Example 56 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class KcSamlRequestedAuthnContextBrokerTest method testComparisonTypeSetNoClassRefsAndNoDeclRefs.
@Test
public void testComparisonTypeSetNoClassRefsAndNoDeclRefs() throws Exception {
// Comparison type set, no classrefs, no declrefs -> No RequestedAuthnContext
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_COMPARISON_TYPE, AuthnContextComparisonType.MINIMUM.value()).update()) {
// Build the login request document
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
try {
log.infof("Document: %s", DocumentUtil.asString(document));
// Find the RequestedAuthnContext element
Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
Assert.assertThat("RequestedAuthnContext element found in request document, but was not necessary as ClassRef/DeclRefs were not specified", requestedAuthnContextElement, Matchers.nullValue());
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}).build().execute();
}
}
Also used :
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
Closeable(java.io.Closeable)
IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest)
Test(org.junit.Test)
Example 57 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class KcSamlSignedBrokerTest method loginAttackChangeSignature.
private void loginAttackChangeSignature(String description, boolean producerSignDocument, boolean producerSignAssertions, boolean producerEncryptAssertions, Saml2DocumentTransformer tr, boolean shouldSucceed) throws Exception {
log.infof("producerSignDocument: %s, producerSignAssertions: %s, producerEncryptAssertions: %s", producerSignDocument, producerSignAssertions, producerEncryptAssertions);
Matcher<HttpResponse> responseFromConsumerMatcher = shouldSucceed ? bodyHC(containsString("Update Account Information")) : not(bodyHC(containsString("Update Account Information")));
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
withSignedEncryptedAssertions(() -> {
new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(Binding.POST).build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
Binding.POST).transformDocument(tr).build().execute(currentResponse -> assertThat(description, currentResponse, responseFromConsumerMatcher));
}, producerSignDocument, producerSignAssertions, producerEncryptAssertions);
}
Also used :
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
HttpResponse(org.apache.http.HttpResponse)
Document(org.w3c.dom.Document)
Example 58 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class LogoutTest method createAuthnResponse.
private SAML2Object createAuthnResponse(SAML2Object so) {
AuthnRequestType req = (AuthnRequestType) so;
try {
final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer(BROKER_SERVICE_ID).assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).nameIdentifier(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get(), "a@b.c").authMethod(JBossSAMLURIConstants.AC_UNSPECIFIED.get()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
NameIDType nameId = (NameIDType) res.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
nameId.setNameQualifier(NAME_QUALIFIER);
nameId.setSPNameQualifier(SP_NAME_QUALIFIER);
nameId.setSPProvidedID(SP_PROVIDED_ID);
return res;
} catch (ConfigurationException | ProcessingException ex) {
throw new RuntimeException(ex);
}
}
Also used :
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)
SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
Example 59 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingAuthnWithSignatureMissingDestinationTest.
@Test
public void soapBindingAuthnWithSignatureMissingDestinationTest() {
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).transformObject(authnRequestType -> {
authnRequestType.setDestination(null);
return authnRequestType;
}).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
SOAP(org.keycloak.testsuite.util.SamlClient.Binding.SOAP)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 60 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingAuthnWithoutSignatureMissingDestinationTest.
@Test
public void soapBindingAuthnWithoutSignatureMissingDestinationTest() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).transformObject(authnRequestType -> {
authnRequestType.setDestination(null);
return authnRequestType;
}).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
}
Also used :
Matchers.empty(org.hamcrest.Matchers.empty)
ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater)
Matchers.not(org.hamcrest.Matchers.not)
Test(org.junit.Test)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes)
POST(org.keycloak.testsuite.util.SamlClient.Binding.POST)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Matchers.instanceOf(org.hamcrest.Matchers.instanceOf)
Assert.assertThat(org.junit.Assert.assertThat)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
SOAP(org.keycloak.testsuite.util.SamlClient.Binding.SOAP)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
SOAP(org.keycloak.testsuite.util.SamlClient.Binding.SOAP)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Aggregations
AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)56
Test (org.junit.Test)41
Document (org.w3c.dom.Document)36
SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)30
AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)21
Element (org.w3c.dom.Element)16
Closeable (java.io.Closeable)13
SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)13
IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)13
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)10
ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)8
HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)7
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7
ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)7
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)6
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)6
Matchers.containsString (org.hamcrest.Matchers.containsString)5
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5
SAML2Request (org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)4
URI (java.net.URI)3
