Search in sources :

Example 26 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class BasicSamlTest method testSpecialCharsInRelayState.

private void testSpecialCharsInRelayState(String encodedRelayState) throws Exception {
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG, getAuthServerSamlEndpoint(REALM_NAME));
    Document doc = SAML2Request.convert(loginRep);
    URI redirect = Binding.REDIRECT.createSamlUnsignedRequest(getAuthServerSamlEndpoint(REALM_NAME), null, doc).getURI();
    String query = redirect.getRawQuery();
    SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RSA_SHA256;
    // now add the relayState
    String relayStatePart = encodedRelayState == null ? "" : ("&" + GeneralConstants.RELAY_STATE + "=" + encodedRelayState);
    String sigAlgPart = "&" + GeneralConstants.SAML_SIG_ALG_REQUEST_KEY + "=" + Encode.encodeQueryParamAsIs(signatureAlgorithm.getXmlSignatureMethod());
    Signature signature = signatureAlgorithm.createSignature();
    byte[] sig;
    signature.initSign(KeyUtils.privateKeyFromString(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY));
    signature.update(query.getBytes(GeneralConstants.SAML_CHARSET));
    signature.update(relayStatePart.getBytes(GeneralConstants.SAML_CHARSET));
    signature.update(sigAlgPart.getBytes(GeneralConstants.SAML_CHARSET));
    sig = signature.sign();
    String encodedSig = RedirectBindingUtil.base64Encode(sig);
    String sigPart = "&" + GeneralConstants.SAML_SIGNATURE_REQUEST_KEY + "=" + Encode.encodeQueryParamAsIs(encodedSig);
    new SamlClientBuilder().navigateTo(redirect.toString() + relayStatePart + sigAlgPart + sigPart).assertResponse(statusCodeIsHC(Status.OK)).execute();
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Signature(java.security.Signature) SignatureAlgorithm(org.keycloak.saml.SignatureAlgorithm) Matchers.containsString(org.hamcrest.Matchers.containsString) IOUtil.documentToString(org.keycloak.testsuite.utils.io.IOUtil.documentToString) Document(org.w3c.dom.Document) URI(java.net.URI) PROTOCOL_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.PROTOCOL_NSURI)

Example 27 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class BasicSamlTest method testWithOverriddenPort.

private void testWithOverriddenPort(int port, Response.Status expectedHttpCode, Matcher<String> pageTextMatcher) throws Exception {
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, RealmsResource.protocolUrl(UriBuilder.fromUri(getAuthServerRoot()).port(port)).build(REALM_NAME, SamlProtocol.LOGIN_PROTOCOL));
    Document doc = SAML2Request.convert(loginRep);
    HttpUriRequest post = Binding.POST.createSamlUnsignedRequest(getAuthServerSamlEndpoint(REALM_NAME), null, doc);
    try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(new RedirectStrategyWithSwitchableFollowRedirect()).build();
        CloseableHttpResponse response = client.execute(post)) {
        assertThat(response, statusCodeIsHC(expectedHttpCode));
        assertThat(EntityUtils.toString(response.getEntity(), "UTF-8"), pageTextMatcher);
    }
}
Also used : HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) RedirectStrategyWithSwitchableFollowRedirect(org.keycloak.testsuite.util.SamlClient.RedirectStrategyWithSwitchableFollowRedirect) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) Document(org.w3c.dom.Document)

Example 28 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class ConcurrentAuthnRequestTest method loginRepeatedly.

private void loginRepeatedly(UserRepresentation user, URI samlEndpoint, String relayState, Binding requestBinding) {
    CloseableHttpResponse response = null;
    SamlClient.RedirectStrategyWithSwitchableFollowRedirect strategy = new SamlClient.RedirectStrategyWithSwitchableFollowRedirect();
    ExecutorService threadPool = Executors.newFixedThreadPool(CONCURRENT_THREADS);
    try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(strategy).build()) {
        Collection<Callable<Void>> futures = new LinkedList<>();
        for (int i = 0; i < ITERATIONS; i++) {
            final int j = i;
            AuthnRequestType loginRep = createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, REALM_NAME);
            Document samlRequest = SAML2Request.convert(loginRep);
            HttpUriRequest post = requestBinding.createSamlUnsignedRequest(samlEndpoint, relayState, samlRequest);
            Callable<Void> f = () -> {
                performLogin(post, samlEndpoint, relayState, loginRep.getID(), samlRequest, response, client, user, strategy);
                return null;
            };
            futures.add(f);
        }
        threadPool.invokeAll(futures);
    } catch (Exception ex) {
        throw new RuntimeException(ex);
    }
}
Also used : HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) Document(org.w3c.dom.Document) SamlClient(org.keycloak.testsuite.util.SamlClient) Callable(java.util.concurrent.Callable) LinkedList(java.util.LinkedList) IOException(java.io.IOException) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) ExecutorService(java.util.concurrent.ExecutorService)

Example 29 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class SamlClientTest method testLoginWithOIDCClient.

@Test
public void testLoginWithOIDCClient() throws ParsingException, ConfigurationException, ProcessingException, IOException {
    ClientRepresentation salesRep = adminClient.realm(REALM_NAME).clients().findByClientId(SAML_CLIENT_ID_SALES_POST).get(0);
    adminClient.realm(REALM_NAME).clients().get(salesRep.getId()).update(ClientBuilder.edit(salesRep).protocol(OIDCLoginProtocol.LOGIN_PROTOCOL).build());
    AuthnRequestType loginRep = createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, REALM_NAME);
    Document samlRequest = SAML2Request.convert(loginRep);
    SamlClient.RedirectStrategyWithSwitchableFollowRedirect strategy = new SamlClient.RedirectStrategyWithSwitchableFollowRedirect();
    URI samlEndpoint = getAuthServerSamlEndpoint(REALM_NAME);
    try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(strategy).build()) {
        HttpUriRequest post = SamlClient.Binding.POST.createSamlUnsignedRequest(samlEndpoint, null, samlRequest);
        CloseableHttpResponse response = sendPost(post, client);
        Assert.assertEquals(response.getStatusLine().getStatusCode(), 400);
        String s = IOUtils.toString(response.getEntity().getContent(), "UTF-8");
        Assert.assertThat(s, Matchers.containsString("Wrong client protocol."));
        response.close();
    }
    adminClient.realm(REALM_NAME).clients().get(salesRep.getId()).update(ClientBuilder.edit(salesRep).protocol(SamlProtocol.LOGIN_PROTOCOL).build());
}
Also used : HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) Document(org.w3c.dom.Document) URI(java.net.URI) SamlClient(org.keycloak.testsuite.util.SamlClient) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 30 with AuthnRequestType

use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.

the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactNonExistingClient.

@Test
public void testReceiveArtifactNonExistingClient() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument("blabla", AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
    Document doc = SAML2Request.convert(loginRep);
    SamlClientBuilder builder = new SamlClientBuilder();
    CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), "blabla", SamlClient.Binding.POST, builder);
    ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(doc);
    Thread arsThread = new Thread(ars);
    try {
        arsThread.start();
        synchronized (ars) {
            ars.wait();
            String response = builder.artifactMessage(camb).build().executeAndTransform(resp -> EntityUtils.toString(resp.getEntity()));
            assertThat(response, containsString("Invalid Request"));
        }
    } finally {
        ars.stop();
        arsThread.join();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService) Matchers.containsString(org.hamcrest.Matchers.containsString) Document(org.w3c.dom.Document) CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder) Test(org.junit.Test)

Aggregations

AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)56 Test (org.junit.Test)41 Document (org.w3c.dom.Document)36 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)30 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)21 Element (org.w3c.dom.Element)16 Closeable (java.io.Closeable)13 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)13 IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)13 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)10 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)8 HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)7 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)7 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)6 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)6 Matchers.containsString (org.hamcrest.Matchers.containsString)5 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5 SAML2Request (org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)4 URI (java.net.URI)3