Example 1 with IDPSSODescriptorType
use of org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType in project keycloak by keycloak.
the class SAMLIDPSSODescriptorParser method instantiateElement.
@Override
protected IDPSSODescriptorType instantiateElement(XMLEventReader xmlEventReader, StartElement element) throws ParsingException {
List<String> protocolEnum = StaxParserUtil.getRequiredStringListAttributeValue(element, SAMLMetadataQNames.ATTR_PROTOCOL_SUPPORT_ENUMERATION);
IDPSSODescriptorType descriptor = new IDPSSODescriptorType(protocolEnum);
// Role descriptor optional arguments
parseOptionalArguments(element, descriptor);
// IDPSSODecsriptor optional attributes
Boolean wantAuthnRequestsSigned = StaxParserUtil.getBooleanAttributeValue(element, SAMLMetadataQNames.ATTR_WANT_AUTHN_REQUESTS_SIGNED);
if (wantAuthnRequestsSigned != null) {
descriptor.setWantAuthnRequestsSigned(wantAuthnRequestsSigned);
}
return descriptor;
}
Also used :
IDPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)
Example 2 with IDPSSODescriptorType
use of org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType in project keycloak by keycloak.
the class IDPMetadataDescriptor method getIDPDescriptor.
public static String getIDPDescriptor(URI loginPostEndpoint, URI loginRedirectEndpoint, URI logoutEndpoint, URI artifactResolutionService, String entityId, boolean wantAuthnRequestsSigned, List<Element> signingCerts) throws ProcessingException {
StringWriter sw = new StringWriter();
XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(sw);
SAMLMetadataWriter metadataWriter = new SAMLMetadataWriter(writer);
EntityDescriptorType entityDescriptor = new EntityDescriptorType(entityId);
IDPSSODescriptorType spIDPDescriptor = new IDPSSODescriptorType(Arrays.asList(PROTOCOL_NSURI.get()));
spIDPDescriptor.setWantAuthnRequestsSigned(wantAuthnRequestsSigned);
spIDPDescriptor.addNameIDFormat(NAMEID_FORMAT_PERSISTENT.get());
spIDPDescriptor.addNameIDFormat(NAMEID_FORMAT_TRANSIENT.get());
spIDPDescriptor.addNameIDFormat(NAMEID_FORMAT_UNSPECIFIED.get());
spIDPDescriptor.addNameIDFormat(NAMEID_FORMAT_EMAIL.get());
spIDPDescriptor.addSingleLogoutService(new EndpointType(SAML_HTTP_POST_BINDING.getUri(), logoutEndpoint));
spIDPDescriptor.addSingleLogoutService(new EndpointType(SAML_HTTP_REDIRECT_BINDING.getUri(), logoutEndpoint));
spIDPDescriptor.addSingleLogoutService(new EndpointType(SAML_HTTP_ARTIFACT_BINDING.getUri(), logoutEndpoint));
spIDPDescriptor.addSingleSignOnService(new EndpointType(SAML_HTTP_POST_BINDING.getUri(), loginPostEndpoint));
spIDPDescriptor.addSingleSignOnService(new EndpointType(SAML_HTTP_REDIRECT_BINDING.getUri(), loginRedirectEndpoint));
spIDPDescriptor.addSingleSignOnService(new EndpointType(SAML_SOAP_BINDING.getUri(), loginPostEndpoint));
spIDPDescriptor.addSingleSignOnService(new EndpointType(SAML_HTTP_ARTIFACT_BINDING.getUri(), loginPostEndpoint));
spIDPDescriptor.addArtifactResolutionService(new IndexedEndpointType(SAML_SOAP_BINDING.getUri(), artifactResolutionService));
if (wantAuthnRequestsSigned && signingCerts != null) {
for (Element key : signingCerts) {
KeyDescriptorType keyDescriptor = new KeyDescriptorType();
keyDescriptor.setUse(KeyTypes.SIGNING);
keyDescriptor.setKeyInfo(key);
spIDPDescriptor.addKeyDescriptor(keyDescriptor);
}
}
entityDescriptor.addChoiceType(new EntityDescriptorType.EDTChoiceType(Arrays.asList(new EntityDescriptorType.EDTDescriptorChoiceType(spIDPDescriptor))));
metadataWriter.writeEntityDescriptor(entityDescriptor);
return sw.toString();
}
Also used :
SAMLMetadataWriter(org.keycloak.saml.processing.core.saml.v2.writers.SAMLMetadataWriter)
IDPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)
StringWriter(java.io.StringWriter)
XMLStreamWriter(javax.xml.stream.XMLStreamWriter)
Element(org.w3c.dom.Element)
EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType)
IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)
EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)
IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)
KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)
Example 3 with IDPSSODescriptorType
use of org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType in project keycloak by keycloak.
the class SAMLMetadataWriter method writeEntityDescriptor.
public void writeEntityDescriptor(EntityDescriptorType entityDescriptor) throws ProcessingException {
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ENTITY_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.METADATA_NSURI.get());
StaxUtil.writeNameSpace(writer, "md", JBossSAMLURIConstants.METADATA_NSURI.get());
StaxUtil.writeNameSpace(writer, "saml", JBossSAMLURIConstants.ASSERTION_NSURI.get());
StaxUtil.writeNameSpace(writer, "ds", JBossSAMLURIConstants.XMLDSIG_NSURI.get());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ENTITY_ID.get(), entityDescriptor.getEntityID());
if (entityDescriptor.getValidUntil() != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.VALID_UNTIL.get(), entityDescriptor.getValidUntil().toString());
}
if (entityDescriptor.getID() != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), entityDescriptor.getID());
}
Element signature = entityDescriptor.getSignature();
if (signature != null) {
StaxUtil.writeDOMElement(writer, signature);
}
ExtensionsType extensions = entityDescriptor.getExtensions();
if (extensions != null) {
write(extensions);
}
List<EntityDescriptorType.EDTChoiceType> choiceTypes = entityDescriptor.getChoiceType();
for (EntityDescriptorType.EDTChoiceType edtChoice : choiceTypes) {
AffiliationDescriptorType affliationDesc = edtChoice.getAffiliationDescriptor();
if (affliationDesc != null)
// TODO: affiliation
throw logger.notImplementedYet("affliation");
List<EntityDescriptorType.EDTDescriptorChoiceType> edtDescChoices = edtChoice.getDescriptors();
for (EntityDescriptorType.EDTDescriptorChoiceType edtDescChoice : edtDescChoices) {
RoleDescriptorType roleDesc = edtDescChoice.getRoleDescriptor();
if (roleDesc != null)
throw logger.notImplementedYet("Role Descriptor type");
IDPSSODescriptorType idpSSO = edtDescChoice.getIdpDescriptor();
if (idpSSO != null)
write(idpSSO);
SPSSODescriptorType spSSO = edtDescChoice.getSpDescriptor();
if (spSSO != null)
write(spSSO);
AttributeAuthorityDescriptorType attribAuth = edtDescChoice.getAttribDescriptor();
if (attribAuth != null)
writeAttributeAuthorityDescriptor(attribAuth);
AuthnAuthorityDescriptorType authNDesc = edtDescChoice.getAuthnDescriptor();
if (authNDesc != null)
throw logger.notImplementedYet("AuthnAuthorityDescriptorType");
PDPDescriptorType pdpDesc = edtDescChoice.getPdpDescriptor();
if (pdpDesc != null)
throw logger.notImplementedYet("PDPDescriptorType");
}
}
OrganizationType organization = entityDescriptor.getOrganization();
if (organization != null) {
writeOrganization(organization);
}
List<ContactType> contactPersons = entityDescriptor.getContactPerson();
for (ContactType contact : contactPersons) {
write(contact);
}
List<AdditionalMetadataLocationType> addl = entityDescriptor.getAdditionalMetadataLocation();
if (addl.size() > 0)
throw logger.notImplementedYet("AdditionalMetadataLocationType");
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
AuthnAuthorityDescriptorType(org.keycloak.dom.saml.v2.metadata.AuthnAuthorityDescriptorType)
IDPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)
ContactType(org.keycloak.dom.saml.v2.metadata.ContactType)
Element(org.w3c.dom.Element)
AffiliationDescriptorType(org.keycloak.dom.saml.v2.metadata.AffiliationDescriptorType)
OrganizationType(org.keycloak.dom.saml.v2.metadata.OrganizationType)
SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType)
RoleDescriptorType(org.keycloak.dom.saml.v2.metadata.RoleDescriptorType)
PDPDescriptorType(org.keycloak.dom.saml.v2.metadata.PDPDescriptorType)
ExtensionsType(org.keycloak.dom.saml.v2.metadata.ExtensionsType)
AttributeAuthorityDescriptorType(org.keycloak.dom.saml.v2.metadata.AttributeAuthorityDescriptorType)
AdditionalMetadataLocationType(org.keycloak.dom.saml.v2.metadata.AdditionalMetadataLocationType)
EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)
Example 4 with IDPSSODescriptorType
use of org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType in project keycloak by keycloak.
the class SAMLMetadataWriter method write.
public void write(IDPSSODescriptorType idpSSODescriptor) throws ProcessingException {
if (idpSSODescriptor == null)
throw new ProcessingException(logger.nullArgumentError("IDPSSODescriptorType"));
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.IDP_SSO_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
Boolean wantsAuthnRequestsSigned = idpSSODescriptor.isWantAuthnRequestsSigned();
if (wantsAuthnRequestsSigned != null) {
StaxUtil.writeAttribute(writer, new QName(JBossSAMLConstants.WANT_AUTHN_REQUESTS_SIGNED.get()), wantsAuthnRequestsSigned.toString());
}
writeProtocolSupportEnumeration(idpSSODescriptor.getProtocolSupportEnumeration());
// Get the key descriptors
List<KeyDescriptorType> keyDescriptors = idpSSODescriptor.getKeyDescriptor();
for (KeyDescriptorType keyDescriptor : keyDescriptors) {
writeKeyDescriptor(keyDescriptor);
}
List<IndexedEndpointType> artifactResolutionServices = idpSSODescriptor.getArtifactResolutionService();
for (IndexedEndpointType indexedEndpoint : artifactResolutionServices) {
writeArtifactResolutionService(indexedEndpoint);
}
List<EndpointType> sloServices = idpSSODescriptor.getSingleLogoutService();
for (EndpointType endpoint : sloServices) {
writeSingleLogoutService(endpoint);
}
List<String> nameIDFormats = idpSSODescriptor.getNameIDFormat();
for (String nameIDFormat : nameIDFormats) {
writeNameIDFormat(nameIDFormat);
}
List<EndpointType> ssoServices = idpSSODescriptor.getSingleSignOnService();
for (EndpointType endpoint : ssoServices) {
writeSingleSignOnService(endpoint);
}
List<AttributeType> attributes = idpSSODescriptor.getAttribute();
for (AttributeType attribType : attributes) {
write(attribType);
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
QName(javax.xml.namespace.QName)
IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)
EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType)
IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)
KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
Example 5 with IDPSSODescriptorType
use of org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType in project keycloak by keycloak.
the class SAMLIdentityProviderFactory method parseConfig.
@Override
public Map<String, String> parseConfig(KeycloakSession session, InputStream inputStream) {
try {
Object parsedObject = SAMLParser.getInstance().parse(inputStream);
EntityDescriptorType entityType;
if (EntitiesDescriptorType.class.isInstance(parsedObject)) {
entityType = (EntityDescriptorType) ((EntitiesDescriptorType) parsedObject).getEntityDescriptor().get(0);
} else {
entityType = (EntityDescriptorType) parsedObject;
}
List<EntityDescriptorType.EDTChoiceType> choiceType = entityType.getChoiceType();
if (!choiceType.isEmpty()) {
IDPSSODescriptorType idpDescriptor = null;
// So we need to loop through to find the IDPSSODescriptor.
