use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.
the class SAMLParserTest method testSaml20MetadataEntityDescriptorSP.
@Test
public void testSaml20MetadataEntityDescriptorSP() throws Exception {
EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-sp.xml", EntityDescriptorType.class);
assertThat(entityDescriptor.getEntityID(), is("https://ServiceProvider.com/SAML"));
assertThat(entityDescriptor.getValidUntil(), is(nullValue()));
assertThat(entityDescriptor.getCacheDuration(), is(nullValue()));
assertThat(entityDescriptor.getID(), is(nullValue()));
assertThat(entityDescriptor.getExtensions(), is(nullValue()));
List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
assertThat(descriptors, hasSize(1));
// SP Descriptor
SPSSODescriptorType spDescriptor = descriptors.get(0).getDescriptors().get(0).getSpDescriptor();
assertThat(spDescriptor, is(notNullValue()));
assertThat(spDescriptor.isAuthnRequestsSigned(), is(true));
assertThat(spDescriptor.isWantAssertionsSigned(), is(false));
assertThat(spDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
// Key descriptor
List<KeyDescriptorType> keyDescriptors = spDescriptor.getKeyDescriptor();
assertThat(keyDescriptors, hasSize(2));
KeyDescriptorType signingKey = keyDescriptors.get(0);
assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("ServiceProvider.com SSO Key"));
KeyDescriptorType encryptionKey = keyDescriptors.get(1);
assertThat(encryptionKey.getUse(), is(KeyTypes.ENCRYPTION));
assertThat(encryptionKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("ServiceProvider.com Encrypt Key"));
List<EncryptionMethodType> encryptionMethods = encryptionKey.getEncryptionMethod();
assertThat(encryptionMethods, Matchers.<EncryptionMethodType>hasSize(1));
assertThat(encryptionMethods.get(0).getAlgorithm(), is("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
assertThat(encryptionMethods.get(0).getEncryptionMethod(), is(nullValue()));
// Single logout services
assertThat(spDescriptor.getSingleLogoutService(), hasSize(2));
EndpointType singleLS1 = spDescriptor.getSingleLogoutService().get(0);
assertThat(singleLS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
assertThat(singleLS1.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/SOAP")));
assertThat(singleLS1.getResponseLocation(), is(nullValue()));
assertThat(singleLS1.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(singleLS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
EndpointType singleLS2 = spDescriptor.getSingleLogoutService().get(1);
assertThat(singleLS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
assertThat(singleLS2.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/Browser")));
assertThat(singleLS2.getResponseLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/Response")));
assertThat(singleLS2.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(singleLS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// NameID
assertThat(spDescriptor.getNameIDFormat(), contains("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
// Assertion consumer services
List<IndexedEndpointType> assertionConsumerServices = spDescriptor.getAssertionConsumerService();
assertThat(assertionConsumerServices, hasSize(2));
IndexedEndpointType assertionCS1 = assertionConsumerServices.get(0);
assertThat(assertionCS1.getIndex(), is(0));
assertThat(assertionCS1.isIsDefault(), is(true));
assertThat(assertionCS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact")));
assertThat(assertionCS1.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SSO/Artifact")));
assertThat(assertionCS1.getResponseLocation(), is(nullValue()));
assertThat(assertionCS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
IndexedEndpointType assertionCS2 = assertionConsumerServices.get(1);
assertThat(assertionCS2.getIndex(), is(1));
assertThat(assertionCS2.isIsDefault(), is(nullValue()));
assertThat(assertionCS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")));
assertThat(assertionCS2.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SSO/POST")));
assertThat(assertionCS2.getResponseLocation(), is(nullValue()));
assertThat(assertionCS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// Attribute consuming services
List<AttributeConsumingServiceType> attributeConsumingServices = spDescriptor.getAttributeConsumingService();
assertThat(attributeConsumingServices, hasSize(1));
AttributeConsumingServiceType attributeConsumingService = attributeConsumingServices.get(0);
assertThat(attributeConsumingService.getIndex(), is(0));
assertThat(attributeConsumingService.getServiceName(), hasSize(1));
LocalizedNameType servName = attributeConsumingService.getServiceName().get(0);
assertThat(servName.getLang(), is("en"));
assertThat(servName.getValue(), is("Academic Journals R US"));
assertThat(attributeConsumingService.getServiceDescription(), is(emptyCollectionOf(LocalizedNameType.class)));
