Search in sources :

Example 11 with EndpointType

use of org.keycloak.dom.saml.v2.metadata.EndpointType in project keycloak by keycloak.

the class EntityDescriptorDescriptionConverter method getLogoutLocation.

private static String getLogoutLocation(SPSSODescriptorType idp, String bindingURI) {
    String logoutResponseLocation = null;
    List<EndpointType> endpoints = idp.getSingleLogoutService();
    for (EndpointType endpoint : endpoints) {
        if (endpoint.getBinding().toString().equals(bindingURI)) {
            if (endpoint.getLocation() != null) {
                logoutResponseLocation = endpoint.getLocation().toString();
            } else {
                logoutResponseLocation = null;
            }
            break;
        }
    }
    return logoutResponseLocation;
}
Also used : EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)

Example 12 with EndpointType

use of org.keycloak.dom.saml.v2.metadata.EndpointType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20MetadataEntityDescriptorIdP.

@Test
public void testSaml20MetadataEntityDescriptorIdP() throws Exception {
    EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-idp.xml", EntityDescriptorType.class);
    List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
    assertThat(descriptors, hasSize(2));
    // IDPSSO descriptor
    IDPSSODescriptorType idpDescriptor = descriptors.get(0).getDescriptors().get(0).getIdpDescriptor();
    assertThat(idpDescriptor, is(notNullValue()));
    assertThat(idpDescriptor.isWantAuthnRequestsSigned(), is(true));
    assertThat(idpDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
    // Key descriptor
    List<KeyDescriptorType> keyDescriptors = idpDescriptor.getKeyDescriptor();
    assertThat(keyDescriptors, hasSize(1));
    KeyDescriptorType signingKey = keyDescriptors.get(0);
    assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
    assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
    assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("IdentityProvider.com SSO Key"));
    // Single logout services
    assertThat(idpDescriptor.getSingleLogoutService(), hasSize(2));
    EndpointType singleLS1 = idpDescriptor.getSingleLogoutService().get(0);
    assertThat(singleLS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
    assertThat(singleLS1.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/SOAP")));
    assertThat(singleLS1.getResponseLocation(), is(nullValue()));
    assertThat(singleLS1.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    EndpointType singleLS2 = idpDescriptor.getSingleLogoutService().get(1);
    assertThat(singleLS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
    assertThat(singleLS2.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/Browser")));
    assertThat(singleLS2.getResponseLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/Response")));
    assertThat(singleLS2.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // NameID
    assertThat(idpDescriptor.getNameIDFormat(), containsInAnyOrder("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
    // Single sign on services
    assertThat(idpDescriptor.getSingleSignOnService(), hasSize(2));
    EndpointType singleSO1 = idpDescriptor.getSingleSignOnService().get(0);
    assertThat(singleSO1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
    assertThat(singleSO1.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SSO/Browser")));
    assertThat(singleSO1.getResponseLocation(), is(nullValue()));
    assertThat(singleSO1.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleSO1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    EndpointType singleSO2 = idpDescriptor.getSingleSignOnService().get(1);
    assertThat(singleSO2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")));
    assertThat(singleSO2.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SSO/Browser")));
    assertThat(singleSO2.getResponseLocation(), is(nullValue()));
    assertThat(singleSO2.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleSO2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // Attributes
    assertThat(idpDescriptor.getAttribute(), hasSize(2));
    AttributeType attr1 = idpDescriptor.getAttribute().get(0);
    assertThat(attr1.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(attr1.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.6"));
    assertThat(attr1.getFriendlyName(), is("eduPersonPrincipalName"));
    assertThat(attr1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    assertThat(attr1.getAttributeValue(), is(emptyCollectionOf(Object.class)));
    AttributeType attr2 = idpDescriptor.getAttribute().get(1);
    assertThat(attr2.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(attr2.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.1"));
    assertThat(attr2.getFriendlyName(), is("eduPersonAffiliation"));
    assertThat(attr2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    assertThat(attr2.getAttributeValue(), containsInAnyOrder((Object) "member", "student", "faculty", "employee", "staff"));
    // Organization
    assertThat(entityDescriptor.getOrganization().getOrganizationName(), hasSize(1));
    LocalizedNameType orgName = entityDescriptor.getOrganization().getOrganizationName().get(0);
    assertThat(orgName.getLang(), is("en"));
    assertThat(orgName.getValue(), is("Identity Providers R\n            US"));
    assertThat(entityDescriptor.getOrganization().getOrganizationDisplayName(), hasSize(1));
    LocalizedNameType orgDispName = entityDescriptor.getOrganization().getOrganizationDisplayName().get(0);
    assertThat(orgDispName.getLang(), is("en"));
    assertThat(orgDispName.getValue(), is("Identity Providers R US, a Division of Lerxst Corp."));
    assertThat(entityDescriptor.getOrganization().getOrganizationURL(), hasSize(1));
    LocalizedURIType orgURL = entityDescriptor.getOrganization().getOrganizationURL().get(0);
    assertThat(orgURL.getLang(), is("en"));
    assertThat(orgURL.getValue(), is(URI.create("https://IdentityProvider.com")));
}
Also used : IDPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType) QName(javax.xml.namespace.QName) Matchers.containsString(org.hamcrest.Matchers.containsString) LocalizedURIType(org.keycloak.dom.saml.v2.metadata.LocalizedURIType) LocalizedNameType(org.keycloak.dom.saml.v2.metadata.LocalizedNameType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) Test(org.junit.Test)

