Examples with NameIDPolicyType org.keycloak.dom.saml.v2.protocol.NameIDPolicyType used on opensource projects

Search in sources :

Example 11 with NameIDPolicyType

use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project keycloak by keycloak.

the class AuthnRequestNameIdFormatTest method testPostLoginNameIdPolicyPersistent.

@Test
public void testPostLoginNameIdPolicyPersistent() throws Exception {
    NameIDPolicyType nameIdPolicy = new NameIDPolicyType();
    nameIdPolicy.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.getUri());
    testLoginWithNameIdPolicy(Binding.POST, Binding.POST, nameIdPolicy, startsWith("G-"));
}
Also used : NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) Test(org.junit.Test)

Example 12 with NameIDPolicyType

use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project keycloak by keycloak.

the class AuthnRequestNameIdFormatTest method testRedirectLoginNameIdPolicyPersistent.

@Test
public void testRedirectLoginNameIdPolicyPersistent() throws Exception {
    NameIDPolicyType nameIdPolicy = new NameIDPolicyType();
    nameIdPolicy.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.getUri());
    testLoginWithNameIdPolicy(Binding.REDIRECT, Binding.REDIRECT, nameIdPolicy, startsWith("G-"));
}
Also used : NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) Test(org.junit.Test)

Example 13 with NameIDPolicyType

use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project keycloak by keycloak.

the class BrokerTest method testLogoutPropagatesToSamlIdentityProvider.

@Test
public void testLogoutPropagatesToSamlIdentityProvider() throws IOException {
    final RealmResource realm = adminClient.realm(REALM_NAME);
    final ClientsResource clients = realm.clients();
    AuthenticationExecutionInfoRepresentation reviewProfileAuthenticator = null;
    String firstBrokerLoginFlowAlias = null;
    try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/saml"))) {
        IdentityProviderRepresentation idpRepresentation = idp.identityProvider().toRepresentation();
        firstBrokerLoginFlowAlias = idpRepresentation.getFirstBrokerLoginFlowAlias();
        List<AuthenticationExecutionInfoRepresentation> executions = realm.flows().getExecutions(firstBrokerLoginFlowAlias);
        reviewProfileAuthenticator = executions.stream().filter(ex -> Objects.equals(ex.getProviderId(), IdpReviewProfileAuthenticatorFactory.PROVIDER_ID)).findFirst().orElseGet(() -> {
            Assert.fail("Could not find update profile in first broker login flow");
            return null;
        });
        reviewProfileAuthenticator.setRequirement(Requirement.DISABLED.name());
        realm.flows().updateExecutions(firstBrokerLoginFlowAlias, reviewProfileAuthenticator);
        SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).transformObject(ar -> {
            NameIDPolicyType nameIDPolicy = new NameIDPolicyType();
            nameIDPolicy.setAllowCreate(Boolean.TRUE);
            nameIDPolicy.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.getUri());
            ar.setNameIDPolicy(nameIDPolicy);
            return ar;
        }).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().followOneRedirect().followOneRedirect().getSamlResponse(POST);
        assertThat(samlResponse.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_RESPONDER, JBossSAMLURIConstants.STATUS_INVALID_NAMEIDPOLICY));
    } finally {
        reviewProfileAuthenticator.setRequirement(Requirement.REQUIRED.name());
        realm.flows().updateExecutions(firstBrokerLoginFlowAlias, reviewProfileAuthenticator);
    }
}
Also used : XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) KeyPair(java.security.KeyPair) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) Header(org.apache.http.Header) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) Document(org.w3c.dom.Document) Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName) URI(java.net.URI) HttpHeaders(org.apache.http.HttpHeaders) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) IdentityProviderBuilder(org.keycloak.testsuite.util.IdentityProviderBuilder) UUID(java.util.UUID) Objects(java.util.Objects) List(java.util.List) Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse) Matchers.is(org.hamcrest.Matchers.is) SAML_CLIENT_ID_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_SALES_POST) QName(javax.xml.namespace.QName) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) XmlDSigQNames(org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AtomicReference(java.util.concurrent.atomic.AtomicReference) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) RSA_SHA1(org.keycloak.saml.SignatureAlgorithm.RSA_SHA1) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) DOMException(org.w3c.dom.DOMException) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) NodeList(org.w3c.dom.NodeList) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME) Matchers(org.hamcrest.Matchers) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SAML_ASSERTION_CONSUMER_URL_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) IdpReviewProfileAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticatorFactory) BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder) Element(org.w3c.dom.Element) Assert(org.junit.Assert) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) Test(org.junit.Test)

Example 14 with NameIDPolicyType

use of org.keycloak.dom.saml.v2.protocol.NameIDPolicyType in project unity by unity-idm.

the class SAMLHelper method createSAMLRequest.

public static AuthnRequestDocument createSAMLRequest(String responseConsumerAddress, boolean sign, String requestrId, String identityProviderURL, String requestedNameFormat, boolean allowCreate, X509Credential credential) throws InternalException {
    NameID issuer = new NameID(requestrId, SAMLConstants.NFORMAT_ENTITY);
    AuthnRequest request = new AuthnRequest(issuer.getXBean());
    if (requestedNameFormat != null)
        request.setFormat(requestedNameFormat);
    if (allowCreate) {
        NameIDPolicyType policy = request.getXMLBean().getNameIDPolicy();
        if (policy == null)
            policy = request.getXMLBean().addNewNameIDPolicy();
        policy.setAllowCreate(true);
    }
    if (identityProviderURL != null)
        request.getXMLBean().setDestination(identityProviderURL);
    request.getXMLBean().setAssertionConsumerServiceURL(responseConsumerAddress);
    if (sign) {
        try {
            request.sign(credential.getKey(), credential.getCertificateChain());
        } catch (Exception e) {
            throw new InternalException("Can't sign request", e);
        }
    }
    return request.getXMLBeanDoc();
}
Also used : AuthnRequest(eu.unicore.samly2.proto.AuthnRequest) NameID(eu.unicore.samly2.elements.NameID) NameIDPolicyType(xmlbeans.org.oasis.saml2.protocol.NameIDPolicyType) InternalException(pl.edu.icm.unity.exceptions.InternalException) InternalException(pl.edu.icm.unity.exceptions.InternalException)

Aggregations

NameIDPolicyType (org.keycloak.dom.saml.v2.protocol.NameIDPolicyType)11 Test (org.junit.Test)8 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)4 URI (java.net.URI)2 List (java.util.List)2 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)2 QName (javax.xml.namespace.QName)2 Matchers (org.hamcrest.Matchers)2 ClientsResource (org.keycloak.admin.client.resource.ClientsResource)2 SubjectType (org.keycloak.dom.saml.v2.assertion.SubjectType)2 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)2 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)2 NameIDPolicyType (xmlbeans.org.oasis.saml2.protocol.NameIDPolicyType)2 NameID (eu.unicore.samly2.elements.NameID)1 AuthnRequest (eu.unicore.samly2.proto.AuthnRequest)1 IOException (java.io.IOException)1 KeyPair (java.security.KeyPair)1 Objects (java.util.Objects)1 UUID (java.util.UUID)1 AtomicReference (java.util.concurrent.atomic.AtomicReference)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial