Example 41 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class SAMLArtifactResolveParser method instantiateElement.
/**
* Parse the attributes at the authnrequesttype element
*
* @param startElement
*
* @return
*
* @throws ParsingException
*/
@Override
protected ArtifactResolveType instantiateElement(XMLEventReader xmlEventReader, StartElement startElement) throws ParsingException {
SAMLParserUtil.validateAttributeValue(startElement, SAMLProtocolQNames.ATTR_VERSION, VERSION_2_0);
String id = StaxParserUtil.getRequiredAttributeValue(startElement, SAMLProtocolQNames.ATTR_ID);
XMLGregorianCalendar issueInstant = XMLTimeUtil.parse(StaxParserUtil.getRequiredAttributeValue(startElement, SAMLProtocolQNames.ATTR_ISSUE_INSTANT));
ArtifactResolveType authnRequest = new ArtifactResolveType(id, issueInstant);
super.parseBaseAttributes(startElement, authnRequest);
return authnRequest;
}
Also used :
XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar)
ArtifactResolveType(org.keycloak.dom.saml.v2.protocol.ArtifactResolveType)
Example 42 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLoginFullWithPost.
@Test
public void testReceiveArtifactLoginFullWithPost() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
Document doc = SAML2Request.convert(loginRep);
SamlClientBuilder builder = new SamlClientBuilder();
CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST, builder);
ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(doc);
Thread arsThread = new Thread(ars);
try {
arsThread.start();
synchronized (ars) {
ars.wait();
SAMLDocumentHolder response = builder.artifactMessage(camb).build().login().user(bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
assertThat(ars.getLastArtifactResolve(), notNullValue());
assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
}
} finally {
ars.stop();
arsThread.join();
}
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService)
Document(org.w3c.dom.Document)
CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 43 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class BasicSamlTest method testNoDestinationPost.
@Test
public void testNoDestinationPost() throws Exception {
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
Document doc = SAML2Request.convert(loginRep);
HttpUriRequest post = Binding.POST.createSamlUnsignedRequest(getAuthServerSamlEndpoint(REALM_NAME), null, doc);
try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(new RedirectStrategyWithSwitchableFollowRedirect()).build();
CloseableHttpResponse response = client.execute(post)) {
assertThat(response, statusCodeIsHC(Response.Status.OK));
assertThat(EntityUtils.toString(response.getEntity(), "UTF-8"), containsString("login"));
}
}
Also used :
HttpUriRequest(org.apache.http.client.methods.HttpUriRequest)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
RedirectStrategyWithSwitchableFollowRedirect(org.keycloak.testsuite.util.SamlClient.RedirectStrategyWithSwitchableFollowRedirect)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
Document(org.w3c.dom.Document)
Test(org.junit.Test)
Example 44 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class BasicSamlTest method testNoDestinationRedirect.
@Test
public void testNoDestinationRedirect() throws Exception {
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
Document doc = SAML2Request.convert(loginRep);
HttpUriRequest post = Binding.REDIRECT.createSamlUnsignedRequest(getAuthServerSamlEndpoint(REALM_NAME), null, doc);
try (CloseableHttpClient client = HttpClientBuilder.create().setRedirectStrategy(new RedirectStrategyWithSwitchableFollowRedirect()).build();
CloseableHttpResponse response = client.execute(post)) {
assertThat(response, statusCodeIsHC(Response.Status.OK));
assertThat(EntityUtils.toString(response.getEntity(), "UTF-8"), containsString("login"));
}
}
Also used :
HttpUriRequest(org.apache.http.client.methods.HttpUriRequest)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
RedirectStrategyWithSwitchableFollowRedirect(org.keycloak.testsuite.util.SamlClient.RedirectStrategyWithSwitchableFollowRedirect)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
Document(org.w3c.dom.Document)
Test(org.junit.Test)
Example 45 with AuthnRequestType
use of org.keycloak.dom.saml.v2.protocol.AuthnRequestType in project keycloak by keycloak.
the class BasicSamlTest method testAllowCreateAttributeOmittedWhenTransient.
@Test
public void testAllowCreateAttributeOmittedWhenTransient() throws Exception {
// Verifies that the AllowCreate attribute is not emitted in the AuthnRequest
// when NameIDFormat is Transient
// Build the login request document
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, getAuthServerSamlEndpoint(REALM_NAME));
loginRep.getNameIDPolicy().setFormat(NAMEID_FORMAT_TRANSIENT.getUri());
loginRep.getNameIDPolicy().setAllowCreate(true);
Document document = SAML2Request.convert(loginRep);
// Find the AuthnRequest element
Element authnRequestElement = document.getDocumentElement();
Element nameIdPolicyElement = DocumentUtil.getDirectChildElement(authnRequestElement, PROTOCOL_NSURI.get(), "NameIDPolicy");
Attr formatAttribute = nameIdPolicyElement.getAttributeNode("Format");
Attr allowCreateAttribute = nameIdPolicyElement.getAttributeNode("AllowCreate");
assertThat("AuthnRequest/NameIdPolicy Format should be present, but it is not", formatAttribute, notNullValue());
assertThat("AuthnRequest/NameIdPolicy Format should be Transient, but it is not", formatAttribute.getNodeValue(), is(NAMEID_FORMAT_TRANSIENT.get()));
assertThat("AuthnRequest/NameIdPolicy element shouldn't contain the AllowCreate attribute when Format is set to Transient, but it does", allowCreateAttribute, nullValue());
}
Also used :
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
Attr(org.w3c.dom.Attr)
Test(org.junit.Test)
Aggregations
AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)56
Test (org.junit.Test)41
Document (org.w3c.dom.Document)36
SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)30
AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)21
Element (org.w3c.dom.Element)16
Closeable (java.io.Closeable)13
SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)13
IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)13
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)10
ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)8
HttpUriRequest (org.apache.http.client.methods.HttpUriRequest)7
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)7
ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)7
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)6
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)6
Matchers.containsString (org.hamcrest.Matchers.containsString)5
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)5
SAML2Request (org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)4
URI (java.net.URI)3
