Examples with KeyDescriptorType org.keycloak.dom.saml.v2.metadata.KeyDescriptorType used on opensource projects

Example 11 with KeyDescriptorType

use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20MetadataEntityDescriptorIdP.

@Test
public void testSaml20MetadataEntityDescriptorIdP() throws Exception {
    EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-idp.xml", EntityDescriptorType.class);
    List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
    assertThat(descriptors, hasSize(2));
    // IDPSSO descriptor
    IDPSSODescriptorType idpDescriptor = descriptors.get(0).getDescriptors().get(0).getIdpDescriptor();
    assertThat(idpDescriptor, is(notNullValue()));
    assertThat(idpDescriptor.isWantAuthnRequestsSigned(), is(true));
    assertThat(idpDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
    // Key descriptor
    List<KeyDescriptorType> keyDescriptors = idpDescriptor.getKeyDescriptor();
    assertThat(keyDescriptors, hasSize(1));
    KeyDescriptorType signingKey = keyDescriptors.get(0);
    assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
    assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
    assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("IdentityProvider.com SSO Key"));
    // Single logout services
    assertThat(idpDescriptor.getSingleLogoutService(), hasSize(2));
    EndpointType singleLS1 = idpDescriptor.getSingleLogoutService().get(0);
    assertThat(singleLS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
    assertThat(singleLS1.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/SOAP")));
    assertThat(singleLS1.getResponseLocation(), is(nullValue()));
    assertThat(singleLS1.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    EndpointType singleLS2 = idpDescriptor.getSingleLogoutService().get(1);
    assertThat(singleLS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
    assertThat(singleLS2.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/Browser")));
    assertThat(singleLS2.getResponseLocation(), is(URI.create("https://IdentityProvider.com/SAML/SLO/Response")));
    assertThat(singleLS2.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // NameID
    assertThat(idpDescriptor.getNameIDFormat(), containsInAnyOrder("urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
    // Single sign on services
    assertThat(idpDescriptor.getSingleSignOnService(), hasSize(2));
    EndpointType singleSO1 = idpDescriptor.getSingleSignOnService().get(0);
    assertThat(singleSO1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
    assertThat(singleSO1.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SSO/Browser")));
    assertThat(singleSO1.getResponseLocation(), is(nullValue()));
    assertThat(singleSO1.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleSO1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    EndpointType singleSO2 = idpDescriptor.getSingleSignOnService().get(1);
    assertThat(singleSO2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")));
    assertThat(singleSO2.getLocation(), is(URI.create("https://IdentityProvider.com/SAML/SSO/Browser")));
    assertThat(singleSO2.getResponseLocation(), is(nullValue()));
    assertThat(singleSO2.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleSO2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // Attributes
    assertThat(idpDescriptor.getAttribute(), hasSize(2));
    AttributeType attr1 = idpDescriptor.getAttribute().get(0);
    assertThat(attr1.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(attr1.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.6"));
    assertThat(attr1.getFriendlyName(), is("eduPersonPrincipalName"));
    assertThat(attr1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    assertThat(attr1.getAttributeValue(), is(emptyCollectionOf(Object.class)));
    AttributeType attr2 = idpDescriptor.getAttribute().get(1);
    assertThat(attr2.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(attr2.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.1"));
    assertThat(attr2.getFriendlyName(), is("eduPersonAffiliation"));
    assertThat(attr2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    assertThat(attr2.getAttributeValue(), containsInAnyOrder((Object) "member", "student", "faculty", "employee", "staff"));
    // Organization
    assertThat(entityDescriptor.getOrganization().getOrganizationName(), hasSize(1));
    LocalizedNameType orgName = entityDescriptor.getOrganization().getOrganizationName().get(0);
    assertThat(orgName.getLang(), is("en"));
    assertThat(orgName.getValue(), is("Identity Providers R\n            US"));
    assertThat(entityDescriptor.getOrganization().getOrganizationDisplayName(), hasSize(1));
    LocalizedNameType orgDispName = entityDescriptor.getOrganization().getOrganizationDisplayName().get(0);
    assertThat(orgDispName.getLang(), is("en"));
    assertThat(orgDispName.getValue(), is("Identity Providers R US, a Division of Lerxst Corp."));
    assertThat(entityDescriptor.getOrganization().getOrganizationURL(), hasSize(1));
    LocalizedURIType orgURL = entityDescriptor.getOrganization().getOrganizationURL().get(0);
    assertThat(orgURL.getLang(), is("en"));
    assertThat(orgURL.getValue(), is(URI.create("https://IdentityProvider.com")));
}

Example 12 with KeyDescriptorType

use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.

the class SAMLMetadataWriter method writeAttributeAuthorityDescriptor.

