Examples with AuthnRequestType org.keycloak.dom.saml.v2.protocol.AuthnRequestType used on opensource projects

Example 16 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlCustomEntityIdBrokerTest method testCustomEntityIdSet.

@Test
public void testCustomEntityIdSet() throws Exception {
    // Comparison type set, no classrefs, no declrefs -> No RequestedAuthnContext
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ENTITY_ID, "http://my.custom.entity.id").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the Issuer element
                Element issuerElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), ASSERTION_NSURI.get(), "Issuer");
                Assert.assertEquals("Unexpected Issuer element value", "http://my.custom.entity.id", issuerElement.getTextContent());
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}

Example 17 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlRequestedAuthnContextBrokerTest method testNoComparisonTypeNoClassRefsAndNoDeclRefs.

@Test
public void testNoComparisonTypeNoClassRefsAndNoDeclRefs() throws Exception {
    // No comparison type, no classrefs, no declrefs -> No RequestedAuthnContext
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the RequestedAuthnContext element
                Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                Assert.assertThat("RequestedAuthnContext element found in request document, but was not necessary as ClassRef/DeclRefs were not specified", requestedAuthnContextElement, Matchers.nullValue());
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}

Example 18 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlRequestedAuthnContextBrokerTest method testNoComparisonTypeClassRefsSetNoDeclRefs.

@Test
public void testNoComparisonTypeClassRefsSetNoDeclRefs() throws Exception {
    // Comparison type set, no classref present, declrefs set -> RequestedAuthnContext with comparison Exact and AuthnContextClassRef
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_CLASS_REFS, "[\"" + AC_PASSWORD_PROTECTED_TRANSPORT.get() + "\"]").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the RequestedAuthnContext element
                Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement, Matchers.notNullValue());
                // Verify the ComparisonType attribute
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.EXACT.value()));
                // Find the RequestedAuthnContext/ClassRef element
                Element requestedAuthnContextClassRefElement = DocumentUtil.getDirectChildElement(requestedAuthnContextElement, ASSERTION_NSURI.get(), "AuthnContextClassRef");
                Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element not found in request document", requestedAuthnContextClassRefElement, Matchers.notNullValue());
                // Make sure the RequestedAuthnContext/ClassRef element has the requested value
                Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element does not have the expected value", requestedAuthnContextClassRefElement.getTextContent(), Matchers.is(AC_PASSWORD_PROTECTED_TRANSPORT.get()));
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}

Example 19 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class KcSamlRequestedAuthnContextBrokerTest method testComparisonTypeSetNoClassRefsDeclRefsSet.

@Test
public void testComparisonTypeSetNoClassRefsDeclRefsSet() throws Exception {
    // Comparison type set, no classref present, declrefs set -> RequestedAuthnContext with AuthnContextDeclRef
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_COMPARISON_TYPE, AuthnContextComparisonType.MINIMUM.value()).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_DECL_REFS, "[\"secure/name/password/icmaolr/uri\"]").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the RequestedAuthnContext element
                Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement, Matchers.notNullValue());
                // Verify the ComparisonType attribute
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.MINIMUM.value()));
                // Find the RequestedAuthnContext/DeclRef element
                Element requestedAuthnContextDeclRefElement = DocumentUtil.getDirectChildElement(requestedAuthnContextElement, ASSERTION_NSURI.get(), "AuthnContextDeclRef");
                Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element not found in request document", requestedAuthnContextDeclRefElement, Matchers.notNullValue());
                // Make sure the RequestedAuthnContext/DeclRef element has the requested value
                Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element does not have the expected value", requestedAuthnContextDeclRefElement.getTextContent(), Matchers.is("secure/name/password/icmaolr/uri"));
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}

Example 20 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SAMLRequestWriter method write.

/**
 * Write a {@code AuthnRequestType } to stream
 *
 * @param request
 *
 * @throws org.keycloak.saml.common.exceptions.ProcessingException
 */
public void write(AuthnRequestType request) throws ProcessingException {
    StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.AUTHN_REQUEST.get(), PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
    // Attributes
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), request.getID());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), request.getVersion());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), request.getIssueInstant().toString());
    URI destination = request.getDestination();
    if (destination != null)
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString());
    String consent = request.getConsent();
    if (StringUtil.isNotNull(consent))
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent);
    URI assertionURL = request.getAssertionConsumerServiceURL();
    if (assertionURL != null)
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.ASSERTION_CONSUMER_SERVICE_URL.get(), assertionURL.toASCIIString());
    Boolean forceAuthn = request.isForceAuthn();
    if (forceAuthn != null) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.FORCE_AUTHN.get(), forceAuthn.toString());
    }
    Boolean isPassive = request.isIsPassive();
    // maximize compatibility we emit it only if it is set to true
    if (isPassive != null && isPassive == true) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.IS_PASSIVE.get(), isPassive.toString());
    }
    URI protocolBinding = request.getProtocolBinding();
    if (protocolBinding != null) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.PROTOCOL_BINDING.get(), protocolBinding.toString());
    }
    Integer assertionIndex = request.getAssertionConsumerServiceIndex();
    if (assertionIndex != null) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.ASSERTION_CONSUMER_SERVICE_INDEX.get(), assertionIndex.toString());
    }
    Integer attrIndex = request.getAttributeConsumingServiceIndex();
    if (attrIndex != null) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.ATTRIBUTE_CONSUMING_SERVICE_INDEX.get(), attrIndex.toString());
    }
    String providerName = request.getProviderName();
    if (StringUtil.isNotNull(providerName)) {
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.PROVIDER_NAME.get(), providerName);
    }
    NameIDType issuer = request.getIssuer();
    if (issuer != null) {
        write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX), false);
    }
    SubjectType subject = request.getSubject();
    if (subject != null) {
        write(subject);
    }
    Element sig = request.getSignature();
    if (sig != null) {
        StaxUtil.writeDOMElement(writer, sig);
    }
    ExtensionsType extensions = request.getExtensions();
    if (extensions != null && !extensions.getAny().isEmpty()) {
        write(extensions);
    }
    NameIDPolicyType nameIDPolicy = request.getNameIDPolicy();
    if (nameIDPolicy != null) {
        write(nameIDPolicy);
    }
    RequestedAuthnContextType requestedAuthnContext = request.getRequestedAuthnContext();
    if (requestedAuthnContext != null) {
        write(requestedAuthnContext);
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}