Examples with SamlClientBuilder org.keycloak.testsuite.util.SamlClientBuilder used on opensource projects

Example 56 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlRequestedAuthnContextBrokerTest method testNoComparisonTypeClassRefsSetNoDeclRefs.

@Test
public void testNoComparisonTypeClassRefsSetNoDeclRefs() throws Exception {
    // Comparison type set, no classref present, declrefs set -> RequestedAuthnContext with comparison Exact and AuthnContextClassRef
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_CLASS_REFS, "[\"" + AC_PASSWORD_PROTECTED_TRANSPORT.get() + "\"]").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the RequestedAuthnContext element
                Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement, Matchers.notNullValue());
                // Verify the ComparisonType attribute
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.EXACT.value()));
                // Find the RequestedAuthnContext/ClassRef element
                Element requestedAuthnContextClassRefElement = DocumentUtil.getDirectChildElement(requestedAuthnContextElement, ASSERTION_NSURI.get(), "AuthnContextClassRef");
                Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element not found in request document", requestedAuthnContextClassRefElement, Matchers.notNullValue());
                // Make sure the RequestedAuthnContext/ClassRef element has the requested value
                Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element does not have the expected value", requestedAuthnContextClassRefElement.getTextContent(), Matchers.is(AC_PASSWORD_PROTECTED_TRANSPORT.get()));
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}

Example 57 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlRequestedAuthnContextBrokerTest method testComparisonTypeSetNoClassRefsDeclRefsSet.

@Test
public void testComparisonTypeSetNoClassRefsDeclRefsSet() throws Exception {
    // Comparison type set, no classref present, declrefs set -> RequestedAuthnContext with AuthnContextDeclRef
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_COMPARISON_TYPE, AuthnContextComparisonType.MINIMUM.value()).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_DECL_REFS, "[\"secure/name/password/icmaolr/uri\"]").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the RequestedAuthnContext element
                Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement, Matchers.notNullValue());
                // Verify the ComparisonType attribute
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.MINIMUM.value()));
                // Find the RequestedAuthnContext/DeclRef element
                Element requestedAuthnContextDeclRefElement = DocumentUtil.getDirectChildElement(requestedAuthnContextElement, ASSERTION_NSURI.get(), "AuthnContextDeclRef");
                Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element not found in request document", requestedAuthnContextDeclRefElement, Matchers.notNullValue());
                // Make sure the RequestedAuthnContext/DeclRef element has the requested value
                Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element does not have the expected value", requestedAuthnContextDeclRefElement.getTextContent(), Matchers.is("secure/name/password/icmaolr/uri"));
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}

Example 58 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class AbstractSAMLAdapterClusteredTest method testLogoutViaSessionIndex.

private void testLogoutViaSessionIndex(URL employeeUrl, boolean forceRefreshAtOtherNode, BiConsumer<SamlClientBuilder, String> logoutFunction) {
    setPasswordFor(bburkeUser, CredentialRepresentation.PASSWORD);
    String employeeUrlString = getProxiedUrl(employeeUrl);
    SamlClientBuilder builder = new SamlClientBuilder().navigateTo(employeeUrlString).processSamlResponse(Binding.POST).build().login().user(bburkeUser).build().processSamlResponse(Binding.POST).build().assertResponse(Matchers.bodyHC(containsString("principal=bburke"))).addStep(() -> updateProxy(NODE_2_NAME, NODE_2_URI, NODE_1_URI));
    if (forceRefreshAtOtherNode) {
        // Go to employee URL at reverse proxy which is set to forward to _second_ node now
        builder.navigateTo(employeeUrlString).doNotFollowRedirects().assertResponse(Matchers.bodyHC(containsString("principal=bburke")));
    }
    // Logout at the _second_ node
    logoutFunction.accept(builder, employeeUrlString);
    SamlClient samlClient = builder.execute();
    delayedCheckLoggedOut(samlClient, employeeUrlString);
    // Update the proxy to forward to the first node.
    updateProxy(NODE_1_NAME, NODE_1_URI, NODE_2_URI);
    delayedCheckLoggedOut(samlClient, employeeUrlString);
}

Example 59 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class AbstractSAMLAdapterClusteredTest method testNodeRestartResiliency.

@Test
public void testNodeRestartResiliency(@ArquillianResource @OperateOnDeployment(value = EmployeeServletDistributable.DEPLOYMENT_NAME) URL employeeUrl) throws Exception {
    ContainerInfo containerInfo = testContext.getAppServerBackendsInfo().get(0);
    setPasswordFor(bburkeUser, CredentialRepresentation.PASSWORD);
    String employeeUrlString = getProxiedUrl(employeeUrl);
    SamlClient samlClient = new SamlClientBuilder().navigateTo(employeeUrlString).processSamlResponse(Binding.POST).build().login().user(bburkeUser).build().processSamlResponse(Binding.POST).build().assertResponse(Matchers.bodyHC(containsString("principal=bburke"))).execute();
    controller.stop(containerInfo.getQualifier());
    // Update the proxy to forward to the second node.
    updateProxy(NODE_2_NAME, NODE_2_URI, NODE_1_URI);
    samlClient.execute(new SamlClientBuilder().navigateTo(employeeUrlString).doNotFollowRedirects().assertResponse(Matchers.bodyHC(containsString("principal=bburke"))).getSteps());
    controller.start(containerInfo.getQualifier());
    // Update the proxy to forward to the first node.
    updateProxy(NODE_1_NAME, NODE_1_URI, NODE_2_URI);
    samlClient.execute(new SamlClientBuilder().navigateTo(employeeUrlString).doNotFollowRedirects().assertResponse(Matchers.bodyHC(containsString("principal=bburke"))).getSteps());
}

Example 60 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class RoleMapperTest method testExpectedRoles.

public void testExpectedRoles(String clientId, String... expectedRoles) {
    SAMLDocumentHolder document = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), clientId, SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(Binding.POST);
    assertThat(document.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertions = assertionsUnencrypted(document.getSamlObject());
    Stream<AttributeType> attributes = attributesUnecrypted(attributeStatements(assertions));
    Set<String> roles = attributes.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
    assertThat(roles, containsInAnyOrder(expectedRoles));
}