public void writeAttributeAuthorityDescriptor(AttributeAuthorityDescriptorType attributeAuthority) throws ProcessingException {
    StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ATTRIBUTE_AUTHORITY_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
    writeProtocolSupportEnumeration(attributeAuthority.getProtocolSupportEnumeration());
    Element signature = attributeAuthority.getSignature();
    if (signature != null) {
        StaxUtil.writeDOMElement(writer, signature);
    }
    ExtensionsType extensions = attributeAuthority.getExtensions();
    if (extensions != null) {
        write(extensions);
    }
    List<KeyDescriptorType> keyDescriptorList = attributeAuthority.getKeyDescriptor();
    for (KeyDescriptorType keyDescriptor : keyDescriptorList) {
        writeKeyDescriptor(keyDescriptor);
    }
    List<EndpointType> attributeServices = attributeAuthority.getAttributeService();
    for (EndpointType endpoint : attributeServices) {
        writeAttributeService(endpoint);
    }
    List<String> nameIDFormats = attributeAuthority.getNameIDFormat();
    for (String nameIDFormat : nameIDFormats) {
        writeNameIDFormat(nameIDFormat);
    }
    List<AttributeType> attributes = attributeAuthority.getAttribute();
    for (AttributeType attributeType : attributes) {
        write(attributeType);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}

Example 13 with KeyDescriptorType

use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.

the class SAMLMetadataWriter method write.

public void write(SPSSODescriptorType spSSODescriptor) throws ProcessingException {
    StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.SP_SSO_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
    writeProtocolSupportEnumeration(spSSODescriptor.getProtocolSupportEnumeration());
    // Write the attributes
    Boolean authnSigned = spSSODescriptor.isAuthnRequestsSigned();
    if (authnSigned != null) {
        StaxUtil.writeAttribute(writer, new QName(JBossSAMLConstants.AUTHN_REQUESTS_SIGNED.get()), authnSigned.toString());
    }
    Boolean wantAssertionsSigned = spSSODescriptor.isWantAssertionsSigned();
    if (wantAssertionsSigned != null) {
        StaxUtil.writeAttribute(writer, new QName(JBossSAMLConstants.WANT_ASSERTIONS_SIGNED.get()), wantAssertionsSigned.toString());
    }
    // Get the key descriptors
    List<KeyDescriptorType> keyDescriptors = spSSODescriptor.getKeyDescriptor();
    for (KeyDescriptorType keyDescriptor : keyDescriptors) {
        writeKeyDescriptor(keyDescriptor);
    }
    List<EndpointType> sloServices = spSSODescriptor.getSingleLogoutService();
    for (EndpointType endpoint : sloServices) {
        writeSingleLogoutService(endpoint);
    }
    List<IndexedEndpointType> artifactResolutions = spSSODescriptor.getArtifactResolutionService();
    for (IndexedEndpointType artifactResolution : artifactResolutions) {
        writeArtifactResolutionService(artifactResolution);
    }
    List<String> nameIDFormats = spSSODescriptor.getNameIDFormat();
    for (String nameIDFormat : nameIDFormats) {
        writeNameIDFormat(nameIDFormat);
    }
    List<IndexedEndpointType> assertionConsumers = spSSODescriptor.getAssertionConsumerService();
    for (IndexedEndpointType assertionConsumer : assertionConsumers) {
        writeAssertionConsumerService(assertionConsumer);
    }
    List<AttributeConsumingServiceType> attributeConsumers = spSSODescriptor.getAttributeConsumingService();
    for (AttributeConsumingServiceType attributeConsumer : attributeConsumers) {
        writeAttributeConsumingService(attributeConsumer);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}

Example 14 with KeyDescriptorType

use of org.keycloak.dom.saml.v2.metadata.KeyDescriptorType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20MetadataEntityDescriptorPDP.

@Test
public void testSaml20MetadataEntityDescriptorPDP() throws Exception {
    EntityDescriptorType descriptor = assertParsed("saml20-entity-descriptor-pdp.xml", EntityDescriptorType.class);
    assertThat(descriptor.getChoiceType(), Matchers.<EntityDescriptorType.EDTChoiceType>hasSize(1));
    assertThat(descriptor.getChoiceType().get(0).getDescriptors().get(0).getPdpDescriptor(), is(notNullValue()));
    PDPDescriptorType pdpDescriptor = descriptor.getChoiceType().get(0).getDescriptors().get(0).getPdpDescriptor();
    assertThat(pdpDescriptor.getKeyDescriptor(), Matchers.<KeyDescriptorType>hasSize(1));
    KeyDescriptorType keyDescriptorType = pdpDescriptor.getKeyDescriptor().get(0);
    assertThat(keyDescriptorType.getEncryptionMethod(), Matchers.<EncryptionMethodType>hasSize(1));
    EncryptionMethodType encryptionMethodType = keyDescriptorType.getEncryptionMethod().get(0);
    assertThat(encryptionMethodType.getAlgorithm(), is("http://www.example.com/"));
    EncryptionMethodType.EncryptionMethod encryptionMethod = encryptionMethodType.getEncryptionMethod();
    assertThat(encryptionMethod.getKeySize(), is(BigInteger.ONE));
    assertThat(encryptionMethod.getOAEPparams(), is("GpM7".getBytes()));
    // EndpointType parser already tested so we are not checking further
    assertThat(pdpDescriptor.getAuthzService(), Matchers.<EndpointType>hasSize(1));
    assertThat(pdpDescriptor.getAssertionIDRequestService(), Matchers.<EndpointType>hasSize(1));
}