use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class KcSamlRequestedAuthnContextBrokerTest method testNoComparisonTypeNoClassRefsAndNoDeclRefs.
@Test
public void testNoComparisonTypeNoClassRefsAndNoDeclRefs() throws Exception {
// No comparison type, no classrefs, no declrefs -> No RequestedAuthnContext
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).update()) {
// Build the login request document
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
try {
log.infof("Document: %s", DocumentUtil.asString(document));
// Find the RequestedAuthnContext element
Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
Assert.assertThat("RequestedAuthnContext element found in request document, but was not necessary as ClassRef/DeclRefs were not specified", requestedAuthnContextElement, Matchers.nullValue());
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}).build().execute();
}
}
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class KcSamlRequestedAuthnContextBrokerTest method testNoComparisonTypeClassRefsSetNoDeclRefs.
@Test
public void testNoComparisonTypeClassRefsSetNoDeclRefs() throws Exception {
// Comparison type set, no classref present, declrefs set -> RequestedAuthnContext with comparison Exact and AuthnContextClassRef
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_CLASS_REFS, "[\"" + AC_PASSWORD_PROTECTED_TRANSPORT.get() + "\"]").update()) {
// Build the login request document
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
try {
log.infof("Document: %s", DocumentUtil.asString(document));
// Find the RequestedAuthnContext element
Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement, Matchers.notNullValue());
// Verify the ComparisonType attribute
Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.EXACT.value()));
// Find the RequestedAuthnContext/ClassRef element
Element requestedAuthnContextClassRefElement = DocumentUtil.getDirectChildElement(requestedAuthnContextElement, ASSERTION_NSURI.get(), "AuthnContextClassRef");
Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element not found in request document", requestedAuthnContextClassRefElement, Matchers.notNullValue());
// Make sure the RequestedAuthnContext/ClassRef element has the requested value
Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element does not have the expected value", requestedAuthnContextClassRefElement.getTextContent(), Matchers.is(AC_PASSWORD_PROTECTED_TRANSPORT.get()));
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}).build().execute();
}
}
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class KcSamlRequestedAuthnContextBrokerTest method testComparisonTypeSetNoClassRefsDeclRefsSet.
@Test
public void testComparisonTypeSetNoClassRefsDeclRefsSet() throws Exception {
// Comparison type set, no classref present, declrefs set -> RequestedAuthnContext with AuthnContextDeclRef
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_COMPARISON_TYPE, AuthnContextComparisonType.MINIMUM.value()).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_DECL_REFS, "[\"secure/name/password/icmaolr/uri\"]").update()) {
// Build the login request document
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
try {
log.infof("Document: %s", DocumentUtil.asString(document));
// Find the RequestedAuthnContext element
Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement, Matchers.notNullValue());
// Verify the ComparisonType attribute
Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.MINIMUM.value()));
// Find the RequestedAuthnContext/DeclRef element
Element requestedAuthnContextDeclRefElement = DocumentUtil.getDirectChildElement(requestedAuthnContextElement, ASSERTION_NSURI.get(), "AuthnContextDeclRef");
Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element not found in request document", requestedAuthnContextDeclRefElement, Matchers.notNullValue());
// Make sure the RequestedAuthnContext/DeclRef element has the requested value
Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element does not have the expected value", requestedAuthnContextDeclRefElement.getTextContent(), Matchers.is("secure/name/password/icmaolr/uri"));
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}).build().execute();
}
}
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class LDAPSamlIdPInitiatedVaryingLetterCaseTest method testIdpInitiated.
private void testIdpInitiated(String userName, boolean isFirstBrokerLogin) throws Exception {
final URI destination = getAuthServerBrokerSamlEndpoint(TEST_REALM_NAME, IDP_SAML_ALIAS, EXT_SSO);
ResponseType response = prepareResponseForIdPInitiatedFlow(destination, userName);
final SamlClientBuilder builder = new SamlClientBuilder().submitSamlDocument(destination, response, Binding.POST).targetAttributeSamlResponse().build();
if (isFirstBrokerLogin) {
builder.followOneRedirect().followOneRedirect();
}
builder.processSamlResponse(Binding.POST).transformObject(so -> {
assertThat(so, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
return null;
}).build().navigateTo(oauth.getLoginFormUrl()).assertResponse(Matchers.bodyHC(containsString("AUTH_RESPONSE"))).execute();
assertThat(testRealm().users().search(USER_NAME_LDAP, Boolean.TRUE), hasSize(1));
}
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class ArtifactBindingTest method testArtifactResolveWithWrongIssuerFails.
@Test
public void testArtifactResolveWithWrongIssuerFails() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, "http://url").update());
new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2).build().execute(r -> assertThat(r, bodyHC(containsString(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get()))));
}
Aggregations