include AuthnContextDecl if present during SAML Assertion Serialization

Closes #10743
This commit is contained in:
Yoann Guion 2022-03-15 10:08:22 +01:00 committed by Hynek Mlnařík
parent 6ebad26904
commit 3d470126de
2 changed files with 41 additions and 0 deletions

View file

@ -241,6 +241,14 @@ public class SAMLAssertionWriter extends BaseWriter {
StaxUtil.writeEndElement(writer); StaxUtil.writeEndElement(writer);
} }
AuthnContextDeclType authnContextDecl = sequence.getAuthnContextDecl();
if (authnContextDecl != null) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_DECL.get(),
ASSERTION_NSURI.get());
StaxUtil.writeCharacters(writer, authnContextDecl.getValue().toString());
StaxUtil.writeEndElement(writer);
}
Set<URIType> uriTypes = sequence.getURIType(); Set<URIType> uriTypes = sequence.getURIType();
if (uriTypes != null) { if (uriTypes != null) {
for (URIType uriType : uriTypes) { for (URIType uriType : uriTypes) {

View file

@ -2,6 +2,9 @@ package org.keycloak.saml.processing.core.saml.v2.writers;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
import org.keycloak.dom.saml.v2.assertion.AuthnContextClassRefType;
import org.keycloak.dom.saml.v2.assertion.AuthnContextDeclType;
import org.keycloak.dom.saml.v2.assertion.AuthnContextType;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType; import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.saml.common.constants.GeneralConstants; import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.exceptions.ProcessingException; import org.keycloak.saml.common.exceptions.ProcessingException;
@ -10,6 +13,7 @@ import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import javax.xml.datatype.XMLGregorianCalendar; import javax.xml.datatype.XMLGregorianCalendar;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.net.URI;
public class SAMLAssertionWriterTest { public class SAMLAssertionWriterTest {
@Test @Test
@ -34,4 +38,33 @@ public class SAMLAssertionWriterTest {
Assert.assertTrue(serializedAssertion.contains(expectedXMLAttribute)); Assert.assertTrue(serializedAssertion.contains(expectedXMLAttribute));
} }
@Test
public void testAuthnContextTypeWithAuthnContextClassRefAndAuthnContextDecl() throws ProcessingException {
String uriSmartCard = "urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI";
String expectedAuthnContextDecl = "AuthnContextDecl>"+uriSmartCard+"<";
String expectedAuthnContextClassRef = "AuthnContextClassRef>"+uriSmartCard+"<";
AuthnContextClassRefType authnContextClassRef = new AuthnContextClassRefType(URI.create(uriSmartCard));
AuthnContextDeclType authnContextDecl = new AuthnContextDeclType(URI.create(uriSmartCard));
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
AuthnStatementType authnStatementType = new AuthnStatementType(issueInstant);
AuthnContextType authnContextType = new AuthnContextType();
AuthnContextType.AuthnContextTypeSequence sequence = new AuthnContextType.AuthnContextTypeSequence();
sequence.setAuthnContextDecl(authnContextDecl);
sequence.setClassRef(authnContextClassRef);
authnContextType.setSequence(sequence);
authnStatementType.setAuthnContext(authnContextType);
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream));
samlAssertionWriter.write(authnStatementType, true);
String serializedAssertion = new String(byteArrayOutputStream.toByteArray(), GeneralConstants.SAML_CHARSET);
Assert.assertTrue(serializedAssertion.contains(expectedAuthnContextClassRef));
Assert.assertTrue(serializedAssertion.contains(expectedAuthnContextDecl));
}
} }