Example 71 with SamlClientBuilder
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class ArtifactBindingTest method testArtifactBindingWithEncryptedAssertion.
@Test
public void testArtifactBindingWithEncryptedAssertion() throws Exception {
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST_ENC, SAML_ASSERTION_CONSUMER_URL_SALES_POST_ENC, POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).signWith(SAML_CLIENT_SALES_POST_ENC_PRIVATE_KEY, SAML_CLIENT_SALES_POST_ENC_PUBLIC_KEY).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST_ENC).signWith(SAML_CLIENT_SALES_POST_ENC_PRIVATE_KEY, SAML_CLIENT_SALES_POST_ENC_PUBLIC_KEY).build().doNotFollowRedirects().executeAndTransform(ARTIFACT_RESPONSE::extractResponse);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType loginResponse = (ResponseType) response.getSamlObject();
assertThat(loginResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
assertThat(loginResponse.getAssertions().get(0).getAssertion(), nullValue());
assertThat(loginResponse.getAssertions().get(0).getEncryptedAssertion(), not(nullValue()));
SamlDeployment deployment = SamlUtils.getSamlDeploymentForClient("sales-post-enc");
AssertionUtil.decryptAssertion(response, loginResponse, deployment.getDecryptionKey());
assertThat(loginResponse.getAssertions().get(0).getAssertion(), not(nullValue()));
assertThat(loginResponse.getAssertions().get(0).getEncryptedAssertion(), nullValue());
assertThat(loginResponse.getAssertions().get(0).getAssertion().getIssuer().getValue(), equalTo(getAuthServerRealmBase(REALM_NAME).toString()));
}
Also used :
ARTIFACT_RESPONSE(org.keycloak.testsuite.util.SamlClient.Binding.ARTIFACT_RESPONSE)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
NameIDMappingResponseType(org.keycloak.dom.saml.v2.protocol.NameIDMappingResponseType)
ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)
ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)
StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType)
Test(org.junit.Test)
Example 72 with SamlClientBuilder
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class ArtifactBindingTest method testArtifactSuccessfulAfterFirstUnsuccessfulRequest.
@Test
public void testArtifactSuccessfulAfterFirstUnsuccessfulRequest() {
SamlClientBuilder clientBuilder = new SamlClientBuilder();
AtomicReference<String> artifact = new AtomicReference<>();
SAMLDocumentHolder response = clientBuilder.authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), // Wrong issuer
SAML_CLIENT_ID_SALES_POST2).storeArtifact(artifact).build().assertResponse(r -> assertThat(r, bodyHC(containsString(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get())))).handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).useArtifact(artifact).build().executeAndTransform(ARTIFACT_RESPONSE::extractResponse);
assertThat(response.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
}
Also used :
ARTIFACT_RESPONSE(org.keycloak.testsuite.util.SamlClient.Binding.ARTIFACT_RESPONSE)
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Test(org.junit.Test)
Example 73 with SamlClientBuilder
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class ArtifactBindingTest method testArtifactBindingLogoutSingleClientCheckArtifact.
