use of org.keycloak.dom.saml.v2.metadata.LocalizedNameType in project keycloak by keycloak.
the class SAMLParserTest method testSaml20MetadataEntityDescriptorSP.
@Test
public void testSaml20MetadataEntityDescriptorSP() throws Exception {
EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-sp.xml", EntityDescriptorType.class);
assertThat(entityDescriptor.getEntityID(), is("https://ServiceProvider.com/SAML"));
assertThat(entityDescriptor.getValidUntil(), is(nullValue()));
assertThat(entityDescriptor.getCacheDuration(), is(nullValue()));
assertThat(entityDescriptor.getID(), is(nullValue()));
assertThat(entityDescriptor.getExtensions(), is(nullValue()));
List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
assertThat(descriptors, hasSize(1));
// SP Descriptor
SPSSODescriptorType spDescriptor = descriptors.get(0).getDescriptors().get(0).getSpDescriptor();
assertThat(spDescriptor, is(notNullValue()));
assertThat(spDescriptor.isAuthnRequestsSigned(), is(true));
assertThat(spDescriptor.isWantAssertionsSigned(), is(false));
assertThat(spDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
// Key descriptor
List<KeyDescriptorType> keyDescriptors = spDescriptor.getKeyDescriptor();
assertThat(keyDescriptors, hasSize(2));
KeyDescriptorType signingKey = keyDescriptors.get(0);
assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("ServiceProvider.com SSO Key"));
KeyDescriptorType encryptionKey = keyDescriptors.get(1);
assertThat(encryptionKey.getUse(), is(KeyTypes.ENCRYPTION));
assertThat(encryptionKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("ServiceProvider.com Encrypt Key"));
List<EncryptionMethodType> encryptionMethods = encryptionKey.getEncryptionMethod();
assertThat(encryptionMethods, Matchers.<EncryptionMethodType>hasSize(1));
assertThat(encryptionMethods.get(0).getAlgorithm(), is("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
assertThat(encryptionMethods.get(0).getEncryptionMethod(), is(nullValue()));
// Single logout services
assertThat(spDescriptor.getSingleLogoutService(), hasSize(2));
EndpointType singleLS1 = spDescriptor.getSingleLogoutService().get(0);
assertThat(singleLS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
assertThat(singleLS1.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/SOAP")));
assertThat(singleLS1.getResponseLocation(), is(nullValue()));
assertThat(singleLS1.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(singleLS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
EndpointType singleLS2 = spDescriptor.getSingleLogoutService().get(1);
assertThat(singleLS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
assertThat(singleLS2.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/Browser")));
assertThat(singleLS2.getResponseLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/Response")));
assertThat(singleLS2.getAny(), is(emptyCollectionOf(Object.class)));
assertThat(singleLS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// NameID
assertThat(spDescriptor.getNameIDFormat(), contains("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
// Assertion consumer services
List<IndexedEndpointType> assertionConsumerServices = spDescriptor.getAssertionConsumerService();
assertThat(assertionConsumerServices, hasSize(2));
IndexedEndpointType assertionCS1 = assertionConsumerServices.get(0);
assertThat(assertionCS1.getIndex(), is(0));
assertThat(assertionCS1.isIsDefault(), is(true));
assertThat(assertionCS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact")));
assertThat(assertionCS1.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SSO/Artifact")));
assertThat(assertionCS1.getResponseLocation(), is(nullValue()));
assertThat(assertionCS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
IndexedEndpointType assertionCS2 = assertionConsumerServices.get(1);
assertThat(assertionCS2.getIndex(), is(1));
assertThat(assertionCS2.isIsDefault(), is(nullValue()));
assertThat(assertionCS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")));
assertThat(assertionCS2.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SSO/POST")));
assertThat(assertionCS2.getResponseLocation(), is(nullValue()));
assertThat(assertionCS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// Attribute consuming services
List<AttributeConsumingServiceType> attributeConsumingServices = spDescriptor.getAttributeConsumingService();
assertThat(attributeConsumingServices, hasSize(1));
AttributeConsumingServiceType attributeConsumingService = attributeConsumingServices.get(0);
assertThat(attributeConsumingService.getIndex(), is(0));
assertThat(attributeConsumingService.getServiceName(), hasSize(1));
LocalizedNameType servName = attributeConsumingService.getServiceName().get(0);
assertThat(servName.getLang(), is("en"));
assertThat(servName.getValue(), is("Academic Journals R US"));
assertThat(attributeConsumingService.getServiceDescription(), is(emptyCollectionOf(LocalizedNameType.class)));
