libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

html encoding fix

Browse source
This commit is contained in:
Bill Burke 2015-06-08 12:38:16 -04:00
parent 07bc756785
commit 91283878ac
5 changed files with 509 additions and 476 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
core/src/main/java/org/keycloak/util/HtmlUtils.java Normal file → Executable file
View file

@ -34,7 +34,17 @@ public class HtmlUtils {
for (int i = 0; i < value.length(); i++) { for (int i = 0; i < value.length(); i++) {
char chr = value.charAt(i); char chr = value.charAt(i);
if (chr != '\'' && chr != '"' && chr != '<' && chr != '>' && chr != '/') { if (chr == '<') {
escaped.append("&lt;");
} else if (chr == '>') {
escaped.append("&gt;");
} else if (chr == '"') {
escaped.append("&quot;");
} else if (chr == '\'') {
escaped.append("&apos;");
} else if (chr == '&') {
escaped.append("&amp;");
} else {
escaped.append(chr); escaped.append(chr);
} }
} }

1
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file

@ -504,6 +504,7 @@ public class SamlService {
@QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse, @QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse,
@QueryParam(GeneralConstants.RELAY_STATE) String relayState) { @QueryParam(GeneralConstants.RELAY_STATE) String relayState) {
logger.debug("SAML GET"); logger.debug("SAML GET");
//String uri = uriInfo.getRequestUri().toString();
return new RedirectBindingProtocol().execute(samlRequest, samlResponse, relayState); return new RedirectBindingProtocol().execute(samlRequest, samlResponse, relayState);
} }

968
testsuite/integration/src/test/java/org/keycloak/testsuite/saml/SamlBindingTest.java
View file

@ -1,473 +1,495 @@
package org.keycloak.testsuite.saml; package org.keycloak.testsuite.saml;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput; import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
import org.junit.Assert; import org.junit.Assert;
import org.junit.ClassRule; import org.junit.ClassRule;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.keycloak.Config; import org.keycloak.Config;
import org.keycloak.models.ClientModel; import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionModel; import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.Constants; import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession; import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel; import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel; import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel; import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel; import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.OIDCLoginProtocol; import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.TokenManager; import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.protocol.saml.mappers.AttributeStatementHelper; import org.keycloak.protocol.saml.mappers.AttributeStatementHelper;
import org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper; import org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper;
import org.keycloak.protocol.saml.mappers.HardcodedRole; import org.keycloak.protocol.saml.mappers.HardcodedRole;
import org.keycloak.protocol.saml.mappers.RoleListMapper; import org.keycloak.protocol.saml.mappers.RoleListMapper;
import org.keycloak.protocol.saml.mappers.RoleNameMapper; import org.keycloak.protocol.saml.mappers.RoleNameMapper;
import org.keycloak.representations.AccessToken; import org.keycloak.representations.AccessToken;
import org.keycloak.services.managers.RealmManager; import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.resources.admin.AdminRoot; import org.keycloak.services.resources.admin.AdminRoot;
import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.KeycloakRule; import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource; import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule; import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver; import org.openqa.selenium.WebDriver;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants; import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.api.saml.v2.response.SAML2Response; import org.keycloak.saml.processing.api.saml.v2.response.SAML2Response;
import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants; import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
import org.keycloak.dom.saml.v2.assertion.AssertionType; import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType; import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
import org.keycloak.dom.saml.v2.assertion.AttributeType; import org.keycloak.dom.saml.v2.assertion.AttributeType;
import org.keycloak.dom.saml.v2.protocol.ResponseType; import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.saml.processing.web.util.PostBindingUtil; import org.keycloak.saml.processing.web.util.PostBindingUtil;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.client.Client; import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder; import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.ClientRequestContext; import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter; import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.client.Entity; import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget; import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriBuilder;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