List<RequestedAttributeType> requestedAttributes = attributeConsumingService.getRequestedAttribute();
assertThat(requestedAttributes, hasSize(1));
// Requested attribute
RequestedAttributeType requestedAttribute = requestedAttributes.get(0);
assertThat(requestedAttribute.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
assertThat(requestedAttribute.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.7"));
assertThat(requestedAttribute.getFriendlyName(), is("eduPersonEntitlement"));
assertThat(requestedAttribute.getAttributeValue(), hasSize(1));
assertThat((String) requestedAttribute.getAttributeValue().get(0), is("https://ServiceProvider.com/entitlements/123456789"));
assertThat(requestedAttribute.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// Organization
assertThat(entityDescriptor.getOrganization().getOrganizationName(), hasSize(1));
LocalizedNameType orgName = entityDescriptor.getOrganization().getOrganizationName().get(0);
assertThat(orgName.getLang(), is("en"));
assertThat(orgName.getValue(), is("Academic Journals R\n US"));
assertThat(entityDescriptor.getOrganization().getOrganizationDisplayName(), hasSize(1));
LocalizedNameType orgDispName = entityDescriptor.getOrganization().getOrganizationDisplayName().get(0);
assertThat(orgDispName.getLang(), is("en"));
assertThat(orgDispName.getValue(), is("Academic Journals R US, a Division of Dirk Corp."));
assertThat(entityDescriptor.getOrganization().getOrganizationURL(), hasSize(1));
LocalizedURIType orgURL = entityDescriptor.getOrganization().getOrganizationURL().get(0);
assertThat(orgURL.getLang(), is("en"));
assertThat(orgURL.getValue(), is(URI.create("https://ServiceProvider.com")));
}
use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.
the class SAMLParserTest method testSAML20MetadataEntityDescriptorAttrA.
@Test
public void testSAML20MetadataEntityDescriptorAttrA() throws Exception {
EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-idp.xml", EntityDescriptorType.class);
List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
assertThat(descriptors, hasSize(2));
AttributeAuthorityDescriptorType aaDescriptor = descriptors.get(1).getDescriptors().get(0).getAttribDescriptor();
assertThat(aaDescriptor, is(notNullValue()));
assertThat(aaDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
// Key descriptor
List<KeyDescriptorType> keyDescriptors = aaDescriptor.getKeyDescriptor();
assertThat(keyDescriptors, hasSize(1));
KeyDescriptorType signingKey = keyDescriptors.get(0);
assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("IdentityProvider.com AA Key"));
// Attribute service
assertThat(aaDescriptor.getAttributeService(), hasSize(1));
EndpointType attrServ = aaDescriptor.getAttributeService().get(0);
assertThat(attrServ.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
assertThat(attrServ.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/AA/SOAP")));
assertThat(attrServ.getResponseLocation(), is(nullValue()));
assertThat(attrServ.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(attrServ.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// AssertionIDRequestService
assertThat(aaDescriptor.getAssertionIDRequestService(), hasSize(1));
EndpointType assertIDRServ = aaDescriptor.getAssertionIDRequestService().get(0);
assertThat(assertIDRServ.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:URI")));
assertThat(assertIDRServ.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/AA/URI")));
assertThat(assertIDRServ.getResponseLocation(), is(nullValue()));
assertThat(assertIDRServ.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(assertIDRServ.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// NameID
assertThat(aaDescriptor.getNameIDFormat(), containsInAnyOrder("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
assertThat(aaDescriptor.getAttribute(), hasSize(2));
AttributeType attr1 = aaDescriptor.getAttribute().get(0);
assertThat(attr1.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
assertThat(attr1.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.6"));
assertThat(attr1.getFriendlyName(), is("eduPersonPrincipalName"));
assertThat(attr1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
assertThat(attr1.getAttributeValue(), is(emptyCollectionOf(Object.class)));
AttributeType attr2 = aaDescriptor.getAttribute().get(1);
assertThat(attr2.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
assertThat(attr2.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.1"));
assertThat(attr2.getFriendlyName(), is("eduPersonAffiliation"));
assertThat(attr2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
assertThat(attr2.getAttributeValue(), containsInAnyOrder((Object) "member", "student", "faculty", "employee", "staff"));
}
use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.
