use of org.keycloak.saml.SAML2ErrorResponseBuilder in project keycloak by keycloak.
the class SAMLLoginResponseHandlingTest method testErrorHandlingUnsigned.
@Test
public void testErrorHandlingUnsigned() throws Exception {
SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder().destination(employeeSigServletPage.toString() + "saml").issuer("http://localhost:" + System.getProperty("auth.server.http.port", "8180") + "/realms/demo").status(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
Document document = builder.buildDocument();
new SamlClientBuilder().addStep((client, currentURI, currentResponse, context) -> SamlClient.Binding.REDIRECT.createSamlUnsignedResponse(URI.create(employeeSigServletPage.toString() + "/saml"), null, document)).execute(closeableHttpResponse -> Assert.assertThat(closeableHttpResponse, bodyHC(containsString("INVALID_SIGNATURE"))));
}
use of org.keycloak.saml.SAML2ErrorResponseBuilder in project keycloak by keycloak.
the class SAMLLoginResponseHandlingTest method testErrorHandlingSigned.
@Test
public void testErrorHandlingSigned() throws Exception {
SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder().destination(employeeSigServletPage.toString() + "saml").issuer("http://localhost:" + System.getProperty("auth.server.http.port", "8180") + "/realms/demo").status(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get());
Document document = builder.buildDocument();
new SamlClientBuilder().addStep((client, currentURI, currentResponse, context) -> SamlClient.Binding.REDIRECT.createSamlSignedResponse(URI.create(employeeSigServletPage.toString() + "/saml"), null, document, REALM_PRIVATE_KEY, REALM_PUBLIC_KEY)).execute(closeableHttpResponse -> Assert.assertThat(closeableHttpResponse, bodyHC(containsString("ERROR_STATUS"))));
}
use of org.keycloak.saml.SAML2ErrorResponseBuilder in project keycloak by keycloak.
the class SamlProtocol method samlErrorMessage.
private Response samlErrorMessage(AuthenticationSessionModel authSession, SamlClient samlClient, boolean isPostBinding, String destination, JBossSAMLURIConstants statusDetail, String relayState) {
JaxrsSAML2BindingBuilder binding = new JaxrsSAML2BindingBuilder(session).relayState(relayState);
SAML2ErrorResponseBuilder builder = new SAML2ErrorResponseBuilder().destination(destination).issuer(getResponseIssuer(realm)).status(statusDetail.get());
KeyManager keyManager = session.keys();
if (samlClient.requiresRealmSignature()) {
KeyManager.ActiveRsaKey keys = keyManager.getActiveRsaKey(realm);
String keyName = samlClient.getXmlSigKeyInfoKeyNameTransformer().getKeyName(keys.getKid(), keys.getCertificate());
String canonicalization = samlClient.getCanonicalizationMethod();
if (canonicalization != null) {
binding.canonicalizationMethod(canonicalization);
}
binding.signatureAlgorithm(samlClient.getSignatureAlgorithm()).signWith(keyName, keys.getPrivateKey(), keys.getPublicKey(), keys.getCertificate()).signDocument();
}
try {
// There is no support for encrypting status messages in SAML.
// Only assertions, attributes, base ID and name ID can be encrypted
// See Chapter 6 of saml-core-2.0-os.pdf
Document document = builder.buildDocument();
return buildErrorResponse(isPostBinding, destination, binding, document);
} catch (Exception e) {
return ErrorPage.error(session, authSession, Response.Status.BAD_REQUEST, Messages.FAILED_TO_PROCESS_RESPONSE);
}
}
Aggregations