List<RequestedAttributeType> requestedAttributes = attributeConsumingService.getRequestedAttribute();
assertThat(requestedAttributes, hasSize(1));
// Requested attribute
RequestedAttributeType requestedAttribute = requestedAttributes.get(0);
assertThat(requestedAttribute.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
assertThat(requestedAttribute.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.7"));
assertThat(requestedAttribute.getFriendlyName(), is("eduPersonEntitlement"));
assertThat(requestedAttribute.getAttributeValue(), hasSize(1));
assertThat((String) requestedAttribute.getAttributeValue().get(0), is("https://ServiceProvider.com/entitlements/123456789"));
assertThat(requestedAttribute.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
// Organization
assertThat(entityDescriptor.getOrganization().getOrganizationName(), hasSize(1));
LocalizedNameType orgName = entityDescriptor.getOrganization().getOrganizationName().get(0);
assertThat(orgName.getLang(), is("en"));
assertThat(orgName.getValue(), is("Academic Journals R\n US"));
assertThat(entityDescriptor.getOrganization().getOrganizationDisplayName(), hasSize(1));
LocalizedNameType orgDispName = entityDescriptor.getOrganization().getOrganizationDisplayName().get(0);
assertThat(orgDispName.getLang(), is("en"));
assertThat(orgDispName.getValue(), is("Academic Journals R US, a Division of Dirk Corp."));
assertThat(entityDescriptor.getOrganization().getOrganizationURL(), hasSize(1));
LocalizedURIType orgURL = entityDescriptor.getOrganization().getOrganizationURL().get(0);
assertThat(orgURL.getLang(), is("en"));
assertThat(orgURL.getValue(), is(URI.create("https://ServiceProvider.com")));
}
use of org.keycloak.dom.saml.v2.metadata.LocalizedNameType in project keycloak by keycloak.
the class SAMLOrganizationParser method processSubElement.
@Override
protected void processSubElement(XMLEventReader xmlEventReader, OrganizationType target, SAMLMetadataQNames element, StartElement elementDetail) throws ParsingException {
switch(element) {
case ORGANIZATION_NAME:
LocalizedNameType orgName = new LocalizedNameType(StaxParserUtil.getAttributeValue(elementDetail, ATTR_LANG));
StaxParserUtil.advance(xmlEventReader);
orgName.setValue(StaxParserUtil.getElementText(xmlEventReader));
target.addOrganizationName(orgName);
break;
case ORGANIZATION_DISPLAY_NAME:
LocalizedNameType orgDispName = new LocalizedNameType(StaxParserUtil.getAttributeValue(elementDetail, ATTR_LANG));
StaxParserUtil.advance(xmlEventReader);
orgDispName.setValue(StaxParserUtil.getElementText(xmlEventReader));
target.addOrganizationDisplayName(orgDispName);
break;
case ORGANIZATION_URL:
case ORGANIZATION_URL_ALT:
LocalizedURIType orgURL = new LocalizedURIType(StaxParserUtil.getAttributeValue(elementDetail, ATTR_LANG));
StaxParserUtil.advance(xmlEventReader);
orgURL.setValue(URI.create(StaxParserUtil.getElementText(xmlEventReader)));
target.addOrganizationURL(orgURL);
break;
case EXTENSIONS:
target.setExtensions(SAMLExtensionsParser.getInstance().parse(xmlEventReader));
break;
default:
throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
}
}
use of org.keycloak.dom.saml.v2.metadata.LocalizedNameType in project keycloak by keycloak.
the class SAMLMetadataWriter method writeOrganization.
public void writeOrganization(OrganizationType org) throws ProcessingException {
if (org == null)
throw new ProcessingException(logger.nullArgumentError("Organization"));
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ORGANIZATION.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
ExtensionsType extensions = org.getExtensions();
if (extensions != null) {
write(extensions);
}
// Write the name
List<LocalizedNameType> nameList = org.getOrganizationName();
for (LocalizedNameType localName : nameList) {
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ORGANIZATION_NAME.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
writeLocalizedType(localName);
}
// Write the display name
List<LocalizedNameType> displayNameList = org.getOrganizationDisplayName();
for (LocalizedNameType localName : displayNameList) {
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ORGANIZATION_DISPLAY_NAME.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
writeLocalizedType(localName);
}
// Write the url
List<LocalizedURIType> uriList = org.getOrganizationURL();
for (LocalizedURIType uri : uriList) {
StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ORGANIZATION_URL.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
String lang = uri.getLang();
String val = uri.getValue().toString();
StaxUtil.writeAttribute(writer, new QName(JBossSAMLURIConstants.XML.get(), JBossSAMLConstants.LANG.get(), "xml"), lang);
StaxUtil.writeCharacters(writer, val);
StaxUtil.writeEndElement(writer);
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
use of org.keycloak.dom.saml.v2.metadata.LocalizedNameType in project keycloak by keycloak.
the class SAMLIdentityProvider method export.
@Override
public Response export(UriInfo uriInfo, RealmModel realm, String format) {
try {
URI authnBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri();
if (getConfig().isPostBindingAuthnRequest()) {
authnBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri();
}
URI endpoint = uriInfo.getBaseUriBuilder().path("realms").path(realm.getName()).path("broker").path(getConfig().getAlias()).path("endpoint").build();
boolean wantAuthnRequestsSigned = getConfig().isWantAuthnRequestsSigned();
boolean wantAssertionsSigned = getConfig().isWantAssertionsSigned();
boolean wantAssertionsEncrypted = getConfig().isWantAssertionsEncrypted();
String entityId = getEntityId(uriInfo, realm);
String nameIDPolicyFormat = getConfig().getNameIDPolicyFormat();
List<Element> signingKeys = new LinkedList<>();
List<Element> encryptionKeys = new LinkedList<>();
session.keys().getKeysStream(realm, KeyUse.SIG, Algorithm.RS256).filter(Objects::nonNull).filter(key -> key.getCertificate() != null).sorted(SamlService::compareKeys).forEach(key -> {
try {
Element element = SPMetadataDescriptor.buildKeyInfoElement(key.getKid(), PemUtils.encodeCertificate(key.getCertificate()));
signingKeys.add(element);
if (key.getStatus() == KeyStatus.ACTIVE) {
encryptionKeys.add(element);
}
} catch (ParserConfigurationException e) {
logger.warn("Failed to export SAML SP Metadata!", e);
throw new RuntimeException(e);
}
});
// Prepare the metadata descriptor model
StringWriter sw = new StringWriter();
XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(sw);
SAMLMetadataWriter metadataWriter = new SAMLMetadataWriter(writer);
EntityDescriptorType entityDescriptor = SPMetadataDescriptor.buildSPdescriptor(authnBinding, authnBinding, endpoint, endpoint, wantAuthnRequestsSigned, wantAssertionsSigned, wantAssertionsEncrypted, entityId, nameIDPolicyFormat, signingKeys, encryptionKeys);
// Create the AttributeConsumingService if at least one attribute importer mapper exists
List<Entry<IdentityProviderMapperModel, SamlMetadataDescriptorUpdater>> metadataAttrProviders = new ArrayList<>();
realm.getIdentityProviderMappersByAliasStream(getConfig().getAlias()).forEach(mapper -> {
IdentityProviderMapper target = (IdentityProviderMapper) session.getKeycloakSessionFactory().getProviderFactory(IdentityProviderMapper.class, mapper.getIdentityProviderMapper());
if (target instanceof SamlMetadataDescriptorUpdater)
metadataAttrProviders.add(new java.util.AbstractMap.SimpleEntry<>(mapper, (SamlMetadataDescriptorUpdater) target));
});
if (!metadataAttrProviders.isEmpty()) {
int attributeConsumingServiceIndex = getConfig().getAttributeConsumingServiceIndex() != null ? getConfig().getAttributeConsumingServiceIndex() : 1;
String attributeConsumingServiceName = getConfig().getAttributeConsumingServiceName();
// default value for attributeConsumingServiceName
if (attributeConsumingServiceName == null)
attributeConsumingServiceName = realm.getDisplayName() != null ? realm.getDisplayName() : realm.getName();
AttributeConsumingServiceType attributeConsumingService = new AttributeConsumingServiceType(attributeConsumingServiceIndex);
attributeConsumingService.setIsDefault(true);
String currentLocale = realm.getDefaultLocale() == null ? "en" : realm.getDefaultLocale();
LocalizedNameType attributeConsumingServiceNameElement = new LocalizedNameType(currentLocale);
attributeConsumingServiceNameElement.setValue(attributeConsumingServiceName);
attributeConsumingService.addServiceName(attributeConsumingServiceNameElement);
// Look for the SP descriptor and add the attribute consuming service
for (EntityDescriptorType.EDTChoiceType choiceType : entityDescriptor.getChoiceType()) {
List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = choiceType.getDescriptors();
for (EntityDescriptorType.EDTDescriptorChoiceType descriptor : descriptors) {
descriptor.getSpDescriptor().addAttributeConsumerService(attributeConsumingService);
