Search in sources :

Example 21 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlRequestedAuthnContextBrokerTest method testNoComparisonTypeNoClassRefsAndNoDeclRefs.

@Test
public void testNoComparisonTypeNoClassRefsAndNoDeclRefs() throws Exception {
    // No comparison type, no classrefs, no declrefs -> No RequestedAuthnContext
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the RequestedAuthnContext element
                Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                Assert.assertThat("RequestedAuthnContext element found in request document, but was not necessary as ClassRef/DeclRefs were not specified", requestedAuthnContextElement, Matchers.nullValue());
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 22 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlRequestedAuthnContextBrokerTest method testNoComparisonTypeClassRefsSetNoDeclRefs.

@Test
public void testNoComparisonTypeClassRefsSetNoDeclRefs() throws Exception {
    // Comparison type set, no classref present, declrefs set -> RequestedAuthnContext with comparison Exact and AuthnContextClassRef
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_CLASS_REFS, "[\"" + AC_PASSWORD_PROTECTED_TRANSPORT.get() + "\"]").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the RequestedAuthnContext element
                Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement, Matchers.notNullValue());
                // Verify the ComparisonType attribute
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.EXACT.value()));
                // Find the RequestedAuthnContext/ClassRef element
                Element requestedAuthnContextClassRefElement = DocumentUtil.getDirectChildElement(requestedAuthnContextElement, ASSERTION_NSURI.get(), "AuthnContextClassRef");
                Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element not found in request document", requestedAuthnContextClassRefElement, Matchers.notNullValue());
                // Make sure the RequestedAuthnContext/ClassRef element has the requested value
                Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element does not have the expected value", requestedAuthnContextClassRefElement.getTextContent(), Matchers.is(AC_PASSWORD_PROTECTED_TRANSPORT.get()));
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 23 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class KcSamlRequestedAuthnContextBrokerTest method testComparisonTypeSetNoClassRefsDeclRefsSet.

@Test
public void testComparisonTypeSetNoClassRefsDeclRefsSet() throws Exception {
    // Comparison type set, no classref present, declrefs set -> RequestedAuthnContext with AuthnContextDeclRef
    try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_COMPARISON_TYPE, AuthnContextComparisonType.MINIMUM.value()).setAttribute(SAMLIdentityProviderConfig.AUTHN_CONTEXT_DECL_REFS, "[\"secure/name/password/icmaolr/uri\"]").update()) {
        // Build the login request document
        AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
        Document doc = SAML2Request.convert(loginRep);
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
        Binding.POST).targetAttributeSamlRequest().transformDocument((document) -> {
            try {
                log.infof("Document: %s", DocumentUtil.asString(document));
                // Find the RequestedAuthnContext element
                Element requestedAuthnContextElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement, Matchers.notNullValue());
                // Verify the ComparisonType attribute
                Assert.assertThat("RequestedAuthnContext element not found in request document", requestedAuthnContextElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.MINIMUM.value()));
                // Find the RequestedAuthnContext/DeclRef element
                Element requestedAuthnContextDeclRefElement = DocumentUtil.getDirectChildElement(requestedAuthnContextElement, ASSERTION_NSURI.get(), "AuthnContextDeclRef");
                Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element not found in request document", requestedAuthnContextDeclRefElement, Matchers.notNullValue());
                // Make sure the RequestedAuthnContext/DeclRef element has the requested value
                Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element does not have the expected value", requestedAuthnContextDeclRefElement.getTextContent(), Matchers.is("secure/name/password/icmaolr/uri"));
            } catch (Exception ex) {
                throw new RuntimeException(ex);
            }
        }).build().execute();
    }
}
Also used : AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Closeable(java.io.Closeable) IdentityProviderAttributeUpdater(org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 24 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class LDAPSamlIdPInitiatedVaryingLetterCaseTest method testIdpInitiated.

private void testIdpInitiated(String userName, boolean isFirstBrokerLogin) throws Exception {
    final URI destination = getAuthServerBrokerSamlEndpoint(TEST_REALM_NAME, IDP_SAML_ALIAS, EXT_SSO);
    ResponseType response = prepareResponseForIdPInitiatedFlow(destination, userName);
    final SamlClientBuilder builder = new SamlClientBuilder().submitSamlDocument(destination, response, Binding.POST).targetAttributeSamlResponse().build();
    if (isFirstBrokerLogin) {
        builder.followOneRedirect().followOneRedirect();
    }
    builder.processSamlResponse(Binding.POST).transformObject(so -> {
        assertThat(so, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        return null;
    }).build().navigateTo(oauth.getLoginFormUrl()).assertResponse(Matchers.bodyHC(containsString("AUTH_RESPONSE"))).execute();
    assertThat(testRealm().users().search(USER_NAME_LDAP, Boolean.TRUE), hasSize(1));
}
Also used : SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) URI(java.net.URI) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 25 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class ArtifactBindingTest method testArtifactResolveWithWrongIssuerFails.

@Test
public void testArtifactResolveWithWrongIssuerFails() {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, "http://url").update());
    new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2).build().execute(r -> assertThat(r, bodyHC(containsString(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get()))));
}
Also used : SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) Test(org.junit.Test)

Aggregations

SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)108 Test (org.junit.Test)99 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)65 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)42 Document (org.w3c.dom.Document)38 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)35 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)30 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)28 Matchers.containsString (org.hamcrest.Matchers.containsString)26 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)23 Closeable (java.io.Closeable)21 URI (java.net.URI)20 IOException (java.io.IOException)19 SamlClient (org.keycloak.testsuite.util.SamlClient)18 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17 Element (org.w3c.dom.Element)17 List (java.util.List)16 Response (javax.ws.rs.core.Response)15 Matchers.is (org.hamcrest.Matchers.is)14 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)14