Example 76 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingLogoutWithoutSignatureMissingDestinationTest.
@Test
public void soapBindingLogoutWithoutSignatureMissingDestinationTest() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).transformObject(logoutRequestType -> {
logoutRequestType.setDestination(null);
return logoutRequestType;
}).build().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
POST(org.keycloak.testsuite.util.SamlClient.Binding.POST)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 77 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingLogoutWithoutSignature.
@Test
public void soapBindingLogoutWithoutSignature() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).build().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
POST(org.keycloak.testsuite.util.SamlClient.Binding.POST)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 78 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingLogoutWithSignature.
@Test
public void soapBindingLogoutWithSignature() {
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
POST(org.keycloak.testsuite.util.SamlClient.Binding.POST)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 79 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SamlRedirectBindingTest method testQueryParametersInSamlProcessingUriRedirectWithSignature.
@Test
public void testQueryParametersInSamlProcessingUriRedirectWithSignature() throws Exception {
SamlClient samlClient = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG + "?param1=value1¶m2=value2", Binding.REDIRECT).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().doNotFollowRedirects().execute(hr -> {
try {
// obtain the document validating the signature (it should be valid)
SAMLDocumentHolder doc = Binding.REDIRECT.extractResponse(hr, REALM_PUBLIC_KEY);
// assert doc is OK and the destination really has the extra parameters
assertThat(doc.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
assertThat(doc.getSamlObject(), instanceOf(ResponseType.class));
ResponseType res = (ResponseType) doc.getSamlObject();
assertThat(res.getDestination(), is(SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG + "?param1=value1¶m2=value2"));
} catch (IOException e) {
throw new IllegalStateException(e);
}
});
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
IOException(java.io.IOException)
SamlClient(org.keycloak.testsuite.util.SamlClient)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
Test(org.junit.Test)
Example 80 with SAMLDocumentHolder
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLogoutFullWithPost.
@Test
public void testReceiveArtifactLogoutFullWithPost() throws InterruptedException {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
SamlClientBuilder builder = new SamlClientBuilder();
CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, POST, builder);
ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/");
Thread arsThread = new Thread(ars);
try {
arsThread.start();
synchronized (ars) {
ars.wait();
SAMLDocumentHolder samlResponse = builder.authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(x -> {
SAML2Object samlObj = extractNameIdAndSessionIndexAndTerminate(x);
setArtifactResolutionServiceLogoutRequest(ars);
return samlObj;
}).build().artifactMessage(camb).build().getSamlResponse(POST);
assertThat(samlResponse.getSamlObject(), instanceOf(StatusResponseType.class));
StatusResponseType srt = (StatusResponseType) samlResponse.getSamlObject();
assertThat(srt, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
}
} finally {
ars.stop();
arsThread.join();
}
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SAML2Object(org.keycloak.dom.saml.v2.SAML2Object)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService)
CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Aggregations
SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)83
Test (org.junit.Test)70
SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)62
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)35
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)29
Document (org.w3c.dom.Document)20
IOException (java.io.IOException)19
JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)18
ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17
AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)14
URI (java.net.URI)12
List (java.util.List)12
Response (javax.ws.rs.core.Response)12
Matchers.containsString (org.hamcrest.Matchers.containsString)12
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)12
Matchers (org.keycloak.testsuite.util.Matchers)12
SamlClient (org.keycloak.testsuite.util.SamlClient)12
Matchers.is (org.hamcrest.Matchers.is)11
Assert.assertThat (org.junit.Assert.assertThat)11
Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)10
