diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriter.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriter.java index c1b5b6fa95..6b98b34fc9 100755 --- a/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriter.java +++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriter.java @@ -241,6 +241,14 @@ public class SAMLAssertionWriter extends BaseWriter { StaxUtil.writeEndElement(writer); } + AuthnContextDeclType authnContextDecl = sequence.getAuthnContextDecl(); + if (authnContextDecl != null) { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_DECL.get(), + ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, authnContextDecl.getValue().toString()); + StaxUtil.writeEndElement(writer); + } + Set uriTypes = sequence.getURIType(); if (uriTypes != null) { for (URIType uriType : uriTypes) { diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriterTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriterTest.java index 8aababb9dd..6e78dcc16c 100644 --- a/saml-core/src/test/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriterTest.java +++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriterTest.java @@ -2,6 +2,9 @@ package org.keycloak.saml.processing.core.saml.v2.writers; import org.junit.Assert; import org.junit.Test; +import org.keycloak.dom.saml.v2.assertion.AuthnContextClassRefType; +import org.keycloak.dom.saml.v2.assertion.AuthnContextDeclType; +import org.keycloak.dom.saml.v2.assertion.AuthnContextType; import org.keycloak.dom.saml.v2.assertion.AuthnStatementType; import org.keycloak.saml.common.constants.GeneralConstants; import org.keycloak.saml.common.exceptions.ProcessingException; @@ -10,6 +13,7 @@ import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil; import javax.xml.datatype.XMLGregorianCalendar; import java.io.ByteArrayOutputStream; +import java.net.URI; public class SAMLAssertionWriterTest { @Test @@ -34,4 +38,33 @@ public class SAMLAssertionWriterTest { Assert.assertTrue(serializedAssertion.contains(expectedXMLAttribute)); } + + @Test + public void testAuthnContextTypeWithAuthnContextClassRefAndAuthnContextDecl() throws ProcessingException { + String uriSmartCard = "urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI"; + String expectedAuthnContextDecl = "AuthnContextDecl>"+uriSmartCard+"<"; + String expectedAuthnContextClassRef = "AuthnContextClassRef>"+uriSmartCard+"<"; + + AuthnContextClassRefType authnContextClassRef = new AuthnContextClassRefType(URI.create(uriSmartCard)); + AuthnContextDeclType authnContextDecl = new AuthnContextDeclType(URI.create(uriSmartCard)); + + XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant(); + AuthnStatementType authnStatementType = new AuthnStatementType(issueInstant); + AuthnContextType authnContextType = new AuthnContextType(); + AuthnContextType.AuthnContextTypeSequence sequence = new AuthnContextType.AuthnContextTypeSequence(); + sequence.setAuthnContextDecl(authnContextDecl); + sequence.setClassRef(authnContextClassRef); + authnContextType.setSequence(sequence); + authnStatementType.setAuthnContext(authnContextType); + + ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); + SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream)); + + samlAssertionWriter.write(authnStatementType, true); + + String serializedAssertion = new String(byteArrayOutputStream.toByteArray(), GeneralConstants.SAML_CHARSET); + + Assert.assertTrue(serializedAssertion.contains(expectedAuthnContextClassRef)); + Assert.assertTrue(serializedAssertion.contains(expectedAuthnContextDecl)); + } }