include AuthnContextDecl if present during SAML Assertion Serialization

Closes #10743

saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriter.java

@@ -241,6 +241,14 @@ public class SAMLAssertionWriter extends BaseWriter {
                 StaxUtil.writeEndElement(writer);
             }
 
+            AuthnContextDeclType authnContextDecl = sequence.getAuthnContextDecl();
+            if (authnContextDecl != null) {
+                StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_DECL.get(),
+                        ASSERTION_NSURI.get());
+                StaxUtil.writeCharacters(writer, authnContextDecl.getValue().toString());
+                StaxUtil.writeEndElement(writer);
+            }
+
             Set<URIType> uriTypes = sequence.getURIType();
             if (uriTypes != null) {
                 for (URIType uriType : uriTypes) {

saml-core/src/test/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriterTest.java

@@ -2,6 +2,9 @@ package org.keycloak.saml.processing.core.saml.v2.writers;
 
 import org.junit.Assert;
 import org.junit.Test;
+import org.keycloak.dom.saml.v2.assertion.AuthnContextClassRefType;
+import org.keycloak.dom.saml.v2.assertion.AuthnContextDeclType;
+import org.keycloak.dom.saml.v2.assertion.AuthnContextType;
 import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
 import org.keycloak.saml.common.constants.GeneralConstants;
 import org.keycloak.saml.common.exceptions.ProcessingException;
@@ -10,6 +13,7 @@ import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
 
 import javax.xml.datatype.XMLGregorianCalendar;
 import java.io.ByteArrayOutputStream;
+import java.net.URI;
 
 public class SAMLAssertionWriterTest {
     @Test
@@ -34,4 +38,33 @@ public class SAMLAssertionWriterTest {
 
         Assert.assertTrue(serializedAssertion.contains(expectedXMLAttribute));
     }
+
+    @Test
+    public void testAuthnContextTypeWithAuthnContextClassRefAndAuthnContextDecl() throws ProcessingException {
+        String uriSmartCard = "urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI";
+        String expectedAuthnContextDecl = "AuthnContextDecl>"+uriSmartCard+"<";
+        String expectedAuthnContextClassRef = "AuthnContextClassRef>"+uriSmartCard+"<";
+
+        AuthnContextClassRefType authnContextClassRef = new AuthnContextClassRefType(URI.create(uriSmartCard));
+        AuthnContextDeclType authnContextDecl = new AuthnContextDeclType(URI.create(uriSmartCard));
+
+        XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+        AuthnStatementType authnStatementType = new AuthnStatementType(issueInstant);
+        AuthnContextType authnContextType = new AuthnContextType();
+        AuthnContextType.AuthnContextTypeSequence sequence = new AuthnContextType.AuthnContextTypeSequence();
+        sequence.setAuthnContextDecl(authnContextDecl);
+        sequence.setClassRef(authnContextClassRef);
+        authnContextType.setSequence(sequence);
+        authnStatementType.setAuthnContext(authnContextType);
+
+        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+        SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream));
+
+        samlAssertionWriter.write(authnStatementType, true);
+
+        String serializedAssertion = new String(byteArrayOutputStream.toByteArray(), GeneralConstants.SAML_CHARSET);
+
+        Assert.assertTrue(serializedAssertion.contains(expectedAuthnContextClassRef));
+        Assert.assertTrue(serializedAssertion.contains(expectedAuthnContextDecl));
+    }
 }