/** /**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a> * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $ * @version $Revision: 1 $
*/ */
public class SamlBindingTest { public class SamlBindingTest {
@ClassRule @ClassRule
public static SamlKeycloakRule keycloakRule = new SamlKeycloakRule() { public static SamlKeycloakRule keycloakRule = new SamlKeycloakRule() {
@Override @Override
public void initWars() { public void initWars() {
ClassLoader classLoader = SamlBindingTest.class.getClassLoader(); ClassLoader classLoader = SamlBindingTest.class.getClassLoader();
initializeSamlSecuredWar("/saml/simple-post", "/sales-post", "post.war", classLoader); initializeSamlSecuredWar("/saml/simple-post", "/sales-post", "post.war", classLoader);
initializeSamlSecuredWar("/saml/signed-post", "/sales-post-sig", "post-sig.war", classLoader); initializeSamlSecuredWar("/saml/signed-post", "/sales-post-sig", "post-sig.war", classLoader);
initializeSamlSecuredWar("/saml/signed-post-email", "/sales-post-sig-email", "post-sig-email.war", classLoader); initializeSamlSecuredWar("/saml/signed-post-email", "/sales-post-sig-email", "post-sig-email.war", classLoader);
initializeSamlSecuredWar("/saml/signed-post-transient", "/sales-post-sig-transient", "post-sig-transient.war", classLoader); initializeSamlSecuredWar("/saml/signed-post-transient", "/sales-post-sig-transient", "post-sig-transient.war", classLoader);
initializeSamlSecuredWar("/saml/signed-post-persistent", "/sales-post-sig-persistent", "post-sig-persistent.war", classLoader); initializeSamlSecuredWar("/saml/signed-post-persistent", "/sales-post-sig-persistent", "post-sig-persistent.war", classLoader);
initializeSamlSecuredWar("/saml/signed-metadata", "/sales-metadata", "post-metadata.war", classLoader); initializeSamlSecuredWar("/saml/signed-metadata", "/sales-metadata", "post-metadata.war", classLoader);
initializeSamlSecuredWar("/saml/signed-get", "/employee-sig", "employee-sig.war", classLoader); initializeSamlSecuredWar("/saml/signed-get", "/employee-sig", "employee-sig.war", classLoader);
//initializeSamlSecuredWar("/saml/simple-get", "/employee", "employee.war", classLoader); //initializeSamlSecuredWar("/saml/simple-get", "/employee", "employee.war", classLoader);
initializeSamlSecuredWar("/saml/signed-front-get", "/employee-sig-front", "employee-sig-front.war", classLoader); initializeSamlSecuredWar("/saml/signed-front-get", "/employee-sig-front", "employee-sig-front.war", classLoader);
initializeSamlSecuredWar("/saml/bad-client-signed-post", "/bad-client-sales-post-sig", "bad-client-post-sig.war", classLoader); initializeSamlSecuredWar("/saml/bad-client-signed-post", "/bad-client-sales-post-sig", "bad-client-post-sig.war", classLoader);
initializeSamlSecuredWar("/saml/bad-realm-signed-post", "/bad-realm-sales-post-sig", "bad-realm-post-sig.war", classLoader); initializeSamlSecuredWar("/saml/bad-realm-signed-post", "/bad-realm-sales-post-sig", "bad-realm-post-sig.war", classLoader);
initializeSamlSecuredWar("/saml/encrypted-post", "/sales-post-enc", "post-enc.war", classLoader); initializeSamlSecuredWar("/saml/encrypted-post", "/sales-post-enc", "post-enc.war", classLoader);
uploadSP(); uploadSP();
server.getServer().deploy(createDeploymentInfo("employee.war", "/employee", SamlSPFacade.class)); server.getServer().deploy(createDeploymentInfo("employee.war", "/employee", SamlSPFacade.class));
} }
@Override @Override
public String getRealmJson() { public String getRealmJson() {
return "/saml/testsaml.json"; return "/saml/testsaml.json";
} }
}; };
public static class SamlSPFacade extends HttpServlet { public static class SamlSPFacade extends HttpServlet {
public static String samlResponse; public static String samlResponse;
public static String RELAY_STATE = "http://test.com/foo/bar";
@Override public static String sentRelayState;
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
handler(req, resp); @Override
} protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
handler(req, resp);
@Override }
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
handler(req, resp); @Override
} protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
handler(req, resp);
private void handler(HttpServletRequest req, HttpServletResponse resp) { }
System.out.println("********* HERE ******");
if (req.getParameterMap().isEmpty()) { private void handler(HttpServletRequest req, HttpServletResponse resp) {
System.out.println("redirecting"); System.out.println("********* HERE ******");
resp.setStatus(302); if (req.getParameterMap().isEmpty()) {