the class EntityDescriptorDescriptionConverter method loadEntityDescriptors.
private static ClientRepresentation loadEntityDescriptors(InputStream is) {
Object metadata;
try {
metadata = SAMLParser.getInstance().parse(is);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
EntitiesDescriptorType entities;
if (EntitiesDescriptorType.class.isInstance(metadata)) {
entities = (EntitiesDescriptorType) metadata;
} else {
entities = new EntitiesDescriptorType();
entities.addEntityDescriptor(metadata);
}
if (entities.getEntityDescriptor().size() != 1) {
throw new RuntimeException("Expected one entity descriptor");
}
EntityDescriptorType entity = (EntityDescriptorType) entities.getEntityDescriptor().get(0);
String entityId = entity.getEntityID();
ClientRepresentation app = new ClientRepresentation();
app.setClientId(entityId);
Map<String, String> attributes = new HashMap<>();
app.setAttributes(attributes);
List<String> redirectUris = new LinkedList<>();
app.setRedirectUris(redirectUris);
app.setFullScopeAllowed(true);
app.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
// default to true
attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
// default to false
attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE_KEYINFO_EXT, SamlProtocol.ATTRIBUTE_FALSE_VALUE);
attributes.put(SamlConfigAttributes.SAML_SIGNATURE_ALGORITHM, SignatureAlgorithm.RSA_SHA256.toString());
attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
SPSSODescriptorType spDescriptorType = getSPDescriptor(entity);
if (spDescriptorType.isWantAssertionsSigned()) {
attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
}
String logoutPost = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
if (logoutPost != null)
attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, logoutPost);
String logoutRedirect = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
if (logoutRedirect != null)
attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, logoutRedirect);
String assertionConsumerServicePostBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
if (assertionConsumerServicePostBinding != null) {
attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, assertionConsumerServicePostBinding);
redirectUris.add(assertionConsumerServicePostBinding);
}
String assertionConsumerServiceRedirectBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
if (assertionConsumerServiceRedirectBinding != null) {
attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE, assertionConsumerServiceRedirectBinding);
redirectUris.add(assertionConsumerServiceRedirectBinding);
}
String assertionConsumerServiceSoapBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_SOAP_BINDING.get());
if (assertionConsumerServiceSoapBinding != null) {
redirectUris.add(assertionConsumerServiceSoapBinding);
}
String assertionConsumerServicePaosBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_PAOS_BINDING.get());
if (assertionConsumerServicePaosBinding != null) {
redirectUris.add(assertionConsumerServicePaosBinding);
}
String assertionConsumerServiceArtifactBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.get());
if (assertionConsumerServiceArtifactBinding != null) {
attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE, assertionConsumerServiceArtifactBinding);
redirectUris.add(assertionConsumerServiceArtifactBinding);
}
String artifactResolutionService = getArtifactResolutionService(spDescriptorType);
if (artifactResolutionService != null) {
attributes.put(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, artifactResolutionService);
}
if (spDescriptorType.getNameIDFormat() != null) {
for (String format : spDescriptorType.getNameIDFormat()) {
String attribute = SamlClient.samlNameIDFormatToClientAttribute(format);
if (attribute != null) {
attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, attribute);
break;
}
}
}
if (spDescriptorType.getExtensions() != null && spDescriptorType.getExtensions().getUIInfo() != null) {
if (!spDescriptorType.getExtensions().getUIInfo().getLogo().isEmpty()) {
attributes.put(ClientModel.LOGO_URI, spDescriptorType.getExtensions().getUIInfo().getLogo().get(0).getValue().toString());
}
if (!spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().isEmpty()) {
attributes.put(ClientModel.POLICY_URI, spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().stream().filter(dn -> "en".equals(dn.getLang())).findFirst().orElse(spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().get(0)).getValue().toString());
}
}
app.setProtocolMappers(spDescriptorType.getAttributeConsumingService().stream().flatMap(att -> att.getRequestedAttribute().stream()).map(attr -> {
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName(attr.getName());
mapper.setProtocol("saml");
mapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);
Map<String, String> config = new HashMap<>();
config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, attr.getName());
if (attr.getFriendlyName() != null)
config.put(AttributeStatementHelper.FRIENDLY_NAME, attr.getFriendlyName());
if (attr.getNameFormat() != null)
config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, getSAMLNameFormat(attr.getNameFormat()));
mapper.setConfig(config);
return mapper;
}).collect(Collectors.toList()));
for (KeyDescriptorType keyDescriptor : spDescriptorType.getKeyDescriptor()) {
X509Certificate cert = null;
try {
cert = SAMLMetadataUtil.getCertificate(keyDescriptor);
} catch (ConfigurationException e) {
throw new RuntimeException(e);
} catch (ProcessingException e) {
throw new RuntimeException(e);
}
String certPem = KeycloakModelUtils.getPemFromCertificate(cert);
if (keyDescriptor.getUse() == KeyTypes.SIGNING) {
attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
attributes.put(SamlConfigAttributes.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, certPem);
} else if (keyDescriptor.getUse() == KeyTypes.ENCRYPTION) {
attributes.put(SamlConfigAttributes.SAML_ENCRYPT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
attributes.put(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, certPem);
}
}
return app;
}
use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.
the class IDPMetadataDescriptor method getIDPDescriptor.
public static String getIDPDescriptor(URI loginPostEndpoint, URI loginRedirectEndpoint, URI logoutEndpoint, URI artifactResolutionService, String entityId, boolean wantAuthnRequestsSigned, List<Element> signingCerts) throws ProcessingException {
StringWriter sw = new StringWriter();
XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(sw);
SAMLMetadataWriter metadataWriter = new SAMLMetadataWriter(writer);
EntityDescriptorType entityDescriptor = new EntityDescriptorType(entityId);
IDPSSODescriptorType spIDPDescriptor = new IDPSSODescriptorType(Arrays.asList(PROTOCOL_NSURI.get()));
spIDPDescriptor.setWantAuthnRequestsSigned(wantAuthnRequestsSigned);
spIDPDescriptor.addNameIDFormat(NAMEID_FORMAT_PERSISTENT.get());
spIDPDescriptor.addNameIDFormat(NAMEID_FORMAT_TRANSIENT.get());
spIDPDescriptor.addNameIDFormat(NAMEID_FORMAT_UNSPECIFIED.get());
spIDPDescriptor.addNameIDFormat(NAMEID_FORMAT_EMAIL.get());
spIDPDescriptor.addSingleLogoutService(new EndpointType(SAML_HTTP_POST_BINDING.getUri(), logoutEndpoint));
spIDPDescriptor.addSingleLogoutService(new EndpointType(SAML_HTTP_REDIRECT_BINDING.getUri(), logoutEndpoint));
spIDPDescriptor.addSingleLogoutService(new EndpointType(SAML_HTTP_ARTIFACT_BINDING.getUri(), logoutEndpoint));
spIDPDescriptor.addSingleSignOnService(new EndpointType(SAML_HTTP_POST_BINDING.getUri(), loginPostEndpoint));
spIDPDescriptor.addSingleSignOnService(new EndpointType(SAML_HTTP_REDIRECT_BINDING.getUri(), loginRedirectEndpoint));
spIDPDescriptor.addSingleSignOnService(new EndpointType(SAML_SOAP_BINDING.getUri(), loginPostEndpoint));
spIDPDescriptor.addSingleSignOnService(new EndpointType(SAML_HTTP_ARTIFACT_BINDING.getUri(), loginPostEndpoint));
spIDPDescriptor.addArtifactResolutionService(new IndexedEndpointType(SAML_SOAP_BINDING.getUri(), artifactResolutionService));
if (wantAuthnRequestsSigned && signingCerts != null) {
for (Element key : signingCerts) {
KeyDescriptorType keyDescriptor = new KeyDescriptorType();
keyDescriptor.setUse(KeyTypes.SIGNING);
keyDescriptor.setKeyInfo(key);
spIDPDescriptor.addKeyDescriptor(keyDescriptor);
}
}
entityDescriptor.addChoiceType(new EntityDescriptorType.EDTChoiceType(Arrays.asList(new EntityDescriptorType.EDTDescriptorChoiceType(spIDPDescriptor))));
metadataWriter.writeEntityDescriptor(entityDescriptor);
return sw.toString();
}
use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.
