Examples with REDIRECT org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT used on opensource projects

Search in sources :

Example 1 with REDIRECT

use of org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT in project keycloak by keycloak.

the class BrokerTest method assertExpired.

private void assertExpired(XMLGregorianCalendar notBefore, XMLGregorianCalendar notOnOrAfter, boolean shouldPass) throws Exception {
    Status expectedStatus = shouldPass ? Status.OK : Status.BAD_REQUEST;
    final RealmResource realm = adminClient.realm(REALM_NAME);
    try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/"))) {
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).transformObject(resp -> {
            // always invent a new user identified by a different email address
            ResponseType rt = (ResponseType) resp;
            AssertionType a = rt.getAssertions().get(0).getAssertion();
            NameIDType nameId = new NameIDType();
            nameId.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get()));
            nameId.setValue(UUID.randomUUID() + "@random.email.org");
            SubjectType subject = new SubjectType();
            SubjectType.STSubType subType = new SubjectType.STSubType();
            subType.addBaseID(nameId);
            subject.setSubType(subType);
            a.setSubject(subject);
            ConditionsType conditions = a.getConditions();
            conditions.setNotBefore(notBefore);
            conditions.setNotOnOrAfter(notOnOrAfter);
            return rt;
        }).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(expectedStatus)).execute();
    }
}
Also used : Status(javax.ws.rs.core.Response.Status) XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) KeyPair(java.security.KeyPair) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) Header(org.apache.http.Header) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) Document(org.w3c.dom.Document) Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName) URI(java.net.URI) HttpHeaders(org.apache.http.HttpHeaders) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) IdentityProviderBuilder(org.keycloak.testsuite.util.IdentityProviderBuilder) UUID(java.util.UUID) Objects(java.util.Objects) List(java.util.List) Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse) Matchers.is(org.hamcrest.Matchers.is) SAML_CLIENT_ID_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_SALES_POST) QName(javax.xml.namespace.QName) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) XmlDSigQNames(org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AtomicReference(java.util.concurrent.atomic.AtomicReference) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) RSA_SHA1(org.keycloak.saml.SignatureAlgorithm.RSA_SHA1) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) DOMException(org.w3c.dom.DOMException) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) NodeList(org.w3c.dom.NodeList) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME) Matchers(org.hamcrest.Matchers) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SAML_ASSERTION_CONSUMER_URL_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) IdpReviewProfileAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticatorFactory) BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder) Element(org.w3c.dom.Element) Assert(org.junit.Assert) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) RealmResource(org.keycloak.admin.client.resource.RealmResource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 2 with REDIRECT

use of org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT in project keycloak by keycloak.

the class ArtifactBindingTest method testSessionStateDuringArtifactBindingLogoutWithMoreFrontChannelClients.