resp.setHeader("Location", "http://localhost:8081/auth/realms/demo/protocol/saml?SAMLRequest=jVJbT8IwFP4rS99HuwluNIwEIUYSLwugD76Y2h2kSdfOng7l31uGRn0ATfrQ9HznfJfTEYpaN3zS%2Bo1ZwGsL6KP3WhvkXaEgrTPcClTIjagBuZd8Obm55mmP8cZZb6XV5NByGiwQwXllDYkmX9epNdjW4JbgtkrC%2FeK6IBvvG06ptlLojUXPc5YnFOpG2x0AJdEsaFRG7PuPoUWwQx0IXSOtoLb0SynduyLRpXUSOs8FWQuNQKL5rCDz2VO%2FymEgIY2zlJ3H%2FSx9jkU%2BzOK0ys8yNmSSsUEAYxnsqC18tyO2MDfohfEFSVkyiNlZzM5XacrDSbJePug%2Fkqj8FHKhTKXMy%2BnIng8g5FerVRmXd8sViR7AYec8AMh4tPfDO3L3Y2%2F%2F3cT4j7BH9Mf8A1nDb8PA%2Bay0WsldNNHavk1D1D5k4V0LXbi18MclJL2ke1FVvO6gvDXYgFRrBRWh4wPp7z85%2FgA%3D"); System.out.println("redirecting");
return; resp.setStatus(302);
} // Redirect
System.out.println("received response"); // UriBuilder builder = UriBuilder.fromUri("http://localhost:8081/auth/realms/demo/protocol/saml?SAMLRequest=jVLRTsIwFP2Vpe%2BjG4wxG0YyWYxL0BBAH3wx3XYnTbp29nYof%2B8YEvEBNOlD03vOveec2ynyWjYsae1WreC9BbTOZy0Vsr4Qk9YopjkKZIrXgMwWbJ08LNhw4LHGaKsLLcmRch3MEcFYoRVxktN1rhW2NZg1mJ0o4Gm1iMnW2oZRKnXB5VajZZEX%2BRTqRuo9ACVO2mkUih%2F4l9C8s0MNcFkjLaHW9KSUHlwR506bAnrPMam4RCBOlsYkS1%2BD3MvLcDJxAx9KN4jCkXszrG5cP%2BCVH4y8IM8PYFx2dsQOfuiILWQKLVc2JkPPH7te6HrRxh%2BzUdidwSSIXoiz%2FBZyK1Qp1Nv1yPIjCNn9ZrN0V1AKA4UlzjMY7N13IDKbHjyxXoA5291%2FtzH7I%2FApPet%2FHNawx65hli61FMXeSaTUH%2FMubtvlYU0LfcA1t5cl%2BAO%2FfxGlW%2FVQ1ipsoBCVgJLQ2XHo7385%2BwI%3D");
samlResponse = req.getParameter("SAMLResponse"); UriBuilder builder = UriBuilder.fromUri("http://localhost:8081/auth/realms/demo/protocol/saml?SAMLRequest=jVJbT8IwFP4rS99HuwluNIwEIUYSLwugD76Y2h2kSdfOng7l31uGRn0ATfrQ9HznfJfTEYpaN3zS%2Bo1ZwGsL6KP3WhvkXaEgrTPcClTIjagBuZd8Obm55mmP8cZZb6XV5NByGiwQwXllDYkmX9epNdjW4JbgtkrC%2FeK6IBvvG06ptlLojUXPc5YnFOpG2x0AJdEsaFRG7PuPoUWwQx0IXSOtoLb0SynduyLRpXUSOs8FWQuNQKL5rCDz2VO%2FymEgIY2zlJ3H%2FSx9jkU%2BzOK0ys8yNmSSsUEAYxnsqC18tyO2MDfohfEFSVkyiNlZzM5XacrDSbJePug%2Fkqj8FHKhTKXMy%2BnIng8g5FerVRmXd8sViR7AYec8AMh4tPfDO3L3Y2%2F%2F3cT4j7BH9Mf8A1nDb8PA%2Bay0WsldNNHavk1D1D5k4V0LXbi18MclJL2ke1FVvO6gvDXYgFRrBRWh4wPp7z85%2FgA%3D");
} builder.queryParam("RelayState", RELAY_STATE);
} resp.setHeader("Location", builder.build().toString());
return;
@Rule }
public WebRule webRule = new WebRule(this); System.out.println("received response");
@WebResource samlResponse = req.getParameter("SAMLResponse");
protected WebDriver driver; sentRelayState = req.getParameter("RelayState");
@WebResource }
protected LoginPage loginPage; }
protected void checkLoggedOut(String mainUrl) { @Rule
String pageSource = driver.getPageSource(); public WebRule webRule = new WebRule(this);
System.out.println("*** logout pagesouce ***"); @WebResource
System.out.println(pageSource); protected WebDriver driver;
System.out.println("driver url: " + driver.getCurrentUrl()); @WebResource
Assert.assertTrue(pageSource.contains("request-path: /logout.jsp")); protected LoginPage loginPage;
driver.navigate().to(mainUrl);
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml")); protected void checkLoggedOut(String mainUrl) {
} String pageSource = driver.getPageSource();
System.out.println("*** logout pagesouce ***");
System.out.println(pageSource);
@Test System.out.println("driver url: " + driver.getCurrentUrl());
public void testPostSimpleLoginLogout() { Assert.assertTrue(pageSource.contains("request-path: /logout.jsp"));
driver.navigate().to("http://localhost:8081/sales-post/"); driver.navigate().to(mainUrl);
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
loginPage.login("bburke", "password"); }
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post/");
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("bburke")); @Test
driver.navigate().to("http://localhost:8081/sales-post?GLO=true"); public void testPostSimpleLoginLogout() {
checkLoggedOut("http://localhost:8081/sales-post/"); driver.navigate().to("http://localhost:8081/sales-post/");
} Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
@Test loginPage.login("bburke", "password");
public void testPostSignedLoginLogout() { Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post/");
driver.navigate().to("http://localhost:8081/sales-post-sig/"); System.out.println(driver.getPageSource());
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); Assert.assertTrue(driver.getPageSource().contains("bburke"));
loginPage.login("bburke", "password"); driver.navigate().to("http://localhost:8081/sales-post?GLO=true");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/"); checkLoggedOut("http://localhost:8081/sales-post/");
Assert.assertTrue(driver.getPageSource().contains("bburke")); }
driver.navigate().to("http://localhost:8081/sales-post-sig?GLO=true"); @Test
checkLoggedOut("http://localhost:8081/sales-post-sig/"); public void testPostSignedLoginLogout() {
driver.navigate().to("http://localhost:8081/sales-post-sig/");
} Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
@Test loginPage.login("bburke", "password");
public void testPostSignedLoginLogoutTransientNameID() { Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/");
driver.navigate().to("http://localhost:8081/sales-post-sig-transient/"); Assert.assertTrue(driver.getPageSource().contains("bburke"));
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); driver.navigate().to("http://localhost:8081/sales-post-sig?GLO=true");
loginPage.login("bburke", "password"); checkLoggedOut("http://localhost:8081/sales-post-sig/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-transient/");