for (EntityDescriptorType.EDTChoiceType edtChoiceType : entityType.getChoiceType()) {
List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = edtChoiceType.getDescriptors();
if (!descriptors.isEmpty() && descriptors.get(0).getIdpDescriptor() != null) {
idpDescriptor = descriptors.get(0).getIdpDescriptor();
}
}
if (idpDescriptor != null) {
SAMLIdentityProviderConfig samlIdentityProviderConfig = new SAMLIdentityProviderConfig();
String singleSignOnServiceUrl = null;
boolean postBindingResponse = false;
boolean postBindingLogout = false;
for (EndpointType endpoint : idpDescriptor.getSingleSignOnService()) {
if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
singleSignOnServiceUrl = endpoint.getLocation().toString();
postBindingResponse = true;
break;
} else if (endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())) {
singleSignOnServiceUrl = endpoint.getLocation().toString();
}
}
String singleLogoutServiceUrl = null;
for (EndpointType endpoint : idpDescriptor.getSingleLogoutService()) {
if (postBindingResponse && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get())) {
singleLogoutServiceUrl = endpoint.getLocation().toString();
postBindingLogout = true;
break;
} else if (!postBindingResponse && endpoint.getBinding().toString().equals(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get())) {
singleLogoutServiceUrl = endpoint.getLocation().toString();
break;
}
}
samlIdentityProviderConfig.setSingleLogoutServiceUrl(singleLogoutServiceUrl);
samlIdentityProviderConfig.setSingleSignOnServiceUrl(singleSignOnServiceUrl);
samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
samlIdentityProviderConfig.setAddExtensionsElementWithKeyInfo(false);
samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
samlIdentityProviderConfig.setPostBindingResponse(postBindingResponse);
samlIdentityProviderConfig.setPostBindingAuthnRequest(postBindingResponse);
samlIdentityProviderConfig.setPostBindingLogout(postBindingLogout);
samlIdentityProviderConfig.setLoginHint(false);
List<String> nameIdFormatList = idpDescriptor.getNameIDFormat();
if (nameIdFormatList != null && !nameIdFormatList.isEmpty())
samlIdentityProviderConfig.setNameIDPolicyFormat(nameIdFormatList.get(0));
List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
String defaultCertificate = null;
if (keyDescriptor != null) {
for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
Element keyInfo = keyDescriptorType.getKeyInfo();
Element x509KeyInfo = DocumentUtil.getChildElement(keyInfo, new QName("dsig", "X509Certificate"));
if (KeyTypes.SIGNING.equals(keyDescriptorType.getUse())) {
samlIdentityProviderConfig.addSigningCertificate(x509KeyInfo.getTextContent());
} else if (KeyTypes.ENCRYPTION.equals(keyDescriptorType.getUse())) {
samlIdentityProviderConfig.setEncryptionPublicKey(x509KeyInfo.getTextContent());
} else if (keyDescriptorType.getUse() == null) {
defaultCertificate = x509KeyInfo.getTextContent();
}
}
}
if (defaultCertificate != null) {
if (samlIdentityProviderConfig.getSigningCertificates().length == 0) {
samlIdentityProviderConfig.addSigningCertificate(defaultCertificate);
}
if (samlIdentityProviderConfig.getEncryptionPublicKey() == null) {
samlIdentityProviderConfig.setEncryptionPublicKey(defaultCertificate);
}
}
samlIdentityProviderConfig.setEnabledFromMetadata(entityType.getValidUntil() == null || entityType.getValidUntil().toGregorianCalendar().getTime().after(new Date(System.currentTimeMillis())));
// check for hide on login attribute
if (entityType.getExtensions() != null && entityType.getExtensions().getEntityAttributes() != null) {
for (AttributeType attribute : entityType.getExtensions().getEntityAttributes().getAttribute()) {
if (MACEDIR_ENTITY_CATEGORY.equals(attribute.getName()) && attribute.getAttributeValue().contains(REFEDS_HIDE_FROM_DISCOVERY)) {
samlIdentityProviderConfig.setHideOnLogin(true);
}
}
}
return samlIdentityProviderConfig.getConfig();
}
}
} catch (ParsingException pe) {
throw new RuntimeException("Could not parse IdP SAML Metadata", pe);
}
return new HashMap<>();
}
Also used :
IDPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
Date(java.util.Date)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType)
EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)
KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)
Aggregations
IDPSSODescriptorType (org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)6
EndpointType (org.keycloak.dom.saml.v2.metadata.EndpointType)5
EntityDescriptorType (org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)5
KeyDescriptorType (org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)4
QName (javax.xml.namespace.QName)3
AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)3
IndexedEndpointType (org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)3
Element (org.w3c.dom.Element)3
RequestedAttributeType (org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
StringWriter (java.io.StringWriter)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
XMLStreamWriter (javax.xml.stream.XMLStreamWriter)1
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)1
HttpGet (org.apache.http.client.methods.HttpGet)1
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)1
Matchers.containsString (org.hamcrest.Matchers.containsString)1
Test (org.junit.Test)1
ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)1
