From 958185ec51d737d812a922cb197d1019fcee56c1 Mon Sep 17 00:00:00 2001 From: Hynek Mlnarik Date: Mon, 11 Dec 2017 15:54:48 +0100 Subject: [PATCH] KEYCLOAK-4809 Support for SAML AttributeAuthorityDescriptor.Attribute elements --- .../metadata/SAMLEntityDescriptorParser.java | 2 + .../core/parsers/saml/SAMLParserTest.java | 21 ++++ .../saml/KEYCLOAK-4809-IdPMetadata_test.xml | 73 +++++++++++++ .../saml/saml20-entity-descriptor-idp.xml | 101 ++++++++++++++++++ .../saml/saml20-entity-descriptor-sp.xml | 56 ++++++++++ 5 files changed, 253 insertions(+) create mode 100644 saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4809-IdPMetadata_test.xml create mode 100644 saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-idp.xml create mode 100644 saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-sp.xml diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java index 5c3c30b2f5..31dfc5f642 100755 --- a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java +++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java @@ -366,6 +366,8 @@ public class SAMLEntityDescriptorParser extends AbstractDescriptorParser impleme } else if (JBossSAMLConstants.ATTRIBUTE_PROFILE.get().equalsIgnoreCase(localPart)) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); attributeAuthority.addAttributeProfile(StaxParserUtil.getElementText(xmlEventReader)); + } else if (JBossSAMLConstants.ATTRIBUTE.get().equalsIgnoreCase(localPart)) { + attributeAuthority.addAttribute(SAMLParserUtil.parseAttribute(xmlEventReader)); } else if (JBossSAMLConstants.KEY_DESCRIPTOR.get().equalsIgnoreCase(localPart)) { attributeAuthority.addKeyDescriptor(parseKeyDescriptor(xmlEventReader)); } else if (JBossSAMLConstants.NAMEID_FORMAT.get().equalsIgnoreCase(localPart)) { diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java index 5990ec4e12..d5df478756 100644 --- a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java +++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java @@ -207,6 +207,27 @@ public class SAMLParserTest { } } + @Test + public void testSaml20MetadataEntityDescriptorIdP() throws IOException, ParsingException { + try (InputStream st = SAMLParserTest.class.getResourceAsStream("saml20-entity-descriptor-idp.xml")) { + parser.parse(st); + } + } + + @Test + public void testSaml20MetadataEntityDescriptorSP() throws IOException, ParsingException { + try (InputStream st = SAMLParserTest.class.getResourceAsStream("saml20-entity-descriptor-sp.xml")) { + parser.parse(st); + } + } + + @Test + public void testSaml20MetadataEntityDescriptorAdfsIdP() throws IOException, ParsingException { + try (InputStream st = SAMLParserTest.class.getResourceAsStream("KEYCLOAK-4809-IdPMetadata_test.xml")) { + parser.parse(st); + } + } + @Test public void testAttributeProfileMetadata() throws Exception { try (InputStream st = SAMLParserTest.class.getResourceAsStream("KEYCLOAK-4236-AttributeProfile-element.xml")) { diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4809-IdPMetadata_test.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4809-IdPMetadata_test.xml new file mode 100644 index 0000000000..f83cb5989d --- /dev/null +++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4809-IdPMetadata_test.xml @@ -0,0 +1,73 @@ + + + + + + + ... + + + + + + + ... + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + + + + + + + + + + + + + + + + + + + ... + + + + + + + ... + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + + + + + + + + + + + + + Thadfjhkj + Hasfkjk + Hasfjfjjris + ydfthshe@yudff.dk + 12345678 + + \ No newline at end of file diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-idp.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-idp.xml new file mode 100644 index 0000000000..aa8c9f1aa2 --- /dev/null +++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-idp.xml @@ -0,0 +1,101 @@ + + ... + + + + IdentityProvider.com SSO Key + + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + member + student + faculty + employee + staff + + + + + + IdentityProvider.com AA Key + + + + + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + member + student + faculty + employee + staff + + + + Identity Providers R + US + + Identity Providers R US, a Division of Lerxst Corp. + + https://IdentityProvider.com + + diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-sp.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-sp.xml new file mode 100644 index 0000000000..9834d929f8 --- /dev/null +++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-sp.xml @@ -0,0 +1,56 @@ + + ... + + + + ServiceProvider.com SSO Key + + + + + ServiceProvider.com Encrypt Key + + + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + Academic Journals R US + + + https://ServiceProvider.com/entitlements/123456789 + + + + + + Academic Journals R + US + + Academic Journals R US, a Division of Dirk Corp. + + https://ServiceProvider.com + + \ No newline at end of file