Example 46 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SAML2Request method getRequestType.
/**
* Get a Request Type from Input Stream
*
* @param is
*
* @return
*
* @throws ProcessingException
* @throws ConfigurationException
* @throws
* @throws IllegalArgumentException inputstream is null
*/
public RequestAbstractType getRequestType(InputStream is) throws ParsingException, ConfigurationException, ProcessingException {
if (is == null)
throw logger.nullArgumentError("InputStream");
Document samlDocument = DocumentUtil.getDocument(is);
SAMLParser samlParser = SAMLParser.getInstance();
JAXPValidationUtil.checkSchemaValidation(samlDocument);
RequestAbstractType requestType = (RequestAbstractType) samlParser.parse(samlDocument);
samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
return requestType;
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
RequestAbstractType(org.keycloak.dom.saml.v2.protocol.RequestAbstractType)
SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser)
Document(org.w3c.dom.Document)
Example 47 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SAML2Response method getSAML2ObjectFromStream.
/**
* Read a {@code SAML2Object} from an input stream
*
* @param is
*
* @return
*
* @throws ParsingException
* @throws ConfigurationException
* @throws ProcessingException
*/
public SAML2Object getSAML2ObjectFromStream(InputStream is) throws ParsingException, ConfigurationException, ProcessingException {
if (is == null)
throw logger.nullArgumentError("InputStream");
Document samlResponseDocument = DocumentUtil.getDocument(is);
if (logger.isTraceEnabled()) {
logger.trace("SAML Response Document: " + DocumentUtil.asString(samlResponseDocument));
}
SAMLParser samlParser = SAMLParser.getInstance();
JAXPValidationUtil.checkSchemaValidation(samlResponseDocument);
SAML2Object responseType = (SAML2Object) samlParser.parse(samlResponseDocument);
samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument);
return responseType;
}
Also used :
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser)
Document(org.w3c.dom.Document)
Example 48 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class FixedHostnameTest method assertSamlLogin.
private void assertSamlLogin(Keycloak testAdminClient, String realm, String expectedBaseUrl) throws Exception {
final String realmUrl = expectedBaseUrl + "/auth/realms/" + realm;
final String baseSamlEndpointUrl = realmUrl + "/protocol/saml";
String entityDescriptor = null;
RealmResource realmResource = testAdminClient.realm(realm);
ClientRepresentation clientRep = ClientBuilder.create().protocol(SamlProtocol.LOGIN_PROTOCOL).clientId(SAML_CLIENT_ID).enabled(true).attribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").redirectUris("http://foo.bar/").build();
try (Creator<ClientResource> c = Creator.create(realmResource, clientRep);
Creator<UserResource> u = Creator.create(realmResource, UserBuilder.create().username("bicycle").password("race").enabled(true).build())) {
SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(new URI(baseSamlEndpointUrl), SAML_CLIENT_ID, "http://foo.bar/", Binding.POST).build().login().user("bicycle", "race").build().getSamlResponse(Binding.POST);
assertThat(samlResponse.getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
ResponseType response = (ResponseType) samlResponse.getSamlObject();
assertThat(response.getAssertions(), hasSize(1));
assertThat(response.getAssertions().get(0).getAssertion().getIssuer().getValue(), is(realmUrl));
} catch (Exception e) {
log.errorf("Caught exception while parsing SAML descriptor %s", entityDescriptor);
}
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
RealmResource(org.keycloak.admin.client.resource.RealmResource)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
UserResource(org.keycloak.admin.client.resource.UserResource)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
URI(java.net.URI)
ClientRegistrationException(org.keycloak.client.registration.ClientRegistrationException)
JWSInputException(org.keycloak.jose.jws.JWSInputException)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Example 49 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class ConcurrentAuthnRequestTest method performLogin.
public static void performLogin(HttpUriRequest post, URI samlEndpoint, String relayState, String requestId, Document samlRequest, CloseableHttpResponse response, final CloseableHttpClient client, UserRepresentation user, RedirectStrategyWithSwitchableFollowRedirect strategy) {
try {
HttpClientContext context = HttpClientContext.create();
response = client.execute(post, context);
String loginPageText = EntityUtils.toString(response.getEntity(), "UTF-8");
response.close();
HttpUriRequest loginRequest = LoginBuilder.handleLoginPage(user, loginPageText);
strategy.setRedirectable(false);
response = client.execute(loginRequest, context);
SAMLDocumentHolder parseResponsePostBinding = SAMLRequestParser.parseResponsePostBinding(EntityUtils.toString(response.getEntity()));
assertThat(parseResponsePostBinding.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
assertThat(((ResponseType) parseResponsePostBinding.getSamlObject()).getInResponseTo(), is(requestId));
response.close();
} catch (Exception ex) {
throw new RuntimeException(ex);
} finally {
if (response != null) {
EntityUtils.consumeQuietly(response.getEntity());
try {
response.close();
} catch (IOException ex) {
}
}
}
}
Also used :
HttpUriRequest(org.apache.http.client.methods.HttpUriRequest)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
HttpClientContext(org.apache.http.client.protocol.HttpClientContext)
IOException(java.io.IOException)
IOException(java.io.IOException)
Example 50 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class RoleMapperTest method testExpectedRoles.
public void testExpectedRoles(String clientId, String... expectedRoles) {
SAMLDocumentHolder document = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), clientId, SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(Binding.POST);
assertThat(document.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
Stream<AssertionType> assertions = assertionsUnencrypted(document.getSamlObject());
Stream<AttributeType> attributes = attributesUnecrypted(attributeStatements(assertions));
Set<String> roles = attributes.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
assertThat(roles, containsInAnyOrder(expectedRoles));
}
Also used :
AttributeStatementHelper(org.keycloak.protocol.saml.mappers.AttributeStatementHelper)
RoleListMapper(org.keycloak.protocol.saml.mappers.RoleListMapper)
ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater)
ProtocolMappersUpdater(org.keycloak.testsuite.updaters.ProtocolMappersUpdater)
SamlStreams.attributesUnecrypted(org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted)
HashMap(java.util.HashMap)
RoleNameMapper(org.keycloak.protocol.saml.mappers.RoleNameMapper)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
Assert.assertThat(org.junit.Assert.assertThat)
AUTH_SERVER_SSL_REQUIRED(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED)
Map(java.util.Map)
After(org.junit.After)
SamlStreams.assertionsUnencrypted(org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted)
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
Before(org.junit.Before)
AUTH_SERVER_SCHEME(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SCHEME)
Matchers(org.keycloak.testsuite.util.Matchers)
JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants)
RoleScopeUpdater(org.keycloak.testsuite.updaters.RoleScopeUpdater)
Set(java.util.Set)
SamlProtocol(org.keycloak.protocol.saml.SamlProtocol)
IOException(java.io.IOException)
Test(org.junit.Test)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
Collectors(java.util.stream.Collectors)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
AUTH_SERVER_PORT(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT)
Stream(java.util.stream.Stream)
UserAttributeUpdater(org.keycloak.testsuite.updaters.UserAttributeUpdater)
Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder)
Binding(org.keycloak.testsuite.util.SamlClient.Binding)
SamlStreams.attributeStatements(org.keycloak.testsuite.util.SamlStreams.attributeStatements)
Collections(java.util.Collections)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType)
Aggregations
SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)83
Test (org.junit.Test)70
SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)62
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)35
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)29
Document (org.w3c.dom.Document)20
IOException (java.io.IOException)19
JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)18
ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17
AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)14
URI (java.net.URI)12
List (java.util.List)12
Response (javax.ws.rs.core.Response)12
Matchers.containsString (org.hamcrest.Matchers.containsString)12
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)12
Matchers (org.keycloak.testsuite.util.Matchers)12
SamlClient (org.keycloak.testsuite.util.SamlClient)12
Matchers.is (org.hamcrest.Matchers.is)11
Assert.assertThat (org.junit.Assert.assertThat)11
Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)10