// Won't work with openshift, because openshift wouldn't see ArtifactResolutionService
@AuthServerContainerExclude(AuthServerContainerExclude.AuthServer.REMOTE)
@Test
public void testSessionStateDuringArtifactBindingLogoutWithMoreFrontChannelClients() {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE, "http://url").setFrontchannelLogout(true).update()).addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST2).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE, "http://url").setFrontchannelLogout(true).update());
    ClientRepresentation salesRep = adminClient.realm(REALM_NAME).clients().findByClientId(SAML_CLIENT_ID_SALES_POST).get(0);
    final String salesRepId = salesRep.getId();
    ClientRepresentation salesRep2 = adminClient.realm(REALM_NAME).clients().findByClientId(SAML_CLIENT_ID_SALES_POST2).get(0);
    final String salesRep2Id = salesRep2.getId();
    final AtomicReference<String> userSessionId = new AtomicReference<>();
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2).setBeforeStepChecks(new SessionStateChecker(testingClient.server()).storeUserSessionId(userSessionId).expectedClientSession(salesRep2Id).expectedState(UserSessionModel.State.LOGGED_IN).expectedNumberOfClientSessions(1).consumeUserSession(userSessionModel -> assertThat(userSessionModel, notNullValue())).consumeClientSession(salesRep2Id, clientSession -> assertThat(clientSession, notNullValue()))).verifyRedirect(true).build().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(new SessionStateChecker(testingClient.server()).expectedUserSession(userSessionId).expectedState(UserSessionModel.State.LOGGED_IN).expectedClientSession(salesRepId).expectedNumberOfClientSessions(2).expectedAction(salesRep2Id, null).expectedAction(salesRepId, null)).verifyRedirect(true).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2, REDIRECT).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(new SessionStateChecker(testingClient.server()).expectedUserSession(userSessionId).expectedState(UserSessionModel.State.LOGGING_OUT).expectedClientSession(salesRepId).expectedNumberOfClientSessions(2).expectedAction(salesRepId, CommonClientSessionModel.Action.LOGGING_OUT).expectedAction(salesRep2Id, CommonClientSessionModel.Action.LOGGING_OUT)).setAfterStepChecks(new SessionStateChecker(testingClient.server()).setUserSessionProvider(session -> userSessionId.get()).expectedState(UserSessionModel.State.LOGGING_OUT).expectedNumberOfClientSessions(2).expectedAction(salesRepId, CommonClientSessionModel.Action.LOGGED_OUT).expectedAction(salesRep2Id, CommonClientSessionModel.Action.LOGGING_OUT)).verifyRedirect(true).build().doNotFollowRedirects().processSamlResponse(ARTIFACT_RESPONSE).transformDocument(doc -> {
        // Send LogoutResponse
        SAML2Object so = (SAML2Object) SAMLParser.getInstance().parse(new DOMSource(doc));
        return new SAML2LogoutResponseBuilder().destination(getAuthServerSamlEndpoint(REALM_NAME).toString()).issuer(SAML_CLIENT_ID_SALES_POST).logoutRequestID(((LogoutRequestType) so).getID()).buildDocument();
    }).targetBinding(REDIRECT).targetAttributeSamlResponse().targetUri(getAuthServerSamlEndpoint(REALM_NAME)).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2).verifyRedirect(true).setBeforeStepChecks(new SessionStateChecker(testingClient.server()).expectedUserSession(userSessionId).expectedClientSession(salesRep2Id).expectedState(UserSessionModel.State.LOGGED_OUT_UNCONFIRMED).expectedNumberOfClientSessions(2).expectedAction(salesRepId, CommonClientSessionModel.Action.LOGGED_OUT).expectedAction(salesRep2Id, CommonClientSessionModel.Action.LOGGING_OUT)).setAfterStepChecks(new SessionStateChecker(testingClient.server()).consumeUserSession(userSessionModel -> assertThat(userSessionModel, nullValue())).setUserSessionProvider(session -> userSessionId.get())).build().executeAndTransform(this::getArtifactResponse);
    assertThat(response.getSamlObject(), instanceOf(ArtifactResponseType.class));
    ArtifactResponseType artifactResponse = (ArtifactResponseType) response.getSamlObject();
    assertThat(artifactResponse.getSignature(), nullValue());
    assertThat(artifactResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    assertThat(artifactResponse.getAny(), instanceOf(StatusResponseType.class));
}
Also used : SamlProtocolUtils(org.keycloak.protocol.saml.SamlProtocolUtils) AssertionUtil(org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil) ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) URISyntaxException(java.net.URISyntaxException) Matchers.not(org.hamcrest.Matchers.not) ARTIFACT_RESPONSE(org.keycloak.testsuite.util.SamlClient.Binding.ARTIFACT_RESPONSE) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) SAML2LogoutResponseBuilder(org.keycloak.saml.SAML2LogoutResponseBuilder) Matchers.isSamlLogoutRequest(org.keycloak.testsuite.util.Matchers.isSamlLogoutRequest) HandleArtifactStepBuilder(org.keycloak.testsuite.util.saml.HandleArtifactStepBuilder) EntityUtils(org.apache.http.util.EntityUtils) InfinispanTestTimeServiceRule(org.keycloak.testsuite.util.InfinispanTestTimeServiceRule) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) Matcher(java.util.regex.Matcher) ByteArrayInputStream(java.io.ByteArrayInputStream) Document(org.w3c.dom.Document) NameIDMappingResponseType(org.keycloak.dom.saml.v2.protocol.NameIDMappingResponseType) Matchers.nullValue(org.hamcrest.Matchers.nullValue) SamlClient(org.keycloak.testsuite.util.SamlClient) SamlUtils(org.keycloak.testsuite.util.SamlUtils) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Awaitility.await(org.awaitility.Awaitility.await) Matchers.isSamlResponse(org.keycloak.testsuite.util.Matchers.isSamlResponse) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) SamlProtocol(org.keycloak.protocol.saml.SamlProtocol) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) IOUtil(org.keycloak.testsuite.utils.io.IOUtil) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) Base64(java.util.Base64) Response(javax.ws.rs.core.Response) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse) SamlMessageReceiver(org.keycloak.testsuite.util.saml.SamlMessageReceiver) Matchers.is(org.hamcrest.Matchers.is) Pattern(java.util.regex.Pattern) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlUtils.getSPInstallationDescriptor(org.keycloak.testsuite.util.SamlUtils.getSPInstallationDescriptor) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) DOMSource(javax.xml.transform.dom.DOMSource) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) MessageDigest(java.security.MessageDigest) GeneralConstants(org.keycloak.saml.common.constants.GeneralConstants) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes) Matchers.bodyHC(org.keycloak.testsuite.util.Matchers.bodyHC) AtomicReference(java.util.concurrent.atomic.AtomicReference) ArtifactBindingUtils(org.keycloak.protocol.saml.util.ArtifactBindingUtils) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CommonClientSessionModel(org.keycloak.sessions.CommonClientSessionModel) Soap(org.keycloak.protocol.saml.profile.util.Soap) Charsets(com.google.common.base.Charsets) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) IOException(java.io.IOException) UserSessionModel(org.keycloak.models.UserSessionModel) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) TimeUnit(java.util.concurrent.TimeUnit) Rule(org.junit.Rule) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) SessionStateChecker(org.keycloak.testsuite.util.saml.SessionStateChecker) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) DOMSource(javax.xml.transform.dom.DOMSource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAML2LogoutResponseBuilder(org.keycloak.saml.SAML2LogoutResponseBuilder) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) AtomicReference(java.util.concurrent.atomic.AtomicReference) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Matchers.containsString(org.hamcrest.Matchers.containsString) SessionStateChecker(org.keycloak.testsuite.util.saml.SessionStateChecker) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 3 with REDIRECT

