use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class SamlRelayStateTest method relayStateConcurrencyTest.
@Test
@Ignore("KEYCLOAK-5179")
public void relayStateConcurrencyTest() throws Exception {
ThreadLocal<UUID> tl = new ThreadLocal<>();
List<SamlClient.Step> steps = new SamlClientBuilder().addStep(() -> tl.set(UUID.randomUUID())).authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).relayState(() -> tl.get().toString()).build().login().user(bburkeUser).build().assertSamlRelayState(SamlClient.Binding.POST, relayState -> {
assertThat(relayState, is(notNullValue()));
assertThat(relayState, is(equalTo(tl.get().toString())));
}).getSteps();
SamlClient client = new SamlClient();
client.execute(steps);
// removing login as it should not be necessary anymore
steps.remove(2);
AbstractConcurrencyTest.run(2, 10, this, (threadIndex, keycloak, realm) -> {
client.execute(steps);
});
}
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class ProtocolMapperTest method hardcodedAttributeMapperWithNullValueTest.
@Test
public void hardcodedAttributeMapperWithNullValueTest() throws Exception {
pmu.add(createSamlProtocolMapper(HardcodedAttributeMapper.PROVIDER_ID, AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "HARDCODED_ATTRIBUTE", AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, AttributeStatementHelper.BASIC, HardcodedAttributeMapper.ATTRIBUTE_VALUE, null)).update();
SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_EMPLOYEE_2, RoleMapperTest.SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, SamlClient.Binding.POST).build().login().user(bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
Stream<AssertionType> assertions = assertionsUnencrypted(samlResponse.getSamlObject());
Stream<AttributeType> attributes = attributesUnecrypted(attributeStatements(assertions));
Set<Object> attributeValues = attributes.flatMap(a -> a.getAttributeValue().stream()).collect(Collectors.toSet());
assertThat(attributeValues, hasSize(1));
assertThat(attributeValues.iterator().next(), nullValue());
}
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingAuthnWithSignatureTest.
@Test
public void soapBindingAuthnWithSignatureTest() {
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
}
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingLogoutWithSignatureMissingDestinationTest.
@Test
public void soapBindingLogoutWithSignatureMissingDestinationTest() {
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).transformObject(logoutRequestType -> {
logoutRequestType.setDestination(null);
return logoutRequestType;
}).build().executeAndTransform(POST::extractResponse);
assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}
use of org.keycloak.testsuite.util.SamlClientBuilder in project keycloak by keycloak.
the class SOAPBindingTest method soapBindingAuthnWithoutSignatureTest.
@Test
public void soapBindingAuthnWithoutSignatureTest() {
getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_ECP_SP).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "false").setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update());
SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SOAP).basicAuthentication(bburkeUser).build().executeAndTransform(SOAP::extractResponse);
assertThat(response.getSamlObject(), instanceOf(ResponseType.class));
ResponseType rt = (ResponseType) response.getSamlObject();
assertThat(rt.getAssertions(), not(empty()));
}
Aggregations