System.out.println(driver.getPageSource()); }
Assert.assertFalse(driver.getPageSource().contains("bburke")); @Test
Assert.assertTrue(driver.getPageSource().contains("principal=G-")); public void testPostSignedLoginLogoutTransientNameID() {
driver.navigate().to("http://localhost:8081/sales-post-sig-transient?GLO=true"); driver.navigate().to("http://localhost:8081/sales-post-sig-transient/");
checkLoggedOut("http://localhost:8081/sales-post-sig-transient/"); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
loginPage.login("bburke", "password");
} Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-transient/");
@Test System.out.println(driver.getPageSource());
public void testPostSignedLoginLogoutPersistentNameID() { Assert.assertFalse(driver.getPageSource().contains("bburke"));
driver.navigate().to("http://localhost:8081/sales-post-sig-persistent/"); Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); driver.navigate().to("http://localhost:8081/sales-post-sig-transient?GLO=true");
loginPage.login("bburke", "password"); checkLoggedOut("http://localhost:8081/sales-post-sig-transient/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-persistent/");
System.out.println(driver.getPageSource()); }
Assert.assertFalse(driver.getPageSource().contains("bburke")); @Test
Assert.assertTrue(driver.getPageSource().contains("principal=G-")); public void testPostSignedLoginLogoutPersistentNameID() {
driver.navigate().to("http://localhost:8081/sales-post-sig-persistent?GLO=true"); driver.navigate().to("http://localhost:8081/sales-post-sig-persistent/");
checkLoggedOut("http://localhost:8081/sales-post-sig-persistent/"); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
loginPage.login("bburke", "password");
} Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-persistent/");
@Test System.out.println(driver.getPageSource());
public void testPostSignedLoginLogoutEmailNameID() { Assert.assertFalse(driver.getPageSource().contains("bburke"));
driver.navigate().to("http://localhost:8081/sales-post-sig-email/"); Assert.assertTrue(driver.getPageSource().contains("principal=G-"));
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); driver.navigate().to("http://localhost:8081/sales-post-sig-persistent?GLO=true");
loginPage.login("bburke", "password"); checkLoggedOut("http://localhost:8081/sales-post-sig-persistent/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-email/");
System.out.println(driver.getPageSource()); }
Assert.assertTrue(driver.getPageSource().contains("principal=bburke@redhat.com")); @Test
driver.navigate().to("http://localhost:8081/sales-post-sig-email?GLO=true"); public void testPostSignedLoginLogoutEmailNameID() {
checkLoggedOut("http://localhost:8081/sales-post-sig-email/"); driver.navigate().to("http://localhost:8081/sales-post-sig-email/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
} loginPage.login("bburke", "password");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig-email/");
System.out.println(driver.getPageSource());
@Test Assert.assertTrue(driver.getPageSource().contains("principal=bburke@redhat.com"));
public void testAttributes() throws Exception { driver.navigate().to("http://localhost:8081/sales-post-sig-email?GLO=true");
// this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse so we can look checkLoggedOut("http://localhost:8081/sales-post-sig-email/");
// at the assertions sent. This is because Picketlink, AFAICT, does not give you any way to get access to
// the assertion. }
{ @Test
SamlSPFacade.samlResponse = null; public void testRelayStateEncoding() throws Exception {
driver.navigate().to("http://localhost:8081/employee/"); // this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse so we can look
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml")); // at the relay state
System.out.println(driver.getCurrentUrl()); SamlSPFacade.samlResponse = null;
loginPage.login("bburke", "password"); driver.navigate().to("http://localhost:8081/employee/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/"); Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
Assert.assertNotNull(SamlSPFacade.samlResponse); System.out.println(driver.getCurrentUrl());
SAML2Response saml2Response = new SAML2Response(); loginPage.login("bburke", "password");
byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse)); Assert.assertEquals(SamlSPFacade.sentRelayState, SamlSPFacade.RELAY_STATE);
Assert.assertTrue(rt.getAssertions().size() == 1); Assert.assertNotNull(SamlSPFacade.samlResponse);
AssertionType assertion = rt.getAssertions().get(0).getAssertion();
}
// test attributes and roles
boolean email = false; @Test
boolean phone = false; public void testAttributes() throws Exception {
boolean userRole = false; // this test has a hardcoded SAMLRequest and we hack a SP face servlet to get the SAMLResponse so we can look
boolean managerRole = false; // at the assertions sent. This is because Picketlink, AFAICT, does not give you any way to get access to
for (AttributeStatementType statement : assertion.getAttributeStatements()) { // the assertion.
