Example 56 with ResponseType
use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.
the class FixedHostnameTest method assertSamlLogin.
private void assertSamlLogin(Keycloak testAdminClient, String realm, String expectedBaseUrl) throws Exception {
final String realmUrl = expectedBaseUrl + "/auth/realms/" + realm;
final String baseSamlEndpointUrl = realmUrl + "/protocol/saml";
String entityDescriptor = null;
RealmResource realmResource = testAdminClient.realm(realm);
ClientRepresentation clientRep = ClientBuilder.create().protocol(SamlProtocol.LOGIN_PROTOCOL).clientId(SAML_CLIENT_ID).enabled(true).attribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").redirectUris("http://foo.bar/").build();
try (Creator<ClientResource> c = Creator.create(realmResource, clientRep);
Creator<UserResource> u = Creator.create(realmResource, UserBuilder.create().username("bicycle").password("race").enabled(true).build())) {
SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(new URI(baseSamlEndpointUrl), SAML_CLIENT_ID, "http://foo.bar/", Binding.POST).build().login().user("bicycle", "race").build().getSamlResponse(Binding.POST);
assertThat(samlResponse.getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType response = (ResponseType) samlResponse.getSamlObject();
assertThat(response.getAssertions(), hasSize(1));
assertThat(response.getAssertions().get(0).getAssertion().getIssuer().getValue(), is(realmUrl));
} catch (Exception e) {
log.errorf("Caught exception while parsing SAML descriptor %s", entityDescriptor);
}
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
UserResource(org.keycloak.admin.client.resource.UserResource)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
URI(java.net.URI)
ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException)
JWSInputException(org.keycloak.jose.jws.JWSInputException)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Example 57 with ResponseType
use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.
the class NameIdMapperTest method testExpectedNameId.
private void testExpectedNameId(String expectedNameId) {
ResponseType rt = getSamlResponseObject();
NameIDType nameId = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
assertEquals(expectedNameId, nameId.getValue());
assertEquals(JBossSAMLURIConstants.STATUS_SUCCESS.get(), rt.getStatus().getStatusCode().getValue().toString());
}
Also used :
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Example 58 with ResponseType
use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.
the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLoginFullWithPost.
@Test
public void testReceiveArtifactLoginFullWithPost() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
Document doc = SAML2Request.convert(loginRep);
SamlClientBuilder builder = new SamlClientBuilder();
CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST, builder);
ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(doc);
Thread arsThread = new Thread(ars);
try {
arsThread.start();
synchronized (ars) {
ars.wait();
SAMLDocumentHolder response = builder.artifactMessage(camb).build().login().user(bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
assertThat(ars.getLastArtifactResolve(), notNullValue());
assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
}
} finally {
ars.stop();
arsThread.join();
}
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService)
Document(org.w3c.dom.Document)
CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 59 with ResponseType
use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.
the class AssertionUtilTest method testSaml20DecryptId.
@Test
public void testSaml20DecryptId() throws Exception {
try (InputStream st = getEncryptedIdTestFileInputStream()) {
ResponseType responseType = (ResponseType) SAMLParser.getInstance().parse(st);
STSubType subType = responseType.getAssertions().get(0).getAssertion().getSubject().getSubType();
assertNotNull(subType.getEncryptedID());
assertNull(subType.getBaseID());
AssertionUtil.decryptId(responseType, extractPrivateKey());
assertNull(subType.getEncryptedID());
assertNotNull(subType.getBaseID());
assertTrue(subType.getBaseID() instanceof NameIDType);
assertEquals("myTestId", ((NameIDType) subType.getBaseID()).getValue());
}
}
Also used :
STSubType(org.keycloak.dom.saml.v2.assertion.SubjectType.STSubType)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
SAMLParserTest(org.keycloak.saml.processing.core.parsers.saml.SAMLParserTest)
Test(org.junit.Test)
Example 60 with ResponseType
use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.
the class AssertionUtil method decryptAssertion.
/**
* This method modifies the given responseType, and replaces the encrypted assertion with a decrypted version.
* @param responseType a response containg an encrypted assertion
* @return the assertion element as it was decrypted. This can be used in signature verification.
*/
public static Element decryptAssertion(SAMLDocumentHolder holder, ResponseType responseType, PrivateKey privateKey) throws ParsingException, ProcessingException, ConfigurationException {
Document doc = holder.getSamlDocument();
Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get()));
if (enc == null) {
throw new ProcessingException("No encrypted assertion found.");
}
String oldID = enc.getAttribute(JBossSAMLConstants.ID.get());
Document newDoc = DocumentUtil.createDocument();
Node importedNode = newDoc.importNode(enc, true);
newDoc.appendChild(importedNode);
Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey);
SAMLParser parser = SAMLParser.getInstance();
JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement);
AssertionType assertion = (AssertionType) parser.parse(parser.createEventReader(DocumentUtil.getNodeAsStream(decryptedDocumentElement)));
responseType.replaceAssertion(oldID, new ResponseType.RTChoiceType(assertion));
return decryptedDocumentElement;
}
Also used :
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
Node(org.w3c.dom.Node)
SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser)
EncryptedAssertionType(org.keycloak.dom.saml.v2.assertion.EncryptedAssertionType)
SAML11AssertionType(org.keycloak.dom.saml.v1.assertion.SAML11AssertionType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
Document(org.w3c.dom.Document)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Aggregations
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)75
Test (org.junit.Test)50
SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)38
SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)34
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)33
AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)26
NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)25
JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)16
Document (org.w3c.dom.Document)15
URI (java.net.URI)13
List (java.util.List)12
Matchers.containsString (org.hamcrest.Matchers.containsString)12
Assert.assertThat (org.junit.Assert.assertThat)12
AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)12
AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)12
StatementAbstractType (org.keycloak.dom.saml.v2.assertion.StatementAbstractType)12
ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)12
IOException (java.io.IOException)11
Response (javax.ws.rs.core.Response)11
Matchers (org.keycloak.testsuite.util.Matchers)11
