Search in sources :

Example 31 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class ArtifactBindingTest method testArtifactBindingWithBackchannelLogout.

@Test
public void testArtifactBindingWithBackchannelLogout() {
    try (SamlMessageReceiver backchannelLogoutReceiver = new SamlMessageReceiver(8082);
        ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setFrontchannelLogout(false).setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, backchannelLogoutReceiver.getUrl()).update()) {
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).build().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, POST).build().followOneRedirect().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().execute();
        // We need new SamlClient so that logout is not done using cookie -> frontchannel logout
        new SamlClientBuilder().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST2, POST).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).build().executeAndTransform(r -> {
            SAMLDocumentHolder saml2ObjectHolder = POST.extractResponse(r);
            assertThat(saml2ObjectHolder.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            return null;
        });
        // Check whether logoutReceiver contains correct LogoutRequest
        await().pollInterval(100, TimeUnit.MILLISECONDS).atMost(1, TimeUnit.MINUTES).until(backchannelLogoutReceiver::isMessageReceived);
        assertThat(backchannelLogoutReceiver.isMessageReceived(), is(true));
        SAMLDocumentHolder message = backchannelLogoutReceiver.getSamlDocumentHolder();
        assertThat(message.getSamlObject(), isSamlLogoutRequest(backchannelLogoutReceiver.getUrl()));
    } catch (Exception e) {
        throw new RuntimeException("Cannot run SamlMessageReceiver", e);
    }
}
Also used : ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SamlMessageReceiver(org.keycloak.testsuite.util.saml.SamlMessageReceiver) URISyntaxException(java.net.URISyntaxException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) IOException(java.io.IOException) Test(org.junit.Test)

Example 32 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class AudienceProtocolMappersTest method testExpectedAudiences.

public void testExpectedAudiences(String... audiences) {
    SAMLDocumentHolder document = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_EMPLOYEE_2, SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, SamlClient.Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
    Assert.assertNotNull(document.getSamlObject());
    Assert.assertThat(document.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Assert.assertNotNull(((ResponseType) document.getSamlObject()).getAssertions());
    Assert.assertThat(((ResponseType) document.getSamlObject()).getAssertions().size(), greaterThan(0));
    Assert.assertNotNull(((ResponseType) document.getSamlObject()).getAssertions().get(0));
    Assert.assertNotNull(((ResponseType) document.getSamlObject()).getAssertions().get(0).getAssertion());
    AudienceRestrictionType audience = ((ResponseType) document.getSamlObject()).getAssertions().get(0).getAssertion().getConditions().getConditions().stream().filter(AudienceRestrictionType.class::isInstance).map(AudienceRestrictionType.class::cast).findFirst().orElse(null);
    Assert.assertNotNull(audience);
    Assert.assertNotNull(audience.getAudience());
    List<String> values = audience.getAudience().stream().map(uri -> uri.toString()).collect(Collectors.toList());
    Assert.assertThat(values, containsInAnyOrder(audiences));
}
Also used : ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) ProtocolMappersUpdater(org.keycloak.testsuite.updaters.ProtocolMappersUpdater) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SAMLAudienceProtocolMapper(org.keycloak.protocol.saml.mappers.SAMLAudienceProtocolMapper) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AUTH_SERVER_SSL_REQUIRED(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED) After(org.junit.After) SAMLAudienceResolveProtocolMapper(org.keycloak.protocol.saml.mappers.SAMLAudienceResolveProtocolMapper) SamlClient(org.keycloak.testsuite.util.SamlClient) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Before(org.junit.Before) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) AUTH_SERVER_SCHEME(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SCHEME) Matchers(org.keycloak.testsuite.util.Matchers) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) RoleScopeUpdater(org.keycloak.testsuite.updaters.RoleScopeUpdater) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) IOException(java.io.IOException) Test(org.junit.Test) Collectors(java.util.stream.Collectors) AUTH_SERVER_PORT(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_PORT) List(java.util.List) Response(javax.ws.rs.core.Response) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) UserAttributeUpdater(org.keycloak.testsuite.updaters.UserAttributeUpdater) RoleMapperTest.createSamlProtocolMapper(org.keycloak.testsuite.saml.RoleMapperTest.createSamlProtocolMapper) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Assert(org.junit.Assert) Collections(java.util.Collections) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Example 33 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class ArtifactBindingWithResolutionServiceTest method testReceiveArtifactLoginFullWithRedirect.

@Test
public void testReceiveArtifactLoginFullWithRedirect() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
    AuthnRequestType loginReq = SamlClient.createLoginRequestDocument(SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, null);
    loginReq.setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri());
    Document doc = SAML2Request.convert(loginReq);
    SamlClientBuilder builder = new SamlClientBuilder();
    CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.REDIRECT, builder);
    ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(doc);
    Thread arsThread = new Thread(ars);
    try {
        arsThread.start();
        synchronized (ars) {
            ars.wait();
            SAMLDocumentHolder response = builder.artifactMessage(camb).build().login().user(bburkeUser).build().getSamlResponse(REDIRECT);
            assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
            ResponseType rt = (ResponseType) response.getSamlObject();
            assertThat(rt.getAssertions(), not(empty()));
            assertThat(ars.getLastArtifactResolve(), notNullValue());
            assertThat(camb.getLastArtifact(), is(ars.getLastArtifactResolve().getArtifact()));
        }
    } finally {
        ars.stop();
        arsThread.join();
    }
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService) Document(org.w3c.dom.Document) CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 34 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class ArtifactBindingWithResolutionServiceTest method testReceiveEmptyArtifactResponse.

@Test
public void testReceiveEmptyArtifactResponse() throws InterruptedException {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, "http://127.0.0.1:8082/").update());
    SamlClientBuilder builder = new SamlClientBuilder();
    CreateArtifactMessageStepBuilder camb = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST, builder);
    ArtifactResolutionService ars = new ArtifactResolutionService("http://127.0.0.1:8082/").setEmptyArtifactResponse(SAML_CLIENT_ID_SALES_POST);
    Thread arsThread = new Thread(ars);
    try {
        arsThread.start();
        synchronized (ars) {
            ars.wait();
            builder.artifactMessage(camb).build().execute(r -> {
                assertThat(r, statusCodeIsHC(400));
                assertThat(r, bodyHC(containsString("Unable to resolve artifact.")));
            });
        }
    } finally {
        ars.stop();
        arsThread.join();
    }
}
Also used : SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) ArtifactResolutionService(org.keycloak.testsuite.util.ArtifactResolutionService) CreateArtifactMessageStepBuilder(org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder) Test(org.junit.Test)

Example 35 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class AuthnRequestNameIdFormatTest method testLoginWithNameIdPolicy.

private void testLoginWithNameIdPolicy(Binding requestBinding, Binding responseBinding, NameIDPolicyType nameIDPolicy, Matcher<String> nameIdMatcher) throws Exception {
    SAMLDocumentHolder res = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, requestBinding).transformObject(so -> {
        so.setProtocolBinding(requestBinding.getBindingUri());
        so.setNameIDPolicy(nameIDPolicy);
        return so;
    }).build().login().user(bburkeUser).build().getSamlResponse(responseBinding);
    assertThat(res.getSamlObject(), notNullValue());
    assertThat(res.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) res.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
    assertThat(rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID(), instanceOf(NameIDType.class));
    NameIDType nameId = (NameIDType) rt.getAssertions().get(0).getAssertion().getSubject().getSubType().getBaseID();
    assertThat(nameId.getValue(), nameIdMatcher);
}
Also used : JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Assert.assertThat(org.junit.Assert.assertThat) List(java.util.List) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Matcher(org.hamcrest.Matcher) SamlClient(org.keycloak.testsuite.util.SamlClient) NameIDPolicyType(org.keycloak.dom.saml.v2.protocol.NameIDPolicyType) ClientResource(org.keycloak.admin.client.resource.ClientResource) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType)

Aggregations

SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)108 Test (org.junit.Test)99 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)65 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)42 Document (org.w3c.dom.Document)38 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)35 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)30 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)28 Matchers.containsString (org.hamcrest.Matchers.containsString)26 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)23 Closeable (java.io.Closeable)21 URI (java.net.URI)20 IOException (java.io.IOException)19 SamlClient (org.keycloak.testsuite.util.SamlClient)18 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17 Element (org.w3c.dom.Element)17 List (java.util.List)16 Response (javax.ws.rs.core.Response)15 Matchers.is (org.hamcrest.Matchers.is)14 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)14