for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
AttributeType attr = choice.getAttribute(); {
if (X500SAMLProfileConstants.EMAIL.getFriendlyName().equals(attr.getFriendlyName())) { SamlSPFacade.samlResponse = null;
Assert.assertEquals(X500SAMLProfileConstants.EMAIL.get(), attr.getName()); driver.navigate().to("http://localhost:8081/employee/");
Assert.assertEquals(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get(), attr.getNameFormat()); Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
Assert.assertEquals(attr.getAttributeValue().get(0), "bburke@redhat.com"); System.out.println(driver.getCurrentUrl());
email = true; loginPage.login("bburke", "password");
} else if (attr.getName().equals("phone")) { Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
Assert.assertEquals(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get(), attr.getNameFormat()); Assert.assertNotNull(SamlSPFacade.samlResponse);
Assert.assertEquals(attr.getAttributeValue().get(0), "617"); SAML2Response saml2Response = new SAML2Response();
phone = true; byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
} else if (attr.getName().equals("Role")) { ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
if (attr.getAttributeValue().get(0).equals("manager")) managerRole = true; Assert.assertTrue(rt.getAssertions().size() == 1);
if (attr.getAttributeValue().get(0).equals("user")) userRole = true; AssertionType assertion = rt.getAssertions().get(0).getAssertion();
}
} // test attributes and roles
} boolean email = false;
boolean phone = false;
Assert.assertTrue(email); boolean userRole = false;
Assert.assertTrue(phone); boolean managerRole = false;
Assert.assertTrue(userRole); for (AttributeStatementType statement : assertion.getAttributeStatements()) {
Assert.assertTrue(managerRole); for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
} AttributeType attr = choice.getAttribute();
if (X500SAMLProfileConstants.EMAIL.getFriendlyName().equals(attr.getFriendlyName())) {
keycloakRule.update(new KeycloakRule.KeycloakSetup() { Assert.assertEquals(X500SAMLProfileConstants.EMAIL.get(), attr.getName());
@Override Assert.assertEquals(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_URI.get(), attr.getNameFormat());
public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { Assert.assertEquals(attr.getAttributeValue().get(0), "bburke@redhat.com");
ClientModel app = appRealm.getClientByClientId("http://localhost:8081/employee/"); email = true;
for (ProtocolMapperModel mapper : app.getProtocolMappers()) { } else if (attr.getName().equals("phone")) {
if (mapper.getName().equals("role-list")) { Assert.assertEquals(JBossSAMLURIConstants.ATTRIBUTE_FORMAT_BASIC.get(), attr.getNameFormat());
app.removeProtocolMapper(mapper); Assert.assertEquals(attr.getAttributeValue().get(0), "617");
mapper.setId(null); phone = true;
mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true"); } else if (attr.getName().equals("Role")) {
mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf"); if (attr.getAttributeValue().get(0).equals("manager")) managerRole = true;
app.addProtocolMapper(mapper); if (attr.getAttributeValue().get(0).equals("user")) userRole = true;
} }
} }
app.addProtocolMapper(HardcodedAttributeMapper.create("hardcoded-attribute", "hardcoded-attribute", "Basic", null, "hard", false, null));
app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role")); }
app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
app.addProtocolMapper(RoleNameMapper.create("renamed-employee-role", "http://localhost:8081/employee/.employee", "pee-on")); Assert.assertTrue(email);
} Assert.assertTrue(phone);
}, "demo"); Assert.assertTrue(userRole);
Assert.assertTrue(managerRole);
System.out.println(">>>>>>>>>> single role attribute <<<<<<<<"); }
{ keycloakRule.update(new KeycloakRule.KeycloakSetup() {
SamlSPFacade.samlResponse = null; @Override
driver.navigate().to("http://localhost:8081/employee/"); public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
System.out.println(driver.getCurrentUrl()); ClientModel app = appRealm.getClientByClientId("http://localhost:8081/employee/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/"); for (ProtocolMapperModel mapper : app.getProtocolMappers()) {
Assert.assertNotNull(SamlSPFacade.samlResponse); if (mapper.getName().equals("role-list")) {
SAML2Response saml2Response = new SAML2Response(); app.removeProtocolMapper(mapper);
byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse); mapper.setId(null);
ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse)); mapper.getConfig().put(RoleListMapper.SINGLE_ROLE_ATTRIBUTE, "true");
Assert.assertTrue(rt.getAssertions().size() == 1); mapper.getConfig().put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, "memberOf");
AssertionType assertion = rt.getAssertions().get(0).getAssertion(); app.addProtocolMapper(mapper);
}
// test attributes and roles }
app.addProtocolMapper(HardcodedAttributeMapper.create("hardcoded-attribute", "hardcoded-attribute", "Basic", null, "hard", false, null));
boolean userRole = false; app.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
boolean managerRole = false; app.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
