Examples with LogoutRequestType org.keycloak.dom.saml.v2.protocol.LogoutRequestType used on opensource projects

Search in sources :

Example 1 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SAMLLogoutAdapterTest method employeeGlobalLogoutTest.

@Test
public void employeeGlobalLogoutTest() {
    SAMLDocumentHolder b = new SamlClientBuilder().navigateTo(employeeServletPage).processSamlResponse(Binding.POST).build().login().user(bburkeUser).build().processSamlResponse(Binding.POST).targetAttributeSamlResponse().transformObject(this::extractNameId).transformObject((SAML2Object o) -> {
        assertThat(o, isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType rt = (ResponseType) o;
        NameIDType t = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
        t.setNameQualifier(NAME_QUALIFIER);
        t.setSPNameQualifier(SP_NAME_QUALIFIER);
        t.setSPProvidedID(SP_PROVIDED_ID);
    }).build().navigateTo(employeeServletPage.getUriBuilder().clone().queryParam("GLO", "true").build()).getSamlResponse(Binding.POST);
    assertThat(b.getSamlObject(), instanceOf(LogoutRequestType.class));
    LogoutRequestType lr = (LogoutRequestType) b.getSamlObject();
    NameIDType logoutRequestNameID = lr.getNameID();
    assertThat(logoutRequestNameID.getFormat(), is(nameIdRef.get().getFormat()));
    assertThat(logoutRequestNameID.getValue(), is(nameIdRef.get().getValue()));
    assertThat(logoutRequestNameID.getNameQualifier(), is(NAME_QUALIFIER));
    assertThat(logoutRequestNameID.getSPProvidedID(), is(SP_PROVIDED_ID));
    assertThat(logoutRequestNameID.getSPNameQualifier(), is(SP_NAME_QUALIFIER));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) Test(org.junit.Test) AbstractServletsAdapterTest(org.keycloak.testsuite.adapter.AbstractServletsAdapterTest)

Example 2 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SAML2Request method convert.

/**
 * Return the DOM object
 *
 * @param rat
 *
 * @return
 *
 * @throws ProcessingException
 * @throws ParsingException
 * @throws ConfigurationException
 */
public static Document convert(RequestAbstractType rat) throws ProcessingException, ConfigurationException, ParsingException {
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(bos));
    if (rat instanceof AuthnRequestType) {
        writer.write((AuthnRequestType) rat);
    } else if (rat instanceof LogoutRequestType) {
        writer.write((LogoutRequestType) rat);
    }
    return DocumentUtil.getDocument(new String(bos.toByteArray(), GeneralConstants.SAML_CHARSET));
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SAMLRequestWriter(org.keycloak.saml.processing.core.saml.v2.writers.SAMLRequestWriter) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) ByteArrayOutputStream(java.io.ByteArrayOutputStream)

Example 3 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SamlProtocol method frontchannelLogout.

@Override
public Response frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
    ClientModel client = clientSession.getClient();
    SamlClient samlClient = new SamlClient(client);
    try {
        boolean postBinding = isLogoutPostBindingForClient(clientSession);
        String bindingUri = getLogoutServiceUrl(session, client, postBinding ? SAML_POST_BINDING : SAML_REDIRECT_BINDING, false);
        if (bindingUri == null) {
            logger.warnf("Failed to logout client %s, skipping this client.  Please configure the logout service url in the admin console for your client applications.", client.getClientId());
            return null;
        }
        NodeGenerator[] extensions = new NodeGenerator[] {};
        if (!postBinding) {
            if (samlClient.requiresRealmSignature() && samlClient.addExtensionsElementWithKeyInfo()) {
                KeyManager.ActiveRsaKey keys = session.keys().getActiveRsaKey(realm);
                String keyName = samlClient.getXmlSigKeyInfoKeyNameTransformer().getKeyName(keys.getKid(), keys.getCertificate());
                extensions = new NodeGenerator[] { new KeycloakKeySamlExtensionGenerator(keyName) };
            }
        }
        LogoutRequestType logoutRequest = createLogoutRequest(bindingUri, clientSession, client, extensions);
        JaxrsSAML2BindingBuilder binding = createBindingBuilder(samlClient, "true".equals(clientSession.getNote(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.get())));
        // If this session uses artifact binding, send an artifact instead of the LogoutRequest
        if ("true".equals(clientSession.getNote(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.get())) && useArtifactForLogout(client)) {
            clientSession.setAction(CommonClientSessionModel.Action.LOGGING_OUT.name());
            return buildArtifactAuthenticatedResponse(clientSession, bindingUri, logoutRequest, binding);
        }
        Document samlDocument = SAML2Request.convert(logoutRequest);
        if (postBinding) {
            // This is POST binding, hence KeyID is included in dsig:KeyInfo/dsig:KeyName, no need to add <samlp:Extensions> element
            return binding.postBinding(samlDocument).request(bindingUri);
        } else {
            logger.debug("frontchannel redirect binding");
            return binding.redirectBinding(samlDocument).request(bindingUri);
        }
    } catch (ConfigurationException | ProcessingException | IOException | ParsingException e) {
        throw new RuntimeException(e);
    }
}
Also used : LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) IOException(java.io.IOException) KeycloakKeySamlExtensionGenerator(org.keycloak.saml.processing.core.util.KeycloakKeySamlExtensionGenerator) Document(org.w3c.dom.Document) ClientModel(org.keycloak.models.ClientModel) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) KeyManager(org.keycloak.models.KeyManager) NodeGenerator(org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 4 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SAML2LogoutRequestBuilder method createLogoutRequest.

