Examples with SAMLDocumentHolder org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder used on opensource projects

Search in sources :

Example 21 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLoginFullWithRedirect.

@Test
public void testReceiveArtifactLoginFullWithRedirect() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
    AuthnRequestType loginReq = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
    loginReq.setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri());
    Document doc = SAML2Request.convert(loginReq);
    SamlClientBuilder builder = new SamlClientBuilder();
    CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.REDIRECT, builder);
    ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(doc);
    Thread arsThread = new Thread(ars);
    try {
        arsThread.start();
        synchronized (ars) {
            ars.wait();
            SAMLDocumentHolder response = builder.artifactMessage(camb).build().login().user(bburkeUser).build().getSamlResponse(REDIRECT);
            assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
            ResponseType rt = (ResponseType) response.getSamlObject();
            assertThat(rt.getAssertions(), not(empty()));
            assertThat(ars.getLastArtifactResolve(), notNullValue());
            assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
        }
    } finally {
        ars.stop();
        arsThread.join();
    }
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService) Document(org.w3c.dom.Document) CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 22 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class AuthnRequestNameIdFormatTest method testLoginWithNameIdPolicy.

private void testLoginWithNameIdPolicy(Binding requestBinding, Binding responseBinding, NameIDPolicyType nameIDPolicy, Matcher<String> nameIdMatcher) throws Exception {
    SAMLDocumentHolder res = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, requestBinding).transformObject(so -> {
        so.setProtocolBinding(requestBinding.getBindingUri());
        so.setNameIDPolicy(nameIDPolicy);
        return so;
    }).build().login().user(bburkeUser).build().getSamlResponse(responseBinding);
    assertThat(res.getSamlObject(), notNullValue());
    assertThat(res.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) res.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
    assertThat(rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
    NameIDType nameId = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
    assertThat(nameId.getValue(), nameIdMatcher);
}
Also used : JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Assert.assertThat(org.junit.Assert.assertThat) List(java.util.List) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Matcher(org.hamcrest.Matcher) SamlClient(org.keycloak.testsuite.util.SamlClient) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) ClientResource(org.keycloak.admin.client.resource.ClientResource) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 23 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class BasicSamlTest method testPropertyValueInAssertion.

// KEYCLOAK-4160
@Test
public void testPropertyValueInAssertion() throws ParsingException, ConfigurationException, ProcessingException {
    SAMLDocumentHolder document = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, Binding.POST).transformDocument(doc -> {
        setDocElementAttributeValue(doc, "samlp:AuthnRequest", "ID", "${java.version}");
        return doc;
    }).build().login().user(bburkeUser).build().getSamlResponse(Binding.POST);
    assertThat(documentToString(document.getSamlDocument()), not(containsString("InResponseTo=\"" + System.getProperty("java.version") + "\"")));
}
Also used : Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) EntityUtils(org.apache.http.util.EntityUtils) Document(org.w3c.dom.Document) Matchers.nullValue(org.hamcrest.Matchers.nullValue) SamlClient(org.keycloak.testsuite.util.SamlClient) RedirectStrategyWithSwitchableFollowRedirect(org.keycloak.testsuite.util.SamlClient.RedirectStrategyWithSwitchableFollowRedirect) UriBuilder(javax.ws.rs.core.UriBuilder) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) NAMEID_FORMAT_TRANSIENT(org.keycloak.saml.common.constants.JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) Signature(java.security.Signature) SamlProtocol(org.keycloak.protocol.saml.SamlProtocol) Logger(java.util.logging.Logger) DocumentUtil(org.keycloak.saml.common.util.DocumentUtil) Objects(java.util.Objects) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) List(java.util.List) Response(javax.ws.rs.core.Response) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) PROTOCOL_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.PROTOCOL_NSURI) RealmsResource(org.keycloak.services.resources.RealmsResource) Encode(org.jboss.resteasy.util.Encode) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) GeneralConstants(org.keycloak.saml.common.constants.GeneralConstants) CoreMatchers.not(org.hamcrest.CoreMatchers.not) IOUtil.setDocElementAttributeValue(org.keycloak.testsuite.utils.io.IOUtil.setDocElementAttributeValue) HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) Attr(org.w3c.dom.Attr) Level(java.util.logging.Level) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SignatureAlgorithm(org.keycloak.saml.SignatureAlgorithm) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) RedirectBindingUtil(org.keycloak.saml.processing.web.util.RedirectBindingUtil) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Test(org.junit.Test) IOException(java.io.IOException) KeyUtils(org.keycloak.testsuite.util.KeyUtils) AUTH_SERVER_PORT(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT) Element(org.w3c.dom.Element) Step(org.keycloak.testsuite.util.SamlClient.Step) Matcher(org.hamcrest.Matcher) Binding(org.keycloak.testsuite.util.SamlClient.Binding) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) IOUtil.documentToString(org.keycloak.testsuite.utils.io.IOUtil.documentToString) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Test(org.junit.Test)

Example 24 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class BasicSamlTest method testReauthnWithForceAuthn.

