Example 6 with IDPSSODescriptorType
use of org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType in project keycloak by keycloak.
the class FixedHostnameTest method assertSamlIdPDescriptor.
private void assertSamlIdPDescriptor(String realm, String expectedBaseUrl) throws Exception {
final String realmUrl = expectedBaseUrl + "/auth/realms/" + realm;
final String baseSamlEndpointUrl = realmUrl + "/protocol/saml";
String entityDescriptor = null;
try (CloseableHttpClient client = HttpClientBuilder.create().build();
CloseableHttpResponse resp = client.execute(new HttpGet(baseSamlEndpointUrl + "/descriptor"))) {
entityDescriptor = EntityUtils.toString(resp.getEntity(), GeneralConstants.SAML_CHARSET);
Object metadataO = SAMLParser.getInstance().parse(new ByteArrayInputStream(entityDescriptor.getBytes(GeneralConstants.SAML_CHARSET)));
assertThat(metadataO, instanceOf(EntityDescriptorType.class));
EntityDescriptorType ed = (EntityDescriptorType) metadataO;
assertThat(ed.getEntityID(), is(realmUrl));
IDPSSODescriptorType idpDescriptor = ed.getChoiceType().get(0).getDescriptors().get(0).getIdpDescriptor();
assertThat(idpDescriptor, notNullValue());
final List<String> locations = idpDescriptor.getSingleSignOnService().stream().map(EndpointType::getLocation).map(URI::toString).collect(Collectors.toList());
assertThat(locations, Matchers.everyItem(is(baseSamlEndpointUrl)));
} catch (Exception e) {
log.errorf("Caught exception while parsing SAML descriptor %s", entityDescriptor);
}
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
IDPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)
ByteArrayInputStream(java.io.ByteArrayInputStream)
HttpGet(org.apache.http.client.methods.HttpGet)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType)
EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)
ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException)
JWSInputException(org.keycloak.jose.jws.JWSInputException)
Example 7 with IDPSSODescriptorType
use of org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType in project keycloak by keycloak.
the class SAMLParserTest method testSaml20MetadataEntityDescriptorIdP.
@Test
public void testSaml20MetadataEntityDescriptorIdP() throws Exception {
EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-idp.xml", EntityDescriptorType.class);
List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
assertThat(descriptors, hasSize(2));
// IDPSSO descriptor
IDPSSODescriptorType idpDescriptor = descriptors.get(0).getDescriptors().get(0).getIdpDescriptor();
assertThat(idpDescriptor, is(notNullValue()));
assertThat(idpDescriptor.isWantAuthnRequestsSigned(), is(true));
assertThat(idpDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
// Key descriptor
List<KeyDescriptorType> keyDescriptors = idpDescriptor.getKeyDescriptor();
assertThat(keyDescriptors, hasSize(1));
KeyDescriptorType signingKey = keyDescriptors.get(0);
assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("IdentityProvider.com SSO Key"));
// Single logout services
assertThat(idpDescriptor.getSingleLogoutService(), hasSize(2));
EndpointType singleLS1 = idpDescriptor.getSingleLogoutService().get(0);
assertThat(singleLS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
assertThat(singleLS1.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/SOAP")));
assertThat(singleLS1.getResponseLocation(), is(nullValue()));
assertThat(singleLS1.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(singleLS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
EndpointType singleLS2 = idpDescriptor.getSingleLogoutService().get(1);
assertThat(singleLS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
assertThat(singleLS2.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/Browser")));
assertThat(singleLS2.getResponseLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/Response")));
assertThat(singleLS2.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(singleLS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// NameID
assertThat(idpDescriptor.getNameIDFormat(), containsInAnyOrder("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
// Single sign on services
assertThat(idpDescriptor.getSingleSignOnService(), hasSize(2));
EndpointType singleSO1 = idpDescriptor.getSingleSignOnService().get(0);
assertThat(singleSO1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
assertThat(singleSO1.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SSO/Browser")));
assertThat(singleSO1.getResponseLocation(), is(nullValue()));
assertThat(singleSO1.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(singleSO1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
EndpointType singleSO2 = idpDescriptor.getSingleSignOnService().get(1);
assertThat(singleSO2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")));
assertThat(singleSO2.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SSO/Browser")));
assertThat(singleSO2.getResponseLocation(), is(nullValue()));
assertThat(singleSO2.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(singleSO2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// Attributes
assertThat(idpDescriptor.getAttribute(), hasSize(2));
AttributeType attr1 = idpDescriptor.getAttribute().get(0);
assertThat(attr1.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
assertThat(attr1.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.6"));
assertThat(attr1.getFriendlyName(), is("eduPersonPrincipalName"));
assertThat(attr1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
assertThat(attr1.getAttributeValue(), is(emptyCollectionOf(Object.class)));
AttributeType attr2 = idpDescriptor.getAttribute().get(1);
assertThat(attr2.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
assertThat(attr2.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.1"));
assertThat(attr2.getFriendlyName(), is("eduPersonAffiliation"));
assertThat(attr2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
assertThat(attr2.getAttributeValue(), containsInAnyOrder((Object) "member", "student", "faculty", "employee", "staff"));
// Organization
assertThat(entityDescriptor.getOrganization().getOrganizationName(), hasSize(1));
LocalizedNameType orgName = entityDescriptor.getOrganization().getOrganizationName().get(0);
assertThat(orgName.getLang(), is("en"));
assertThat(orgName.getValue(), is("Identity Providers R\n US"));
assertThat(entityDescriptor.getOrganization().getOrganizationDisplayName(), hasSize(1));
LocalizedNameType orgDispName = entityDescriptor.getOrganization().getOrganizationDisplayName().get(0);
assertThat(orgDispName.getLang(), is("en"));
assertThat(orgDispName.getValue(), is("Identity Providers R US, a Division of Lerxst Corp."));
assertThat(entityDescriptor.getOrganization().getOrganizationURL(), hasSize(1));
LocalizedURIType orgURL = entityDescriptor.getOrganization().getOrganizationURL().get(0);
assertThat(orgURL.getLang(), is("en"));
assertThat(orgURL.getValue(), is(URI.create("https://IdentityProvider.com")));
}
Also used :
IDPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)
QName(javax.xml.namespace.QName)
Matchers.containsString(org.hamcrest.Matchers.containsString)
LocalizedURIType(org.keycloak.dom.saml.v2.metadata.LocalizedURIType)
LocalizedNameType(org.keycloak.dom.saml.v2.metadata.LocalizedNameType)
RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType)
IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)
KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)
Test(org.junit.Test)
Aggregations
IDPSSODescriptorType (org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType)6
EndpointType (org.keycloak.dom.saml.v2.metadata.EndpointType)5
EntityDescriptorType (org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)5
KeyDescriptorType (org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)4
QName (javax.xml.namespace.QName)3
AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)3
IndexedEndpointType (org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)3
Element (org.w3c.dom.Element)3
RequestedAttributeType (org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)2
ByteArrayInputStream (java.io.ByteArrayInputStream)1
StringWriter (java.io.StringWriter)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
XMLStreamWriter (javax.xml.stream.XMLStreamWriter)1
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)1
HttpGet (org.apache.http.client.methods.HttpGet)1
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)1
Matchers.containsString (org.hamcrest.Matchers.containsString)1
Test (org.junit.Test)1
ClientRegistrationException (org.keycloak.client.registration.ClientRegistrationException)1
