Search in sources :

Example 6 with ParsingException

use of org.keycloak.saml.common.exceptions.ParsingException in project keycloak by keycloak.

the class SamlService method emptyArtifactResponseMessage.

private Response emptyArtifactResponseMessage(ArtifactResolveType artifactResolveMessage, ClientModel clientModel, URI responseStatusCode) throws ProcessingException, ConfigurationException {
    ArtifactResponseType artifactResponse = SamlProtocolUtils.buildArtifactResponse(null, SAML2NameIDBuilder.value(RealmsResource.realmBaseUrl(session.getContext().getUri()).build(realm.getName()).toString()).build(), responseStatusCode);
    Document artifactResponseDocument;
    try {
        artifactResponseDocument = SamlProtocolUtils.convert(artifactResponse);
    } catch (ParsingException | ConfigurationException | ProcessingException e) {
        logger.errorf("Failed to obtain document from ArtifactResponse: %s.", artifactResponse);
        throw new ProcessingException(Errors.INVALID_SAML_ARTIFACT_RESPONSE, e);
    }
    return artifactResponseMessage(artifactResolveMessage, artifactResponseDocument, clientModel);
}
Also used : ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) Document(org.w3c.dom.Document) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 7 with ParsingException

use of org.keycloak.saml.common.exceptions.ParsingException in project keycloak by keycloak.

the class SamlService method artifactResolve.