}
}
// Add the attribute mappers
metadataAttrProviders.forEach(mapper -> {
SamlMetadataDescriptorUpdater metadataAttrProvider = mapper.getValue();
metadataAttrProvider.updateMetadata(mapper.getKey(), entityDescriptor);
});
}
// Write the metadata and export it to a string
metadataWriter.writeEntityDescriptor(entityDescriptor);
String descriptor = sw.toString();
// Metadata signing
if (getConfig().isSignSpMetadata()) {
KeyManager.ActiveRsaKey activeKey = session.keys().getActiveRsaKey(realm);
String keyName = getConfig().getXmlSigKeyInfoKeyNameTransformer().getKeyName(activeKey.getKid(), activeKey.getCertificate());
KeyPair keyPair = new KeyPair(activeKey.getPublicKey(), activeKey.getPrivateKey());
Document metadataDocument = DocumentUtil.getDocument(descriptor);
SAML2Signature signatureHelper = new SAML2Signature();
signatureHelper.setSignatureMethod(getSignatureAlgorithm().getXmlSignatureMethod());
signatureHelper.setDigestMethod(getSignatureAlgorithm().getXmlSignatureDigestMethod());
Node nextSibling = metadataDocument.getDocumentElement().getFirstChild();
signatureHelper.setNextSibling(nextSibling);
signatureHelper.signSAMLDocument(metadataDocument, keyName, keyPair, CanonicalizationMethod.EXCLUSIVE);
descriptor = DocumentUtil.getDocumentAsString(metadataDocument);
}
return Response.ok(descriptor, MediaType.APPLICATION_XML_TYPE).build();
} catch (Exception e) {
logger.warn("Failed to export SAML SP Metadata!", e);
throw new RuntimeException(e);
}
}
use of org.keycloak.dom.saml.v2.metadata.LocalizedNameType in project keycloak by keycloak.
the class SAMLUIInfoParser method processSubElement.
@Override
protected void processSubElement(XMLEventReader xmlEventReader, UIInfoType target, SAMLMetadataQNames element, StartElement elementDetail) throws ParsingException {
switch(element) {
case DISPLAY_NAME:
LocalizedNameType displayName = new LocalizedNameType(StaxParserUtil.getRequiredAttributeValue(elementDetail, ATTR_LANG));
StaxParserUtil.advance(xmlEventReader);
displayName.setValue(StaxParserUtil.getElementText(xmlEventReader));
target.addDisplayName(displayName);
break;
case DESCRIPTION:
LocalizedNameType description = new LocalizedNameType(StaxParserUtil.getRequiredAttributeValue(elementDetail, ATTR_LANG));
StaxParserUtil.advance(xmlEventReader);
description.setValue(StaxParserUtil.getElementText(xmlEventReader));
target.addDescription(description);
break;
case KEYWORDS:
KeywordsType keywords = new KeywordsType(StaxParserUtil.getRequiredAttributeValue(elementDetail, ATTR_LANG));
target.addKeywords(keywords);
break;
case INFORMATION_URL:
LocalizedURIType informationURL = new LocalizedURIType(StaxParserUtil.getRequiredAttributeValue(elementDetail, ATTR_LANG));
StaxParserUtil.advance(xmlEventReader);
informationURL.setValue(URI.create(StaxParserUtil.getElementText(xmlEventReader)));
target.addInformationURL(informationURL);
break;
case PRIVACY_STATEMENT_URL:
LocalizedURIType privacyStatementURL = new LocalizedURIType(StaxParserUtil.getRequiredAttributeValue(elementDetail, ATTR_LANG));
StaxParserUtil.advance(xmlEventReader);
privacyStatementURL.setValue(URI.create(StaxParserUtil.getElementText(xmlEventReader)));
target.addPrivacyStatementURL(privacyStatementURL);
break;
case LOGO:
LogoType logo = new LogoType(Integer.parseInt(StaxParserUtil.getRequiredAttributeValue(elementDetail, ATTR_HEIGHT)), Integer.parseInt(StaxParserUtil.getRequiredAttributeValue(elementDetail, ATTR_WIDTH)));
String lang = StaxParserUtil.getAttributeValue(elementDetail, ATTR_LANG);
if (lang != null)
logo.setLang(lang);
StaxParserUtil.advance(xmlEventReader);
try {
String logoValue = StaxParserUtil.getElementText(xmlEventReader).replaceAll("\\s+", "");
logo.setValue(new URI(logoValue));
} catch (URISyntaxException ex) {
throw new ParsingException(ex);
}
target.addLogo(logo);
break;
default:
throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
}
}
Aggregations