libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-9077 Adds support for SAML SessionNotOnOrAfter attribute in response xml serialization

Browse source
This commit is contained in:
Michael Parker 2018-12-13 11:32:18 -06:00 committed by Hynek Mlnařík
parent 653a08885d
commit 7bd1f32eb1
5 changed files with 46 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/assertion/SAMLAssertionQNames.java
View file

@ -79,6 +79,7 @@ public enum SAMLAssertionQNames implements HasQName {
ATTR_NOT_ON_OR_AFTER(null, "NotOnOrAfter"), ATTR_NOT_ON_OR_AFTER(null, "NotOnOrAfter"),
ATTR_RECIPIENT(null, "Recipient"), ATTR_RECIPIENT(null, "Recipient"),
ATTR_SESSION_INDEX(null, "SessionIndex"), ATTR_SESSION_INDEX(null, "SessionIndex"),
ATTR_SESSION_NOT_ON_OR_AFTER(null, "SessionNotOnOrAfter"),
ATTR_SP_PROVIDED_ID(null, "SPProvidedID"), ATTR_SP_PROVIDED_ID(null, "SPProvidedID"),
ATTR_SP_NAME_QUALIFIER(null, "SPNameQualifier"), ATTR_SP_NAME_QUALIFIER(null, "SPNameQualifier"),
ATTR_VERSION(null, "Version"), ATTR_VERSION(null, "Version"),

2
saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/assertion/SAMLAuthnStatementParser.java
View file

@ -48,7 +48,7 @@ public class SAMLAuthnStatementParser extends AbstractStaxSamlAssertionParser<Au
AuthnStatementType res = new AuthnStatementType(authnInstant); AuthnStatementType res = new AuthnStatementType(authnInstant);
res.setSessionIndex(StaxParserUtil.getAttributeValue(element, SAMLAssertionQNames.ATTR_SESSION_INDEX)); res.setSessionIndex(StaxParserUtil.getAttributeValue(element, SAMLAssertionQNames.ATTR_SESSION_INDEX));
res.setSessionNotOnOrAfter(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_NOT_ON_OR_AFTER)); res.setSessionNotOnOrAfter(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_SESSION_NOT_ON_OR_AFTER));
return res; return res;
} }

6
saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriter.java
View file

@ -38,6 +38,7 @@ import org.keycloak.dom.saml.v2.assertion.URIType;
import org.keycloak.saml.common.constants.JBossSAMLConstants; import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.exceptions.ProcessingException; import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.StaxUtil; import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.processing.core.parsers.saml.assertion.SAMLAssertionQNames;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import javax.xml.datatype.XMLGregorianCalendar; import javax.xml.datatype.XMLGregorianCalendar;
@ -221,6 +222,11 @@ public class SAMLAssertionWriter extends BaseWriter {
StaxUtil.writeAttribute(writer, JBossSAMLConstants.SESSION_INDEX.get(), sessionIndex); StaxUtil.writeAttribute(writer, JBossSAMLConstants.SESSION_INDEX.get(), sessionIndex);
} }
XMLGregorianCalendar sessionNotOnOrAfter = authnStatement.getSessionNotOnOrAfter();
if (sessionNotOnOrAfter != null) {
StaxUtil.writeAttribute(writer, SAMLAssertionQNames.ATTR_SESSION_NOT_ON_OR_AFTER.getQName(), sessionNotOnOrAfter.toString());
}
AuthnContextType authnContext = authnStatement.getAuthnContext(); AuthnContextType authnContext = authnStatement.getAuthnContext();
if (authnContext != null) if (authnContext != null)
write(authnContext); write(authnContext);

37
saml-core/src/test/java/org/keycloak/saml/processing/core/saml/v2/writers/SAMLAssertionWriterTest.java Normal file
View file

@ -0,0 +1,37 @@
package org.keycloak.saml.processing.core.saml.v2.writers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import javax.xml.datatype.XMLGregorianCalendar;
import java.io.ByteArrayOutputStream;
public class SAMLAssertionWriterTest {
@Test
public void testAuthnStatementSessionNotOnOrAfterExists() throws ProcessingException {
long sessionLengthInSeconds = 3600;
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
XMLGregorianCalendar sessionExpirationDate = XMLTimeUtil.add(issueInstant, sessionLengthInSeconds);
AuthnStatementType authnStatementType = new AuthnStatementType(issueInstant);
authnStatementType.setSessionIndex("9b3cf799-225b-424a-8e5e-ee3c38e06ded::24b2f572-163c-43ad-8011-de6cd3803f76");
authnStatementType.setSessionNotOnOrAfter(sessionExpirationDate);
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream));
samlAssertionWriter.write(authnStatementType, true);
String serializedAssertion = new String(byteArrayOutputStream.toByteArray(), GeneralConstants.SAML_CHARSET);
String expectedXMLAttribute = "SessionNotOnOrAfter=\"" + sessionExpirationDate.toString() + "\"";
Assert.assertTrue(serializedAssertion.contains(expectedXMLAttribute));
}
}

2
saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-assertion-example.xml
View file

@ -70,7 +70,7 @@
</saml:AudienceRestriction> </saml:AudienceRestriction>
</saml:Conditions> </saml:Conditions>
<saml:AuthnStatement AuthnInstant="2009-06-17T18:45:10.738Z" NotOnOrAfter="2009-06-17T18:55:10.738Z"> <saml:AuthnStatement AuthnInstant="2009-06-17T18:45:10.738Z" SessionNotOnOrAfter="2009-06-17T18:55:10.738Z">
<saml:AuthnContext> <saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
</saml:AuthnContextClassRef> </saml:AuthnContextClassRef>