Search in sources :

Example 1 with SPSSODescriptorType

use of org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType in project keycloak by keycloak.

the class SAMLParserTest method testSaml20MetadataEntityDescriptorSP.

@Test
public void testSaml20MetadataEntityDescriptorSP() throws Exception {
    EntityDescriptorType entityDescriptor = assertParsed("saml20-entity-descriptor-sp.xml", EntityDescriptorType.class);
    assertThat(entityDescriptor.getEntityID(), is("https://ServiceProvider.com/SAML"));
    assertThat(entityDescriptor.getValidUntil(), is(nullValue()));
    assertThat(entityDescriptor.getCacheDuration(), is(nullValue()));
    assertThat(entityDescriptor.getID(), is(nullValue()));
    assertThat(entityDescriptor.getExtensions(), is(nullValue()));
    List<EntityDescriptorType.EDTChoiceType> descriptors = entityDescriptor.getChoiceType();
    assertThat(descriptors, hasSize(1));
    // SP Descriptor
    SPSSODescriptorType spDescriptor = descriptors.get(0).getDescriptors().get(0).getSpDescriptor();
    assertThat(spDescriptor, is(notNullValue()));
    assertThat(spDescriptor.isAuthnRequestsSigned(), is(true));
    assertThat(spDescriptor.isWantAssertionsSigned(), is(false));
    assertThat(spDescriptor.getProtocolSupportEnumeration(), contains("urn:oasis:names:tc:SAML:2.0:protocol"));
    // Key descriptor
    List<KeyDescriptorType> keyDescriptors = spDescriptor.getKeyDescriptor();
    assertThat(keyDescriptors, hasSize(2));
    KeyDescriptorType signingKey = keyDescriptors.get(0);
    assertThat(signingKey.getUse(), is(KeyTypes.SIGNING));
    assertThat(signingKey.getEncryptionMethod(), is(emptyCollectionOf(EncryptionMethodType.class)));
    assertThat(signingKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("ServiceProvider.com SSO Key"));
    KeyDescriptorType encryptionKey = keyDescriptors.get(1);
    assertThat(encryptionKey.getUse(), is(KeyTypes.ENCRYPTION));
    assertThat(encryptionKey.getKeyInfo().getElementsByTagName("ds:KeyName").item(0).getTextContent(), is("ServiceProvider.com Encrypt Key"));
    List<EncryptionMethodType> encryptionMethods = encryptionKey.getEncryptionMethod();
    assertThat(encryptionMethods, Matchers.<EncryptionMethodType>hasSize(1));
    assertThat(encryptionMethods.get(0).getAlgorithm(), is("http://www.w3.org/2001/04/xmlenc#rsa-1_5"));
    assertThat(encryptionMethods.get(0).getEncryptionMethod(), is(nullValue()));
    // Single logout services
    assertThat(spDescriptor.getSingleLogoutService(), hasSize(2));
    EndpointType singleLS1 = spDescriptor.getSingleLogoutService().get(0);
    assertThat(singleLS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:SOAP")));
    assertThat(singleLS1.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/SOAP")));
    assertThat(singleLS1.getResponseLocation(), is(nullValue()));
    assertThat(singleLS1.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    EndpointType singleLS2 = spDescriptor.getSingleLogoutService().get(1);
    assertThat(singleLS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")));
    assertThat(singleLS2.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/Browser")));
    assertThat(singleLS2.getResponseLocation(), is(URI.create("https://ServiceProvider.com/SAML/SLO/Response")));
    assertThat(singleLS2.getAny(), is(emptyCollectionOf(Object.class)));
    assertThat(singleLS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // NameID
    assertThat(spDescriptor.getNameIDFormat(), contains("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
    // Assertion consumer services
    List<IndexedEndpointType> assertionConsumerServices = spDescriptor.getAssertionConsumerService();
    assertThat(assertionConsumerServices, hasSize(2));
    IndexedEndpointType assertionCS1 = assertionConsumerServices.get(0);
    assertThat(assertionCS1.getIndex(), is(0));
    assertThat(assertionCS1.isIsDefault(), is(true));
    assertThat(assertionCS1.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact")));
    assertThat(assertionCS1.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SSO/Artifact")));
    assertThat(assertionCS1.getResponseLocation(), is(nullValue()));
    assertThat(assertionCS1.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    IndexedEndpointType assertionCS2 = assertionConsumerServices.get(1);
    assertThat(assertionCS2.getIndex(), is(1));
    assertThat(assertionCS2.isIsDefault(), is(nullValue()));
    assertThat(assertionCS2.getBinding(), is(URI.create("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")));
    assertThat(assertionCS2.getLocation(), is(URI.create("https://ServiceProvider.com/SAML/SSO/POST")));
    assertThat(assertionCS2.getResponseLocation(), is(nullValue()));
    assertThat(assertionCS2.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // Attribute consuming services
    List<AttributeConsumingServiceType> attributeConsumingServices = spDescriptor.getAttributeConsumingService();
    assertThat(attributeConsumingServices, hasSize(1));
    AttributeConsumingServiceType attributeConsumingService = attributeConsumingServices.get(0);
    assertThat(attributeConsumingService.getIndex(), is(0));
    assertThat(attributeConsumingService.getServiceName(), hasSize(1));
    LocalizedNameType servName = attributeConsumingService.getServiceName().get(0);
    assertThat(servName.getLang(), is("en"));
    assertThat(servName.getValue(), is("Academic Journals R US"));
    assertThat(attributeConsumingService.getServiceDescription(), is(emptyCollectionOf(LocalizedNameType.class)));
    List<RequestedAttributeType> requestedAttributes = attributeConsumingService.getRequestedAttribute();
    assertThat(requestedAttributes, hasSize(1));
    // Requested attribute
    RequestedAttributeType requestedAttribute = requestedAttributes.get(0);
    assertThat(requestedAttribute.getNameFormat(), is("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"));
    assertThat(requestedAttribute.getName(), is("urn:oid:1.3.6.1.4.1.5923.1.1.1.7"));
    assertThat(requestedAttribute.getFriendlyName(), is("eduPersonEntitlement"));
    assertThat(requestedAttribute.getAttributeValue(), hasSize(1));
    assertThat((String) requestedAttribute.getAttributeValue().get(0), is("https://ServiceProvider.com/entitlements/123456789"));
    assertThat(requestedAttribute.getOtherAttributes(), is(Collections.<QName, String>emptyMap()));
    // Organization
    assertThat(entityDescriptor.getOrganization().getOrganizationName(), hasSize(1));
    LocalizedNameType orgName = entityDescriptor.getOrganization().getOrganizationName().get(0);
    assertThat(orgName.getLang(), is("en"));
    assertThat(orgName.getValue(), is("Academic Journals R\n            US"));
    assertThat(entityDescriptor.getOrganization().getOrganizationDisplayName(), hasSize(1));
    LocalizedNameType orgDispName = entityDescriptor.getOrganization().getOrganizationDisplayName().get(0);
    assertThat(orgDispName.getLang(), is("en"));
    assertThat(orgDispName.getValue(), is("Academic Journals R US, a Division of Dirk Corp."));
    assertThat(entityDescriptor.getOrganization().getOrganizationURL(), hasSize(1));
    LocalizedURIType orgURL = entityDescriptor.getOrganization().getOrganizationURL().get(0);
    assertThat(orgURL.getLang(), is("en"));
    assertThat(orgURL.getValue(), is(URI.create("https://ServiceProvider.com")));
}
Also used : QName(javax.xml.namespace.QName) EncryptionMethodType(org.keycloak.dom.xmlsec.w3.xmlenc.EncryptionMethodType) Matchers.containsString(org.hamcrest.Matchers.containsString) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) RequestedAttributeType(org.keycloak.dom.saml.v2.metadata.RequestedAttributeType) LocalizedURIType(org.keycloak.dom.saml.v2.metadata.LocalizedURIType) LocalizedNameType(org.keycloak.dom.saml.v2.metadata.LocalizedNameType) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) AttributeConsumingServiceType(org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType) Test(org.junit.Test)

