Example 21 with StatusResponseType
use of org.keycloak.dom.saml.v2.protocol.StatusResponseType in project keycloak by keycloak.
the class SAMLResponseWriter method write.
/**
* Write a {@code StatusResponseType}
*
* @param response
* @param qname QName of the starting element
* @param out
*
* @throws ProcessingException
*/
public void write(StatusResponseType response, QName qname) throws ProcessingException {
if (qname == null) {
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.STATUS_RESPONSE_TYPE.get(), JBossSAMLURIConstants.PROTOCOL_NSURI.get());
} else {
StaxUtil.writeStartElement(writer, qname.getPrefix(), qname.getLocalPart(), qname.getNamespaceURI());
}
StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, JBossSAMLURIConstants.ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.ASSERTION_NSURI.get());
writeBaseAttributes(response);
NameIDType issuer = response.getIssuer();
write(issuer, new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()));
Element sig = response.getSignature();
if (sig != null) {
StaxUtil.writeDOMElement(writer, sig);
}
ExtensionsType extensions = response.getExtensions();
if (extensions != null && extensions.getAny() != null && !extensions.getAny().isEmpty()) {
write(extensions);
}
StatusType status = response.getStatus();
write(status);
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
Also used :
QName(javax.xml.namespace.QName)
StatusType(org.keycloak.dom.saml.v2.protocol.StatusType)
Element(org.w3c.dom.Element)
ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType)
NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType)
Example 22 with StatusResponseType
use of org.keycloak.dom.saml.v2.protocol.StatusResponseType in project keycloak by keycloak.
the class SamlStatusResponseTypeMatcher method describeMismatch.
@Override
public void describeMismatch(Object item, Description description) {
StatusCodeType statusCode = ((StatusResponseType) item).getStatus().getStatusCode();
description.appendText("was ");
while (statusCode != null) {
description.appendText("/").appendValue(statusCode.getValue());
statusCode = statusCode.getStatusCode();
}
}
Also used :
StatusCodeType(org.keycloak.dom.saml.v2.protocol.StatusCodeType)
Example 23 with StatusResponseType
use of org.keycloak.dom.saml.v2.protocol.StatusResponseType in project keycloak by keycloak.
the class ArtifactBindingTest method testArtifactBindingIsNotUsedForLogoutWhenLogoutUrlNotSetPostTest.
@Test
public void testArtifactBindingIsNotUsedForLogoutWhenLogoutUrlNotSetPostTest() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, "http://url").setFrontchannelLogout(true).update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, POST).build().doNotFollowRedirects().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
StatusResponseType logoutResponse = (StatusResponseType) response.getSamlObject();
assertThat(logoutResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
assertThat(logoutResponse.getSignature(), nullValue());
assertThat(logoutResponse, not(instanceOf(ResponseType.class)));
assertThat(logoutResponse, not(instanceOf(ArtifactResponseType.class)));
assertThat(logoutResponse, not(instanceOf(NameIDMappingResponseType.class)));
assertThat(logoutResponse, instanceOf(StatusResponseType.class));
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
POST(org.keycloak.testsuite.util.SamlClient.Binding.POST)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 24 with StatusResponseType
use of org.keycloak.dom.saml.v2.protocol.StatusResponseType in project keycloak by keycloak.
the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLogoutFullWithPost.
@Test
public void testReceiveArtifactLogoutFullWithPost() throws InterruptedException {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
SamlClientBuilder builder = new SamlClientBuilder();
CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, POST, builder);
ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/");
Thread arsThread = new Thread(ars);
try {
arsThread.start();
synchronized (ars) {
ars.wait();
SAMLDocumentHolder samlResponse = builder.authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(x -> {
SAML2Object samlObj = extractNameIdAndSessionIndexAndTerminate(x);
setArtifactResolutionServiceLogoutRequest(ars);
return samlObj;
}).build().artifactMessage(camb).build().getSamlResponse(POST);
assertThat(samlResponse.getSamlObject(), instanceOf(StatusResponseType.class));
StatusResponseType srt = (StatusResponseType) samlResponse.getSamlObject();
assertThat(srt, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
}
} finally {
ars.stop();
arsThread.join();
}
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService)
CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 25 with StatusResponseType
use of org.keycloak.dom.saml.v2.protocol.StatusResponseType in project keycloak by keycloak.
the class ArtifactBindingTest method testArtifactBindingIsNotUsedForLogoutWhenLogoutUrlNotSetRedirect.
@Test
public void testArtifactBindingIsNotUsedForLogoutWhenLogoutUrlNotSetRedirect() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, "http://url").setFrontchannelLogout(true).update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).verifyRedirect(true).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, REDIRECT).build().doNotFollowRedirects().executeAndTransform(REDIRECT::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
StatusResponseType logoutResponse = (StatusResponseType) response.getSamlObject();
assertThat(logoutResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
assertThat(logoutResponse.getSignature(), nullValue());
assertThat(logoutResponse, not(instanceOf(ResponseType.class)));
assertThat(logoutResponse, not(instanceOf(ArtifactResponseType.class)));
assertThat(logoutResponse, not(instanceOf(NameIDMappingResponseType.class)));
assertThat(logoutResponse, instanceOf(StatusResponseType.class));
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Aggregations
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)22
Test (org.junit.Test)13
SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)9
SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)7
ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)6
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)6
ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)5
QName (javax.xml.namespace.QName)4
SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)4
ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)4
LogoutRequestType (org.keycloak.dom.saml.v2.protocol.LogoutRequestType)4
ParsingException (org.keycloak.saml.common.exceptions.ParsingException)4
Document (org.w3c.dom.Document)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
Response (javax.ws.rs.core.Response)3
StatusCodeType (org.keycloak.dom.saml.v2.protocol.StatusCodeType)3
StatusType (org.keycloak.dom.saml.v2.protocol.StatusType)3
UserSessionModel (org.keycloak.models.UserSessionModel)3
ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
