Search in sources :

Example 1 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SAMLServletAdapterTest method employeeAcsTest.

@Test
public void employeeAcsTest() {
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(employeeAcsServletPage.buildUri()).getSamlResponse(Binding.POST);
    Assert.assertThat(samlResponse.getSamlObject(), instanceOf(AuthnRequestType.class));
    Assert.assertThat(((AuthnRequestType) samlResponse.getSamlObject()).getAssertionConsumerServiceURL(), notNullValue());
    Assert.assertThat(((AuthnRequestType) samlResponse.getSamlObject()).getAssertionConsumerServiceURL().getPath(), is("/employee-acs/a/different/endpoint/for/saml"));
    assertSuccessfulLogin(employeeAcsServletPage, bburkeUser, testRealmSAMLPostLoginPage, "principal=bburke");
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 2 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SAMLParserTest method testAuthnRequestInvalidPerXsdWithValidationEnabled.

@Test
public void testAuthnRequestInvalidPerXsdWithValidationEnabled() throws Exception {
    try {
        thrown.expect(ProcessingException.class);
        System.setProperty("picketlink.schema.validate", "true");
        AuthnRequestType req = assertParsed("saml20-authnrequest-invalid-per-xsd.xml", AuthnRequestType.class);
    } finally {
        System.clearProperty("picketlink.schema.validate");
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) Test(org.junit.Test)

Example 3 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SAMLAuthNRequestParserTest method testSaml20AttributeQuery.

@Test(timeout = 2000)
public void testSaml20AttributeQuery() throws Exception {
    try (InputStream is = SAMLAuthNRequestParserTest.class.getResourceAsStream("saml20-authnrequest.xml")) {
        Object parsedObject = parser.parse(is);
        assertThat(parsedObject, instanceOf(AuthnRequestType.class));
        AuthnRequestType req = (AuthnRequestType) parsedObject;
        assertThat(req.getSignature(), nullValue());
        assertThat(req.getConsent(), nullValue());
        assertThat(req.getIssuer(), not(nullValue()));
        assertThat(req.getIssuer().getValue(), is("https://sp/"));
        assertThat(req.getNameIDPolicy().getFormat().toString(), is("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) InputStream(java.io.InputStream) Test(org.junit.Test)

Example 4 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SAML2Request method convert.

/**
 * Return the DOM object
 *
 * @param rat
 *
 * @return
 *
 * @throws ProcessingException
 * @throws ParsingException
 * @throws ConfigurationException
 */
public static Document convert(RequestAbstractType rat) throws ProcessingException, ConfigurationException, ParsingException {
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(bos));
    if (rat instanceof AuthnRequestType) {
        writer.write((AuthnRequestType) rat);
    } else if (rat instanceof LogoutRequestType) {
        writer.write((LogoutRequestType) rat);
    }
    return DocumentUtil.getDocument(new String(bos.toByteArray(), GeneralConstants.SAML_CHARSET));
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SAMLRequestWriter(org.keycloak.saml.processing.core.saml.v2.writers.SAMLRequestWriter) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) ByteArrayOutputStream(java.io.ByteArrayOutputStream)

Example 5 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SAMLAuthNRequestParser method instantiateElement.

/**
 * Parse the attributes at the authnrequesttype element
 *
 * @param startElement
 *
 * @return
 *
 * @throws ParsingException
 */
@Override
protected AuthnRequestType instantiateElement(XMLEventReader xmlEventReader, StartElement startElement) throws ParsingException {
    SAMLParserUtil.validateAttributeValue(startElement, SAMLProtocolQNames.ATTR_VERSION, VERSION_2_0);
    String id = StaxParserUtil.getRequiredAttributeValue(startElement, SAMLProtocolQNames.ATTR_ID);
    XMLGregorianCalendar issueInstant = XMLTimeUtil.parse(StaxParserUtil.getRequiredAttributeValue(startElement, SAMLProtocolQNames.ATTR_ISSUE_INSTANT));
    AuthnRequestType authnRequest = new AuthnRequestType(id, issueInstant);
    super.parseBaseAttributes(startElement, authnRequest);
    authnRequest.setAssertionConsumerServiceURL(StaxParserUtil.getUriAttributeValue(startElement, SAMLProtocolQNames.ATTR_ASSERTION_CONSUMER_SERVICE_URL));
    authnRequest.setAssertionConsumerServiceIndex(StaxParserUtil.getIntegerAttributeValue(startElement, SAMLProtocolQNames.ATTR_ASSERTION_CONSUMER_SERVICE_INDEX));
    authnRequest.setAttributeConsumingServiceIndex(StaxParserUtil.getIntegerAttributeValue(startElement, SAMLProtocolQNames.ATTR_ATTRIBUTE_CONSUMING_SERVICE_INDEX));
    authnRequest.setForceAuthn(StaxParserUtil.getBooleanAttributeValue(startElement, SAMLProtocolQNames.ATTR_FORCE_AUTHN));
    authnRequest.setIsPassive(StaxParserUtil.getBooleanAttributeValue(startElement, SAMLProtocolQNames.ATTR_IS_PASSIVE));
    authnRequest.setProtocolBinding(StaxParserUtil.getUriAttributeValue(startElement, SAMLProtocolQNames.ATTR_PROTOCOL_BINDING));
    authnRequest.setProviderName(StaxParserUtil.getAttributeValue(startElement, SAMLProtocolQNames.ATTR_PROVIDER_NAME));
    return authnRequest;
}
Also used : XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)

Aggregations

AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)56 Test (org.junit.Test)41 Document (org.w3c.dom.Document)36 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)30 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)21 Element (org.w3c.dom.Element)16 Closeable (java.io.Closeable)13 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)13 IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)13 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)10 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)8 HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)7 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)7 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)6 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)6 Matchers.containsString (org.hamcrest.Matchers.containsString)5 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5 SAML2Request (org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)4 URI (java.net.URI)3