boolean single = false; app.addProtocolMapper(RoleNameMapper.create("renamed-employee-role", "http://localhost:8081/employee/.employee", "pee-on"));
boolean hardcodedRole = false; }
boolean hardcodedAttribute = false; }, "demo");
boolean peeOn = false;
for (AttributeStatementType statement : assertion.getAttributeStatements()) { System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");
for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
AttributeType attr = choice.getAttribute(); {
if (attr.getName().equals("memberOf")) { SamlSPFacade.samlResponse = null;
if (single) Assert.fail("too many role attributes"); driver.navigate().to("http://localhost:8081/employee/");
single = true; System.out.println(driver.getCurrentUrl());
for (Object value : attr.getAttributeValue()) { Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee/");
if (value.equals("el-jefe")) managerRole = true; Assert.assertNotNull(SamlSPFacade.samlResponse);
if (value.equals("user")) userRole = true; SAML2Response saml2Response = new SAML2Response();
if (value.equals("hardcoded-role")) hardcodedRole = true; byte[] samlResponse = PostBindingUtil.base64Decode(SamlSPFacade.samlResponse);
if (value.equals("pee-on")) peeOn = true; ResponseType rt = saml2Response.getResponseType(new ByteArrayInputStream(samlResponse));
} Assert.assertTrue(rt.getAssertions().size() == 1);
} else if (attr.getName().equals("hardcoded-attribute")) { AssertionType assertion = rt.getAssertions().get(0).getAssertion();
hardcodedAttribute = true;
Assert.assertEquals(attr.getAttributeValue().get(0), "hard"); // test attributes and roles
}
} boolean userRole = false;
boolean managerRole = false;
} boolean single = false;
boolean hardcodedRole = false;
Assert.assertTrue(single); boolean hardcodedAttribute = false;
Assert.assertTrue(hardcodedAttribute); boolean peeOn = false;
Assert.assertTrue(hardcodedRole); for (AttributeStatementType statement : assertion.getAttributeStatements()) {
Assert.assertTrue(peeOn); for (AttributeStatementType.ASTChoiceType choice : statement.getAttributes()) {
Assert.assertTrue(userRole); AttributeType attr = choice.getAttribute();
Assert.assertTrue(managerRole); if (attr.getName().equals("memberOf")) {
} if (single) Assert.fail("too many role attributes");
} single = true;
for (Object value : attr.getAttributeValue()) {
@Test if (value.equals("el-jefe")) managerRole = true;
public void testRedirectSignedLoginLogout() { if (value.equals("user")) userRole = true;
driver.navigate().to("http://localhost:8081/employee-sig/"); if (value.equals("hardcoded-role")) hardcodedRole = true;
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml")); if (value.equals("pee-on")) peeOn = true;
loginPage.login("bburke", "password"); }
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/"); } else if (attr.getName().equals("hardcoded-attribute")) {
Assert.assertTrue(driver.getPageSource().contains("bburke")); hardcodedAttribute = true;
driver.navigate().to("http://localhost:8081/employee-sig?GLO=true"); Assert.assertEquals(attr.getAttributeValue().get(0), "hard");
checkLoggedOut("http://localhost:8081/employee-sig/"); }
}
}
}
@Test
public void testRedirectSignedLoginLogoutFrontNoSSO() { Assert.assertTrue(single);
driver.navigate().to("http://localhost:8081/employee-sig-front/"); Assert.assertTrue(hardcodedAttribute);
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml")); Assert.assertTrue(hardcodedRole);
loginPage.login("bburke", "password"); Assert.assertTrue(peeOn);
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/"); Assert.assertTrue(userRole);
Assert.assertTrue(driver.getPageSource().contains("bburke")); Assert.assertTrue(managerRole);
driver.navigate().to("http://localhost:8081/employee-sig-front?GLO=true"); }
checkLoggedOut("http://localhost:8081/employee-sig-front/"); }
} @Test
public void testRedirectSignedLoginLogout() {
@Test driver.navigate().to("http://localhost:8081/employee-sig/");
public void testRedirectSignedLoginLogoutFront() { Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
// visit 1st app an logg in loginPage.login("bburke", "password");
System.out.println("visit 1st app "); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
driver.navigate().to("http://localhost:8081/employee-sig/"); Assert.assertTrue(driver.getPageSource().contains("bburke"));
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml")); driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
System.out.println("login to form"); checkLoggedOut("http://localhost:8081/employee-sig/");
loginPage.login("bburke", "password");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/"); }
Assert.assertTrue(driver.getPageSource().contains("bburke"));
@Test
// visit 2nd app public void testRedirectSignedLoginLogoutFrontNoSSO() {
System.out.println("visit 2nd app "); driver.navigate().to("http://localhost:8081/employee-sig-front/");
driver.navigate().to("http://localhost:8081/employee-sig-front/"); Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/"); loginPage.login("bburke", "password");
Assert.assertTrue(driver.getPageSource().contains("bburke")); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// visit 3rd app driver.navigate().to("http://localhost:8081/employee-sig-front?GLO=true");
System.out.println("visit 3rd app "); checkLoggedOut("http://localhost:8081/employee-sig-front/");
driver.navigate().to("http://localhost:8081/sales-post-sig/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/"); }
Assert.assertTrue(driver.getPageSource().contains("bburke"));
@Test
// logout of first app public void testRedirectSignedLoginLogoutFront() {
System.out.println("GLO"); // visit 1st app an logg in
driver.navigate().to("http://localhost:8081/employee-sig?GLO=true"); System.out.println("visit 1st app ");
checkLoggedOut("http://localhost:8081/employee-sig/"); driver.navigate().to("http://localhost:8081/employee-sig/");
driver.navigate().to("http://localhost:8081/employee-sig-front/"); Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml")); System.out.println("login to form");
driver.navigate().to("http://localhost:8081/sales-post-sig/"); loginPage.login("bburke", "password");
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml")); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
}
// visit 2nd app
@Test System.out.println("visit 2nd app ");
public void testPostEncryptedLoginLogout() { driver.navigate().to("http://localhost:8081/employee-sig-front/");
driver.navigate().to("http://localhost:8081/sales-post-enc/"); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); Assert.assertTrue(driver.getPageSource().contains("bburke"));
loginPage.login("bburke", "password");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-enc/"); // visit 3rd app
Assert.assertTrue(driver.getPageSource().contains("bburke")); System.out.println("visit 3rd app ");
driver.navigate().to("http://localhost:8081/sales-post-enc?GLO=true"); driver.navigate().to("http://localhost:8081/sales-post-sig/");
checkLoggedOut("http://localhost:8081/sales-post-enc/"); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
}
@Test // logout of first app
public void testPostBadClientSignature() { System.out.println("GLO");
driver.navigate().to("http://localhost:8081/bad-client-sales-post-sig/"); driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); checkLoggedOut("http://localhost:8081/employee-sig/");
Assert.assertEquals(driver.getTitle(), "We're sorry..."); driver.navigate().to("http://localhost:8081/employee-sig-front/");
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
} driver.navigate().to("http://localhost:8081/sales-post-sig/");
Assert.assertTrue(driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/demo/protocol/saml"));
@Test
public void testPostBadRealmSignature() { }
driver.navigate().to("http://localhost:8081/bad-realm-sales-post-sig/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); @Test
loginPage.login("bburke", "password"); public void testPostEncryptedLoginLogout() {
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/bad-realm-sales-post-sig/"); driver.navigate().to("http://localhost:8081/sales-post-enc/");
Assert.assertTrue(driver.getPageSource().contains("null")); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
} loginPage.login("bburke", "password");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-enc/");
private static String createToken() { Assert.assertTrue(driver.getPageSource().contains("bburke"));
KeycloakSession session = keycloakRule.startSession(); driver.navigate().to("http://localhost:8081/sales-post-enc?GLO=true");
try { checkLoggedOut("http://localhost:8081/sales-post-enc/");
RealmManager manager = new RealmManager(session);
}
RealmModel adminRealm = manager.getRealm(Config.getAdminRealm()); @Test
ClientModel adminConsole = adminRealm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID); public void testPostBadClientSignature() {
TokenManager tm = new TokenManager(); driver.navigate().to("http://localhost:8081/bad-client-sales-post-sig/");
UserModel admin = session.users().getUserByUsername("admin", adminRealm); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
ClientSessionModel clientSession = session.sessions().createClientSession(adminRealm, adminConsole); Assert.assertEquals(driver.getTitle(), "We're sorry...");
clientSession.setNote(OIDCLoginProtocol.ISSUER, "http://localhost:8081/auth/realms/master");
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false, null, null); }
AccessToken token = tm.createClientAccessToken(session, tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, clientSession);
return tm.encodeToken(adminRealm, token); @Test
} finally { public void testPostBadRealmSignature() {
keycloakRule.stopSession(session, true); driver.navigate().to("http://localhost:8081/bad-realm-sales-post-sig/");
} Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
} loginPage.login("bburke", "password");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/bad-realm-sales-post-sig/");
Assert.assertTrue(driver.getPageSource().contains("null"));
@Test }
public void testMetadataPostSignedLoginLogout() throws Exception {
private static String createToken() {
driver.navigate().to("http://localhost:8081/sales-metadata/"); KeycloakSession session = keycloakRule.startSession();
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml"); try {
loginPage.login("bburke", "password"); RealmManager manager = new RealmManager(session);
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-metadata/");
String pageSource = driver.getPageSource(); RealmModel adminRealm = manager.getRealm(Config.getAdminRealm());
Assert.assertTrue(pageSource.contains("bburke")); ClientModel adminConsole = adminRealm.getClientByClientId(Constants.ADMIN_CONSOLE_CLIENT_ID);
driver.navigate().to("http://localhost:8081/sales-metadata?GLO=true"); TokenManager tm = new TokenManager();
checkLoggedOut("http://localhost:8081/sales-metadata/"); UserModel admin = session.users().getUserByUsername("admin", adminRealm);
ClientSessionModel clientSession = session.sessions().createClientSession(adminRealm, adminConsole);
} clientSession.setNote(OIDCLoginProtocol.ISSUER, "http://localhost:8081/auth/realms/master");
UserSessionModel userSession = session.sessions().createUserSession(adminRealm, admin, "admin", null, "form", false, null, null);
public static void uploadSP() { AccessToken token = tm.createClientAccessToken(session, tm.getAccess(null, adminConsole, admin), adminRealm, adminConsole, admin, userSession, clientSession);
String token = createToken(); return tm.encodeToken(adminRealm, token);
final String authHeader = "Bearer " + token; } finally {
ClientRequestFilter authFilter = new ClientRequestFilter() { keycloakRule.stopSession(session, true);
@Override }
public void filter(ClientRequestContext requestContext) throws IOException { }
requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader);
}
}; @Test
Client client = ClientBuilder.newBuilder().register(authFilter).build(); public void testMetadataPostSignedLoginLogout() throws Exception {
UriBuilder authBase = UriBuilder.fromUri("http://localhost:8081/auth");
WebTarget adminRealms = client.target(AdminRoot.realmsUrl(authBase)); driver.navigate().to("http://localhost:8081/sales-metadata/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/auth/realms/demo/protocol/saml");
loginPage.login("bburke", "password");
MultipartFormDataOutput formData = new MultipartFormDataOutput(); Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-metadata/");
InputStream is = SamlBindingTest.class.getResourceAsStream("/saml/sp-metadata.xml"); String pageSource = driver.getPageSource();
Assert.assertNotNull(is); Assert.assertTrue(pageSource.contains("bburke"));
formData.addFormData("file", is, MediaType.APPLICATION_XML_TYPE); driver.navigate().to("http://localhost:8081/sales-metadata?GLO=true");
checkLoggedOut("http://localhost:8081/sales-metadata/");
WebTarget upload = adminRealms.path("demo/client-importers/saml2-entity-descriptor/upload");
System.out.println(upload.getUri()); }
Response response = upload.request().post(Entity.entity(formData, MediaType.MULTIPART_FORM_DATA));
Assert.assertEquals(204, response.getStatus()); public static void uploadSP() {
response.close(); String token = createToken();
client.close(); final String authHeader = "Bearer " + token;
} ClientRequestFilter authFilter = new ClientRequestFilter() {
@Override
public void filter(ClientRequestContext requestContext) throws IOException {
} requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, authHeader);
}
};
Client client = ClientBuilder.newBuilder().register(authFilter).build();
UriBuilder authBase = UriBuilder.fromUri("http://localhost:8081/auth");
WebTarget adminRealms = client.target(AdminRoot.realmsUrl(authBase));
MultipartFormDataOutput formData = new MultipartFormDataOutput();
InputStream is = SamlBindingTest.class.getResourceAsStream("/saml/sp-metadata.xml");
Assert.assertNotNull(is);
formData.addFormData("file", is, MediaType.APPLICATION_XML_TYPE);
WebTarget upload = adminRealms.path("demo/client-importers/saml2-entity-descriptor/upload");
System.out.println(upload.getUri());
Response response = upload.request().post(Entity.entity(formData, MediaType.MULTIPART_FORM_DATA));
Assert.assertEquals(204, response.getStatus());
response.close();
client.close();
}
}

2
testsuite/integration/src/test/resources/saml/signed-get/WEB-INF/picketlink.xml
View file

@ -1,6 +1,6 @@
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"> <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
ServerEnvironment="tomcat" BindingType="REDIRECT" SupportsSignatures="true"> ServerEnvironment="tomcat" BindingType="REDIRECT" SupportsSignatures="true" IDPUsesPostBinding="false">
<IdentityURL>${idp-sig.url::http://localhost:8081/auth/realms/demo/protocol/saml} <IdentityURL>${idp-sig.url::http://localhost:8081/auth/realms/demo/protocol/saml}
</IdentityURL> </IdentityURL>
<ServiceURL>${employee-sig.url::http://localhost:8081/employee-sig/} <ServiceURL>${employee-sig.url::http://localhost:8081/employee-sig/}

2
testsuite/integration/src/test/resources/saml/simple-get/WEB-INF/picketlink.xml
View file

@ -1,6 +1,6 @@
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1"> <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1"
ServerEnvironment="tomcat" BindingType="REDIRECT" RelayState="someURL"> ServerEnvironment="tomcat" BindingType="REDIRECT" IDPUsesPostBinding="false">
<IdentityURL>${idp.url::http://localhost:8081/auth/realms/demo/protocol/saml}</IdentityURL> <IdentityURL>${idp.url::http://localhost:8081/auth/realms/demo/protocol/saml}</IdentityURL>
<ServiceURL>${employee.url::http://localhost:8081/employee/} <ServiceURL>${employee.url::http://localhost:8081/employee/}
</ServiceURL> </ServiceURL>