/**
 * Takes an artifact resolve message and returns the artifact response, if the artifact is found belonging to a session
 * of the issuer.
 * @param artifactResolveMessage The artifact resolve message sent by the client
 * @param artifactResolveHolder the document containing the artifact resolve message sent by the client
 * @return a Response containing the SOAP message with the ArifactResponse
 * @throws ParsingException
 * @throws ConfigurationException
 * @throws ProcessingException
 */
public Response artifactResolve(ArtifactResolveType artifactResolveMessage, SAMLDocumentHolder artifactResolveHolder) throws ParsingException, ConfigurationException, ProcessingException {
    logger.debug("Received artifactResolve message for artifact " + artifactResolveMessage.getArtifact() + "\n" + "Message: \n" + DocumentUtil.getDocumentAsString(artifactResolveHolder.getSamlDocument()));
    // Artifact from resolve request
    String artifact = artifactResolveMessage.getArtifact();
    if (artifact == null) {
        logger.errorf("Artifact to resolve was null");
        return emptyArtifactResponseMessage(artifactResolveMessage, null, JBossSAMLURIConstants.STATUS_REQUEST_DENIED.getUri());
    }
    ArtifactResolver artifactResolver = getArtifactResolver(artifact);
    if (artifactResolver == null) {
        logger.errorf("Cannot find ArtifactResolver for artifact %s", artifact);
        return emptyArtifactResponseMessage(artifactResolveMessage, null, JBossSAMLURIConstants.STATUS_REQUEST_DENIED.getUri());
    }
    // Obtain details of session that issued artifact and check if it corresponds to issuer of Resolve message
    SamlArtifactSessionMappingModel sessionMapping = getArtifactSessionMappingStore().get(artifact);
    if (sessionMapping == null) {
        logger.errorf("No data stored for artifact %s", artifact);
        return emptyArtifactResponseMessage(artifactResolveMessage, null);
    }
    UserSessionModel userSessionModel = session.sessions().getUserSession(realm, sessionMapping.getUserSessionId());
    if (userSessionModel == null) {
        logger.errorf("UserSession with id: %s, that corresponds to artifact: %s does not exist.", sessionMapping.getUserSessionId(), artifact);
        return emptyArtifactResponseMessage(artifactResolveMessage, null);
    }
    AuthenticatedClientSessionModel clientSessionModel = userSessionModel.getAuthenticatedClientSessions().get(sessionMapping.getClientSessionId());
    if (clientSessionModel == null) {
        logger.errorf("ClientSession with id: %s, that corresponds to artifact: %s and UserSession: %s does not exist.", sessionMapping.getClientSessionId(), artifact, sessionMapping.getUserSessionId());
        return emptyArtifactResponseMessage(artifactResolveMessage, null);
    }
    ClientModel clientModel = getAndCheckClientModel(sessionMapping.getClientSessionId(), artifactResolveMessage.getIssuer().getValue());
    SamlClient samlClient = new SamlClient(clientModel);
    // Check signature within ArtifactResolve request if client requires it
    if (samlClient.requiresClientSignature()) {
        try {
            SamlProtocolUtils.verifyDocumentSignature(clientModel, artifactResolveHolder.getSamlDocument());
        } catch (VerificationException e) {
            SamlService.logger.error("request validation failed", e);
            return emptyArtifactResponseMessage(artifactResolveMessage, clientModel);
        }
    }
    // Obtain artifactResponse from clientSessionModel
    String artifactResponseString;
    try {
        artifactResponseString = artifactResolver.resolveArtifact(clientSessionModel, artifact);
    } catch (ArtifactResolverProcessingException e) {
        logger.errorf(e, "Failed to resolve artifact: %s.", artifact);
        return emptyArtifactResponseMessage(artifactResolveMessage, clientModel);
    }
    // Artifact is successfully resolved, we can remove session mapping from storage
    getArtifactSessionMappingStore().remove(artifact);
    Document artifactResponseDocument = null;
    ArtifactResponseType artifactResponseType = null;
    try {
        SAMLDataMarshaller marshaller = new SAMLDataMarshaller();
        artifactResponseType = marshaller.deserialize(artifactResponseString, ArtifactResponseType.class);
        artifactResponseDocument = SamlProtocolUtils.convert(artifactResponseType);
    } catch (ParsingException | ConfigurationException | ProcessingException e) {
        logger.errorf(e, "Failed to obtain document from ArtifactResponseString: %s.", artifactResponseString);
        return emptyArtifactResponseMessage(artifactResolveMessage, clientModel);
    }
    // If clientSession is in LOGGING_OUT action, now we can move it to LOGGED_OUT
    if (CommonClientSessionModel.Action.LOGGING_OUT.name().equals(clientSessionModel.getAction())) {
        clientSessionModel.setAction(CommonClientSessionModel.Action.LOGGED_OUT.name());
        // If Keycloak sent LogoutResponse we need to also remove UserSession
        if (artifactResponseType.getAny() instanceof StatusResponseType && artifactResponseString.contains(JBossSAMLConstants.LOGOUT_RESPONSE.get())) {
            if (!UserSessionModel.State.LOGGED_OUT_UNCONFIRMED.equals(userSessionModel.getState())) {
                logger.warnf("Keycloak issued LogoutResponse for clientSession %s, however user session %s was not in LOGGED_OUT_UNCONFIRMED state.", clientSessionModel.getId(), userSessionModel.getId());
            }
            AuthenticationManager.finishUnconfirmedUserSession(session, realm, userSessionModel);
        }
    }
    return artifactResponseMessage(artifactResolveMessage, artifactResponseDocument, clientModel);
}
Also used : UserSessionModel(org.keycloak.models.UserSessionModel) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) Document(org.w3c.dom.Document) SAMLDataMarshaller(org.keycloak.broker.saml.SAMLDataMarshaller) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) SamlArtifactSessionMappingModel(org.keycloak.models.SamlArtifactSessionMappingModel) ClientModel(org.keycloak.models.ClientModel) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) VerificationException(org.keycloak.common.VerificationException) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 8 with ParsingException

use of org.keycloak.saml.common.exceptions.ParsingException in project keycloak by keycloak.

the class EntityDescriptorDescriptionConverter method loadEntityDescriptors.

private static ClientRepresentation loadEntityDescriptors(InputStream is) {
    Object metadata;
    try {
        metadata = SAMLParser.getInstance().parse(is);
    } catch (ParsingException e) {
        throw new RuntimeException(e);
    }
    EntitiesDescriptorType entities;
    if (EntitiesDescriptorType.class.isInstance(metadata)) {
        entities = (EntitiesDescriptorType) metadata;
    } else {
        entities = new EntitiesDescriptorType();
        entities.addEntityDescriptor(metadata);
    }
    if (entities.getEntityDescriptor().size() != 1) {
        throw new RuntimeException("Expected one entity descriptor");
    }
    EntityDescriptorType entity = (EntityDescriptorType) entities.getEntityDescriptor().get(0);
    String entityId = entity.getEntityID();
    ClientRepresentation app = new ClientRepresentation();
    app.setClientId(entityId);
    Map<String, String> attributes = new HashMap<>();
    app.setAttributes(attributes);
    List<String> redirectUris = new LinkedList<>();
    app.setRedirectUris(redirectUris);
    app.setFullScopeAllowed(true);
    app.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    // default to true
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    // default to false
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE_KEYINFO_EXT, SamlProtocol.ATTRIBUTE_FALSE_VALUE);
    attributes.put(SamlConfigAttributes.SAML_SIGNATURE_ALGORITHM, SignatureAlgorithm.RSA_SHA256.toString());
    attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    SPSSODescriptorType spDescriptorType = getSPDescriptor(entity);
    if (spDescriptorType.isWantAssertionsSigned()) {
        attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    }
    String logoutPost = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
    if (logoutPost != null)
        attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, logoutPost);
    String logoutRedirect = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
    if (logoutRedirect != null)
        attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, logoutRedirect);
    String assertionConsumerServicePostBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
    if (assertionConsumerServicePostBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, assertionConsumerServicePostBinding);
        redirectUris.add(assertionConsumerServicePostBinding);
    }
    String assertionConsumerServiceRedirectBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
    if (assertionConsumerServiceRedirectBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE, assertionConsumerServiceRedirectBinding);
        redirectUris.add(assertionConsumerServiceRedirectBinding);
    }
    String assertionConsumerServiceSoapBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_SOAP_BINDING.get());
    if (assertionConsumerServiceSoapBinding != null) {
        redirectUris.add(assertionConsumerServiceSoapBinding);
    }
    String assertionConsumerServicePaosBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_PAOS_BINDING.get());
    if (assertionConsumerServicePaosBinding != null) {
        redirectUris.add(assertionConsumerServicePaosBinding);
    }
    String assertionConsumerServiceArtifactBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.get());
    if (assertionConsumerServiceArtifactBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE, assertionConsumerServiceArtifactBinding);
        redirectUris.add(assertionConsumerServiceArtifactBinding);
    }
    String artifactResolutionService = getArtifactResolutionService(spDescriptorType);
    if (artifactResolutionService != null) {
        attributes.put(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, artifactResolutionService);
    }
    if (spDescriptorType.getNameIDFormat() != null) {
        for (String format : spDescriptorType.getNameIDFormat()) {
            String attribute = SamlClient.samlNameIDFormatToClientAttribute(format);
            if (attribute != null) {
                attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, attribute);
                break;
            }
        }
    }
    if (spDescriptorType.getExtensions() != null && spDescriptorType.getExtensions().getUIInfo() != null) {
        if (!spDescriptorType.getExtensions().getUIInfo().getLogo().isEmpty()) {
            attributes.put(ClientModel.LOGO_URI, spDescriptorType.getExtensions().getUIInfo().getLogo().get(0).getValue().toString());
        }
        if (!spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().isEmpty()) {
            attributes.put(ClientModel.POLICY_URI, spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().stream().filter(dn -> "en".equals(dn.getLang())).findFirst().orElse(spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().get(0)).getValue().toString());
        }
    }
    app.setProtocolMappers(spDescriptorType.getAttributeConsumingService().stream().flatMap(att -> att.getRequestedAttribute().stream()).map(attr -> {
        ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
        mapper.setName(attr.getName());
        mapper.setProtocol("saml");
        mapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);
        Map<String, String> config = new HashMap<>();
        config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, attr.getName());
        if (attr.getFriendlyName() != null)
            config.put(AttributeStatementHelper.FRIENDLY_NAME, attr.getFriendlyName());
        if (attr.getNameFormat() != null)
            config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, getSAMLNameFormat(attr.getNameFormat()));
        mapper.setConfig(config);
        return mapper;
    }).collect(Collectors.toList()));
    for (KeyDescriptorType keyDescriptor : spDescriptorType.getKeyDescriptor()) {
        X509Certificate cert = null;
        try {
            cert = SAMLMetadataUtil.getCertificate(keyDescriptor);
        } catch (ConfigurationException e) {
            throw new RuntimeException(e);
        } catch (ProcessingException e) {
            throw new RuntimeException(e);
        }
        String certPem = KeycloakModelUtils.getPemFromCertificate(cert);
        if (keyDescriptor.getUse() == KeyTypes.SIGNING) {
            attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            attributes.put(SamlConfigAttributes.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, certPem);
        } else if (keyDescriptor.getUse() == KeyTypes.ENCRYPTION) {
            attributes.put(SamlConfigAttributes.SAML_ENCRYPT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            attributes.put(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, certPem);
        }
    }
    return app;
}
Also used : ClientModel(org.keycloak.models.ClientModel) AttributeStatementHelper(org.keycloak.protocol.saml.mappers.AttributeStatementHelper) UserAttributeStatementMapper(org.keycloak.protocol.saml.mappers.UserAttributeStatementMapper) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) X509Certificate(java.security.cert.X509Certificate) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) HashMap(java.util.HashMap) Config(org.keycloak.Config) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) ByteArrayInputStream(java.io.ByteArrayInputStream) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) Map(java.util.Map) SignatureAlgorithm(org.keycloak.saml.SignatureAlgorithm) LinkedList(java.util.LinkedList) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) ClientDescriptionConverterFactory(org.keycloak.exportimport.ClientDescriptionConverterFactory) KeyTypes(org.keycloak.dom.saml.v2.metadata.KeyTypes) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) ClientDescriptionConverter(org.keycloak.exportimport.ClientDescriptionConverter) KeycloakSession(org.keycloak.models.KeycloakSession) EDTDescriptorChoiceType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType) EntitiesDescriptorType(org.keycloak.dom.saml.v2.metadata.EntitiesDescriptorType) Collectors(java.util.stream.Collectors) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Objects(java.util.Objects) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) List(java.util.List) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) SAMLMetadataUtil(org.keycloak.saml.processing.core.saml.v2.util.SAMLMetadataUtil) InputStream(java.io.InputStream) EntitiesDescriptorType(org.keycloak.dom.saml.v2.metadata.EntitiesDescriptorType) HashMap(java.util.HashMap) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 9 with ParsingException

use of org.keycloak.saml.common.exceptions.ParsingException in project keycloak by keycloak.

the class KcSamlBrokerTest method emptyAttributeToRoleMapperTest.

@Test
public void emptyAttributeToRoleMapperTest() throws ParsingException, ConfigurationException, ProcessingException {
    createRolesForRealm(bc.consumerRealmName());
    createRoleMappersForConsumerRealm();
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
    Document doc = SAML2Request.convert(loginRep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
    Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
    Binding.POST).transformObject(ob -> {
        assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(EMPTY_ATTRIBUTE_NAME);
        attr.addAttributeValue(null);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
    Binding.POST);
    Assert.assertThat(samlResponse, Matchers.notNullValue());
    Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertionTypeStream = assertionsUnencrypted(samlResponse.getSamlObject());
    Stream<AttributeType> attributeStatementTypeStream = attributesUnecrypted(attributeStatements(assertionTypeStream));
    Set<String> attributeValues = attributeStatementTypeStream.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
    assertThat(attributeValues, hasItems(EMPTY_ATTRIBUTE_ROLE));
}
Also used : AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Arrays(java.util.Arrays) Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) SamlStreams.attributesUnecrypted(org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted) Matchers.not(org.hamcrest.Matchers.not) ROLE_ATTRIBUTE_NAME(org.keycloak.testsuite.saml.RoleMapperTest.ROLE_ATTRIBUTE_NAME) Matchers.hasItems(org.hamcrest.Matchers.hasItems) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Assert.assertThat(org.junit.Assert.assertThat) Document(org.w3c.dom.Document) SamlClient(org.keycloak.testsuite.util.SamlClient) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Matchers.isSamlResponse(org.keycloak.testsuite.util.Matchers.isSamlResponse) ImmutableMap(com.google.common.collect.ImmutableMap) RealmResource(org.keycloak.admin.client.resource.RealmResource) Set(java.util.Set) Collectors(java.util.stream.Collectors) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) SAMLProtocolQNames(org.keycloak.saml.processing.core.parsers.saml.protocol.SAMLProtocolQNames) SamlStreams.attributeStatements(org.keycloak.testsuite.util.SamlStreams.attributeStatements) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderMapperModel(org.keycloak.models.IdentityProviderMapperModel) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) HashMap(java.util.HashMap) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) BrokerTestTools.getConsumerRoot(org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) UserResource(org.keycloak.admin.client.resource.UserResource) SamlStreams.assertionsUnencrypted(org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) UserAttributeMapper(org.keycloak.broker.saml.mappers.UserAttributeMapper) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Element(org.w3c.dom.Element) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) Binding(org.keycloak.testsuite.util.SamlClient.Binding) IdentityProviderMapperSyncMode(org.keycloak.models.IdentityProviderMapperSyncMode) BrokerTestTools.getProviderRoot(org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot) Assert(org.junit.Assert) Collections(java.util.Collections) AttributeToRoleMapper(org.keycloak.broker.saml.mappers.AttributeToRoleMapper) Set(java.util.Set) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Document(org.w3c.dom.Document) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 10 with ParsingException

use of org.keycloak.saml.common.exceptions.ParsingException in project keycloak by keycloak.

the class SamlUtils method getSPInstallationDescriptor.

public static SPSSODescriptorType getSPInstallationDescriptor(ClientsResource res, String clientId) throws ParsingException {
    String spDescriptorString = res.findByClientId(clientId).stream().findFirst().map(ClientRepresentation::getId).map(res::get).map(clientResource -> clientResource.getInstallationProvider(SamlSPDescriptorClientInstallation.SAML_CLIENT_INSTALATION_SP_DESCRIPTOR)).orElseThrow(() -> new RuntimeException("Missing descriptor"));
    SAMLParser parser = SAMLParser.getInstance();
    EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
    return o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
}
Also used : SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) DeploymentArchiveProcessorUtils(org.keycloak.testsuite.utils.arquillian.DeploymentArchiveProcessorUtils) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) IOUtil(org.keycloak.testsuite.utils.io.IOUtil) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) SamlSPDescriptorClientInstallation(org.keycloak.protocol.saml.installation.SamlSPDescriptorClientInstallation) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) Document(org.w3c.dom.Document) StringInputStream(org.apache.tools.ant.filters.StringInputStream) ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) InputStream(java.io.InputStream) StringInputStream(org.apache.tools.ant.filters.StringInputStream) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)

Aggregations

ParsingException (org.keycloak.saml.common.exceptions.ParsingException)31 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)14 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)14 InputStream (java.io.InputStream)11 Document (org.w3c.dom.Document)10 IOException (java.io.IOException)9 ByteArrayInputStream (java.io.ByteArrayInputStream)7 DeploymentBuilder (org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)7 ResourceLoader (org.keycloak.adapters.saml.config.parsers.ResourceLoader)7 FileNotFoundException (java.io.FileNotFoundException)6 SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)6 FileInputStream (java.io.FileInputStream)5 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)5 Test (org.junit.Test)4 DefaultSamlDeployment (org.keycloak.adapters.saml.DefaultSamlDeployment)4 SamlDeploymentContext (org.keycloak.adapters.saml.SamlDeploymentContext)4 SAML2Request (org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)4 Element (org.w3c.dom.Element)4 HashMap (java.util.HashMap)3 ServletException (javax.servlet.ServletException)3