Example 13 with EndpointType

use of org.keycloak.dom.saml.v2.metadata.EndpointType in project keycloak by keycloak.

the class SAMLMetadataWriter method writeAttributeAuthorityDescriptor.

public void writeAttributeAuthorityDescriptor(AttributeAuthorityDescriptorType attributeAuthority) throws ProcessingException {
    StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ATTRIBUTE_AUTHORITY_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
    writeProtocolSupportEnumeration(attributeAuthority.getProtocolSupportEnumeration());
    Element signature = attributeAuthority.getSignature();
    if (signature != null) {
        StaxUtil.writeDOMElement(writer, signature);
    }
    ExtensionsType extensions = attributeAuthority.getExtensions();
    if (extensions != null) {
        write(extensions);
    }
    List<KeyDescriptorType> keyDescriptorList = attributeAuthority.getKeyDescriptor();
    for (KeyDescriptorType keyDescriptor : keyDescriptorList) {
        writeKeyDescriptor(keyDescriptor);
    }
    List<EndpointType> attributeServices = attributeAuthority.getAttributeService();
    for (EndpointType endpoint : attributeServices) {
        writeAttributeService(endpoint);
    }
    List<String> nameIDFormats = attributeAuthority.getNameIDFormat();
    for (String nameIDFormat : nameIDFormats) {
        writeNameIDFormat(nameIDFormat);
    }
    List<AttributeType> attributes = attributeAuthority.getAttribute();
    for (AttributeType attributeType : attributes) {
        write(attributeType);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) Element(org.w3c.dom.Element) ExtensionsType(org.keycloak.dom.saml.v2.metadata.ExtensionsType) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)

Example 14 with EndpointType

use of org.keycloak.dom.saml.v2.metadata.EndpointType in project keycloak by keycloak.

the class SAMLMetadataWriter method write.

public void write(SPSSODescriptorType spSSODescriptor) throws ProcessingException {
    StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.SP_SSO_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
    writeProtocolSupportEnumeration(spSSODescriptor.getProtocolSupportEnumeration());
    // Write the attributes
    Boolean authnSigned = spSSODescriptor.isAuthnRequestsSigned();
    if (authnSigned != null) {
        StaxUtil.writeAttribute(writer, new QName(JBossSAMLConstants.AUTHN_REQUESTS_SIGNED.get()), authnSigned.toString());
    }
    Boolean wantAssertionsSigned = spSSODescriptor.isWantAssertionsSigned();
    if (wantAssertionsSigned != null) {
        StaxUtil.writeAttribute(writer, new QName(JBossSAMLConstants.WANT_ASSERTIONS_SIGNED.get()), wantAssertionsSigned.toString());
    }
    // Get the key descriptors
    List<KeyDescriptorType> keyDescriptors = spSSODescriptor.getKeyDescriptor();
    for (KeyDescriptorType keyDescriptor : keyDescriptors) {
        writeKeyDescriptor(keyDescriptor);
    }
    List<EndpointType> sloServices = spSSODescriptor.getSingleLogoutService();
    for (EndpointType endpoint : sloServices) {
        writeSingleLogoutService(endpoint);
    }
    List<IndexedEndpointType> artifactResolutions = spSSODescriptor.getArtifactResolutionService();
    for (IndexedEndpointType artifactResolution : artifactResolutions) {
        writeArtifactResolutionService(artifactResolution);
    }
    List<String> nameIDFormats = spSSODescriptor.getNameIDFormat();
    for (String nameIDFormat : nameIDFormats) {
        writeNameIDFormat(nameIDFormat);
    }
    List<IndexedEndpointType> assertionConsumers = spSSODescriptor.getAssertionConsumerService();
    for (IndexedEndpointType assertionConsumer : assertionConsumers) {
        writeAssertionConsumerService(assertionConsumer);
    }
    List<AttributeConsumingServiceType> attributeConsumers = spSSODescriptor.getAttributeConsumingService();
    for (AttributeConsumingServiceType attributeConsumer : attributeConsumers) {
        writeAttributeConsumingService(attributeConsumer);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : QName(javax.xml.namespace.QName) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) AttributeConsumingServiceType(org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType)