use of org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT in project keycloak by keycloak.

the class BrokerTest method testLogoutPropagatesToSamlIdentityProvider.

@Test
public void testLogoutPropagatesToSamlIdentityProvider() throws IOException {
    final RealmResource realm = adminClient.realm(REALM_NAME);
    final ClientsResource clients = realm.clients();
    AuthenticationExecutionInfoRepresentation reviewProfileAuthenticator = null;
    String firstBrokerLoginFlowAlias = null;
    try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, addIdentityProvider("https://saml.idp/saml"))) {
        IdentityProviderRepresentation idpRepresentation = idp.identityProvider().toRepresentation();
        firstBrokerLoginFlowAlias = idpRepresentation.getFirstBrokerLoginFlowAlias();
        List<AuthenticationExecutionInfoRepresentation> executions = realm.flows().getExecutions(firstBrokerLoginFlowAlias);
        reviewProfileAuthenticator = executions.stream().filter(ex -> Objects.equals(ex.getProviderId(), IdpReviewProfileAuthenticatorFactory.PROVIDER_ID)).findFirst().orElseGet(() -> {
            Assert.fail("Could not find update profile in first broker login flow");
            return null;
        });
        reviewProfileAuthenticator.setRequirement(Requirement.DISABLED.name());
        realm.flows().updateExecutions(firstBrokerLoginFlowAlias, reviewProfileAuthenticator);
        SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).transformObject(ar -> {
            NameIDPolicyType nameIDPolicy = new NameIDPolicyType();
            nameIDPolicy.setAllowCreate(Boolean.TRUE);
            nameIDPolicy.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.getUri());
            ar.setNameIDPolicy(nameIDPolicy);
            return ar;
        }).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().followOneRedirect().followOneRedirect().getSamlResponse(POST);
        assertThat(samlResponse.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_RESPONDER, JBossSAMLURIConstants.STATUS_INVALID_NAMEIDPOLICY));
    } finally {
        reviewProfileAuthenticator.setRequirement(Requirement.REQUIRED.name());
        realm.flows().updateExecutions(firstBrokerLoginFlowAlias, reviewProfileAuthenticator);
    }
}
Also used : XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) KeyPair(java.security.KeyPair) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) Header(org.apache.http.Header) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) Document(org.w3c.dom.Document) Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName) URI(java.net.URI) HttpHeaders(org.apache.http.HttpHeaders) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) IdentityProviderBuilder(org.keycloak.testsuite.util.IdentityProviderBuilder) UUID(java.util.UUID) Objects(java.util.Objects) List(java.util.List) Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse) Matchers.is(org.hamcrest.Matchers.is) SAML_CLIENT_ID_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_SALES_POST) QName(javax.xml.namespace.QName) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) XmlDSigQNames(org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AtomicReference(java.util.concurrent.atomic.AtomicReference) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) RSA_SHA1(org.keycloak.saml.SignatureAlgorithm.RSA_SHA1) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) DOMException(org.w3c.dom.DOMException) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) NodeList(org.w3c.dom.NodeList) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME) Matchers(org.hamcrest.Matchers) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SAML_ASSERTION_CONSUMER_URL_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) IdpReviewProfileAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticatorFactory) BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder) Element(org.w3c.dom.Element) Assert(org.junit.Assert) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) Test(org.junit.Test)

Example 4 with REDIRECT

use of org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT in project keycloak by keycloak.

the class BrokerTest method testNoNameIDAndPrincipalFromAttribute.

