Search in sources :

Example 1 with RequestedAttributeType

use of org.keycloak.dom.saml.v2.metadata.RequestedAttributeType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20MetadataEntityDescriptorSP.

@Test
public void testSaml20MetadataEntityDescriptorSP() throws Exception {
    EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-sp.xml", EntityDescriptorType.class);
    assertThat(entityDescriptor.getEntityID(), is("https://ServiceProvider.com/SAML"));
    assertThat(entityDescriptor.getValidUntil(), is(nullValue()));
    assertThat(entityDescriptor.getCacheDuration(), is(nullValue()));
    assertThat(entityDescriptor.getID(), is(nullValue()));
    assertThat(entityDescriptor.getExtensions(), is(nullValue()));
    List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
    assertThat(descriptors, hasSize(1));
    // SP Descriptor
    SPSSODescriptorType spDescriptor = descriptors.get(0).getDescriptors().get(0).getSpDescriptor();
    assertThat(spDescriptor, is(notNullValue()));
    assertThat(spDescriptor.isAuthnRequestsSigned(), is(true));
    assertThat(spDescriptor.isWantAssertionsSigned(), is(false));
    assertThat(spDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
    // Key descriptor
    List<KeyDescriptorType> keyDescriptors = spDescriptor.getKeyDescriptor();
    assertThat(keyDescriptors, hasSize(2));
    KeyDescriptorType signingKey = keyDescriptors.get(0);
    assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
    assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
    assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("ServiceProvider.com SSO Key"));
    KeyDescriptorType encryptionKey = keyDescriptors.get(1);
    assertThat(encryptionKey.getUse(), is(KeyTypes.ENCRYPTION));
    assertThat(encryptionKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("ServiceProvider.com Encrypt Key"));
    List<EncryptionMethodType> encryptionMethods = encryptionKey.getEncryptionMethod();
    assertThat(encryptionMethods, Matchers.<EncryptionMethodType>hasSize(1));
    assertThat(encryptionMethods.get(0).getAlgorithm(), is("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
    assertThat(encryptionMethods.get(0).getEncryptionMethod(), is(nullValue()));
    // Single logout services
    assertThat(spDescriptor.getSingleLogoutService(), hasSize(2));
    EndpointType singleLS1 = spDescriptor.getSingleLogoutService().get(0);
    assertThat(singleLS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
    assertThat(singleLS1.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/SOAP")));
    assertThat(singleLS1.getResponseLocation(), is(nullValue()));
    assertThat(singleLS1.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    EndpointType singleLS2 = spDescriptor.getSingleLogoutService().get(1);
    assertThat(singleLS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
    assertThat(singleLS2.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/Browser")));
    assertThat(singleLS2.getResponseLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/Response")));
    assertThat(singleLS2.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // NameID
    assertThat(spDescriptor.getNameIDFormat(), contains("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
    // Assertion consumer services
    List<IndexedEndpointType> assertionConsumerServices = spDescriptor.getAssertionConsumerService();
    assertThat(assertionConsumerServices, hasSize(2));
    IndexedEndpointType assertionCS1 = assertionConsumerServices.get(0);
    assertThat(assertionCS1.getIndex(), is(0));
    assertThat(assertionCS1.isIsDefault(), is(true));
    assertThat(assertionCS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact")));
    assertThat(assertionCS1.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SSO/Artifact")));
    assertThat(assertionCS1.getResponseLocation(), is(nullValue()));
    assertThat(assertionCS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    IndexedEndpointType assertionCS2 = assertionConsumerServices.get(1);
    assertThat(assertionCS2.getIndex(), is(1));
    assertThat(assertionCS2.isIsDefault(), is(nullValue()));
    assertThat(assertionCS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")));
    assertThat(assertionCS2.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SSO/POST")));
    assertThat(assertionCS2.getResponseLocation(), is(nullValue()));
    assertThat(assertionCS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // Attribute consuming services
    List<AttributeConsumingServiceType> attributeConsumingServices = spDescriptor.getAttributeConsumingService();
    assertThat(attributeConsumingServices, hasSize(1));
    AttributeConsumingServiceType attributeConsumingService = attributeConsumingServices.get(0);
    assertThat(attributeConsumingService.getIndex(), is(0));
    assertThat(attributeConsumingService.getServiceName(), hasSize(1));
    LocalizedNameType servName = attributeConsumingService.getServiceName().get(0);
    assertThat(servName.getLang(), is("en"));
    assertThat(servName.getValue(), is("Academic Journals R US"));
    assertThat(attributeConsumingService.getServiceDescription(), is(emptyCollectionOf(LocalizedNameType.class)));
    List<RequestedAttributeType> requestedAttributes = attributeConsumingService.getRequestedAttribute();
    assertThat(requestedAttributes, hasSize(1));
    // Requested attribute
    RequestedAttributeType requestedAttribute = requestedAttributes.get(0);
    assertThat(requestedAttribute.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(requestedAttribute.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.7"));
    assertThat(requestedAttribute.getFriendlyName(), is("eduPersonEntitlement"));
    assertThat(requestedAttribute.getAttributeValue(), hasSize(1));
    assertThat((String) requestedAttribute.getAttributeValue().get(0), is("https://ServiceProvider.com/entitlements/123456789"));
    assertThat(requestedAttribute.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // Organization
    assertThat(entityDescriptor.getOrganization().getOrganizationName(), hasSize(1));
    LocalizedNameType orgName = entityDescriptor.getOrganization().getOrganizationName().get(0);
    assertThat(orgName.getLang(), is("en"));
    assertThat(orgName.getValue(), is("Academic Journals R\n            US"));
    assertThat(entityDescriptor.getOrganization().getOrganizationDisplayName(), hasSize(1));
    LocalizedNameType orgDispName = entityDescriptor.getOrganization().getOrganizationDisplayName().get(0);
    assertThat(orgDispName.getLang(), is("en"));
    assertThat(orgDispName.getValue(), is("Academic Journals R US, a Division of Dirk Corp."));
    assertThat(entityDescriptor.getOrganization().getOrganizationURL(), hasSize(1));
    LocalizedURIType orgURL = entityDescriptor.getOrganization().getOrganizationURL().get(0);
    assertThat(orgURL.getLang(), is("en"));
    assertThat(orgURL.getValue(), is(URI.create("https://ServiceProvider.com")));
}
Also used : QName(javax.xml.namespace.QName) EncryptionMethodType(org.keycloak.dom.xmlsec.w3.xmlenc.EncryptionMethodType) Matchers.containsString(org.hamcrest.Matchers.containsString) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) LocalizedURIType(org.keycloak.dom.saml.v2.metadata.LocalizedURIType) LocalizedNameType(org.keycloak.dom.saml.v2.metadata.LocalizedNameType) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) AttributeConsumingServiceType(org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType) Test(org.junit.Test)

Example 2 with RequestedAttributeType

use of org.keycloak.dom.saml.v2.metadata.RequestedAttributeType in project keycloak by keycloak.

the class UserAttributeMapper method updateMetadata.

// SamlMetadataDescriptorUpdater interface
@Override
public void updateMetadata(IdentityProviderMapperModel mapperModel, EntityDescriptorType entityDescriptor) {
    String attributeName = mapperModel.getConfig().get(UserAttributeMapper.ATTRIBUTE_NAME);
    String attributeFriendlyName = mapperModel.getConfig().get(UserAttributeMapper.ATTRIBUTE_FRIENDLY_NAME);
    RequestedAttributeType requestedAttribute = new RequestedAttributeType(attributeName);
    requestedAttribute.setIsRequired(null);
    requestedAttribute.setNameFormat(ATTRIBUTE_FORMAT_BASIC.get());
    if (attributeFriendlyName != null && attributeFriendlyName.length() > 0)
        requestedAttribute.setFriendlyName(attributeFriendlyName);
    // Add the requestedAttribute item to any AttributeConsumingServices
    for (EntityDescriptorType.EDTChoiceType choiceType : entityDescriptor.getChoiceType()) {
        List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = choiceType.getDescriptors();
        for (EntityDescriptorType.EDTDescriptorChoiceType descriptor : descriptors) {
            for (AttributeConsumingServiceType attributeConsumingService : descriptor.getSpDescriptor().getAttributeConsumingService()) {
                boolean alreadyPresent = attributeConsumingService.getRequestedAttribute().stream().anyMatch(t -> (attributeName == null || attributeName.equalsIgnoreCase(t.getName())) && (attributeFriendlyName == null || attributeFriendlyName.equalsIgnoreCase(t.getFriendlyName())));
                if (!alreadyPresent)
                    attributeConsumingService.addRequestedAttribute(requestedAttribute);
            }
        }
    }
}
Also used : EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) AttributeConsumingServiceType(org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)

Example 3 with RequestedAttributeType

use of org.keycloak.dom.saml.v2.metadata.RequestedAttributeType in project keycloak by keycloak.

the class AttributeToRoleMapper method updateMetadata.

// SamlMetadataDescriptorUpdater interface
@Override
public void updateMetadata(IdentityProviderMapperModel mapperModel, EntityDescriptorType entityDescriptor) {
    String attributeName = mapperModel.getConfig().get(UserAttributeMapper.ATTRIBUTE_NAME);
    String attributeFriendlyName = mapperModel.getConfig().get(AttributeToRoleMapper.ATTRIBUTE_FRIENDLY_NAME);
    RequestedAttributeType requestedAttribute = new RequestedAttributeType(mapperModel.getConfig().get(AttributeToRoleMapper.ATTRIBUTE_NAME));
    requestedAttribute.setIsRequired(null);
    requestedAttribute.setNameFormat(ATTRIBUTE_FORMAT_BASIC.get());
    if (attributeFriendlyName != null && attributeFriendlyName.length() > 0)
        requestedAttribute.setFriendlyName(attributeFriendlyName);
    // Add the requestedAttribute item to any AttributeConsumingServices
    for (EntityDescriptorType.EDTChoiceType choiceType : entityDescriptor.getChoiceType()) {
        List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = choiceType.getDescriptors();
        for (EntityDescriptorType.EDTDescriptorChoiceType descriptor : descriptors) {
            for (AttributeConsumingServiceType attributeConsumingService : descriptor.getSpDescriptor().getAttributeConsumingService()) {
                boolean alreadyPresent = attributeConsumingService.getRequestedAttribute().stream().anyMatch(t -> (attributeName == null || attributeName.equalsIgnoreCase(t.getName())) && (attributeFriendlyName == null || attributeFriendlyName.equalsIgnoreCase(t.getFriendlyName())));
                if (!alreadyPresent)
                    attributeConsumingService.addRequestedAttribute(requestedAttribute);
            }
        }
    }
}
Also used : EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) AttributeConsumingServiceType(org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)