private void testReauthnWithForceAuthn(Boolean reloginRequired) throws Exception {
    // Ensure that the first authentication passes
    SamlClient samlClient = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, Binding.POST).build().login().user(bburkeUser).build().execute(hr -> {
        try {
            SAMLDocumentHolder doc = Binding.POST.extractResponse(hr);
            assertThat(doc.getSamlObject(), Matchers.isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        } catch (IOException ex) {
            Logger.getLogger(BasicSamlTest.class.getName()).log(Level.SEVERE, null, ex);
        }
    });
    List<Step> secondAuthn = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, Binding.POST).transformObject(so -> {
        so.setForceAuthn(reloginRequired);
        return so;
    }).build().assertResponse(Matchers.bodyHC(containsString(Objects.equals(reloginRequired, Boolean.TRUE) ? "Sign in" : GeneralConstants.SAML_RESPONSE_KEY))).getSteps();
    samlClient.execute(secondAuthn);
}
Also used : Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) EntityUtils(org.apache.http.util.EntityUtils) Document(org.w3c.dom.Document) Matchers.nullValue(org.hamcrest.Matchers.nullValue) SamlClient(org.keycloak.testsuite.util.SamlClient) RedirectStrategyWithSwitchableFollowRedirect(org.keycloak.testsuite.util.SamlClient.RedirectStrategyWithSwitchableFollowRedirect) UriBuilder(javax.ws.rs.core.UriBuilder) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) NAMEID_FORMAT_TRANSIENT(org.keycloak.saml.common.constants.JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) Signature(java.security.Signature) SamlProtocol(org.keycloak.protocol.saml.SamlProtocol) Logger(java.util.logging.Logger) DocumentUtil(org.keycloak.saml.common.util.DocumentUtil) Objects(java.util.Objects) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) List(java.util.List) Response(javax.ws.rs.core.Response) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) PROTOCOL_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.PROTOCOL_NSURI) RealmsResource(org.keycloak.services.resources.RealmsResource) Encode(org.jboss.resteasy.util.Encode) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) GeneralConstants(org.keycloak.saml.common.constants.GeneralConstants) CoreMatchers.not(org.hamcrest.CoreMatchers.not) IOUtil.setDocElementAttributeValue(org.keycloak.testsuite.utils.io.IOUtil.setDocElementAttributeValue) HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) Attr(org.w3c.dom.Attr) Level(java.util.logging.Level) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SignatureAlgorithm(org.keycloak.saml.SignatureAlgorithm) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) RedirectBindingUtil(org.keycloak.saml.processing.web.util.RedirectBindingUtil) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Test(org.junit.Test) IOException(java.io.IOException) KeyUtils(org.keycloak.testsuite.util.KeyUtils) AUTH_SERVER_PORT(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT) Element(org.w3c.dom.Element) Step(org.keycloak.testsuite.util.SamlClient.Step) Matcher(org.hamcrest.Matcher) Binding(org.keycloak.testsuite.util.SamlClient.Binding) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) IOUtil.documentToString(org.keycloak.testsuite.utils.io.IOUtil.documentToString) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IOException(java.io.IOException) Step(org.keycloak.testsuite.util.SamlClient.Step) SamlClient(org.keycloak.testsuite.util.SamlClient)

Example 25 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class IncludeOneTimeUseConditionTest method testOneTimeUseConditionIncluded.

private void testOneTimeUseConditionIncluded(Boolean oneTimeUseConditionShouldBeIncluded) throws IOException {
    try (Closeable c = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ONETIMEUSE_CONDITION, oneTimeUseConditionShouldBeIncluded.toString()).update()) {
        SAMLDocumentHolder res = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(Binding.POST);
        assertThat(res.getSamlObject(), notNullValue());
        assertThat(res.getSamlObject(), instanceOf(ResponseType.class));
        ResponseType rt = (ResponseType) res.getSamlObject();
        assertThat(rt.getAssertions(), not(empty()));
        final ConditionsType conditionsType = rt.getAssertions().get(0).getAssertion().getConditions();
        assertThat(conditionsType, notNullValue());
        assertThat(conditionsType.getConditions(), not(empty()));
        final List<ConditionAbstractType> conditions = conditionsType.getConditions();
        final Collection<ConditionAbstractType> oneTimeUseConditions = Collections2.filter(conditions, input -> input instanceof OneTimeUseType);
        final boolean oneTimeUseConditionAdded = !oneTimeUseConditions.isEmpty();
        assertThat(oneTimeUseConditionAdded, is(oneTimeUseConditionShouldBeIncluded));
    }
}
Also used : OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Aggregations

SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)83 Test (org.junit.Test)70 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)62 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)35 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)29 Document (org.w3c.dom.Document)20 IOException (java.io.IOException)19 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)18 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)14 URI (java.net.URI)12 List (java.util.List)12 Response (javax.ws.rs.core.Response)12 Matchers.containsString (org.hamcrest.Matchers.containsString)12 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)12 Matchers (org.keycloak.testsuite.util.Matchers)12 SamlClient (org.keycloak.testsuite.util.SamlClient)12 Matchers.is (org.hamcrest.Matchers.is)11 Assert.assertThat (org.junit.Assert.assertThat)11 Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)10
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial