KEYCLOAK-4552
This commit is contained in:
parent
11d93994c2
commit
42954e84d9
9 changed files with 299 additions and 0 deletions
|
@ -98,6 +98,8 @@ public abstract class SAMLRequestAbstractParser {
|
|||
request.setIssuer(issuer);
|
||||
} else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) {
|
||||
request.setSignature(StaxParserUtil.getDOMElement(xmlEventReader));
|
||||
} else if (JBossSAMLConstants.EXTENSIONS.get().equals(elementName)) {
|
||||
request.setExtensions(new SAMLExtensionsParser().parse(xmlEventReader));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,87 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.saml.processing.core.parsers.saml;
|
||||
|
||||
|
||||
import org.keycloak.dom.saml.v2.assertion.NameIDType;
|
||||
import org.keycloak.dom.saml.v2.protocol.AttributeQueryType;
|
||||
import java.io.InputStream;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.w3c.dom.Element;
|
||||
import static org.hamcrest.CoreMatchers.*;
|
||||
import static org.junit.Assert.assertThat;
|
||||
|
||||
/**
|
||||
* Test class for SAML AttributeQuery parser.
|
||||
*
|
||||
* @author hmlnarik
|
||||
*/
|
||||
public class SAMLAttributeQueryParserTest {
|
||||
|
||||
private SAMLParser parser;
|
||||
|
||||
@Before
|
||||
public void initParser() {
|
||||
this.parser = new SAMLParser();
|
||||
}
|
||||
|
||||
@Test(timeout = 2000)
|
||||
public void testSaml20AttributeQuery() throws Exception {
|
||||
try (InputStream is = SAMLAttributeQueryParserTest.class.getResourceAsStream("saml20-attributequery.xml")) {
|
||||
Object parsedObject = parser.parse(is);
|
||||
assertThat(parsedObject, instanceOf(AttributeQueryType.class));
|
||||
|
||||
AttributeQueryType query = (AttributeQueryType) parsedObject;
|
||||
assertThat(query.getSignature(), nullValue());
|
||||
assertThat(query.getConsent(), nullValue());
|
||||
assertThat(query.getIssuer(), not(nullValue()));
|
||||
assertThat(query.getIssuer().getValue(), is("https://sp/"));
|
||||
|
||||
NameIDType nameId = (NameIDType) query.getSubject().getSubType().getBaseID();
|
||||
assertThat(nameId.getValue(), is("CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US"));
|
||||
}
|
||||
}
|
||||
|
||||
@Test(timeout = 2000)
|
||||
public void testSaml20AttributeQueryWithExtension() throws Exception {
|
||||
try (InputStream is = SAMLAttributeQueryParserTest.class.getResourceAsStream("saml20-attributequery-with-extension.xml")) {
|
||||
Object parsedObject = parser.parse(is);
|
||||
assertThat(parsedObject, instanceOf(AttributeQueryType.class));
|
||||
|
||||
AttributeQueryType query = (AttributeQueryType) parsedObject;
|
||||
assertThat(query.getSignature(), nullValue());
|
||||
assertThat(query.getConsent(), nullValue());
|
||||
assertThat(query.getIssuer(), not(nullValue()));
|
||||
assertThat(query.getIssuer().getValue(), is("https://sp/"));
|
||||
|
||||
NameIDType nameId = (NameIDType) query.getSubject().getSubType().getBaseID();
|
||||
assertThat(nameId.getValue(), is("CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US"));
|
||||
|
||||
assertThat(query.getExtensions(), not(nullValue()));
|
||||
assertThat(query.getExtensions().getAny().size(), is(1));
|
||||
assertThat(query.getExtensions().getAny().get(0), instanceOf(Element.class));
|
||||
Element el = (Element) query.getExtensions().getAny().get(0);
|
||||
assertThat(el.getLocalName(), is("KeyInfo"));
|
||||
assertThat(el.getNamespaceURI(), is("urn:keycloak:ext:key:1.0"));
|
||||
assertThat(el.getAttribute("MessageSigningKeyId"), is("FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"));
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,84 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.saml.processing.core.parsers.saml;
|
||||
|
||||
|
||||
import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
|
||||
import java.io.InputStream;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.w3c.dom.Element;
|
||||
import static org.hamcrest.CoreMatchers.*;
|
||||
import static org.junit.Assert.assertThat;
|
||||
|
||||
/**
|
||||
* Test class for SAML AuthNRequest parser.
