null) {
        for (StatementAbstractType statement : statements) {
            assertion.addStatement(statement);
        }
    }
    return assertion;
}
Also used : AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)

Example 14 with StatementAbstractType

use of org.keycloak.dom.saml.v2.assertion.StatementAbstractType in project keycloak by keycloak.

the class KcSamlBrokerSessionNotOnOrAfterTest method testConsumerIdpInitiatedLoginContainsSessionNotOnOrAfter.

@Test
public void testConsumerIdpInitiatedLoginContainsSessionNotOnOrAfter() throws Exception {
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().idpInitiatedLogin(getConsumerSamlEndpoint(REALM_CONS_NAME), "sales-post").build().login().idp(IDP_SAML_ALIAS).build().processSamlResponse(// AuthnRequest to producer IdP
    SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user(USER_LOGIN, USER_PASSWORD).build().processSamlResponse(SamlClient.Binding.POST).build().updateProfile().username(USER_LOGIN).email(USER_EMAIL).firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(SamlClient.Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
    AuthnStatementType authType = statements.stream().filter(statement -> statement instanceof AuthnStatementType).map(s -> (AuthnStatementType) s).findFirst().orElse(null);
    assertThat(authType, notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), is(XMLTimeUtil.add(authType.getAuthnInstant(), adminClient.realm(REALM_CONS_NAME).toRepresentation().getSsoSessionMaxLifespan() * 1000)));
}
Also used : AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) USER_PASSWORD(org.keycloak.testsuite.broker.BrokerTestConstants.USER_PASSWORD) IDP_SAML_ALIAS(org.keycloak.testsuite.broker.BrokerTestConstants.IDP_SAML_ALIAS) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Set(java.util.Set) Test(org.junit.Test) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) USER_EMAIL(org.keycloak.testsuite.broker.BrokerTestConstants.USER_EMAIL) Assert.assertThat(org.junit.Assert.assertThat) USER_LOGIN(org.keycloak.testsuite.broker.BrokerTestConstants.USER_LOGIN) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) REALM_CONS_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME) SamlClient(org.keycloak.testsuite.util.SamlClient) Matchers.is(org.hamcrest.Matchers.is) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) Test(org.junit.Test)

Example 15 with StatementAbstractType

use of org.keycloak.dom.saml.v2.assertion.StatementAbstractType in project keycloak by keycloak.

the class SessionNotOnOrAfterTest method checkSessionNotOnOrAfter.

private SAML2Object checkSessionNotOnOrAfter(SAML2Object ob, int ssoMaxLifespan, int accessCodeLifespan, int accessTokenLifespan) {
    assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) ob;
    Assert.assertNotNull(resp);
    Assert.assertNotNull(resp.getAssertions());
    Assert.assertThat(resp.getAssertions().size(), greaterThan(0));
    Assert.assertNotNull(resp.getAssertions().get(0));
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion());
    // session lifespan
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getStatements());
    Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
    AuthnStatementType authType = statements.stream().filter(statement -> statement instanceof AuthnStatementType).map(s -> (AuthnStatementType) s).findFirst().orElse(null);
    assertThat(authType, notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), is(XMLTimeUtil.add(authType.getAuthnInstant(), ssoMaxLifespan * 1000L)));
    // Conditions
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    ConditionsType condition = resp.getAssertions().get(0).getAssertion().getConditions();
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessCodeLifespan * 1000L), condition.getNotOnOrAfter());
    // SubjectConfirmation (confirmationData has no NotBefore, using the previous one because it's the same)
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation());
    List<SubjectConfirmationType> confirmations = resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation();
    SubjectConfirmationDataType confirmationData = confirmations.stream().map(c -> c.getSubjectConfirmationData()).filter(c -> c != null).findFirst().orElse(null);
    Assert.assertNotNull(confirmationData);
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessTokenLifespan * 1000L), confirmationData.getNotOnOrAfter());
    return null;
}
Also used : AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Set(java.util.Set) Test(org.junit.Test) SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) Assert.assertThat(org.junit.Assert.assertThat) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) List(java.util.List) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) SamlClient(org.keycloak.testsuite.util.SamlClient) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) Assert(org.junit.Assert) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SubjectConfirmationType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Aggregations

StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)15 Test (org.junit.Test)9 AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)9 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)9 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)8 AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)8 Set (java.util.Set)7 Assert.assertThat (org.junit.Assert.assertThat)7 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)7 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)7 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)7 Matchers (org.keycloak.testsuite.util.Matchers)6 URI (java.net.URI)5 Matchers.is (org.hamcrest.Matchers.is)5 Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)5 Response (javax.ws.rs.core.Response)4 IOException (java.io.IOException)3 List (java.util.List)3 Map (java.util.Map)3 Collectors (java.util.stream.Collectors)3