Example 15 with EndpointType

use of org.keycloak.dom.saml.v2.metadata.EndpointType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20MetadataEntityDescriptorPDP.

@Test
public void testSaml20MetadataEntityDescriptorPDP() throws Exception {
    EntityDescriptorType descriptor = assertParsed("saml20-entity-descriptor-pdp.xml", EntityDescriptorType.class);
    assertThat(descriptor.getChoiceType(), Matchers.<EntityDescriptorType.EDTChoiceType>hasSize(1));
    assertThat(descriptor.getChoiceType().get(0).getDescriptors().get(0).getPdpDescriptor(), is(notNullValue()));
    PDPDescriptorType pdpDescriptor = descriptor.getChoiceType().get(0).getDescriptors().get(0).getPdpDescriptor();
    assertThat(pdpDescriptor.getKeyDescriptor(), Matchers.<KeyDescriptorType>hasSize(1));
    KeyDescriptorType keyDescriptorType = pdpDescriptor.getKeyDescriptor().get(0);
    assertThat(keyDescriptorType.getEncryptionMethod(), Matchers.<EncryptionMethodType>hasSize(1));
    EncryptionMethodType encryptionMethodType = keyDescriptorType.getEncryptionMethod().get(0);
    assertThat(encryptionMethodType.getAlgorithm(), is("http://www.example.com/"));
    EncryptionMethodType.EncryptionMethod encryptionMethod = encryptionMethodType.getEncryptionMethod();
    assertThat(encryptionMethod.getKeySize(), is(BigInteger.ONE));
    assertThat(encryptionMethod.getOAEPparams(), is("GpM7".getBytes()));
    // EndpointType parser already tested so we are not checking further
    assertThat(pdpDescriptor.getAuthzService(), Matchers.<EndpointType>hasSize(1));
    assertThat(pdpDescriptor.getAssertionIDRequestService(), Matchers.<EndpointType>hasSize(1));
}
Also used : PDPDescriptorType(org.keycloak.dom.saml.v2.metadata.PDPDescriptorType) EncryptionMethodType(org.keycloak.dom.xmlsec.w3.xmlenc.EncryptionMethodType) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) Test(org.junit.Test)

Aggregations

EndpointType (org.keycloak.dom.saml.v2.metadata.EndpointType)13 IndexedEndpointType (org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)11 KeyDescriptorType (org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)11 EntityDescriptorType (org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)9 QName (javax.xml.namespace.QName)6 AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)5 RequestedAttributeType (org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)5 Matchers.containsString (org.hamcrest.Matchers.containsString)4 Test (org.junit.Test)4 IDPSSODescriptorType (org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)4 Element (org.w3c.dom.Element)4 SPSSODescriptorType (org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)2 AttributeConsumingServiceType (org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType)2 LocalizedNameType (org.keycloak.dom.saml.v2.metadata.LocalizedNameType)2 LocalizedURIType (org.keycloak.dom.saml.v2.metadata.LocalizedURIType)2 EncryptionMethodType (org.keycloak.dom.xmlsec.w3.xmlenc.EncryptionMethodType)2 StringWriter (java.io.StringWriter)1 URI (java.net.URI)1