Examples with ResponseType org.keycloak.dom.saml.v2.protocol.ResponseType used on opensource projects

Example 26 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class SamlDocumentStepBuilder method saml2Object2String.

public static String saml2Object2String(final SAML2Object transformed) {
    try {
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(bos);
        if (transformed instanceof AuthnRequestType) {
            new SAMLRequestWriter(xmlStreamWriter).write((AuthnRequestType) transformed);
        } else if (transformed instanceof LogoutRequestType) {
            new SAMLRequestWriter(xmlStreamWriter).write((LogoutRequestType) transformed);
        } else if (transformed instanceof ArtifactResolveType) {
            new SAMLRequestWriter(xmlStreamWriter).write((ArtifactResolveType) transformed);
        } else if (transformed instanceof AttributeQueryType) {
            new SAMLRequestWriter(xmlStreamWriter).write((AttributeQueryType) transformed);
        } else if (transformed instanceof ResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((ResponseType) transformed);
        } else if (transformed instanceof ArtifactResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((ArtifactResponseType) transformed);
        } else if (transformed instanceof StatusResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((StatusResponseType) transformed, SAMLProtocolQNames.LOGOUT_RESPONSE.getQName("samlp"));
        } else {
            Assert.assertNotNull("Unknown type: <null>", transformed);
            Assert.fail("Unknown type: " + transformed.getClass().getName());
        }
        return new String(bos.toByteArray(), GeneralConstants.SAML_CHARSET);
    } catch (ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}

Example 27 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class LDAPSamlIdPInitiatedVaryingLetterCaseTest method testIdpInitiated.

private void testIdpInitiated(String userName, boolean isFirstBrokerLogin) throws Exception {
    final URI destination = getAuthServerBrokerSamlEndpoint(TEST_REALM_NAME, IDP_SAML_ALIAS, EXT_SSO);
    ResponseType response = prepareResponseForIdPInitiatedFlow(destination, userName);
    final SamlClientBuilder builder = new SamlClientBuilder().submitSamlDocument(destination, response, Binding.POST).targetAttributeSamlResponse().build();
    if (isFirstBrokerLogin) {
        builder.followOneRedirect().followOneRedirect();
    }
    builder.processSamlResponse(Binding.POST).transformObject(so -> {
        assertThat(so, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        return null;
    }).build().navigateTo(oauth.getLoginFormUrl()).assertResponse(Matchers.bodyHC(containsString("AUTH_RESPONSE"))).execute();
    assertThat(testRealm().users().search(USER_NAME_LDAP, Boolean.TRUE), hasSize(1));
}

Example 28 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class ArtifactBindingTest method testArtifactBindingLoginSignedArtifactResponse.

@Test
public void testArtifactBindingLoginSignedArtifactResponse() throws Exception {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true").update());
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
    assertThat(response.getSamlObject(), instanceOf(ArtifactResponseType.class));
    ArtifactResponseType artifactResponse = (ArtifactResponseType) response.getSamlObject();
    assertThat(artifactResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    assertThat(artifactResponse.getSignature(), notNullValue());
    assertThat(artifactResponse.getAny(), instanceOf(ResponseType.class));
    assertThat(artifactResponse.getInResponseTo(), not(isEmptyOrNullString()));
    ResponseType samlResponse = (ResponseType) artifactResponse.getAny();
    assertThat(samlResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    SamlDeployment deployment = SamlUtils.getSamlDeploymentForClient("sales-post");
    SamlProtocolUtils.verifyDocumentSignature(response.getSamlDocument(), deployment.getIDP().getSignatureValidationKeyLocator());
}

Example 29 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class AudienceProtocolMappersTest method testExpectedAudiences.

public void testExpectedAudiences(String... audiences) {
    SAMLDocumentHolder document = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_EMPLOYEE_2, SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, SamlClient.Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
    Assert.assertNotNull(document.getSamlObject());
    Assert.assertThat(document.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Assert.assertNotNull(((ResponseType) document.getSamlObject()).getAssertions());
    Assert.assertThat(((ResponseType) document.getSamlObject()).getAssertions().size(), greaterThan(0));
    Assert.assertNotNull(((ResponseType) document.getSamlObject()).getAssertions().get(0));
    Assert.assertNotNull(((ResponseType) document.getSamlObject()).getAssertions().get(0).getAssertion());
    AudienceRestrictionType audience = ((ResponseType) document.getSamlObject()).getAssertions().get(0).getAssertion().getConditions().getConditions().stream().filter(AudienceRestrictionType.class::isInstance).map(AudienceRestrictionType.class::cast).findFirst().orElse(null);
    Assert.assertNotNull(audience);
    Assert.assertNotNull(audience.getAudience());
    List<String> values = audience.getAudience().stream().map(uri -> uri.toString()).collect(Collectors.toList());
    Assert.assertThat(values, containsInAnyOrder(audiences));
}

Example 30 with ResponseType

use of org.keycloak.dom.saml.v2.protocol.ResponseType in project keycloak by keycloak.

the class BrokerTest method createAuthnResponse.

private SAML2Object createAuthnResponse(SAML2Object so) {
    AuthnRequestType req = (AuthnRequestType) so;
    try {
        final ResponseType res = new SAML2LoginResponseBuilder().requestID(req.getID()).destination(req.getAssertionConsumerServiceURL().toString()).issuer("https://saml.idp/saml").assertionExpiration(1000000).subjectExpiration(1000000).requestIssuer(getAuthServerRealmBase(REALM_NAME).toString()).sessionIndex("idp:" + UUID.randomUUID()).buildModel();
        AttributeStatementType attrStatement = new AttributeStatementType();
        AttributeType attribute = new AttributeType("mail");
        attribute.addAttributeValue("v@w.x");
        attrStatement.addAttribute(new ASTChoiceType(attribute));
        res.getAssertions().get(0).getAssertion().addStatement(attrStatement);
        return res;
    } catch (ConfigurationException | ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}