use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class SAMLResponseWriter method write.
public void write(ArtifactResponseType response) throws ProcessingException {
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ARTIFACT_RESPONSE.get(), JBossSAMLURIConstants.PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, JBossSAMLURIConstants.ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.ASSERTION_NSURI.get());
writeBaseAttributes(response);
NameIDType issuer = response.getIssuer();
if (issuer != null) {
write(issuer, new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
}
Element sig = response.getSignature();
if (sig != null) {
StaxUtil.writeDOMElement(writer, sig);
}
ExtensionsType extensions = response.getExtensions();
if (extensions != null && extensions.getAny() != null && !extensions.getAny().isEmpty()) {
write(extensions);
}
StatusType status = response.getStatus();
if (status != null) {
write(status);
}
Object anyObj = response.getAny();
if (anyObj instanceof AuthnRequestType) {
AuthnRequestType authn = (AuthnRequestType) anyObj;
SAMLRequestWriter requestWriter = new SAMLRequestWriter(writer);
requestWriter.write(authn);
} else if (anyObj instanceof LogoutRequestType) {
LogoutRequestType logoutRequestType = (LogoutRequestType) anyObj;
SAMLRequestWriter requestWriter = new SAMLRequestWriter(writer);
requestWriter.write(logoutRequestType);
} else if (anyObj instanceof ResponseType) {
ResponseType rt = (ResponseType) anyObj;
write(rt);
} else if (anyObj instanceof StatusResponseType) {
StatusResponseType rt = (StatusResponseType) anyObj;
write(rt, new QName(PROTOCOL_NSURI.get(), JBossSAMLConstants.LOGOUT_RESPONSE.get(), "samlp"));
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class SamlDocumentStepBuilder method saml2Object2String.
public static String saml2Object2String(final SAML2Object transformed) {
try {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(bos);
if (transformed instanceof AuthnRequestType) {
new SAMLRequestWriter(xmlStreamWriter).write((AuthnRequestType) transformed);
} else if (transformed instanceof LogoutRequestType) {
new SAMLRequestWriter(xmlStreamWriter).write((LogoutRequestType) transformed);
} else if (transformed instanceof ArtifactResolveType) {
new SAMLRequestWriter(xmlStreamWriter).write((ArtifactResolveType) transformed);
} else if (transformed instanceof AttributeQueryType) {
new SAMLRequestWriter(xmlStreamWriter).write((AttributeQueryType) transformed);
} else if (transformed instanceof ResponseType) {
new SAMLResponseWriter(xmlStreamWriter).write((ResponseType) transformed);
} else if (transformed instanceof ArtifactResponseType) {
new SAMLResponseWriter(xmlStreamWriter).write((ArtifactResponseType) transformed);
} else if (transformed instanceof StatusResponseType) {
new SAMLResponseWriter(xmlStreamWriter).write((StatusResponseType) transformed, SAMLProtocolQNames.LOGOUT_RESPONSE.getQName("samlp"));
} else {
Assert.assertNotNull("Unknown type: <null>", transformed);
Assert.fail("Unknown type: " + transformed.getClass().getName());
}
return new String(bos.toByteArray(), GeneralConstants.SAML_CHARSET);
} catch (ProcessingException ex) {
throw new RuntimeException(ex);
}
}
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class BrokerTest method createAuthnResponse.
private SAML2Object createAuthnResponse(SAML2Object so) {
AuthnRequestType req = (AuthnRequestType) so;
try {
final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer("https://saml.idp/saml").assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
AttributeStatementType attrStatement = new AttributeStatementType();
AttributeType attribute = new AttributeType("mail");
attribute.addAttributeValue("v@w.x");
attrStatement.addAttribute(new ASTChoiceType(attribute));
res.getAssertions().get(0).getAssertion().addStatement(attrStatement);
return res;
} catch (ConfigurationException | ProcessingException ex) {
throw new RuntimeException(ex);
}
}
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLoginFullWithRedirect.
@Test
public void testReceiveArtifactLoginFullWithRedirect() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
AuthnRequestType loginReq = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
loginReq.setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri());
Document doc = SAML2Request.convert(loginReq);
SamlClientBuilder builder = new SamlClientBuilder();
CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.REDIRECT, builder);
ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(doc);
Thread arsThread = new Thread(ars);
try {
arsThread.start();
synchronized (ars) {
ars.wait();
SAMLDocumentHolder response = builder.artifactMessage(camb).build().login().user(bburkeUser).build().getSamlResponse(REDIRECT);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
assertThat(ars.getLastArtifactResolve(), notNullValue());
assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
}
} finally {
ars.stop();
arsThread.join();
}
}
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class BasicSamlTest method testIsPassiveAttributeEmittedWhenTrue.
@Test
public void testIsPassiveAttributeEmittedWhenTrue() throws Exception {
// Verifies that the IsPassive attribute is emitted in the authnRequest
// when it is set to true
// Build the login request document
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, getAuthServerSamlEndpoint(REALM_NAME));
loginRep.setIsPassive(true);
Document document = SAML2Request.convert(loginRep);
// Find the AuthnRequest element
Element authnRequestElement = document.getDocumentElement();
Attr isPassiveAttribute = authnRequestElement.getAttributeNode("IsPassive");
assertThat("AuthnRequest element should contain the IsPassive attribute when isPassive is true, but it doesn't", isPassiveAttribute, notNullValue());
assertThat("AuthnRequest/IsPassive attribute should be true when isPassive is true, but it isn't", isPassiveAttribute.getNodeValue(), is("true"));
}
Aggregations