|
||||
*
|
||||
* @author hmlnarik
|
||||
*/
|
||||
public class SAMLAuthNRequestParserTest {
|
||||
|
||||
private SAMLParser parser;
|
||||
|
||||
@Before
|
||||
public void initParser() {
|
||||
this.parser = new SAMLParser();
|
||||
}
|
||||
|
||||
@Test(timeout = 2000)
|
||||
public void testSaml20AttributeQuery() throws Exception {
|
||||
try (InputStream is = SAMLAuthNRequestParserTest.class.getResourceAsStream("saml20-authnrequest.xml")) {
|
||||
Object parsedObject = parser.parse(is);
|
||||
assertThat(parsedObject, instanceOf(AuthnRequestType.class));
|
||||
|
||||
AuthnRequestType req = (AuthnRequestType) parsedObject;
|
||||
assertThat(req.getSignature(), nullValue());
|
||||
assertThat(req.getConsent(), nullValue());
|
||||
assertThat(req.getIssuer(), not(nullValue()));
|
||||
assertThat(req.getIssuer().getValue(), is("https://sp/"));
|
||||
|
||||
assertThat(req.getNameIDPolicy().getFormat().toString(), is("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
|
||||
}
|
||||
}
|
||||
|
||||
@Test(timeout = 2000)
|
||||
public void testSaml20AttributeQueryWithExtension() throws Exception {
|
||||
try (InputStream is = SAMLAuthNRequestParserTest.class.getResourceAsStream("saml20-authnrequest-with-extension.xml")) {
|
||||
Object parsedObject = parser.parse(is);
|
||||
assertThat(parsedObject, instanceOf(AuthnRequestType.class));
|
||||
|
||||
AuthnRequestType req = (AuthnRequestType) parsedObject;
|
||||
assertThat(req.getSignature(), nullValue());
|
||||
assertThat(req.getConsent(), nullValue());
|
||||
assertThat(req.getIssuer(), not(nullValue()));
|
||||
assertThat(req.getIssuer().getValue(), is("https://sp/"));
|
||||
|
||||
assertThat(req.getNameIDPolicy().getFormat().toString(), is("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
|
||||
|
||||
assertThat(req.getExtensions(), not(nullValue()));
|
||||
assertThat(req.getExtensions().getAny().size(), is(1));
|
||||
assertThat(req.getExtensions().getAny().get(0), instanceOf(Element.class));
|
||||
Element el = (Element) req.getExtensions().getAny().get(0);
|
||||
assertThat(el.getLocalName(), is("KeyInfo"));
|
||||
assertThat(el.getNamespaceURI(), is("urn:keycloak:ext:key:1.0"));
|
||||
assertThat(el.getAttribute("MessageSigningKeyId"), is("FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"));
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,69 @@
|
|||
/*
|
||||
* Copyright 2016 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.saml.processing.core.parsers.saml;
|
||||
|
||||
|
||||
import org.keycloak.dom.saml.v2.assertion.NameIDType;
|
||||
import org.keycloak.dom.saml.v2.protocol.LogoutRequestType;
|
||||
import java.io.InputStream;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.w3c.dom.Element;
|
||||
import static org.hamcrest.CoreMatchers.*;
|
||||
import static org.junit.Assert.assertThat;
|
||||
|
||||
/**
|
||||
* Test class for SAML SLO parser.