the class IdentityProviderTest method assertSamlExport.
private void assertSamlExport(String body) throws ParsingException, URISyntaxException {
// System.out.println(body);
Object entBody = SAMLParser.getInstance().parse(new ByteArrayInputStream(body.getBytes(Charset.forName("utf-8"))));
Assert.assertEquals("Parsed export type", EntityDescriptorType.class, entBody.getClass());
EntityDescriptorType entity = (EntityDescriptorType) entBody;
Assert.assertEquals("EntityID", oauth.AUTH_SERVER_ROOT + "/realms/admin-client-test", entity.getEntityID());
Assert.assertNotNull("ChoiceType not null", entity.getChoiceType());
Assert.assertEquals("ChoiceType.size", 1, entity.getChoiceType().size());
List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = entity.getChoiceType().get(0).getDescriptors();
Assert.assertNotNull("Descriptors not null", descriptors);
Assert.assertEquals("Descriptors.size", 1, descriptors.size());
SPSSODescriptorType desc = descriptors.get(0).getSpDescriptor();
Assert.assertNotNull("SPSSODescriptor not null", desc);
Assert.assertTrue("AuthnRequestsSigned", desc.isAuthnRequestsSigned());
Set<String> expected = new HashSet<>(Arrays.asList("urn:oasis:names:tc:SAML:2.0:protocol"));
Set<String> actual = new HashSet<>(desc.getProtocolSupportEnumeration());
Assert.assertEquals("ProtocolSupportEnumeration", expected, actual);
Assert.assertNotNull("AssertionConsumerService not null", desc.getAssertionConsumerService());
Assert.assertEquals("AssertionConsumerService.size", 1, desc.getAssertionConsumerService().size());
IndexedEndpointType endpoint = desc.getAssertionConsumerService().get(0);
Assert.assertEquals("AssertionConsumerService.Location", new URI(oauth.AUTH_SERVER_ROOT + "/realms/admin-client-test/broker/saml/endpoint"), endpoint.getLocation());
Assert.assertEquals("AssertionConsumerService.Binding", new URI("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), endpoint.getBinding());
Assert.assertTrue("AssertionConsumerService.isDefault", endpoint.isIsDefault());
Assert.assertNotNull("SingleLogoutService not null", desc.getSingleLogoutService());
Assert.assertEquals("SingleLogoutService.size", 1, desc.getSingleLogoutService().size());
EndpointType sloEndpoint = desc.getSingleLogoutService().get(0);
Assert.assertEquals("SingleLogoutService.Location", new URI(oauth.AUTH_SERVER_ROOT + "/realms/admin-client-test/broker/saml/endpoint"), sloEndpoint.getLocation());
Assert.assertEquals("SingleLogoutService.Binding", new URI("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), sloEndpoint.getBinding());
Assert.assertNotNull("KeyDescriptor not null", desc.getKeyDescriptor());
Assert.assertEquals("KeyDescriptor.size", 1, desc.getKeyDescriptor().size());
KeyDescriptorType keyDesc = desc.getKeyDescriptor().get(0);
assertThat(keyDesc, notNullValue());
assertThat(keyDesc.getUse(), equalTo(KeyTypes.SIGNING));
NodeList cert = keyDesc.getKeyInfo().getElementsByTagNameNS(XMLSignature.XMLNS, "X509Certificate");
assertThat("KeyDescriptor.Signing.Cert existence", cert.getLength(), is(1));
}
Aggregations