Example 1 with NameIDPolicyType
use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project keycloak by keycloak.
the class SAMLAuthNRequestParser method getNameIDPolicy.
/**
* Get the NameIDPolicy
*
* @param startElement
*
* @return
*/
private NameIDPolicyType getNameIDPolicy(StartElement startElement) {
NameIDPolicyType nameIDPolicy = new NameIDPolicyType();
nameIDPolicy.setFormat(StaxParserUtil.getUriAttributeValue(startElement, SAMLProtocolQNames.ATTR_FORMAT));
nameIDPolicy.setAllowCreate(StaxParserUtil.getBooleanAttributeValue(startElement, SAMLProtocolQNames.ATTR_ALLOW_CREATE));
return nameIDPolicy;
}
Also used :
NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)
Example 2 with NameIDPolicyType
use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project keycloak by keycloak.
the class SAMLRequestWriter method write.
/**
* Write a {@code AuthnRequestType } to stream
*
* @param request
*
* @throws org.keycloak.saml.common.exceptions.ProcessingException
*/
public void write(AuthnRequestType request) throws ProcessingException {
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.AUTHN_REQUEST.get(), PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
// Attributes
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), request.getID());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), request.getVersion());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), request.getIssueInstant().toString());
URI destination = request.getDestination();
if (destination != null)
StaxUtil.writeAttribute(writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString());
String consent = request.getConsent();
if (StringUtil.isNotNull(consent))
StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent);
URI assertionURL = request.getAssertionConsumerServiceURL();
if (assertionURL != null)
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ASSERTION_CONSUMER_SERVICE_URL.get(), assertionURL.toASCIIString());
Boolean forceAuthn = request.isForceAuthn();
if (forceAuthn != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.FORCE_AUTHN.get(), forceAuthn.toString());
}
Boolean isPassive = request.isIsPassive();
// maximize compatibility we emit it only if it is set to true
if (isPassive != null && isPassive == true) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.IS_PASSIVE.get(), isPassive.toString());
}
URI protocolBinding = request.getProtocolBinding();
if (protocolBinding != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.PROTOCOL_BINDING.get(), protocolBinding.toString());
}
Integer assertionIndex = request.getAssertionConsumerServiceIndex();
if (assertionIndex != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ASSERTION_CONSUMER_SERVICE_INDEX.get(), assertionIndex.toString());
}
Integer attrIndex = request.getAttributeConsumingServiceIndex();
if (attrIndex != null) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ATTRIBUTE_CONSUMING_SERVICE_INDEX.get(), attrIndex.toString());
}
String providerName = request.getProviderName();
if (StringUtil.isNotNull(providerName)) {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.PROVIDER_NAME.get(), providerName);
}
NameIDType issuer = request.getIssuer();
if (issuer != null) {
write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX), false);
}
SubjectType subject = request.getSubject();
if (subject != null) {
write(subject);
}
Element sig = request.getSignature();
if (sig != null) {
StaxUtil.writeDOMElement(writer, sig);
}
ExtensionsType extensions = request.getExtensions();
if (extensions != null && !extensions.getAny().isEmpty()) {
write(extensions);
}
NameIDPolicyType nameIDPolicy = request.getNameIDPolicy();
if (nameIDPolicy != null) {
write(nameIDPolicy);
}
RequestedAuthnContextType requestedAuthnContext = request.getRequestedAuthnContext();
if (requestedAuthnContext != null) {
write(requestedAuthnContext);
}
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType)
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType)
NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)
RequestedAuthnContextType(org.keycloak.dom.saml.v2.protocol.RequestedAuthnContextType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
PROTOCOL_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.PROTOCOL_NSURI)
URI(java.net.URI)
ASSERTION_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI)
Example 3 with NameIDPolicyType
use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project keycloak by keycloak.
the class AuthnRequestNameIdFormatTest method testLoginWithNameIdPolicy.
private void testLoginWithNameIdPolicy(Binding requestBinding, Binding responseBinding, NameIDPolicyType nameIDPolicy, Matcher<String> nameIdMatcher) throws Exception {
SAMLDocumentHolder res = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, requestBinding).transformObject(so -> {
so.setProtocolBinding(requestBinding.getBindingUri());
so.setNameIDPolicy(nameIDPolicy);
return so;
}).build().login().user(bburkeUser).build().getSamlResponse(responseBinding);
assertThat(res.getSamlObject(), notNullValue());
assertThat(res.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) res.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
assertThat(rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
NameIDType nameId = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
assertThat(nameId.getValue(), nameIdMatcher);
}
Also used :
JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants)
Matchers(org.hamcrest.Matchers)
Test(org.junit.Test)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Assert.assertThat(org.junit.Assert.assertThat)
List(java.util.List)
ClientsResource(org.keycloak.admin.client.resource.ClientsResource)
Matcher(org.hamcrest.Matcher)
SamlClient(org.keycloak.testsuite.util.SamlClient)
NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Example 4 with NameIDPolicyType
use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project keycloak by keycloak.
the class AuthnRequestNameIdFormatTest method testPostLoginNameIdPolicyEmail.
@Test
public void testPostLoginNameIdPolicyEmail() throws Exception {
NameIDPolicyType nameIdPolicy = new NameIDPolicyType();
nameIdPolicy.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.getUri());
testLoginWithNameIdPolicy(Binding.POST, Binding.POST, nameIdPolicy, is("bburke@redhat.com"));
}
Also used :
NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)
Test(org.junit.Test)
Example 5 with NameIDPolicyType
use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project keycloak by keycloak.
the class AuthnRequestNameIdFormatTest method testPostLoginNameIdPolicyUnspecified.
@Test
public void testPostLoginNameIdPolicyUnspecified() throws Exception {
NameIDPolicyType nameIdPolicy = new NameIDPolicyType();
nameIdPolicy.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.getUri());
testLoginWithNameIdPolicy(Binding.POST, Binding.POST, nameIdPolicy, is("bburke"));
}
Also used :
NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)
Test(org.junit.Test)
Aggregations
NameIDPolicyType (org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)11
Test (org.junit.Test)8
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)4
URI (java.net.URI)2
List (java.util.List)2
XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)2
QName (javax.xml.namespace.QName)2
Matchers (org.hamcrest.Matchers)2
ClientsResource (org.keycloak.admin.client.resource.ClientsResource)2
SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)2
AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)2
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)2
IOException (java.io.IOException)1
KeyPair (java.security.KeyPair)1
Objects (java.util.Objects)1
UUID (java.util.UUID)1
AtomicReference (java.util.concurrent.atomic.AtomicReference)1
Status (javax.ws.rs.core.Response.Status)1
Header (org.apache.http.Header)1
HttpHeaders (org.apache.http.HttpHeaders)1
