KEYCLOAK-5976 Fix client setting in brokered IdP-initiated scenario

2018-01-22 17:50:53 +01:00 · 2018-01-22 17:50:53 +01:00 · 4ba72e2d2d
commit 4ba72e2d2d
parent 5f49db6c7f
2 changed files with 41 additions and 5 deletions
--- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
@ -636,6 +636,8 @@ public class SamlService extends AuthorizationEndpointBase {
            return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REDIRECT_URI);
        }

+        session.getContext().setClient(client);
+
        AuthenticationSessionModel authSession = getOrCreateLoginSessionForIdpInitiatedSso(this.session, this.realm, client, relayState);

        return newBrowserAuthentication(authSession, false, false);
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java
@ -1,8 +1,3 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
 package org.keycloak.testsuite.broker;

 import org.keycloak.admin.client.resource.ClientsResource;
@ -145,6 +140,10 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest {
        return getAuthRoot() + "/auth/realms/" + realmName + "/broker/saml-leaf/endpoint/clients/" + samlIdpInitiatedSsoUrlName;
    }

+    private String getSamlBrokerUrl(String realmName) {
+        return getAuthRoot() + "/auth/realms/" + realmName + "/broker/saml-leaf/endpoint";
+    }
+
    private void waitForPage(final String title) {
        WebDriverWait wait = new WebDriverWait(driver, 5);

@ -181,6 +180,41 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest {
        assertThat(resp.getDestination(), is("http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth"));
    }

+    @Test
+    public void testConsumerIdpInitiatedLoginToApp() {
+        SAMLDocumentHolder samlResponse = new SamlClientBuilder()
+          .navigateTo(getSamlIdpInitiatedUrl(REALM_CONS_NAME, "sales"))
+          // Request login via saml-leaf
+          .login().idp("saml-leaf").build()
+
+          .processSamlResponse(Binding.POST)    // AuthnRequest to producer IdP
+            .targetAttributeSamlRequest()
+            .build()
+
+          // Login in provider realm
+          .login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build()
+
+          // Send the response to the consumer realm
+          .processSamlResponse(Binding.POST)
+          .transformObject(ob -> {
+              assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
+              ResponseType resp = (ResponseType) ob;
+              assertThat(resp.getDestination(), is(getSamlBrokerUrl(REALM_CONS_NAME)));
+              return ob;
+          })
+          .build()
+
+          .updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build()
+          .followOneRedirect()
+
+          // Obtain the response sent to the app
+          .getSamlResponse(Binding.POST);
+
+        assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
+        ResponseType resp = (ResponseType) samlResponse.getSamlObject();
+        assertThat(resp.getDestination(), is("http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth"));
+    }
+
    @Test
    public void testTwoConsequentIdpInitiatedLogins() {
        SAMLDocumentHolder samlResponse = new SamlClientBuilder()