Example 2 with SPSSODescriptorType

use of org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType in project keycloak by keycloak.

the class SAMLMetadataWriter method writeEntityDescriptor.

public void writeEntityDescriptor(EntityDescriptorType entityDescriptor) throws ProcessingException {
    StaxUtil.writeStartElement(writer, METADATA_PREFIX, JBossSAMLConstants.ENTITY_DESCRIPTOR.get(), JBossSAMLURIConstants.METADATA_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.METADATA_NSURI.get());
    StaxUtil.writeNameSpace(writer, "md", JBossSAMLURIConstants.METADATA_NSURI.get());
    StaxUtil.writeNameSpace(writer, "saml", JBossSAMLURIConstants.ASSERTION_NSURI.get());
    StaxUtil.writeNameSpace(writer, "ds", JBossSAMLURIConstants.XMLDSIG_NSURI.get());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ENTITY_ID.get(), entityDescriptor.getEntityID());
    if (entityDescriptor.getValidUntil() != null) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.VALID_UNTIL.get(), entityDescriptor.getValidUntil().toString());
    }
    if (entityDescriptor.getID() != null) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), entityDescriptor.getID());
    }
    Element signature = entityDescriptor.getSignature();
    if (signature != null) {
        StaxUtil.writeDOMElement(writer, signature);
    }
    ExtensionsType extensions = entityDescriptor.getExtensions();
    if (extensions != null) {
        write(extensions);
    }
    List<EntityDescriptorType.EDTChoiceType> choiceTypes = entityDescriptor.getChoiceType();
    for (EntityDescriptorType.EDTChoiceType edtChoice : choiceTypes) {
        AffiliationDescriptorType affliationDesc = edtChoice.getAffiliationDescriptor();
        if (affliationDesc != null)
            // TODO: affiliation
            throw logger.notImplementedYet("affliation");
        List<EntityDescriptorType.EDTDescriptorChoiceType> edtDescChoices = edtChoice.getDescriptors();
        for (EntityDescriptorType.EDTDescriptorChoiceType edtDescChoice : edtDescChoices) {
            RoleDescriptorType roleDesc = edtDescChoice.getRoleDescriptor();
            if (roleDesc != null)
                throw logger.notImplementedYet("Role Descriptor type");
            IDPSSODescriptorType idpSSO = edtDescChoice.getIdpDescriptor();
            if (idpSSO != null)
                write(idpSSO);
            SPSSODescriptorType spSSO = edtDescChoice.getSpDescriptor();
            if (spSSO != null)
                write(spSSO);
            AttributeAuthorityDescriptorType attribAuth = edtDescChoice.getAttribDescriptor();
            if (attribAuth != null)
                writeAttributeAuthorityDescriptor(attribAuth);
            AuthnAuthorityDescriptorType authNDesc = edtDescChoice.getAuthnDescriptor();
            if (authNDesc != null)
                throw logger.notImplementedYet("AuthnAuthorityDescriptorType");
            PDPDescriptorType pdpDesc = edtDescChoice.getPdpDescriptor();
            if (pdpDesc != null)
                throw logger.notImplementedYet("PDPDescriptorType");
        }
    }
    OrganizationType organization = entityDescriptor.getOrganization();
    if (organization != null) {
        writeOrganization(organization);
    }
    List<ContactType> contactPersons = entityDescriptor.getContactPerson();
    for (ContactType contact : contactPersons) {
        write(contact);
    }
    List<AdditionalMetadataLocationType> addl = entityDescriptor.getAdditionalMetadataLocation();
    if (addl.size() > 0)
        throw logger.notImplementedYet("AdditionalMetadataLocationType");
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : AuthnAuthorityDescriptorType(org.keycloak.dom.saml.v2.metadata.AuthnAuthorityDescriptorType) IDPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.IDPSSODescriptorType) ContactType(org.keycloak.dom.saml.v2.metadata.ContactType) Element(org.w3c.dom.Element) AffiliationDescriptorType(org.keycloak.dom.saml.v2.metadata.AffiliationDescriptorType) OrganizationType(org.keycloak.dom.saml.v2.metadata.OrganizationType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) RoleDescriptorType(org.keycloak.dom.saml.v2.metadata.RoleDescriptorType) PDPDescriptorType(org.keycloak.dom.saml.v2.metadata.PDPDescriptorType) ExtensionsType(org.keycloak.dom.saml.v2.metadata.ExtensionsType) AttributeAuthorityDescriptorType(org.keycloak.dom.saml.v2.metadata.AttributeAuthorityDescriptorType) AdditionalMetadataLocationType(org.keycloak.dom.saml.v2.metadata.AdditionalMetadataLocationType) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)

Example 3 with SPSSODescriptorType

use of org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType in project keycloak by keycloak.

the class SAMLSPSSODescriptorParser method instantiateElement.

@Override
protected SPSSODescriptorType instantiateElement(XMLEventReader xmlEventReader, StartElement element) throws ParsingException {
    List<String> protocolEnum = StaxParserUtil.getRequiredStringListAttributeValue(element, SAMLMetadataQNames.ATTR_PROTOCOL_SUPPORT_ENUMERATION);
    SPSSODescriptorType descriptor = new SPSSODescriptorType(protocolEnum);
    // Role descriptor optional arguments
    parseOptionalArguments(element, descriptor);
    // SPSSODecsriptor optional attributes
    Boolean authnRequestsSigned = StaxParserUtil.getBooleanAttributeValue(element, SAMLMetadataQNames.ATTR_AUTHN_REQUESTS_SIGNED);
    if (authnRequestsSigned != null) {
        descriptor.setAuthnRequestsSigned(authnRequestsSigned);
    }
    Boolean wantAssertionSigned = StaxParserUtil.getBooleanAttributeValue(element, SAMLMetadataQNames.ATTR_WANT_ASSERTIONS_SIGNED);
    if (wantAssertionSigned != null) {
        descriptor.setWantAssertionsSigned(wantAssertionSigned);
    }
    return descriptor;
}
Also used : SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType)

Example 4 with SPSSODescriptorType

use of org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType in project keycloak by keycloak.

the class IdentityProviderTest method assertSamlExport.

private void assertSamlExport(String body) throws ParsingException, URISyntaxException {
    // System.out.println(body);
    Object entBody = SAMLParser.getInstance().parse(new ByteArrayInputStream(body.getBytes(Charset.forName("utf-8"))));
    Assert.assertEquals("Parsed export type", EntityDescriptorType.class, entBody.getClass());
    EntityDescriptorType entity = (EntityDescriptorType) entBody;
    Assert.assertEquals("EntityID", oauth.AUTH_SERVER_ROOT + "/realms/admin-client-test", entity.getEntityID());
    Assert.assertNotNull("ChoiceType not null", entity.getChoiceType());
    Assert.assertEquals("ChoiceType.size", 1, entity.getChoiceType().size());
    List<EntityDescriptorType.EDTDescriptorChoiceType> descriptors = entity.getChoiceType().get(0).getDescriptors();
    Assert.assertNotNull("Descriptors not null", descriptors);
    Assert.assertEquals("Descriptors.size", 1, descriptors.size());
    SPSSODescriptorType desc = descriptors.get(0).getSpDescriptor();
    Assert.assertNotNull("SPSSODescriptor not null", desc);
    Assert.assertTrue("AuthnRequestsSigned", desc.isAuthnRequestsSigned());
    Set<String> expected = new HashSet<>(Arrays.asList("urn:oasis:names:tc:SAML:2.0:protocol"));
    Set<String> actual = new HashSet<>(desc.getProtocolSupportEnumeration());
    Assert.assertEquals("ProtocolSupportEnumeration", expected, actual);
    Assert.assertNotNull("AssertionConsumerService not null", desc.getAssertionConsumerService());
    Assert.assertEquals("AssertionConsumerService.size", 1, desc.getAssertionConsumerService().size());
    IndexedEndpointType endpoint = desc.getAssertionConsumerService().get(0);
    Assert.assertEquals("AssertionConsumerService.Location", new URI(oauth.AUTH_SERVER_ROOT + "/realms/admin-client-test/broker/saml/endpoint"), endpoint.getLocation());
    Assert.assertEquals("AssertionConsumerService.Binding", new URI("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), endpoint.getBinding());
    Assert.assertTrue("AssertionConsumerService.isDefault", endpoint.isIsDefault());
    Assert.assertNotNull("SingleLogoutService not null", desc.getSingleLogoutService());
    Assert.assertEquals("SingleLogoutService.size", 1, desc.getSingleLogoutService().size());
    EndpointType sloEndpoint = desc.getSingleLogoutService().get(0);
    Assert.assertEquals("SingleLogoutService.Location", new URI(oauth.AUTH_SERVER_ROOT + "/realms/admin-client-test/broker/saml/endpoint"), sloEndpoint.getLocation());
    Assert.assertEquals("SingleLogoutService.Binding", new URI("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), sloEndpoint.getBinding());
    Assert.assertNotNull("KeyDescriptor not null", desc.getKeyDescriptor());
    Assert.assertEquals("KeyDescriptor.size", 1, desc.getKeyDescriptor().size());
    KeyDescriptorType keyDesc = desc.getKeyDescriptor().get(0);
    assertThat(keyDesc, notNullValue());
    assertThat(keyDesc.getUse(), equalTo(KeyTypes.SIGNING));
    NodeList cert = keyDesc.getKeyInfo().getElementsByTagNameNS(XMLSignature.XMLNS, "X509Certificate");
    assertThat("KeyDescriptor.Signing.Cert existence", cert.getLength(), is(1));
}
Also used : NodeList(org.w3c.dom.NodeList) Matchers.containsString(org.hamcrest.Matchers.containsString) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) URI(java.net.URI) XMLDSIG_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.XMLDSIG_NSURI) ByteArrayInputStream(java.io.ByteArrayInputStream) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) HashSet(java.util.HashSet)

Example 5 with SPSSODescriptorType

use of org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType in project keycloak by keycloak.

the class KcSamlSpDescriptorTest method testAttributeConsumingServiceNameInSpMetadata.

@Test
public void testAttributeConsumingServiceNameInSpMetadata() throws IOException, ParsingException, URISyntaxException {
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_NAME, "My Attribute Set").update()) {
        String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
        SAMLParser parser = SAMLParser.getInstance();
        EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
        SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
        // attribute mappers do not exist- no AttributeConsumingService
        assertThat(spDescriptor.getAttributeConsumingService(), empty());
    }
}
Also used : StringInputStream(org.apache.tools.ant.filters.StringInputStream) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) Test(org.junit.Test)

Aggregations

SPSSODescriptorType (org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType)13 EntityDescriptorType (org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)10 Test (org.junit.Test)7 IndexedEndpointType (org.keycloak.dom.saml.v2.metadata.IndexedEndpointType)7 EndpointType (org.keycloak.dom.saml.v2.metadata.EndpointType)6 SAMLParser (org.keycloak.saml.processing.core.parsers.saml.SAMLParser)6 StringInputStream (org.apache.tools.ant.filters.StringInputStream)5 KeyDescriptorType (org.keycloak.dom.saml.v2.metadata.KeyDescriptorType)5 Closeable (java.io.Closeable)4 IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)4 URI (java.net.URI)3 IdentityProviderMapperRepresentation (org.keycloak.representations.idm.IdentityProviderMapperRepresentation)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 InputStream (java.io.InputStream)2 QName (javax.xml.namespace.QName)2 Matchers.containsString (org.hamcrest.Matchers.containsString)2 AttributeConsumingServiceType (org.keycloak.dom.saml.v2.metadata.AttributeConsumingServiceType)2 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 ParsingException (org.keycloak.saml.common.exceptions.ParsingException)2 X509Certificate (java.security.cert.X509Certificate)1