diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java
index 457f33269b..4d722a522b 100755
--- a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java
@@ -98,6 +98,8 @@ public abstract class SAMLRequestAbstractParser {
request.setIssuer(issuer);
} else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) {
request.setSignature(StaxParserUtil.getDOMElement(xmlEventReader));
+ } else if (JBossSAMLConstants.EXTENSIONS.get().equals(elementName)) {
+ request.setExtensions(new SAMLExtensionsParser().parse(xmlEventReader));
}
}
diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeQueryParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeQueryParserTest.java
new file mode 100644
index 0000000000..a7ea4c5eef
--- /dev/null
+++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeQueryParserTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.saml.processing.core.parsers.saml;
+
+
+import org.keycloak.dom.saml.v2.assertion.NameIDType;
+import org.keycloak.dom.saml.v2.protocol.AttributeQueryType;
+import java.io.InputStream;
+
+import org.junit.Test;
+
+import org.junit.Before;
+import org.w3c.dom.Element;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test class for SAML AttributeQuery parser.
+ *
+ * @author hmlnarik
+ */
+public class SAMLAttributeQueryParserTest {
+
+ private SAMLParser parser;
+
+ @Before
+ public void initParser() {
+ this.parser = new SAMLParser();
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20AttributeQuery() throws Exception {
+ try (InputStream is = SAMLAttributeQueryParserTest.class.getResourceAsStream("saml20-attributequery.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(AttributeQueryType.class));
+
+ AttributeQueryType query = (AttributeQueryType) parsedObject;
+ assertThat(query.getSignature(), nullValue());
+ assertThat(query.getConsent(), nullValue());
+ assertThat(query.getIssuer(), not(nullValue()));
+ assertThat(query.getIssuer().getValue(), is("https://sp/"));
+
+ NameIDType nameId = (NameIDType) query.getSubject().getSubType().getBaseID();
+ assertThat(nameId.getValue(), is("CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US"));
+ }
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20AttributeQueryWithExtension() throws Exception {
+ try (InputStream is = SAMLAttributeQueryParserTest.class.getResourceAsStream("saml20-attributequery-with-extension.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(AttributeQueryType.class));
+
+ AttributeQueryType query = (AttributeQueryType) parsedObject;
+ assertThat(query.getSignature(), nullValue());
+ assertThat(query.getConsent(), nullValue());
+ assertThat(query.getIssuer(), not(nullValue()));
+ assertThat(query.getIssuer().getValue(), is("https://sp/"));
+
+ NameIDType nameId = (NameIDType) query.getSubject().getSubType().getBaseID();
+ assertThat(nameId.getValue(), is("CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US"));
+
+ assertThat(query.getExtensions(), not(nullValue()));
+ assertThat(query.getExtensions().getAny().size(), is(1));
+ assertThat(query.getExtensions().getAny().get(0), instanceOf(Element.class));
+ Element el = (Element) query.getExtensions().getAny().get(0);
+ assertThat(el.getLocalName(), is("KeyInfo"));
+ assertThat(el.getNamespaceURI(), is("urn:keycloak:ext:key:1.0"));
+ assertThat(el.getAttribute("MessageSigningKeyId"), is("FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"));
+ }
+ }
+}
diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAuthNRequestParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAuthNRequestParserTest.java
new file mode 100644
index 0000000000..e16a3d0420
--- /dev/null
+++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAuthNRequestParserTest.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.saml.processing.core.parsers.saml;
+
+
+import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
+import java.io.InputStream;
+
+import org.junit.Test;
+
+import org.junit.Before;
+import org.w3c.dom.Element;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test class for SAML AuthNRequest parser.
+ *
+ * @author hmlnarik
+ */
+public class SAMLAuthNRequestParserTest {
+
+ private SAMLParser parser;
+
+ @Before
+ public void initParser() {
+ this.parser = new SAMLParser();
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20AttributeQuery() throws Exception {
+ try (InputStream is = SAMLAuthNRequestParserTest.class.getResourceAsStream("saml20-authnrequest.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(AuthnRequestType.class));
+
+ AuthnRequestType req = (AuthnRequestType) parsedObject;
+ assertThat(req.getSignature(), nullValue());
+ assertThat(req.getConsent(), nullValue());
+ assertThat(req.getIssuer(), not(nullValue()));
+ assertThat(req.getIssuer().getValue(), is("https://sp/"));
+
+ assertThat(req.getNameIDPolicy().getFormat().toString(), is("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
+ }
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20AttributeQueryWithExtension() throws Exception {
+ try (InputStream is = SAMLAuthNRequestParserTest.class.getResourceAsStream("saml20-authnrequest-with-extension.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(AuthnRequestType.class));
+
+ AuthnRequestType req = (AuthnRequestType) parsedObject;
+ assertThat(req.getSignature(), nullValue());
+ assertThat(req.getConsent(), nullValue());
+ assertThat(req.getIssuer(), not(nullValue()));
+ assertThat(req.getIssuer().getValue(), is("https://sp/"));
+
+ assertThat(req.getNameIDPolicy().getFormat().toString(), is("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
+
+ assertThat(req.getExtensions(), not(nullValue()));
+ assertThat(req.getExtensions().getAny().size(), is(1));
+ assertThat(req.getExtensions().getAny().get(0), instanceOf(Element.class));
+ Element el = (Element) req.getExtensions().getAny().get(0);
+ assertThat(el.getLocalName(), is("KeyInfo"));
+ assertThat(el.getNamespaceURI(), is("urn:keycloak:ext:key:1.0"));
+ assertThat(el.getAttribute("MessageSigningKeyId"), is("FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"));
+ }
+ }
+}
diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParserTest.java
new file mode 100644
index 0000000000..6967465b08
--- /dev/null
+++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParserTest.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.saml.processing.core.parsers.saml;
+
+
+import org.keycloak.dom.saml.v2.assertion.NameIDType;
+import org.keycloak.dom.saml.v2.protocol.LogoutRequestType;
+import java.io.InputStream;
+
+import org.junit.Test;
+
+import org.junit.Before;
+import org.w3c.dom.Element;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test class for SAML SLO parser.
+ *
+ * @author hmlnarik
+ */
+public class SAMLSloRequestParserTest {
+
+ private SAMLParser parser;
+
+ @Before
+ public void initParser() {
+ this.parser = new SAMLParser();
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20SloResponseWithExtension() throws Exception {
+ try (InputStream is = SAMLSloRequestParserTest.class.getResourceAsStream("KEYCLOAK-4552-saml20-aslo-response-via-extension.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(LogoutRequestType.class));
+
+ LogoutRequestType resp = (LogoutRequestType) parsedObject;
+ assertThat(resp.getSignature(), nullValue());
+ assertThat(resp.getConsent(), nullValue());
+ assertThat(resp.getIssuer(), not(nullValue()));
+ assertThat(resp.getIssuer().getValue(), is("https://sp/"));
+
+ NameIDType nameId = resp.getNameID();
+ assertThat(nameId.getValue(), is("G-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"));
+
+ assertThat(resp.getExtensions(), not(nullValue()));
+ assertThat(resp.getExtensions().getAny().size(), is(1));
+ assertThat(resp.getExtensions().getAny().get(0), instanceOf(Element.class));
+ Element el = (Element) resp.getExtensions().getAny().get(0);
+ assertThat(el.getLocalName(), is("Asynchronous"));
+ assertThat(el.getNamespaceURI(), is("urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo"));
+ }
+ }
+}
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4552-saml20-aslo-response-via-extension.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4552-saml20-aslo-response-via-extension.xml
new file mode 100644
index 0000000000..aa62a2fa0e
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4552-saml20-aslo-response-via-extension.xml
@@ -0,0 +1,9 @@
+
+
+ https://sp/
+ G-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
+
+
+
+ a1b93b43-4652-4e76-937a-cf3b982d683a
+
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery-with-extension.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery-with-extension.xml
new file mode 100644
index 0000000000..525e69246b
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery-with-extension.xml
@@ -0,0 +1,19 @@
+
+
+
+
+
+ https://sp/
+
+
+
+ CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US
+
+
+
+
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery.xml
new file mode 100644
index 0000000000..0e64bbf1cd
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery.xml
@@ -0,0 +1,16 @@
+
+
+ https://sp/
+
+
+
+ CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US
+
+
+
+
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest-with-extension.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest-with-extension.xml
new file mode 100644
index 0000000000..655eae6d30
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest-with-extension.xml
@@ -0,0 +1,8 @@
+
+ https://sp/
+
+
+
+
+
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest.xml
new file mode 100644
index 0000000000..7e63302498
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest.xml
@@ -0,0 +1,5 @@
+
+ https://sp/
+
+
\ No newline at end of file