|
||||
*
|
||||
* @author hmlnarik
|
||||
*/
|
||||
public class SAMLSloRequestParserTest {
|
||||
|
||||
private SAMLParser parser;
|
||||
|
||||
@Before
|
||||
public void initParser() {
|
||||
this.parser = new SAMLParser();
|
||||
}
|
||||
|
||||
@Test(timeout = 2000)
|
||||
public void testSaml20SloResponseWithExtension() throws Exception {
|
||||
try (InputStream is = SAMLSloRequestParserTest.class.getResourceAsStream("KEYCLOAK-4552-saml20-aslo-response-via-extension.xml")) {
|
||||
Object parsedObject = parser.parse(is);
|
||||
assertThat(parsedObject, instanceOf(LogoutRequestType.class));
|
||||
|
||||
LogoutRequestType resp = (LogoutRequestType) parsedObject;
|
||||
assertThat(resp.getSignature(), nullValue());
|
||||
assertThat(resp.getConsent(), nullValue());
|
||||
assertThat(resp.getIssuer(), not(nullValue()));
|
||||
assertThat(resp.getIssuer().getValue(), is("https://sp/"));
|
||||
|
||||
NameIDType nameId = resp.getNameID();
|
||||
assertThat(nameId.getValue(), is("G-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"));
|
||||
|
||||
assertThat(resp.getExtensions(), not(nullValue()));
|
||||
assertThat(resp.getExtensions().getAny().size(), is(1));
|
||||
assertThat(resp.getExtensions().getAny().get(0), instanceOf(Element.class));
|
||||
Element el = (Element) resp.getExtensions().getAny().get(0);
|
||||
assertThat(el.getLocalName(), is("Asynchronous"));
|
||||
assertThat(el.getNamespaceURI(), is("urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo"));
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
<?xml version="1.0"?>
|
||||
<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://keycloak/auth/realms/XXX/protocol/saml" ID="_b89618b16ed98fed3d2f90b2ddee8027" IssueInstant="2017-03-09T09:32:00Z" Version="2.0">
|
||||
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sp/</saml:Issuer>
|
||||
<saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">G-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</saml:NameID>
|
||||
<samlp:Extensions>
|
||||
<aslo:Asynchronous xmlns:aslo="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo"/>
|
||||
</samlp:Extensions>
|
||||
<samlp:SessionIndex>a1b93b43-4652-4e76-937a-cf3b982d683a</samlp:SessionIndex>
|
||||
</samlp:LogoutRequest>
|
|
@ -0,0 +1,19 @@
|
|||
<samlp:AttributeQuery
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
ID="aaf23196-1773-2113-474a-fe114412ab72"
|
||||
Version="2.0"
|
||||
IssueInstant="2006-07-17T20:31:40">
|
||||
<samlp:Extensions>
|
||||
<kckey:KeyInfo xmlns:kckey="urn:keycloak:ext:key:1.0" MessageSigningKeyId="FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"/>
|
||||
</samlp:Extensions>
|
||||
<saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
|
||||
https://sp/
|
||||
</saml:Issuer>
|
||||
<saml:Subject>
|
||||
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
|
||||
CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US
|
||||
</saml:NameID>
|
||||
</saml:Subject>
|
||||
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.42" FriendlyName="givenName"/>
|
||||
</samlp:AttributeQuery>
|
|
@ -0,0 +1,16 @@
|
|||
<samlp:AttributeQuery
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
ID="aaf23196-1773-2113-474a-fe114412ab72"
|
||||
Version="2.0"
|
||||
IssueInstant="2006-07-17T20:31:40">
|
||||
<saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
|
||||
https://sp/
|
||||
</saml:Issuer>
|
||||
<saml:Subject>
|
||||
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
|
||||
CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US
|
||||
</saml:NameID>
|
||||
</saml:Subject>
|
||||
<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.42" FriendlyName="givenName"/>
|
||||
</samlp:AttributeQuery>
|
|
@ -0,0 +1,8 @@
|
|||
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2004-12-05T09:21:59">
|
||||
<saml:Issuer>https://sp/</saml:Issuer>
|
||||
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
|
||||
<samlp:Extensions>
|
||||
<kckey:KeyInfo xmlns:kckey="urn:keycloak:ext:key:1.0" MessageSigningKeyId="FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"/>
|
||||
</samlp:Extensions>
|
||||
</samlp:AuthnRequest>
|
|
@ -0,0 +1,5 @@
|
|||
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2004-12-05T09:21:59">
|
||||
<saml:Issuer>https://sp/</saml:Issuer>
|
||||
<samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
|
||||
</samlp:AuthnRequest>
|
Loading…
Reference in a new issue