public LogoutRequestType createLogoutRequest() throws ConfigurationException {
    LogoutRequestType lort = SAML2Request.createLogoutRequest(issuer);
    lort.setNameID(nameId);
    lort.setIssuer(issuer);
    if (sessionIndex != null)
        lort.addSessionIndex(sessionIndex);
    if (assertionExpiration > 0)
        lort.setNotOnOrAfter(XMLTimeUtil.add(lort.getIssueInstant(), assertionExpiration * 1000));
    if (destination != null) {
        lort.setDestination(URI.create(destination));
    }
    if (!this.extensions.isEmpty()) {
        ExtensionsType extensionsType = new ExtensionsType();
        for (NodeGenerator extension : this.extensions) {
            extensionsType.addExtension(extension);
        }
        lort.setExtensions(extensionsType);
    }
    return lort;
}
Also used : ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType)

Example 5 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SAMLResponseWriter method write.

public void write(ArtifactResponseType response) throws ProcessingException {
    StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ARTIFACT_RESPONSE.get(), JBossSAMLURIConstants.PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, JBossSAMLURIConstants.ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.ASSERTION_NSURI.get());
    writeBaseAttributes(response);
    NameIDType issuer = response.getIssuer();
    if (issuer != null) {
        write(issuer, new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    }
    Element sig = response.getSignature();
    if (sig != null) {
        StaxUtil.writeDOMElement(writer, sig);
    }
    ExtensionsType extensions = response.getExtensions();
    if (extensions != null && extensions.getAny() != null && !extensions.getAny().isEmpty()) {
        write(extensions);
    }
    StatusType status = response.getStatus();
    if (status != null) {
        write(status);
    }
    Object anyObj = response.getAny();
    if (anyObj instanceof AuthnRequestType) {
        AuthnRequestType authn = (AuthnRequestType) anyObj;
        SAMLRequestWriter requestWriter = new SAMLRequestWriter(writer);
        requestWriter.write(authn);
    } else if (anyObj instanceof LogoutRequestType) {
        LogoutRequestType logoutRequestType = (LogoutRequestType) anyObj;
        SAMLRequestWriter requestWriter = new SAMLRequestWriter(writer);
        requestWriter.write(logoutRequestType);
    } else if (anyObj instanceof ResponseType) {
        ResponseType rt = (ResponseType) anyObj;
        write(rt);
    } else if (anyObj instanceof StatusResponseType) {
        StatusResponseType rt = (StatusResponseType) anyObj;
        write(rt, new QName(PROTOCOL_NSURI.get(), JBossSAMLConstants.LOGOUT_RESPONSE.get(), "samlp"));
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) QName(javax.xml.namespace.QName) StatusType(org.keycloak.dom.saml.v2.protocol.StatusType) Element(org.w3c.dom.Element) ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)

Aggregations

LogoutRequestType (org.keycloak.dom.saml.v2.protocol.LogoutRequestType)18 Test (org.junit.Test)7 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)7 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)6 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)5 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)4 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)4 Element (org.w3c.dom.Element)4 IOException (java.io.IOException)3 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)3 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)3 NodeGenerator (org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator)3 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)3 ParsingException (org.keycloak.saml.common.exceptions.ParsingException)3 POST (org.keycloak.testsuite.util.SamlClient.Binding.POST)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 URI (java.net.URI)2 QName (javax.xml.namespace.QName)2 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)2 DOMSource (javax.xml.transform.dom.DOMSource)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial