Examples with AuthnRequestType org.keycloak.dom.saml.v2.protocol.AuthnRequestType used on opensource projects

Search in sources :

Example 11 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlBrokerTest method emptyAttributeToRoleMapperTest.

@Test
public void emptyAttributeToRoleMapperTest() throws ParsingException, ConfigurationException, ProcessingException {
    createRolesForRealm(bc.consumerRealmName());
    createRoleMappersForConsumerRealm();
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
    Document doc = SAML2Request.convert(loginRep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
    Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
    Binding.POST).transformObject(ob -> {
        assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(EMPTY_ATTRIBUTE_NAME);
        attr.addAttributeValue(null);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
    Binding.POST);
    Assert.assertThat(samlResponse, Matchers.notNullValue());
    Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertionTypeStream = assertionsUnencrypted(samlResponse.getSamlObject());
    Stream<AttributeType> attributeStatementTypeStream = attributesUnecrypted(attributeStatements(assertionTypeStream));
    Set<String> attributeValues = attributeStatementTypeStream.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
    assertThat(attributeValues, hasItems(EMPTY_ATTRIBUTE_ROLE));
}
Also used : AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Arrays(java.util.Arrays) Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) SamlStreams.attributesUnecrypted(org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted) Matchers.not(org.hamcrest.Matchers.not) ROLE_ATTRIBUTE_NAME(org.keycloak.testsuite.saml.RoleMapperTest.ROLE_ATTRIBUTE_NAME) Matchers.hasItems(org.hamcrest.Matchers.hasItems) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Assert.assertThat(org.junit.Assert.assertThat) Document(org.w3c.dom.Document) SamlClient(org.keycloak.testsuite.util.SamlClient) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Matchers.isSamlResponse(org.keycloak.testsuite.util.Matchers.isSamlResponse) ImmutableMap(com.google.common.collect.ImmutableMap) RealmResource(org.keycloak.admin.client.resource.RealmResource) Set(java.util.Set) Collectors(java.util.stream.Collectors) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) SAMLProtocolQNames(org.keycloak.saml.processing.core.parsers.saml.protocol.SAMLProtocolQNames) SamlStreams.attributeStatements(org.keycloak.testsuite.util.SamlStreams.attributeStatements) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderMapperModel(org.keycloak.models.IdentityProviderMapperModel) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) HashMap(java.util.HashMap) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) BrokerTestTools.getConsumerRoot(org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) UserResource(org.keycloak.admin.client.resource.UserResource) SamlStreams.assertionsUnencrypted(org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) UserAttributeMapper(org.keycloak.broker.saml.mappers.UserAttributeMapper) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Element(org.w3c.dom.Element) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) Binding(org.keycloak.testsuite.util.SamlClient.Binding) IdentityProviderMapperSyncMode(org.keycloak.models.IdentityProviderMapperSyncMode) BrokerTestTools.getProviderRoot(org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot) Assert(org.junit.Assert) Collections(java.util.Collections) AttributeToRoleMapper(org.keycloak.broker.saml.mappers.AttributeToRoleMapper) Set(java.util.Set) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Document(org.w3c.dom.Document) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 12 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlSignedBrokerTest method testSignatureDataWhenWantsRequestsSigned.

@Test
public void testSignatureDataWhenWantsRequestsSigned() throws Exception {
    // Verifies that an AuthnRequest contains the KeyInfo/X509Data element when
    // client AuthnRequest signature is requested
    String providerCert = KeyUtils.getActiveSigningKey(adminClient.realm(bc.providerRealmName()).keys().getKeyMetadata(), Algorithm.RS256).getCertificate();
    Assert.assertThat(providerCert, Matchers.notNullValue());
    String consumerCert = KeyUtils.getActiveSigningKey(adminClient.realm(bc.consumerRealmName()).keys().getKeyMetadata(), Algorithm.RS256).getCertificate();
    Assert.assertThat(consumerCert, Matchers.notNullValue());
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.VALIDATE_SIGNATURE, Boolean.toString(true)).setAttribute(SAMLIdentityProviderConfig.WANT_ASSERTIONS_SIGNED, Boolean.toString(true)).setAttribute(SAMLIdentityProviderConfig.WANT_ASSERTIONS_ENCRYPTED, Boolean.toString(false)).setAttribute(SAMLIdentityProviderConfig.WANT_AUTHN_REQUESTS_SIGNED, "true").setAttribute(SAMLIdentityProviderConfig.SIGNING_CERTIFICATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_CERTIFICATE).update();
        Closeable clientUpdater = ClientAttributeUpdater.forClient(adminClient, bc.providerRealmName(), bc.getIDPClientIdInProviderRealm()).setAttribute(SamlConfigAttributes.SAML_ENCRYPT, Boolean.toString(false)).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true").setAttribute(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, Boolean.toString(true)).setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument(this::extractNamespacesToTopLevelElement).transformDocument((document) -> {
            try {
                // Find the Signature element
                Element signatureElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), XMLSignature.XMLNS, "Signature");
                Assert.assertThat("Signature element not found in request document", signatureElement, Matchers.notNullValue());
                // Find the KeyInfo element
                Element keyInfoElement = DocumentUtil.getDirectChildElement(signatureElement, XMLSignature.XMLNS, "KeyInfo");
                Assert.assertThat("KeyInfo element not found in request Signature element", keyInfoElement, Matchers.notNullValue());
                // Find the X509Data element
                Element x509DataElement = DocumentUtil.getDirectChildElement(keyInfoElement, XMLSignature.XMLNS, "X509Data");
                Assert.assertThat("X509Data element not found in request Signature/KeyInfo element", x509DataElement, Matchers.notNullValue());
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Element(org.w3c.dom.Element) Matchers.containsString(org.hamcrest.Matchers.containsString) Document(org.w3c.dom.Document) DOMException(org.w3c.dom.DOMException) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 13 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlSignedBrokerTest method loginUserAllNamespacesInTopElement.

// KEYCLOAK-5581
@Test
public void loginUserAllNamespacesInTopElement() {
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, getConsumerRoot() + "/sales-post/saml", null);
    Document doc;
    try {
        doc = extractNamespacesToTopLevelElement(SAML2Request.convert(loginRep));
    } catch (Exception ex) {
        throw new RuntimeException(ex);
    }
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
    Binding.POST).targetAttributeSamlRequest().transformDocument(this::extractNamespacesToTopLevelElement).build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
    Binding.POST).transformDocument(this::extractNamespacesToTopLevelElement).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
    Binding.POST);
    Assert.assertThat(samlResponse, Matchers.notNullValue());
    Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Document(org.w3c.dom.Document) DOMException(org.w3c.dom.DOMException) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 14 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlAttributeConsumingServiceIndexTest method testAttributeConsumingServiceIndexNotSet.

@Test
public void testAttributeConsumingServiceIndexNotSet() throws Exception {
    // No Attribute Consuming Service Index set -> No attribute added to AuthnRequest
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the AuthnRequest AttributeConsumingServiceIndex attribute
                Node attrNode = document.getDocumentElement().getAttributes().getNamedItem("AttributeConsumingServiceIndex");
                Assert.assertEquals("Unexpected AttributeConsumingServiceIndex attribute value", null, attrNode);
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Node(org.w3c.dom.Node) Document(org.w3c.dom.Document) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 15 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlAttributeConsumingServiceIndexTest method testAttributeConsumingServiceIndexSet.

@Test
public void testAttributeConsumingServiceIndexSet() throws Exception {
    // Attribute Consuming Service Index set -> Attribute added to AuthnRequest
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_INDEX, "15").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the AuthnRequest AttributeConsumingServiceIndex attribute
                String attrValue = document.getDocumentElement().getAttributes().getNamedItem("AttributeConsumingServiceIndex").getNodeValue();
                Assert.assertEquals("Unexpected AttributeConsumingServiceIndex attribute value", "15", attrValue);
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Document(org.w3c.dom.Document) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Aggregations

AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)56 Test (org.junit.Test)41 Document (org.w3c.dom.Document)36 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)30 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)21 Element (org.w3c.dom.Element)16 Closeable (java.io.Closeable)13 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)13 IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)13 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)10 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)8 HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)7 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)7 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)6 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)6 Matchers.containsString (org.hamcrest.Matchers.containsString)5 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5 SAML2Request (org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)4 URI (java.net.URI)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial