Search in sources :

Example 21 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SAMLResponseWriter method write.

public void write(ArtifactResponseType response) throws ProcessingException {
    StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ARTIFACT_RESPONSE.get(), JBossSAMLURIConstants.PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, JBossSAMLURIConstants.ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.ASSERTION_NSURI.get());
    writeBaseAttributes(response);
    NameIDType issuer = response.getIssuer();
    if (issuer != null) {
        write(issuer, new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    }
    Element sig = response.getSignature();
    if (sig != null) {
        StaxUtil.writeDOMElement(writer, sig);
    }
    ExtensionsType extensions = response.getExtensions();
    if (extensions != null && extensions.getAny() != null && !extensions.getAny().isEmpty()) {
        write(extensions);
    }
    StatusType status = response.getStatus();
    if (status != null) {
        write(status);
    }
    Object anyObj = response.getAny();
    if (anyObj instanceof AuthnRequestType) {
        AuthnRequestType authn = (AuthnRequestType) anyObj;
        SAMLRequestWriter requestWriter = new SAMLRequestWriter(writer);
        requestWriter.write(authn);
    } else if (anyObj instanceof LogoutRequestType) {
        LogoutRequestType logoutRequestType = (LogoutRequestType) anyObj;
        SAMLRequestWriter requestWriter = new SAMLRequestWriter(writer);
        requestWriter.write(logoutRequestType);
    } else if (anyObj instanceof ResponseType) {
        ResponseType rt = (ResponseType) anyObj;
        write(rt);
    } else if (anyObj instanceof StatusResponseType) {
        StatusResponseType rt = (StatusResponseType) anyObj;
        write(rt, new QName(PROTOCOL_NSURI.get(), JBossSAMLConstants.LOGOUT_RESPONSE.get(), "samlp"));
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) QName(javax.xml.namespace.QName) StatusType(org.keycloak.dom.saml.v2.protocol.StatusType) Element(org.w3c.dom.Element) ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)

Example 22 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SamlDocumentStepBuilder method saml2Object2String.

public static String saml2Object2String(final SAML2Object transformed) {
    try {
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(bos);
        if (transformed instanceof AuthnRequestType) {
            new SAMLRequestWriter(xmlStreamWriter).write((AuthnRequestType) transformed);
        } else if (transformed instanceof LogoutRequestType) {
            new SAMLRequestWriter(xmlStreamWriter).write((LogoutRequestType) transformed);
        } else if (transformed instanceof ArtifactResolveType) {
            new SAMLRequestWriter(xmlStreamWriter).write((ArtifactResolveType) transformed);
        } else if (transformed instanceof AttributeQueryType) {
            new SAMLRequestWriter(xmlStreamWriter).write((AttributeQueryType) transformed);
        } else if (transformed instanceof ResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((ResponseType) transformed);
        } else if (transformed instanceof ArtifactResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((ArtifactResponseType) transformed);
        } else if (transformed instanceof StatusResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((StatusResponseType) transformed, SAMLProtocolQNames.LOGOUT_RESPONSE.getQName("samlp"));
        } else {
            Assert.assertNotNull("Unknown type: <null>", transformed);
            Assert.fail("Unknown type: " + transformed.getClass().getName());
        }
        return new String(bos.toByteArray(), GeneralConstants.SAML_CHARSET);
    } catch (ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}
Also used : ArtifactResolveType(org.keycloak.dom.saml.v2.protocol.ArtifactResolveType) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) ByteArrayOutputStream(java.io.ByteArrayOutputStream) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) SAMLResponseWriter(org.keycloak.saml.processing.core.saml.v2.writers.SAMLResponseWriter) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) SAMLRequestWriter(org.keycloak.saml.processing.core.saml.v2.writers.SAMLRequestWriter) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) AttributeQueryType(org.keycloak.dom.saml.v2.protocol.AttributeQueryType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 23 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class BrokerTest method createAuthnResponse.

private SAML2Object createAuthnResponse(SAML2Object so) {
    AuthnRequestType req = (AuthnRequestType) so;
    try {
        final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer("https://saml.idp/saml").assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
        AttributeStatementType attrStatement = new AttributeStatementType();
        AttributeType attribute = new AttributeType("mail");
        attribute.addAttributeValue("v@w.x");
        attrStatement.addAttribute(new ASTChoiceType(attribute));
        res.getAssertions().get(0).getAssertion().addStatement(attrStatement);
        return res;
    } catch (ConfigurationException | ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 24 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLoginFullWithRedirect.

@Test
public void testReceiveArtifactLoginFullWithRedirect() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
    AuthnRequestType loginReq = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
    loginReq.setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri());
    Document doc = SAML2Request.convert(loginReq);
    SamlClientBuilder builder = new SamlClientBuilder();
    CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.REDIRECT, builder);
    ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(doc);
    Thread arsThread = new Thread(ars);
    try {
        arsThread.start();
        synchronized (ars) {
            ars.wait();
            SAMLDocumentHolder response = builder.artifactMessage(camb).build().login().user(bburkeUser).build().getSamlResponse(REDIRECT);
            assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
            ResponseType rt = (ResponseType) response.getSamlObject();
            assertThat(rt.getAssertions(), not(empty()));
            assertThat(ars.getLastArtifactResolve(), notNullValue());
            assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
        }
    } finally {
        ars.stop();
        arsThread.join();
    }
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService) Document(org.w3c.dom.Document) CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 25 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class BasicSamlTest method testIsPassiveAttributeEmittedWhenTrue.

@Test
public void testIsPassiveAttributeEmittedWhenTrue() throws Exception {
    // Verifies that the IsPassive attribute is emitted in the authnRequest
    // when it is set to true
    // Build the login request document
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, getAuthServerSamlEndpoint(REALM_NAME));
    loginRep.setIsPassive(true);
    Document document = SAML2Request.convert(loginRep);
    // Find the AuthnRequest element
    Element authnRequestElement = document.getDocumentElement();
    Attr isPassiveAttribute = authnRequestElement.getAttributeNode("IsPassive");
    assertThat("AuthnRequest element should contain the IsPassive attribute when isPassive is true, but it doesn't", isPassiveAttribute, notNullValue());
    assertThat("AuthnRequest/IsPassive attribute should be true when isPassive is true, but it isn't", isPassiveAttribute.getNodeValue(), is("true"));
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) Attr(org.w3c.dom.Attr) Test(org.junit.Test)

Aggregations

AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)56 Test (org.junit.Test)41 Document (org.w3c.dom.Document)36 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)30 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)21 Element (org.w3c.dom.Element)16 Closeable (java.io.Closeable)13 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)13 IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)13 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)10 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)8 HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)7 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)7 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)6 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)6 Matchers.containsString (org.hamcrest.Matchers.containsString)5 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5 SAML2Request (org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)4 URI (java.net.URI)3