use of org.keycloak.testsuite.util.SamlClient.Binding.POST in project keycloak by keycloak.
the class BrokerTest method testLogoutPropagatesToSamlIdentityProvider.
@Test
public void testLogoutPropagatesToSamlIdentityProvider() throws IOException {
final RealmResource realm = adminClient.realm(REALM_NAME);
final ClientsResource clients = realm.clients();
AuthenticationExecutionInfoRepresentation reviewProfileAuthenticator = null;
String firstBrokerLoginFlowAlias = null;
try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/saml"))) {
IdentityProviderRepresentation idpRepresentation = idp.identityProvider().toRepresentation();
firstBrokerLoginFlowAlias = idpRepresentation.getFirstBrokerLoginFlowAlias();
List<AuthenticationExecutionInfoRepresentation> executions = realm.flows().getExecutions(firstBrokerLoginFlowAlias);
reviewProfileAuthenticator = executions.stream().filter(ex -> Objects.equals(ex.getProviderId(), IdpReviewProfileAuthenticatorFactory.PROVIDER_ID)).findFirst().orElseGet(() -> {
Assert.fail("Could not find update profile in first broker login flow");
return null;
});
reviewProfileAuthenticator.setRequirement(Requirement.DISABLED.name());
realm.flows().updateExecutions(firstBrokerLoginFlowAlias, reviewProfileAuthenticator);
SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).transformObject(ar -> {
NameIDPolicyType nameIDPolicy = new NameIDPolicyType();
nameIDPolicy.setAllowCreate(Boolean.TRUE);
nameIDPolicy.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.getUri());
ar.setNameIDPolicy(nameIDPolicy);
return ar;
}).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().followOneRedirect().followOneRedirect().getSamlResponse(POST);
assertThat(samlResponse.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_RESPONDER, JBossSAMLURIConstants.STATUS_INVALID_NAMEIDPOLICY));
} finally {
reviewProfileAuthenticator.setRequirement(Requirement.REQUIRED.name());
realm.flows().updateExecutions(firstBrokerLoginFlowAlias, reviewProfileAuthenticator);
}
}
use of org.keycloak.testsuite.util.SamlClient.Binding.POST in project keycloak by keycloak.
the class BrokerTest method testNoNameIDAndPrincipalFromAttribute.
@Test
public void testNoNameIDAndPrincipalFromAttribute() throws IOException {
final String userName = "newUser-" + UUID.randomUUID();
final RealmResource realm = adminClient.realm(REALM_NAME);
final IdentityProviderRepresentation rep = addIdentityProvider("https://saml.idp/");
rep.getConfig().put(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, "undefined");
rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.toString());
rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, "user");
try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, rep)) {
new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).transformObject(resp -> {
final ResponseType rt = (ResponseType) resp;
final AssertionType assertion = rt.getAssertions().get(0).getAssertion();
// Remove NameID from subject
assertion.getSubject().setSubType(null);
// Add attribute to get principal from
AttributeStatementType attrStatement = new AttributeStatementType();
AttributeType attribute = new AttributeType("user");
attribute.addAttributeValue(userName);
attrStatement.addAttribute(new ASTChoiceType(attribute));
rt.getAssertions().get(0).getAssertion().addStatement(attrStatement);
return rt;
}).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().followOneRedirect().updateProfile().username(userName).firstName("someFirstName").lastName("someLastName").email("some@email.com").build().followOneRedirect().assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(200)).execute();
}
final UserRepresentation userRepresentation = realm.users().search(userName).stream().findFirst().get();
final List<UserSessionRepresentation> userSessions = realm.users().get(userRepresentation.getId()).getUserSessions();
assertThat(userSessions, hasSize(1));
}
use of org.keycloak.testsuite.util.SamlClient.Binding.POST in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingLogoutWithoutSignatureMissingDestinationTest.
@Test
public void soapBindingLogoutWithoutSignatureMissingDestinationTest() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).transformObject(logoutRequestType -> {
logoutRequestType.setDestination(null);
return logoutRequestType;
}).build().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
use of org.keycloak.testsuite.util.SamlClient.Binding.POST in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingLogoutWithoutSignature.
@Test
public void soapBindingLogoutWithoutSignature() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).build().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
use of org.keycloak.testsuite.util.SamlClient.Binding.POST in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingLogoutWithSignature.
@Test
public void soapBindingLogoutWithSignature() {
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
Aggregations