Example 4 with RequestedAttributeType

use of org.keycloak.dom.saml.v2.metadata.RequestedAttributeType in project keycloak by keycloak.

the class SAMLRequestedAttributeParser method instantiateElement.

@Override
protected RequestedAttributeType instantiateElement(XMLEventReader xmlEventReader, StartElement element) throws ParsingException {
    RequestedAttributeType attributeType = new RequestedAttributeType(StaxParserUtil.getRequiredAttributeValue(element, SAMLAssertionQNames.ATTR_NAME));
    attributeType.setFriendlyName(StaxParserUtil.getAttributeValue(element, SAMLMetadataQNames.ATTR_FRIENDLY_NAME));
    attributeType.setIsRequired(StaxParserUtil.getBooleanAttributeValue(element, SAMLMetadataQNames.ATTR_IS_REQUIRED));
    attributeType.setNameFormat(StaxParserUtil.getAttributeValue(element, SAMLMetadataQNames.ATTR_NAME_FORMAT));
    String encoding = StaxParserUtil.getAttributeValue(element, SAMLMetadataQNames.ATTR_X500_ENCODING);
    if (encoding != null && !encoding.isEmpty()) {
        attributeType.getOtherAttributes().put(SAMLMetadataQNames.ATTR_X500_ENCODING.getQName(), encoding);
    }
    return attributeType;
}
Also used : RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)

Example 5 with RequestedAttributeType

use of org.keycloak.dom.saml.v2.metadata.RequestedAttributeType in project keycloak by keycloak.

the class SAMLMetadataWriter method writeAttributeConsumingService.

public void writeAttributeConsumingService(AttributeConsumingServiceType attributeConsumer) throws ProcessingException {
    StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ATTRIBUTE_CONSUMING_SERVICE.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
    if (attributeConsumer.isIsDefault() != null)
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISDEFAULT.get(), "" + attributeConsumer.isIsDefault());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.INDEX.get(), "" + attributeConsumer.getIndex());
    // Service Name
    List<LocalizedNameType> serviceNames = attributeConsumer.getServiceName();
    for (LocalizedNameType serviceName : serviceNames) {
        writeLocalizedNameType(serviceName, new QName(JBossSAMLURIConstants.METADATA_NSURI.get(), JBossSAMLConstants.SERVICE_NAME.get(), METADATA_PREFIX));
    }
    List<LocalizedNameType> serviceDescriptions = attributeConsumer.getServiceDescription();
    for (LocalizedNameType serviceDescription : serviceDescriptions) {
        writeLocalizedNameType(serviceDescription, new QName(JBossSAMLURIConstants.METADATA_NSURI.get(), JBossSAMLConstants.SERVICE_DESCRIPTION.get(), METADATA_PREFIX));
    }
    List<RequestedAttributeType> requestedAttributes = attributeConsumer.getRequestedAttribute();
    for (RequestedAttributeType requestedAttribute : requestedAttributes) {
        StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.REQUESTED_ATTRIBUTE.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
        Boolean isRequired = requestedAttribute.isIsRequired();
        if (isRequired != null) {
            StaxUtil.writeAttribute(writer, new QName(JBossSAMLConstants.IS_REQUIRED.get()), isRequired.toString());
        }
        writeAttributeTypeWithoutRootTag(requestedAttribute);
        StaxUtil.writeEndElement(writer);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : LocalizedNameType(org.keycloak.dom.saml.v2.metadata.LocalizedNameType) QName(javax.xml.namespace.QName) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)

Aggregations

RequestedAttributeType (org.keycloak.dom.saml.v2.metadata.RequestedAttributeType)5 AttributeConsumingServiceType (org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType)3 EntityDescriptorType (org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)3 QName (javax.xml.namespace.QName)2 LocalizedNameType (org.keycloak.dom.saml.v2.metadata.LocalizedNameType)2 Matchers.containsString (org.hamcrest.Matchers.containsString)1 Test (org.junit.Test)1 EndpointType (org.keycloak.dom.saml.v2.metadata.EndpointType)1 IndexedEndpointType (org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)1 KeyDescriptorType (org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)1 LocalizedURIType (org.keycloak.dom.saml.v2.metadata.LocalizedURIType)1 SPSSODescriptorType (org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType)1 EncryptionMethodType (org.keycloak.dom.xmlsec.w3.xmlenc.EncryptionMethodType)1