Examples with ResponseType org.keycloak.dom.saml.v2.protocol.ResponseType used on opensource projects

Example 76 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class LogoutTest method createAuthnResponse.

private SAML2Object createAuthnResponse(SAML2Object so) {
    AuthnRequestType req = (AuthnRequestType) so;
    try {
        final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer(BROKER_SERVICE_ID).assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).nameIdentifier(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get(), "a@b.c").authMethod(JBossSAMLURIConstants.AC_UNSPECIFIED.get()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
        NameIDType nameId = (NameIDType) res.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
        nameId.setNameQualifier(NAME_QUALIFIER);
        nameId.setSPNameQualifier(SP_NAME_QUALIFIER);
        nameId.setSPProvidedID(SP_PROVIDED_ID);
        return res;
    } catch (ConfigurationException | ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}

Example 77 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingAuthnWithSignatureMissingDestinationTest.

@Test
public void soapBindingAuthnWithSignatureMissingDestinationTest() {
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).transformObject(authnRequestType -> {
        authnRequestType.setDestination(null);
        return authnRequestType;
    }).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) response.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
}

Example 78 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingAuthnWithoutSignatureMissingDestinationTest.

@Test
public void soapBindingAuthnWithoutSignatureMissingDestinationTest() {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).transformObject(authnRequestType -> {
        authnRequestType.setDestination(null);
        return authnRequestType;
    }).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) response.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
}

Example 79 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class SamlRedirectBindingTest method testQueryParametersInSamlProcessingUriRedirectWithSignature.

@Test
public void testQueryParametersInSamlProcessingUriRedirectWithSignature() throws Exception {
    SamlClient samlClient = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG + "?param1=value1&param2=value2", Binding.REDIRECT).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().doNotFollowRedirects().execute(hr -> {
        try {
            // obtain the document validating the signature (it should be valid)
            SAMLDocumentHolder doc = Binding.REDIRECT.extractResponse(hr, REALM_PUBLIC_KEY);
            // assert doc is OK and the destination really has the extra parameters
            assertThat(doc.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            assertThat(doc.getSamlObject(), instanceOf(ResponseType.class));
            ResponseType res = (ResponseType) doc.getSamlObject();
            assertThat(res.getDestination(), is(SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG + "?param1=value1&param2=value2"));
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    });
}

Example 80 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class SessionNotOnOrAfterTest method checkSessionNotOnOrAfter.

private SAML2Object checkSessionNotOnOrAfter(SAML2Object ob, int ssoMaxLifespan, int accessCodeLifespan, int accessTokenLifespan) {
    assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) ob;
    Assert.assertNotNull(resp);
    Assert.assertNotNull(resp.getAssertions());
    Assert.assertThat(resp.getAssertions().size(), greaterThan(0));
    Assert.assertNotNull(resp.getAssertions().get(0));
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion());
    // session lifespan
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getStatements());
    Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
    AuthnStatementType authType = statements.stream().filter(statement -> statement instanceof AuthnStatementType).map(s -> (AuthnStatementType) s).findFirst().orElse(null);
    assertThat(authType, notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), is(XMLTimeUtil.add(authType.getAuthnInstant(), ssoMaxLifespan * 1000L)));
    // Conditions
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    ConditionsType condition = resp.getAssertions().get(0).getAssertion().getConditions();
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessCodeLifespan * 1000L), condition.getNotOnOrAfter());
    // SubjectConfirmation (confirmationData has no NotBefore, using the previous one because it's the same)
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation());
    List<SubjectConfirmationType> confirmations = resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation();
    SubjectConfirmationDataType confirmationData = confirmations.stream().map(c -> c.getSubjectConfirmationData()).filter(c -> c != null).findFirst().orElse(null);
    Assert.assertNotNull(confirmationData);
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessTokenLifespan * 1000L), confirmationData.getNotOnOrAfter());
    return null;
}