use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SamlConsentTest method rejectedConsentResponseTest.
@Test
public void rejectedConsentResponseTest() throws ParsingException, ConfigurationException, ProcessingException {
ClientRepresentation client = adminClient.realm(REALM_NAME).clients().findByClientId(SAML_CLIENT_ID_SALES_POST).get(0);
adminClient.realm(REALM_NAME).clients().get(client.getId()).update(ClientBuilder.edit(client).consentRequired(true).attribute(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME, "sales-post").attribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, SAML_ASSERTION_CONSUMER_URL_SALES_POST + "saml").attribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true").build());
log.debug("Log in using idp initiated login");
SAMLDocumentHolder documentHolder = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, Binding.POST).build().login().user(bburkeUser).build().consentRequired().approveConsent(false).build().getSamlResponse(Binding.POST);
final String samlDocumentString = IOUtil.documentToString(documentHolder.getSamlDocument());
// KEYCLOAK-4262
assertThat(samlDocumentString, containsString("<dsig:Signature"));
// KEYCLOAK-4261
assertThat(samlDocumentString, not(containsString("<samlp:LogoutResponse")));
// KEYCLOAK-4261
assertThat(samlDocumentString, containsString("<samlp:Response"));
// KEYCLOAK-4181
assertThat(samlDocumentString, containsString("<samlp:Status"));
// KEYCLOAK-4181
assertThat(samlDocumentString, containsString("<samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:RequestDenied\""));
}
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class ProtocolMapperTest method hardcodedAttributeMapperWithNullValueTest.
@Test
public void hardcodedAttributeMapperWithNullValueTest() throws Exception {
pmu.add(createSamlProtocolMapper(HardcodedAttributeMapper.PROVIDER_ID, AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "HARDCODED_ATTRIBUTE", AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC, HardcodedAttributeMapper.ATTRIBUTE_VALUE, null)).update();
SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_EMPLOYEE_2, RoleMapperTest.SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, SamlClient.Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
Stream<AssertionType> assertions = assertionsUnencrypted(samlResponse.getSamlObject());
Stream<AttributeType> attributes = attributesUnecrypted(attributeStatements(assertions));
Set<Object> attributeValues = attributes.flatMap(a -> a.getAttributeValue().stream()).collect(Collectors.toSet());
assertThat(attributeValues, hasSize(1));
assertThat(attributeValues.iterator().next(), nullValue());
}
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingAuthnWithSignatureTest.
@Test
public void soapBindingAuthnWithSignatureTest() {
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
}
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingLogoutWithSignatureMissingDestinationTest.
@Test
public void soapBindingLogoutWithSignatureMissingDestinationTest() {
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).transformObject(logoutRequestType -> {
logoutRequestType.setDestination(null);
return logoutRequestType;
}).build().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
use of org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingAuthnWithoutSignatureTest.
@Test
public void soapBindingAuthnWithoutSignatureTest() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
}
Aggregations