KEYCLOAK-9077 Adds support for SAML SessionNotOnOrAfter attribute in response xml serialization

This commit is contained in:
Michael Parker 2018-12-13 11:32:18 -06:00 committed by Hynek Mlnařík
parent 653a08885d
commit 7bd1f32eb1
5 changed files with 46 additions and 2 deletions

View file

@ -79,6 +79,7 @@ public enum SAMLAssertionQNames implements HasQName {
ATTR_NOT_ON_OR_AFTER(null, "NotOnOrAfter"),
ATTR_RECIPIENT(null, "Recipient"),
ATTR_SESSION_INDEX(null, "SessionIndex"),
ATTR_SESSION_NOT_ON_OR_AFTER(null, "SessionNotOnOrAfter"),
ATTR_SP_PROVIDED_ID(null, "SPProvidedID"),
ATTR_SP_NAME_QUALIFIER(null, "SPNameQualifier"),
ATTR_VERSION(null, "Version"),

View file

@ -48,7 +48,7 @@ public class SAMLAuthnStatementParser extends AbstractStaxSamlAssertionParser<Au
AuthnStatementType res = new AuthnStatementType(authnInstant);
res.setSessionIndex(StaxParserUtil.getAttributeValue(element, SAMLAssertionQNames.ATTR_SESSION_INDEX));
res.setSessionNotOnOrAfter(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_NOT_ON_OR_AFTER));
res.setSessionNotOnOrAfter(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_SESSION_NOT_ON_OR_AFTER));
return res;
}

View file

@ -38,6 +38,7 @@ import org.keycloak.dom.saml.v2.assertion.URIType;
import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.processing.core.parsers.saml.assertion.SAMLAssertionQNames;
import org.w3c.dom.Element;
import javax.xml.datatype.XMLGregorianCalendar;
@ -221,6 +222,11 @@ public class SAMLAssertionWriter extends BaseWriter {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.SESSION_INDEX.get(), sessionIndex);
}
XMLGregorianCalendar sessionNotOnOrAfter = authnStatement.getSessionNotOnOrAfter();
if (sessionNotOnOrAfter != null) {
StaxUtil.writeAttribute(writer, SAMLAssertionQNames.ATTR_SESSION_NOT_ON_OR_AFTER.getQName(), sessionNotOnOrAfter.toString());
}
AuthnContextType authnContext = authnStatement.getAuthnContext();
if (authnContext != null)
write(authnContext);

View file

@ -0,0 +1,37 @@
package org.keycloak.saml.processing.core.saml.v2.writers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import javax.xml.datatype.XMLGregorianCalendar;
import java.io.ByteArrayOutputStream;
public class SAMLAssertionWriterTest {
@Test
public void testAuthnStatementSessionNotOnOrAfterExists() throws ProcessingException {
long sessionLengthInSeconds = 3600;
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
XMLGregorianCalendar sessionExpirationDate = XMLTimeUtil.add(issueInstant, sessionLengthInSeconds);
AuthnStatementType authnStatementType = new AuthnStatementType(issueInstant);
authnStatementType.setSessionIndex("9b3cf799-225b-424a-8e5e-ee3c38e06ded::24b2f572-163c-43ad-8011-de6cd3803f76");
authnStatementType.setSessionNotOnOrAfter(sessionExpirationDate);
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream));
samlAssertionWriter.write(authnStatementType, true);
String serializedAssertion = new String(byteArrayOutputStream.toByteArray(), GeneralConstants.SAML_CHARSET);
String expectedXMLAttribute = "SessionNotOnOrAfter=\"" + sessionExpirationDate.toString() + "\"";
Assert.assertTrue(serializedAssertion.contains(expectedXMLAttribute));
}
}

View file

@ -70,7 +70,7 @@
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2009-06-17T18:45:10.738Z" NotOnOrAfter="2009-06-17T18:55:10.738Z">
<saml:AuthnStatement AuthnInstant="2009-06-17T18:45:10.738Z" SessionNotOnOrAfter="2009-06-17T18:55:10.738Z">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
</saml:AuthnContextClassRef>