Examples with SamlClient org.keycloak.testsuite.util.SamlClient used on opensource projects

Search in sources :

Example 1 with SamlClient

use of org.keycloak.testsuite.util.SamlClient in project keycloak by keycloak.

the class BasicSamlTest method testReauthnWithForceAuthn.

private void testReauthnWithForceAuthn(Boolean reloginRequired) throws Exception {
    // Ensure that the first authentication passes
    SamlClient samlClient = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, Binding.POST).build().login().user(bburkeUser).build().execute(hr -> {
        try {
            SAMLDocumentHolder doc = Binding.POST.extractResponse(hr);
            assertThat(doc.getSamlObject(), Matchers.isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        } catch (IOException ex) {
            Logger.getLogger(BasicSamlTest.class.getName()).log(Level.SEVERE, null, ex);
        }
    });
    List<Step> secondAuthn = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, Binding.POST).transformObject(so -> {
        so.setForceAuthn(reloginRequired);
        return so;
    }).build().assertResponse(Matchers.bodyHC(containsString(Objects.equals(reloginRequired, Boolean.TRUE) ? "Sign in" : GeneralConstants.SAML_RESPONSE_KEY))).getSteps();
    samlClient.execute(secondAuthn);
}
Also used : Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) EntityUtils(org.apache.http.util.EntityUtils) Document(org.w3c.dom.Document) Matchers.nullValue(org.hamcrest.Matchers.nullValue) SamlClient(org.keycloak.testsuite.util.SamlClient) RedirectStrategyWithSwitchableFollowRedirect(org.keycloak.testsuite.util.SamlClient.RedirectStrategyWithSwitchableFollowRedirect) UriBuilder(javax.ws.rs.core.UriBuilder) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) NAMEID_FORMAT_TRANSIENT(org.keycloak.saml.common.constants.JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) Signature(java.security.Signature) SamlProtocol(org.keycloak.protocol.saml.SamlProtocol) Logger(java.util.logging.Logger) DocumentUtil(org.keycloak.saml.common.util.DocumentUtil) Objects(java.util.Objects) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) List(java.util.List) Response(javax.ws.rs.core.Response) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) PROTOCOL_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.PROTOCOL_NSURI) RealmsResource(org.keycloak.services.resources.RealmsResource) Encode(org.jboss.resteasy.util.Encode) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) GeneralConstants(org.keycloak.saml.common.constants.GeneralConstants) CoreMatchers.not(org.hamcrest.CoreMatchers.not) IOUtil.setDocElementAttributeValue(org.keycloak.testsuite.utils.io.IOUtil.setDocElementAttributeValue) HttpUriRequest(org.apache.http.client.methods.HttpUriRequest) Attr(org.w3c.dom.Attr) Level(java.util.logging.Level) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SignatureAlgorithm(org.keycloak.saml.SignatureAlgorithm) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) RedirectBindingUtil(org.keycloak.saml.processing.web.util.RedirectBindingUtil) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Test(org.junit.Test) IOException(java.io.IOException) KeyUtils(org.keycloak.testsuite.util.KeyUtils) AUTH_SERVER_PORT(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT) Element(org.w3c.dom.Element) Step(org.keycloak.testsuite.util.SamlClient.Step) Matcher(org.hamcrest.Matcher) Binding(org.keycloak.testsuite.util.SamlClient.Binding) HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder) IOUtil.documentToString(org.keycloak.testsuite.utils.io.IOUtil.documentToString) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IOException(java.io.IOException) Step(org.keycloak.testsuite.util.SamlClient.Step) SamlClient(org.keycloak.testsuite.util.SamlClient)

Example 2 with SamlClient

use of org.keycloak.testsuite.util.SamlClient in project keycloak by keycloak.

the class SamlRelayStateTest method relayStateConcurrencyTest.

@Test
@Ignore("KEYCLOAK-5179")
public void relayStateConcurrencyTest() throws Exception {
    ThreadLocal<UUID> tl = new ThreadLocal<>();
    List<SamlClient.Step> steps = new SamlClientBuilder().addStep(() -> tl.set(UUID.randomUUID())).authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).relayState(() -> tl.get().toString()).build().login().user(bburkeUser).build().assertSamlRelayState(SamlClient.Binding.POST, relayState -> {
        assertThat(relayState, is(notNullValue()));
        assertThat(relayState, is(equalTo(tl.get().toString())));
    }).getSteps();
    SamlClient client = new SamlClient();
    client.execute(steps);
    // removing login as it should not be necessary anymore
    steps.remove(2);
    AbstractConcurrencyTest.run(2, 10, this, (threadIndex, keycloak, realm) -> {
        client.execute(steps);
    });
}
Also used : ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Test(org.junit.Test) SamlProtocol(org.keycloak.protocol.saml.SamlProtocol) UUID(java.util.UUID) AbstractConcurrencyTest(org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest) List(java.util.List) Ignore(org.junit.Ignore) Closeable(java.io.Closeable) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Matchers.nullValue(org.hamcrest.Matchers.nullValue) SamlClient(org.keycloak.testsuite.util.SamlClient) Matchers.is(org.hamcrest.Matchers.is) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) UUID(java.util.UUID) SamlClient(org.keycloak.testsuite.util.SamlClient) Ignore(org.junit.Ignore) Test(org.junit.Test) AbstractConcurrencyTest(org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest)

Example 3 with SamlClient

use of org.keycloak.testsuite.util.SamlClient in project keycloak by keycloak.

the class AbstractSAMLAdapterClusteredTest method testLogoutViaSessionIndex.

private void testLogoutViaSessionIndex(URL employeeUrl, boolean forceRefreshAtOtherNode, BiConsumer<SamlClientBuilder, String> logoutFunction) {
    setPasswordFor(bburkeUser, CredentialRepresentation.PASSWORD);
    String employeeUrlString = getProxiedUrl(employeeUrl);
    SamlClientBuilder builder = new SamlClientBuilder().navigateTo(employeeUrlString).processSamlResponse(Binding.POST).build().login().user(bburkeUser).build().processSamlResponse(Binding.POST).build().assertResponse(Matchers.bodyHC(containsString("principal=bburke"))).addStep(() -> updateProxy(NODE_2_NAME, NODE_2_URI, NODE_1_URI));
    if (forceRefreshAtOtherNode) {
        // Go to employee URL at reverse proxy which is set to forward to _second_ node now
        builder.navigateTo(employeeUrlString).doNotFollowRedirects().assertResponse(Matchers.bodyHC(containsString("principal=bburke")));
    }
    // Logout at the _second_ node
    logoutFunction.accept(builder, employeeUrlString);
    SamlClient samlClient = builder.execute();
    delayedCheckLoggedOut(samlClient, employeeUrlString);
    // Update the proxy to forward to the first node.
    updateProxy(NODE_1_NAME, NODE_1_URI, NODE_2_URI);
    delayedCheckLoggedOut(samlClient, employeeUrlString);
}
Also used : SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlClient(org.keycloak.testsuite.util.SamlClient)

Example 4 with SamlClient

use of org.keycloak.testsuite.util.SamlClient in project keycloak by keycloak.

the class AbstractSAMLAdapterClusteredTest method testNodeRestartResiliency.

@Test
public void testNodeRestartResiliency(@ArquillianResource @OperateOnDeployment(value = EmployeeServletDistributable.DEPLOYMENT_NAME) URL employeeUrl) throws Exception {
    ContainerInfo containerInfo = testContext.getAppServerBackendsInfo().get(0);
    setPasswordFor(bburkeUser, CredentialRepresentation.PASSWORD);
    String employeeUrlString = getProxiedUrl(employeeUrl);
    SamlClient samlClient = new SamlClientBuilder().navigateTo(employeeUrlString).processSamlResponse(Binding.POST).build().login().user(bburkeUser).build().processSamlResponse(Binding.POST).build().assertResponse(Matchers.bodyHC(containsString("principal=bburke"))).execute();
    controller.stop(containerInfo.getQualifier());
    // Update the proxy to forward to the second node.
    updateProxy(NODE_2_NAME, NODE_2_URI, NODE_1_URI);
    samlClient.execute(new SamlClientBuilder().navigateTo(employeeUrlString).doNotFollowRedirects().assertResponse(Matchers.bodyHC(containsString("principal=bburke"))).getSteps());
    controller.start(containerInfo.getQualifier());
    // Update the proxy to forward to the first node.
    updateProxy(NODE_1_NAME, NODE_1_URI, NODE_2_URI);
    samlClient.execute(new SamlClientBuilder().navigateTo(employeeUrlString).doNotFollowRedirects().assertResponse(Matchers.bodyHC(containsString("principal=bburke"))).getSteps());
}
Also used : SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ContainerInfo(org.keycloak.testsuite.arquillian.ContainerInfo) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlClient(org.keycloak.testsuite.util.SamlClient)

Example 5 with SamlClient

use of org.keycloak.testsuite.util.SamlClient in project keycloak by keycloak.

the class SamlRedirectBindingTest method testQueryParametersInSamlProcessingUriRedirectWithSignature.

@Test
public void testQueryParametersInSamlProcessingUriRedirectWithSignature() throws Exception {
    SamlClient samlClient = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG + "?param1=value1&param2=value2", Binding.REDIRECT).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().doNotFollowRedirects().execute(hr -> {
        try {
            // obtain the document validating the signature (it should be valid)
            SAMLDocumentHolder doc = Binding.REDIRECT.extractResponse(hr, REALM_PUBLIC_KEY);
            // assert doc is OK and the destination really has the extra parameters
            assertThat(doc.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            assertThat(doc.getSamlObject(), instanceOf(ResponseType.class));
            ResponseType res = (ResponseType) doc.getSamlObject();
            assertThat(res.getDestination(), is(SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG + "?param1=value1&param2=value2"));
        } catch (IOException e) {
            throw new IllegalStateException(e);
        }
    });
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IOException(java.io.IOException) SamlClient(org.keycloak.testsuite.util.SamlClient) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) Test(org.junit.Test)

Aggregations

SamlClient (org.keycloak.testsuite.util.SamlClient)5 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)5 Matchers.containsString (org.hamcrest.Matchers.containsString)3 Test (org.junit.Test)3 IOException (java.io.IOException)2 List (java.util.List)2 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)2 Matchers.is (org.hamcrest.Matchers.is)2 Matchers.notNullValue (org.hamcrest.Matchers.notNullValue)2 Matchers.nullValue (org.hamcrest.Matchers.nullValue)2 SamlProtocol (org.keycloak.protocol.saml.SamlProtocol)2 Closeable (java.io.Closeable)1 URI (java.net.URI)1 Signature (java.security.Signature)1 Objects (java.util.Objects)1 UUID (java.util.UUID)1 Level (java.util.logging.Level)1 Logger (java.util.logging.Logger)1 Response (javax.ws.rs.core.Response)1 Status (javax.ws.rs.core.Response.Status)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial