Search in sources :

Example 6 with IdentityProviderAttributeUpdater

use of org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater in project keycloak by keycloak.

the class KcSamlSpDescriptorTest method testAttributeConsumingServiceAttributeRoleMapperInSpMetadataWithServiceName.

@Test
public void testAttributeConsumingServiceAttributeRoleMapperInSpMetadataWithServiceName() throws IOException, ParsingException, URISyntaxException {
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_INDEX, "9").setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_NAME, "My Attribute Set").update()) {
        IdentityProviderMapperRepresentation attrMapperRole = new IdentityProviderMapperRepresentation();
        attrMapperRole.setName("attribute-mapper-someroleattribute");
        attrMapperRole.setIdentityProviderMapper(AttributeToRoleMapper.PROVIDER_ID);
        attrMapperRole.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, IdentityProviderMapperSyncMode.INHERIT.toString()).put(AttributeToRoleMapper.ATTRIBUTE_NAME, "role_attr_name").put(AttributeToRoleMapper.ATTRIBUTE_FRIENDLY_NAME, "role_attr_friendlyname").put(ConfigConstants.ROLE, "somerole").build());
        attrMapperRole.setIdentityProviderAlias(bc.getIDPAlias());
        identityProviderResource.addMapper(attrMapperRole);
        String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
        SAMLParser parser = SAMLParser.getInstance();
        EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
        SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
        assertThat(spDescriptor.getAttributeConsumingService(), not(empty()));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getIndex(), is(9));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), notNullValue());
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), not(empty()));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getName(), is("role_attr_name"));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getFriendlyName(), is("role_attr_friendlyname"));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName(), notNullValue());
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName().get(0).getValue(), is("My Attribute Set"));
    }
}
Also used : IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) StringInputStream(org.apache.tools.ant.filters.StringInputStream) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) Test(org.junit.Test)

Example 7 with IdentityProviderAttributeUpdater

use of org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater in project keycloak by keycloak.

the class KcSamlSpDescriptorTest method testAttributeConsumingServiceMappersInSpMetadataWithServiceName.

@Test
public void testAttributeConsumingServiceMappersInSpMetadataWithServiceName() throws IOException, ParsingException, URISyntaxException {
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_INDEX, "12").setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_NAME, "My Attribute Set").update()) {
        IdentityProviderMapperRepresentation attrMapperEmail = new IdentityProviderMapperRepresentation();
        attrMapperEmail.setName("attribute-mapper-email");
        attrMapperEmail.setIdentityProviderMapper(UserAttributeMapper.PROVIDER_ID);
        attrMapperEmail.setConfig(ImmutableMap.<String, String>builder().put(IdentityProviderMapperModel.SYNC_MODE, IdentityProviderMapperSyncMode.INHERIT.toString()).put(UserAttributeMapper.ATTRIBUTE_NAME, "email_attr_name").put(UserAttributeMapper.ATTRIBUTE_FRIENDLY_NAME, "email_attr_friendlyname").put(UserAttributeMapper.USER_ATTRIBUTE, "email").build());
        attrMapperEmail.setIdentityProviderAlias(bc.getIDPAlias());
        identityProviderResource.addMapper(attrMapperEmail);
        String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
        SAMLParser parser = SAMLParser.getInstance();
        EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
        SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
        assertThat(spDescriptor.getAttributeConsumingService(), not(empty()));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getIndex(), is(12));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), notNullValue());
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute(), not(empty()));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getName(), is("email_attr_name"));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getRequestedAttribute().get(0).getFriendlyName(), is("email_attr_friendlyname"));
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName(), notNullValue());
        assertThat(spDescriptor.getAttributeConsumingService().get(0).getServiceName().get(0).getValue(), is("My Attribute Set"));
    }
}
Also used : IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) StringInputStream(org.apache.tools.ant.filters.StringInputStream) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) Test(org.junit.Test)

Example 8 with IdentityProviderAttributeUpdater

use of org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater in project keycloak by keycloak.

the class KcSamlAttributeConsumingServiceIndexTest method testAttributeConsumingServiceIndexNotSet.

@Test
public void testAttributeConsumingServiceIndexNotSet() throws Exception {
    // No Attribute Consuming Service Index set -> No attribute added to AuthnRequest
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the AuthnRequest AttributeConsumingServiceIndex attribute
                Node attrNode = document.getDocumentElement().getAttributes().getNamedItem("AttributeConsumingServiceIndex");
                Assert.assertEquals("Unexpected AttributeConsumingServiceIndex attribute value", null, attrNode);
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Node(org.w3c.dom.Node) Document(org.w3c.dom.Document) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 9 with IdentityProviderAttributeUpdater

use of org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater in project keycloak by keycloak.

the class KcSamlAttributeConsumingServiceIndexTest method testAttributeConsumingServiceIndexSet.

@Test
public void testAttributeConsumingServiceIndexSet() throws Exception {
    // Attribute Consuming Service Index set -> Attribute added to AuthnRequest
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ATTRIBUTE_CONSUMING_SERVICE_INDEX, "15").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the AuthnRequest AttributeConsumingServiceIndex attribute
                String attrValue = document.getDocumentElement().getAttributes().getNamedItem("AttributeConsumingServiceIndex").getNodeValue();
                Assert.assertEquals("Unexpected AttributeConsumingServiceIndex attribute value", "15", attrValue);
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Document(org.w3c.dom.Document) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 10 with IdentityProviderAttributeUpdater

use of org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater in project keycloak by keycloak.

the class KcSamlCustomEntityIdBrokerTest method testCustomEntityIdSet.

@Test
public void testCustomEntityIdSet() throws Exception {
    // Comparison type set, no classrefs, no declrefs -> No RequestedAuthnContext
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.ENTITY_ID, "http://my.custom.entity.id").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the Issuer element
                Element issuerElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), ASSERTION_NSURI.get(), "Issuer");
                Assert.assertEquals("Unexpected Issuer element value", "http://my.custom.entity.id", issuerElement.getTextContent());
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Aggregations

Closeable (java.io.Closeable)17 IdentityProviderAttributeUpdater (org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater)17 Test (org.junit.Test)16 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)12 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)12 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)12 Document (org.w3c.dom.Document)12 Element (org.w3c.dom.Element)8 StringInputStream (org.apache.tools.ant.filters.StringInputStream)4 EntityDescriptorType (org.keycloak.dom.saml.v2.metadata.EntityDescriptorType)4 SPSSODescriptorType (org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType)4 SAMLParser (org.keycloak.saml.processing.core.parsers.saml.SAMLParser)4 IdentityProviderMapperRepresentation (org.keycloak.representations.idm.IdentityProviderMapperRepresentation)3 Matchers.containsString (org.hamcrest.Matchers.containsString)2 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)1 RealmAttributeUpdater (org.keycloak.testsuite.updaters.RealmAttributeUpdater)1 DOMException (org.w3c.dom.DOMException)1 Node (org.w3c.dom.Node)1