Search in sources :

Example 26 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class SamlConsentTest method rejectedConsentResponseTest.

@Test
public void rejectedConsentResponseTest() throws ParsingException, ConfigurationException, ProcessingException {
    ClientRepresentation client = adminClient.realm(REALM_NAME).clients().findByClientId(SAML_CLIENT_ID_SALES_POST).get(0);
    adminClient.realm(REALM_NAME).clients().get(client.getId()).update(ClientBuilder.edit(client).consentRequired(true).attribute(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME, "sales-post").attribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, SAML_ASSERTION_CONSUMER_URL_SALES_POST + "saml").attribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true").build());
    log.debug("Log in using idp initiated login");
    SAMLDocumentHolder documentHolder = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, Binding.POST).build().login().user(bburkeUser).build().consentRequired().approveConsent(false).build().getSamlResponse(Binding.POST);
    final String samlDocumentString = IOUtil.documentToString(documentHolder.getSamlDocument());
    // KEYCLOAK-4262
    assertThat(samlDocumentString, containsString("<dsig:Signature"));
    // KEYCLOAK-4261
    assertThat(samlDocumentString, not(containsString("<samlp:LogoutResponse")));
    // KEYCLOAK-4261
    assertThat(samlDocumentString, containsString("<samlp:Response"));
    // KEYCLOAK-4181
    assertThat(samlDocumentString, containsString("<samlp:Status"));
    // KEYCLOAK-4181
    assertThat(samlDocumentString, containsString("<samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:RequestDenied\""));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test)

Example 27 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class ProtocolMapperTest method hardcodedAttributeMapperWithNullValueTest.

@Test
public void hardcodedAttributeMapperWithNullValueTest() throws Exception {
    pmu.add(createSamlProtocolMapper(HardcodedAttributeMapper.PROVIDER_ID, AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "HARDCODED_ATTRIBUTE", AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC, HardcodedAttributeMapper.ATTRIBUTE_VALUE, null)).update();
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_EMPLOYEE_2, RoleMapperTest.SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, SamlClient.Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertions = assertionsUnencrypted(samlResponse.getSamlObject());
    Stream<AttributeType> attributes = attributesUnecrypted(attributeStatements(assertions));
    Set<Object> attributeValues = attributes.flatMap(a -> a.getAttributeValue().stream()).collect(Collectors.toSet());
    assertThat(attributeValues, hasSize(1));
    assertThat(attributeValues.iterator().next(), nullValue());
}
Also used : AttributeStatementHelper(org.keycloak.protocol.saml.mappers.AttributeStatementHelper) HardcodedAttributeMapper(org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper) ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) ProtocolMappersUpdater(org.keycloak.testsuite.updaters.ProtocolMappersUpdater) Matchers(org.keycloak.testsuite.util.Matchers) SamlStreams.attributesUnecrypted(org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Set(java.util.Set) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Collectors(java.util.stream.Collectors) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) Assert.assertThat(org.junit.Assert.assertThat) Stream(java.util.stream.Stream) RoleMapperTest.createSamlProtocolMapper(org.keycloak.testsuite.saml.RoleMapperTest.createSamlProtocolMapper) SamlClient(org.keycloak.testsuite.util.SamlClient) Matchers.hasSize(org.hamcrest.Matchers.hasSize) SamlStreams.attributeStatements(org.keycloak.testsuite.util.SamlStreams.attributeStatements) SamlStreams.assertionsUnencrypted(org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted) Collections(java.util.Collections) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Before(org.junit.Before) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Test(org.junit.Test)

Example 28 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingAuthnWithSignatureTest.

@Test
public void soapBindingAuthnWithSignatureTest() {
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) response.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SOAP(org.keycloak.testsuite.util.SamlClient.Binding.SOAP) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 29 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingLogoutWithSignatureMissingDestinationTest.

@Test
public void soapBindingLogoutWithSignatureMissingDestinationTest() {
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).transformObject(logoutRequestType -> {
        logoutRequestType.setDestination(null);
        return logoutRequestType;
    }).build().executeAndTransform(POST::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 30 with SAMLDocumentHolder

use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingAuthnWithoutSignatureTest.

@Test
public void soapBindingAuthnWithoutSignatureTest() {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) response.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SOAP(org.keycloak.testsuite.util.SamlClient.Binding.SOAP) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Aggregations

SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)83 Test (org.junit.Test)70 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)62 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)35 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)29 Document (org.w3c.dom.Document)20 IOException (java.io.IOException)19 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)18 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)14 URI (java.net.URI)12 List (java.util.List)12 Response (javax.ws.rs.core.Response)12 Matchers.containsString (org.hamcrest.Matchers.containsString)12 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)12 Matchers (org.keycloak.testsuite.util.Matchers)12 SamlClient (org.keycloak.testsuite.util.SamlClient)12 Matchers.is (org.hamcrest.Matchers.is)11 Assert.assertThat (org.junit.Assert.assertThat)11 Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)10