@Test
public void testNoNameIDAndPrincipalFromAttribute() throws IOException {
    final String userName = "newUser-" + UUID.randomUUID();
    final RealmResource realm = adminClient.realm(REALM_NAME);
    final IdentityProviderRepresentation rep = addIdentityProvider("https://saml.idp/");
    rep.getConfig().put(SAMLIdentityProviderConfig.NAME_ID_POLICY_FORMAT, "undefined");
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_TYPE, SamlPrincipalType.ATTRIBUTE.toString());
    rep.getConfig().put(SAMLIdentityProviderConfig.PRINCIPAL_ATTRIBUTE, "user");
    try (IdentityProviderCreator idp = new IdentityProviderCreator(realm, rep)) {
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().idp(SAML_BROKER_ALIAS).build().processSamlResponse(REDIRECT).transformObject(this::createAuthnResponse).transformObject(resp -> {
            final ResponseType rt = (ResponseType) resp;
            final AssertionType assertion = rt.getAssertions().get(0).getAssertion();
            // Remove NameID from subject
            assertion.getSubject().setSubType(null);
            // Add attribute to get principal from
            AttributeStatementType attrStatement = new AttributeStatementType();
            AttributeType attribute = new AttributeType("user");
            attribute.addAttributeValue(userName);
            attrStatement.addAttribute(new ASTChoiceType(attribute));
            rt.getAssertions().get(0).getAssertion().addStatement(attrStatement);
            return rt;
        }).targetAttributeSamlResponse().targetUri(getSamlBrokerUrl(REALM_NAME)).build().followOneRedirect().updateProfile().username(userName).firstName("someFirstName").lastName("someLastName").email("some@email.com").build().followOneRedirect().assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(200)).execute();
    }
    final UserRepresentation userRepresentation = realm.users().search(userName).stream().findFirst().get();
    final List<UserSessionRepresentation> userSessions = realm.users().get(userRepresentation.getId()).getUserSessions();
    assertThat(userSessions, hasSize(1));
}
Also used : XMLTimeUtil(org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil) KeyPair(java.security.KeyPair) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) Header(org.apache.http.Header) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) SAMLIdentityProviderFactory(org.keycloak.broker.saml.SAMLIdentityProviderFactory) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) Document(org.w3c.dom.Document) Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) HasQName(org.keycloak.saml.processing.core.parsers.util.HasQName) URI(java.net.URI) HttpHeaders(org.apache.http.HttpHeaders) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) RealmResource(org.keycloak.admin.client.resource.RealmResource) IdentityProviderBuilder(org.keycloak.testsuite.util.IdentityProviderBuilder) UUID(java.util.UUID) Objects(java.util.Objects) List(java.util.List) Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse) Matchers.is(org.hamcrest.Matchers.is) SAML_CLIENT_ID_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_CLIENT_ID_SALES_POST) QName(javax.xml.namespace.QName) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) XmlDSigQNames(org.keycloak.saml.processing.core.parsers.saml.xmldsig.XmlDSigQNames) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AtomicReference(java.util.concurrent.atomic.AtomicReference) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation) RSA_SHA1(org.keycloak.saml.SignatureAlgorithm.RSA_SHA1) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) SAML2LoginResponseBuilder(org.keycloak.saml.SAML2LoginResponseBuilder) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) DOMException(org.w3c.dom.DOMException) Matchers.hasSize(org.hamcrest.Matchers.hasSize) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) Status(javax.ws.rs.core.Response.Status) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) NodeList(org.w3c.dom.NodeList) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) REALM_NAME(org.keycloak.testsuite.saml.AbstractSamlTest.REALM_NAME) Matchers(org.hamcrest.Matchers) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) XMLGregorianCalendar(javax.xml.datatype.XMLGregorianCalendar) SAML_ASSERTION_CONSUMER_URL_SALES_POST(org.keycloak.testsuite.saml.AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) IdpReviewProfileAuthenticatorFactory(org.keycloak.authentication.authenticators.broker.IdpReviewProfileAuthenticatorFactory) BaseSAML2BindingBuilder(org.keycloak.saml.BaseSAML2BindingBuilder) Element(org.w3c.dom.Element) Assert(org.junit.Assert) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) IdentityProviderCreator(org.keycloak.testsuite.updaters.IdentityProviderCreator) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) ASTChoiceType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType.ASTChoiceType) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 5 with REDIRECT

use of org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT in project keycloak by keycloak.

the class ArtifactBindingTest method testArtifactBindingIsNotUsedForLogoutWhenLogoutUrlNotSetRedirect.

@Test
public void testArtifactBindingIsNotUsedForLogoutWhenLogoutUrlNotSetRedirect() {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, "http://url").setFrontchannelLogout(true).update());
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).verifyRedirect(true).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, REDIRECT).build().doNotFollowRedirects().executeAndTransform(REDIRECT::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
    StatusResponseType logoutResponse = (StatusResponseType) response.getSamlObject();
    assertThat(logoutResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    assertThat(logoutResponse.getSignature(), nullValue());
    assertThat(logoutResponse, not(instanceOf(ResponseType.class)));
    assertThat(logoutResponse, not(instanceOf(ArtifactResponseType.class)));
    assertThat(logoutResponse, not(instanceOf(NameIDMappingResponseType.class)));
    assertThat(logoutResponse, instanceOf(StatusResponseType.class));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)5 IOException (java.io.IOException)4 URI (java.net.URI)4 AtomicReference (java.util.concurrent.atomic.AtomicReference)4 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)4 Matchers (org.hamcrest.Matchers)4 Matchers.is (org.hamcrest.Matchers.is)4 SAML2Object (org.keycloak.dom.saml.v2.SAML2Object)4 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)4 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)4 REDIRECT (org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT)4 SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)4 KeyPair (java.security.KeyPair)3 List (java.util.List)3 Objects (java.util.Objects)3 UUID (java.util.UUID)3 Status (javax.ws.rs.core.Response.Status)3 XMLGregorianCalendar (javax.xml.datatype.XMLGregorianCalendar)3 QName (javax.xml.namespace.QName)3 Header (org.apache.http.Header)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial