Examples with SAML2Response - org.keycloak.saml.processing.api.saml.v2.response.SAML2Response

Example 6 with SAML2Response

use of org.keycloak.saml.processing.api.saml.v2.response.SAML2Response in project keycloak by keycloak.

the class SamlDocumentStepBuilder method transformObject.

@SuppressWarnings("unchecked")
public This transformObject(Saml2ObjectTransformer<T> tr) {
    final StringTransformer original = this.transformer;
    this.transformer = s -> {
        final String originalTransformed = original.transform(s);
        if (originalTransformed == null) {
            return null;
        }
        final ByteArrayInputStream baos = new ByteArrayInputStream(originalTransformed.getBytes());
        final T saml2Object = (T) new SAML2Response().getSAML2ObjectFromStream(baos);
        final T transformed = tr.transform(saml2Object);
        if (transformed == null) {
            return null;
        }
        String res = saml2Object2String(transformed);
        LOG.debugf("  ---> %s", res);
        return res;
    };
    return (This) this;
}

Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) SAML2Response(org.keycloak.saml.processing.api.saml.v2.response.SAML2Response)

Example 7 with SAML2Response

use of org.keycloak.saml.processing.api.saml.v2.response.SAML2Response in project keycloak by keycloak.

the class SAML2LoginResponseBuilder method buildModel.

public ResponseType buildModel() throws ConfigurationException, ProcessingException {
    ResponseType responseType = null;
    SAML2Response saml2Response = new SAML2Response();
    // Create a response type
    String id = IDGenerator.create("ID_");
    IssuerInfoHolder issuerHolder = new IssuerInfoHolder(issuer);
    issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
    IDPInfoHolder idp = new IDPInfoHolder();
    idp.setNameIDFormatValue(nameId);
    idp.setNameIDFormat(nameIdFormat);
    SPInfoHolder sp = new SPInfoHolder();
    sp.setResponseDestinationURI(destination);
    sp.setRequestID(requestID);
    sp.setIssuer(requestIssuer);
    responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
    AssertionType assertion = responseType.getAssertions().get(0).getAssertion();
    // Add request issuer as the audience restriction
    AudienceRestrictionType audience = new AudienceRestrictionType();
    audience.addAudience(URI.create(requestIssuer));
    assertion.getConditions().addCondition(audience);
    // Update Conditions NotOnOrAfter
    if (assertionExpiration > 0) {
        ConditionsType conditions = assertion.getConditions();
        conditions.setNotOnOrAfter(XMLTimeUtil.add(conditions.getNotBefore(), assertionExpiration * 1000L));
    }
    // Update SubjectConfirmationData NotOnOrAfter
    if (subjectExpiration > 0) {
        SubjectConfirmationDataType subjectConfirmationData = assertion.getSubject().getConfirmation().get(0).getSubjectConfirmationData();
        subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.add(assertion.getConditions().getNotBefore(), subjectExpiration * 1000L));
    }
    // Create an AuthnStatementType
    if (!disableAuthnStatement) {
        String authContextRef = JBossSAMLURIConstants.AC_UNSPECIFIED.get();
        if (isNotNull(authMethod))
            authContextRef = authMethod;
        AuthnStatementType authnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(), authContextRef);
        if (sessionExpiration > 0)
            authnStatement.setSessionNotOnOrAfter(XMLTimeUtil.add(authnStatement.getAuthnInstant(), sessionExpiration * 1000L));
        if (sessionIndex != null)
            authnStatement.setSessionIndex(sessionIndex);
        else
            authnStatement.setSessionIndex(assertion.getID());
        assertion.addStatement(authnStatement);
    }
    if (includeOneTimeUseCondition) {
        assertion.getConditions().addCondition(new OneTimeUseType());
    }
    if (!this.extensions.isEmpty()) {
        ExtensionsType extensionsType = new ExtensionsType();
        for (NodeGenerator extension : this.extensions) {
            extensionsType.addExtension(extension);
        }
        responseType.setExtensions(extensionsType);
    }
    return responseType;
}

Also used : AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) SubjectConfirmationDataType(org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType) SPInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.SPInfoHolder) ExtensionsType(org.keycloak.dom.saml.v2.protocol.ExtensionsType) IssuerInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.IssuerInfoHolder) SAML2Response(org.keycloak.saml.processing.api.saml.v2.response.SAML2Response) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) IDPInfoHolder(org.keycloak.saml.processing.core.saml.v2.holders.IDPInfoHolder)

Example 8 with SAML2Response

use of org.keycloak.saml.processing.api.saml.v2.response.SAML2Response in project keycloak by keycloak.

the class SAMLRequestParser method parseResponseRedirectBinding.

public static SAMLDocumentHolder parseResponseRedirectBinding(String samlMessage) {
    InputStream is;
    try {
        is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
    } catch (IOException e) {
        logger.samlBase64DecodingError(e);
        return null;
    }
    if (log.isDebugEnabled()) {
        String message = null;
        try {
            message = StreamUtil.readString(is, GeneralConstants.SAML_CHARSET);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
        log.debug("SAML Redirect Binding");
        log.debug(message);
        is = new ByteArrayInputStream(message.getBytes(GeneralConstants.SAML_CHARSET));
    }
    SAML2Response response = new SAML2Response();
    try {
        response.getSAML2ObjectFromStream(is);
        return response.getSamlDocumentHolder();
    } catch (Exception e) {
        logger.samlBase64DecodingError(e);
    }
    return null;
}

Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) SAML2Response(org.keycloak.saml.processing.api.saml.v2.response.SAML2Response) IOException(java.io.IOException) IOException(java.io.IOException)

Aggregations

SAML2Response (org.keycloak.saml.processing.api.saml.v2.response.SAML2Response)8 ByteArrayInputStream (java.io.ByteArrayInputStream)4 InputStream (java.io.InputStream)3 ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)3 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)3 IOException (java.io.IOException)2 ExtensionsType (org.keycloak.dom.saml.v2.protocol.ExtensionsType)2 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)2 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)2 ParsingException (org.keycloak.saml.common.exceptions.ParsingException)2 Document (org.w3c.dom.Document)2 SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)1 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)1 AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)1 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)1 ConditionsType (org.keycloak.dom.saml.v2.assertion.ConditionsType)1 OneTimeUseType (org.keycloak.dom.saml.v2.assertion.OneTimeUseType)1 SubjectConfirmationDataType (org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType)1 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)1 IDPInfoHolder (org.keycloak.saml.processing.core.saml.v2.holders.IDPInfoHolder)1