/**
********************** LOGOUT TESTS ***********************
*/
@Test
public void testArtifactBindingLogoutSingleClientCheckArtifact() throws NoSuchAlgorithmException {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE, "http://url").setFrontchannelLogout(true).update());
String response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST).build().doNotFollowRedirects().executeAndTransform(resp -> EntityUtils.toString(resp.getEntity()));
assertThat(response, containsString(GeneralConstants.SAML_ARTIFACT_KEY));
Pattern artifactPattern = Pattern.compile("NAME=\"SAMLart\" VALUE=\"((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))");
Matcher m = artifactPattern.matcher(response);
assertThat(true, is(m.find()));
String artifactB64 = m.group(1);
assertThat(artifactB64, not(isEmptyOrNullString()));
byte[] artifact = Base64.getDecoder().decode(artifactB64);
assertThat(artifact.length, is(44));
assertThat(artifact[0], is((byte) 0));
assertThat(artifact[1], is((byte) 4));
assertThat(artifact[2], is((byte) 0));
assertThat(artifact[3], is((byte) 0));
MessageDigest sha1Digester = MessageDigest.getInstance("SHA-1");
byte[] source = sha1Digester.digest(getAuthServerRealmBase(REALM_NAME).toString().getBytes(Charsets.UTF_8));
for (int i = 0; i < 20; i++) {
assertThat(source[i], is(artifact[i + 4]));
}
}
Also used :
Pattern(java.util.regex.Pattern)
Matcher(java.util.regex.Matcher)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString)
Matchers.containsString(org.hamcrest.Matchers.containsString)
MessageDigest(java.security.MessageDigest)
Test(org.junit.Test)
Example 74 with SamlClientBuilder
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class ArtifactBindingTest method testArtifactBindingTimesOutAfterCodeToTokenLifespan.
/**
********************** LOGIN TESTS ***********************
*/
@Test
public void testArtifactBindingTimesOutAfterCodeToTokenLifespan() throws Exception {
getCleanup().addCleanup(new RealmAttributeUpdater(adminClient.realm(REALM_NAME)).setAccessCodeLifespan(1).update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(// Move in time before resolving the artifact
() -> setTimeOffset(1000)).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
assertThat(response.getSamlObject(), instanceOf(ArtifactResponseType.class));
ArtifactResponseType artifactResponse = (ArtifactResponseType) response.getSamlObject();
assertThat(artifactResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
assertThat(artifactResponse.getAny(), nullValue());
}
Also used :
SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)
Test(org.junit.Test)
Example 75 with SamlClientBuilder
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class ArtifactBindingTest method testArtifactBindingLoginCheckArtifactWithPost.
@Test
public void testArtifactBindingLoginCheckArtifactWithPost() throws NoSuchAlgorithmException {
String response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(bburkeUser).build().doNotFollowRedirects().executeAndTransform(resp -> EntityUtils.toString(resp.getEntity()));
assertThat(response, containsString(GeneralConstants.SAML_ARTIFACT_KEY));
Pattern artifactPattern = Pattern.compile("NAME=\"SAMLart\" VALUE=\"((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))");
Matcher m = artifactPattern.matcher(response);
assertThat(m.find(), is(true));
String artifactB64 = m.group(1);
assertThat(artifactB64, not(isEmptyOrNullString()));
byte[] artifact = Base64.getDecoder().decode(artifactB64);
assertThat(artifact.length, is(44));
assertThat(artifact[0], is((byte) 0));
assertThat(artifact[1], is((byte) 4));
assertThat(artifact[2], is((byte) 0));
assertThat(artifact[3], is((byte) 0));
MessageDigest sha1Digester = MessageDigest.getInstance("SHA-1");
byte[] source = sha1Digester.digest(getAuthServerRealmBase(REALM_NAME).toString().getBytes(Charsets.UTF_8));
for (int i = 0; i < 20; i++) {
assertThat(source[i], is(artifact[i + 4]));
}
}
Also used :
Pattern(java.util.regex.Pattern)
Matcher(java.util.regex.Matcher)
SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder)
Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString)
Matchers.containsString(org.hamcrest.Matchers.containsString)
MessageDigest(java.security.MessageDigest)
Test(org.junit.Test)
Aggregations
SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)108
Test (org.junit.Test)99
SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)65
ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)42
Document (org.w3c.dom.Document)38
AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)35
AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)30
StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)28
Matchers.containsString (org.hamcrest.Matchers.containsString)26
JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)23
Closeable (java.io.Closeable)21
URI (java.net.URI)20
IOException (java.io.IOException)19
SamlClient (org.keycloak.testsuite.util.SamlClient)18
ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17
Element (org.w3c.dom.Element)17
List (java.util.List)16
Response (javax.ws.rs.core.Response)15
Matchers.is (org.hamcrest.Matchers.is)14
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)14
