Search in sources :

Example 41 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class SamlRelayStateTest method relayStateConcurrencyTest.

@Test
@Ignore("KEYCLOAK-5179")
public void relayStateConcurrencyTest() throws Exception {
    ThreadLocal<UUID> tl = new ThreadLocal<>();
    List<SamlClient.Step> steps = new SamlClientBuilder().addStep(() -> tl.set(UUID.randomUUID())).authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).relayState(() -> tl.get().toString()).build().login().user(bburkeUser).build().assertSamlRelayState(SamlClient.Binding.POST, relayState -> {
        assertThat(relayState, is(notNullValue()));
        assertThat(relayState, is(equalTo(tl.get().toString())));
    }).getSteps();
    SamlClient client = new SamlClient();
    client.execute(steps);
    // removing login as it should not be necessary anymore
    steps.remove(2);
    AbstractConcurrencyTest.run(2, 10, this, (threadIndex, keycloak, realm) -> {
        client.execute(steps);
    });
}
Also used : ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Test(org.junit.Test) SamlProtocol(org.keycloak.protocol.saml.SamlProtocol) UUID(java.util.UUID) AbstractConcurrencyTest(org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest) List(java.util.List) Ignore(org.junit.Ignore) Closeable(java.io.Closeable) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Matchers.nullValue(org.hamcrest.Matchers.nullValue) SamlClient(org.keycloak.testsuite.util.SamlClient) Matchers.is(org.hamcrest.Matchers.is) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) UUID(java.util.UUID) SamlClient(org.keycloak.testsuite.util.SamlClient) Ignore(org.junit.Ignore) Test(org.junit.Test) AbstractConcurrencyTest(org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest)

Example 42 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class ProtocolMapperTest method hardcodedAttributeMapperWithNullValueTest.

@Test
public void hardcodedAttributeMapperWithNullValueTest() throws Exception {
    pmu.add(createSamlProtocolMapper(HardcodedAttributeMapper.PROVIDER_ID, AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "HARDCODED_ATTRIBUTE", AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC, HardcodedAttributeMapper.ATTRIBUTE_VALUE, null)).update();
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_EMPLOYEE_2, RoleMapperTest.SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, SamlClient.Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
    assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertions = assertionsUnencrypted(samlResponse.getSamlObject());
    Stream<AttributeType> attributes = attributesUnecrypted(attributeStatements(assertions));
    Set<Object> attributeValues = attributes.flatMap(a -> a.getAttributeValue().stream()).collect(Collectors.toSet());
    assertThat(attributeValues, hasSize(1));
    assertThat(attributeValues.iterator().next(), nullValue());
}
Also used : AttributeStatementHelper(org.keycloak.protocol.saml.mappers.AttributeStatementHelper) HardcodedAttributeMapper(org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper) ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) ProtocolMappersUpdater(org.keycloak.testsuite.updaters.ProtocolMappersUpdater) Matchers(org.keycloak.testsuite.util.Matchers) SamlStreams.attributesUnecrypted(org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Set(java.util.Set) Test(org.junit.Test) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Collectors(java.util.stream.Collectors) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) Assert.assertThat(org.junit.Assert.assertThat) Stream(java.util.stream.Stream) RoleMapperTest.createSamlProtocolMapper(org.keycloak.testsuite.saml.RoleMapperTest.createSamlProtocolMapper) SamlClient(org.keycloak.testsuite.util.SamlClient) Matchers.hasSize(org.hamcrest.Matchers.hasSize) SamlStreams.attributeStatements(org.keycloak.testsuite.util.SamlStreams.attributeStatements) SamlStreams.assertionsUnencrypted(org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted) Collections(java.util.Collections) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Before(org.junit.Before) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Test(org.junit.Test)

Example 43 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingAuthnWithSignatureTest.

@Test
public void soapBindingAuthnWithSignatureTest() {
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) response.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SOAP(org.keycloak.testsuite.util.SamlClient.Binding.SOAP) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 44 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingLogoutWithSignatureMissingDestinationTest.

@Test
public void soapBindingLogoutWithSignatureMissingDestinationTest() {
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).transformObject(logoutRequestType -> {
        logoutRequestType.setDestination(null);
        return logoutRequestType;
    }).build().executeAndTransform(POST::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Example 45 with SamlClientBuilder

use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingAuthnWithoutSignatureTest.

@Test
public void soapBindingAuthnWithoutSignatureTest() {
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
    ResponseType rt = (ResponseType) response.getSamlObject();
    assertThat(rt.getAssertions(), not(empty()));
}
Also used : SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SOAP(org.keycloak.testsuite.util.SamlClient.Binding.SOAP) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) Test(org.junit.Test)

Aggregations

SamlClientBuilder (org.keycloak.testsuite.util.SamlClientBuilder)108 Test (org.junit.Test)99 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)65 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)42 Document (org.w3c.dom.Document)38 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)35 AbstractSamlTest (org.keycloak.testsuite.saml.AbstractSamlTest)30 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)28 Matchers.containsString (org.hamcrest.Matchers.containsString)26 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)23 Closeable (java.io.Closeable)21 URI (java.net.URI)20 IOException (java.io.IOException)19 SamlClient (org.keycloak.testsuite.util.SamlClient)18 ArtifactResponseType (org.keycloak.dom.saml.v2.protocol.ArtifactResponseType)17 Element (org.w3c.dom.Element)17 List (java.util.List)16 Response (javax.ws.rs.core.Response)15 Matchers.is (org.hamcrest.Matchers.is)14 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)14