Search in sources :

Example 96 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class ArtifactBindingCustomResolverTest method testArtifactDoesntContainSignature.

@Test
public void testArtifactDoesntContainSignature() {
    ContainerAssume.assumeAuthServerUndertow();
    AtomicReference<String> artifactReference = new AtomicReference<>();
    new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST_ASSERTION_AND_RESPONSE_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_ASSERTION_AND_RESPONSE_SIG, POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST_ASSERTION_AND_RESPONSE_SIG).storeArtifact(artifactReference).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().execute();
    String artifact = artifactReference.get();
    byte[] byteArray = Base64.getDecoder().decode(artifact);
    ByteArrayInputStream bis = new ByteArrayInputStream(byteArray);
    bis.skip(2);
    int index = bis.read();
    assertThat(byteArray[0], is((byte) 0));
    assertThat(byteArray[1], is((byte) 5));
    String storedResponse = CustomTestingSamlArtifactResolver.list.get(index);
    assertThat(storedResponse, notNullValue());
    assertThat(storedResponse, containsString("samlp:Response"));
    assertThat(storedResponse, not(containsString("Signature")));
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AtomicReference(java.util.concurrent.atomic.AtomicReference) Matchers.containsString(org.hamcrest.Matchers.containsString) Test(org.junit.Test)

Example 97 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method testProviderIdpInitiatedLoginToApp.

@Test
public void testProviderIdpInitiatedLoginToApp() throws Exception {
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")).login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"));
        return ob;
    }).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth"));
    assertAudience(resp, urlRealmConsumer + "/app/auth");
}
Also used : AssertionUtil(org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil) Page(org.jboss.arquillian.graphene.page.Page) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Assert.assertThat(org.junit.Assert.assertThat) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) ByteArrayInputStream(java.io.ByteArrayInputStream) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Map(java.util.Map) REALM_PROV_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_PROV_NAME) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) Set(java.util.Set) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) IOUtil(org.keycloak.testsuite.utils.io.IOUtil) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) List(java.util.List) Response(javax.ws.rs.core.Response) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) LoginPage(org.keycloak.testsuite.pages.LoginPage) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) WebDriverWait(org.openqa.selenium.support.ui.WebDriverWait) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) Assert(org.keycloak.testsuite.Assert) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) WebDriver(org.openqa.selenium.WebDriver) X500SAMLProfileConstants(org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants) ExpectedCondition(org.openqa.selenium.support.ui.ExpectedCondition) UsersResource(org.keycloak.admin.client.resource.UsersResource) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) StringPropertyReplacer(org.keycloak.common.util.StringPropertyReplacer) UpdateAccountInformationPage(org.keycloak.testsuite.pages.UpdateAccountInformationPage) PageUtils(org.keycloak.testsuite.pages.PageUtils) Matchers.hasSize(org.hamcrest.Matchers.hasSize) StreamUtil(org.keycloak.common.util.StreamUtil) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Before(org.junit.Before) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Properties(java.util.Properties) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) By(org.openqa.selenium.By) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) REALM_CONS_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME) Binding(org.keycloak.testsuite.util.SamlClient.Binding) Assert.assertEquals(org.junit.Assert.assertEquals) InputStream(java.io.InputStream) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 98 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method testConsumerIdpInitiatedLoginToApp.

@Test
public void testConsumerIdpInitiatedLoginToApp() throws Exception {
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_CONS_NAME, "sales")).login().idp("saml-leaf").build().processSamlResponse(// AuthnRequest to producer IdP
    Binding.POST).targetAttributeSamlRequest().build().login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerUrl(REALM_CONS_NAME)));
        assertAudience(resp, urlRealmConsumer);
        return ob;
    }).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth"));
    assertAudience(resp, urlRealmConsumer + "/app/auth");
}
Also used : AssertionUtil(org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil) Page(org.jboss.arquillian.graphene.page.Page) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Assert.assertThat(org.junit.Assert.assertThat) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) ByteArrayInputStream(java.io.ByteArrayInputStream) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Map(java.util.Map) REALM_PROV_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_PROV_NAME) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) Set(java.util.Set) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) IOUtil(org.keycloak.testsuite.utils.io.IOUtil) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) List(java.util.List) Response(javax.ws.rs.core.Response) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) LoginPage(org.keycloak.testsuite.pages.LoginPage) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) WebDriverWait(org.openqa.selenium.support.ui.WebDriverWait) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) Assert(org.keycloak.testsuite.Assert) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) WebDriver(org.openqa.selenium.WebDriver) X500SAMLProfileConstants(org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants) ExpectedCondition(org.openqa.selenium.support.ui.ExpectedCondition) UsersResource(org.keycloak.admin.client.resource.UsersResource) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) StringPropertyReplacer(org.keycloak.common.util.StringPropertyReplacer) UpdateAccountInformationPage(org.keycloak.testsuite.pages.UpdateAccountInformationPage) PageUtils(org.keycloak.testsuite.pages.PageUtils) Matchers.hasSize(org.hamcrest.Matchers.hasSize) StreamUtil(org.keycloak.common.util.StreamUtil) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Before(org.junit.Before) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Properties(java.util.Properties) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) By(org.openqa.selenium.By) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) REALM_CONS_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME) Binding(org.keycloak.testsuite.util.SamlClient.Binding) Assert.assertEquals(org.junit.Assert.assertEquals) InputStream(java.io.InputStream) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 99 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlIdPInitiatedSsoTest method testTwoConsequentIdpInitiatedLogins.

@Test
public void testTwoConsequentIdpInitiatedLogins() throws Exception {
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker")).login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales"));
        return ob;
    }).build().updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build().followOneRedirect().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth"));
        assertAudience(resp, urlRealmConsumer + "/app/auth");
        return null;
    }).build().navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker-2")).login().sso(true).build().processSamlResponse(Binding.POST).transformObject(ob -> {
        assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        assertThat(resp.getDestination(), is(getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales2")));
        assertAudience(resp, getSamlBrokerIdpInitiatedUrl(REALM_CONS_NAME, "sales2"));
        return ob;
    }).build().getSamlResponse(Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) samlResponse.getSamlObject();
    assertThat(resp.getDestination(), is(urlRealmConsumer + "/app/auth2/saml"));
    assertAudience(resp, urlRealmConsumer + "/app/auth2");
    assertSingleUserSession(REALM_CONS_NAME, CONSUMER_CHOSEN_USERNAME, urlRealmConsumer + "/app/auth", urlRealmConsumer + "/app/auth2");
    assertSingleUserSession(REALM_PROV_NAME, PROVIDER_REALM_USER_NAME, urlRealmConsumer + "/broker/saml-leaf/endpoint/clients/sales", urlRealmConsumer + "/broker/saml-leaf/endpoint/clients/sales2");
}
Also used : AssertionUtil(org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil) Page(org.jboss.arquillian.graphene.page.Page) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Assert.assertThat(org.junit.Assert.assertThat) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) ByteArrayInputStream(java.io.ByteArrayInputStream) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Map(java.util.Map) REALM_PROV_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_PROV_NAME) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Matchers(org.keycloak.testsuite.util.Matchers) Set(java.util.Set) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) IOUtil(org.keycloak.testsuite.utils.io.IOUtil) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) List(java.util.List) Response(javax.ws.rs.core.Response) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) LoginPage(org.keycloak.testsuite.pages.LoginPage) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlPrincipalType(org.keycloak.protocol.saml.SamlPrincipalType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) WebDriverWait(org.openqa.selenium.support.ui.WebDriverWait) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) Assert(org.keycloak.testsuite.Assert) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) WebDriver(org.openqa.selenium.WebDriver) X500SAMLProfileConstants(org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants) ExpectedCondition(org.openqa.selenium.support.ui.ExpectedCondition) UsersResource(org.keycloak.admin.client.resource.UsersResource) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) StringPropertyReplacer(org.keycloak.common.util.StringPropertyReplacer) UpdateAccountInformationPage(org.keycloak.testsuite.pages.UpdateAccountInformationPage) PageUtils(org.keycloak.testsuite.pages.PageUtils) Matchers.hasSize(org.hamcrest.Matchers.hasSize) StreamUtil(org.keycloak.common.util.StreamUtil) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) Before(org.junit.Before) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Properties(java.util.Properties) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) By(org.openqa.selenium.By) Assert.assertTrue(org.junit.Assert.assertTrue) IOException(java.io.IOException) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) REALM_CONS_NAME(org.keycloak.testsuite.broker.BrokerTestConstants.REALM_CONS_NAME) Binding(org.keycloak.testsuite.util.SamlClient.Binding) Assert.assertEquals(org.junit.Assert.assertEquals) InputStream(java.io.InputStream) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 100 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlSignedBrokerTest method loginAttackChangeSignature.

private void loginAttackChangeSignature(String description, boolean producerSignDocument, boolean producerSignAssertions, boolean producerEncryptAssertions, Saml2DocumentTransformer tr, boolean shouldSucceed) throws Exception {
    log.infof("producerSignDocument: %s, producerSignAssertions: %s, producerEncryptAssertions: %s", producerSignDocument, producerSignAssertions, producerEncryptAssertions);
    Matcher<HttpResponse> responseFromConsumerMatcher = shouldSucceed ? bodyHC(containsString("Update Account Information")) : not(bodyHC(containsString("Update Account Information")));
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, getConsumerRoot() + "/sales-post/saml", null);
    Document doc = SAML2Request.convert(loginRep);
    withSignedEncryptedAssertions(() -> {
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(Binding.POST).build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
        Binding.POST).transformDocument(tr).build().execute(currentResponse -> assertThat(description, currentResponse, responseFromConsumerMatcher));
    }, producerSignDocument, producerSignAssertions, producerEncryptAssertions);
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) HttpResponse(org.apache.http.HttpResponse) Document(org.w3c.dom.Document)

Aggregations

SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)108 Test (org.junit.Test)99 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)65 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)42 Document (org.w3c.dom.Document)38 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)35 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)30 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)28 Matchers.containsString (org.hamcrest.Matchers.containsString)26 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)23 Closeable (java.io.Closeable)21 URI (java.net.URI)20 IOException (java.io.IOException)19 SamlClient (org.keycloak.testsuite.util.SamlClient)18 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17 Element (org.w3c.dom.Element)17 List (java.util.List)16 Response (javax.ws.rs.core.Response)15 Matchers.is (org.hamcrest.Matchers.is)14 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)14