SAML element EncryptionMethod can consist any element
closes #12585 Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
This commit is contained in:
parent
e9498079e0
commit
a40a953644
4 changed files with 80 additions and 10 deletions
|
@ -17,6 +17,8 @@
|
|||
package org.keycloak.dom.xmlsec.w3.xmlenc;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
|
@ -51,6 +53,8 @@ public class EncryptionMethodType {
|
|||
protected BigInteger keySize;
|
||||
protected byte[] OAEPparams;
|
||||
|
||||
protected List<Object> any = new ArrayList<>();
|
||||
|
||||
public EncryptionMethod(BigInteger bigInteger, byte[] oAEPparams) {
|
||||
this.keySize = bigInteger;
|
||||
OAEPparams = oAEPparams;
|
||||
|
@ -76,6 +80,14 @@ public class EncryptionMethodType {
|
|||
public void setOAEPparams(byte[] OAEPparams) {
|
||||
this.OAEPparams = OAEPparams;
|
||||
}
|
||||
|
||||
public List<Object> getAny() {
|
||||
return any;
|
||||
}
|
||||
|
||||
public void addAny(Object e) {
|
||||
this.any.add(e);
|
||||
}
|
||||
}
|
||||
|
||||
public EncryptionMethodType(String algo) {
|
||||
|
@ -98,4 +110,5 @@ public class EncryptionMethodType {
|
|||
public String getAlgorithm() {
|
||||
return algorithm;
|
||||
}
|
||||
|
||||
}
|
|
@ -64,7 +64,15 @@ public class SAMLEncryptionMethodParser extends AbstractStaxSamlMetadataParser<E
|
|||
break;
|
||||
|
||||
default:
|
||||
throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
|
||||
{
|
||||
EncryptionMethodType.EncryptionMethod encMethod = target.getEncryptionMethod();
|
||||
if (encMethod == null) {
|
||||
encMethod = new EncryptionMethodType.EncryptionMethod();
|
||||
target.setEncryptionMethod(encMethod);
|
||||
}
|
||||
encMethod.addAny(StaxParserUtil.getDOMElement(xmlEventReader));
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -718,16 +718,32 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
|
||||
@Test
|
||||
public void testSamlImportAndExport() throws URISyntaxException, IOException, ParsingException {
|
||||
testSamlImport("saml-idp-metadata.xml");
|
||||
|
||||
// Perform export, and make sure some of the values are like they're supposed to be
|
||||
Response response = realm.identityProviders().get("saml").export("xml");
|
||||
Assert.assertEquals(200, response.getStatus());
|
||||
String body = response.readEntity(String.class);
|
||||
response.close();
|
||||
|
||||
assertSamlExport(body);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSamlImportWithAnyEncryptionMethod() throws URISyntaxException, IOException, ParsingException {
|
||||
testSamlImport("saml-idp-metadata-encryption-methods.xml");
|
||||
}
|
||||
|
||||
private void testSamlImport(String fileName) throws URISyntaxException, IOException, ParsingException {
|
||||
// Use import-config to convert IDPSSODescriptor file into key value pairs
|
||||
// to use when creating a SAML Identity Provider
|
||||
MultipartFormDataOutput form = new MultipartFormDataOutput();
|
||||
form.addFormData("providerId", "saml", MediaType.TEXT_PLAIN_TYPE);
|
||||
|
||||
URL idpMeta = getClass().getClassLoader().getResource("admin-test/saml-idp-metadata.xml");
|
||||
URL idpMeta = getClass().getClassLoader().getResource("admin-test/"+fileName);
|
||||
byte [] content = Files.readAllBytes(Paths.get(idpMeta.toURI()));
|
||||
String body = new String(content, Charset.forName("utf-8"));
|
||||
form.addFormData("file", body, MediaType.APPLICATION_XML_TYPE, "saml-idp-metadata.xml");
|
||||
form.addFormData("file", body, MediaType.APPLICATION_XML_TYPE, fileName);
|
||||
|
||||
Map<String, String> result = realm.identityProviders().importFrom(form);
|
||||
assertSamlImport(result, SIGNING_CERT_1,true);
|
||||
|
@ -745,13 +761,6 @@ public class IdentityProviderTest extends AbstractAdminTest {
|
|||
Assert.assertEquals("identityProviders instance count", 1, providers.size());
|
||||
assertEqual(rep, providers.get(0));
|
||||
|
||||
// Perform export, and make sure some of the values are like they're supposed to be
|
||||
Response response = realm.identityProviders().get("saml").export("xml");
|
||||
Assert.assertEquals(200, response.getStatus());
|
||||
body = response.readEntity(String.class);
|
||||
response.close();
|
||||
|
||||
assertSamlExport(body);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<EntityDescriptor entityID="http://localhost:8080/auth/realms/master"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
|
||||
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
>
|
||||
<Extensions>
|
||||
<mdattr:EntityAttributes>
|
||||
<saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
|
||||
<saml:AttributeValue>http://refeds.org/category/hide-from-discovery</saml:AttributeValue>
|
||||
</saml:Attribute>
|
||||
</mdattr:EntityAttributes>
|
||||
</Extensions>
|
||||
<IDPSSODescriptor WantAuthnRequestsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor use="signing">
|
||||
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
|
||||
<dsig:X509Data>
|
||||
<dsig:X509Certificate>
|
||||
MIICmzCCAYMCBgFUYnC0OjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYwNDI5MTQzMjEzWhcNMjYwNDI5MTQzMzUzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN25AW1poMEZRbuMAHG58AThZmCwMV6/Gcui4mjGacRFyudgqzLjQ2rxpoW41JAtLjbjeAhuWvirUcFVcOeS3gM/ZC27qCpYighAcylZz6MYocnEe1+e8rPPk4JlID6Wv62dgu+pL/vYsQpRhvD3Y2c/ytgr5D32xF+KnzDehUy5BSyzypvu12Wq9mS5vK5tzkN37EjkhpY2ZxaXPubjDIITCAL4Q8M/m5IlacBaUZbzI4AQrHnMP1O1IH2dHSWuMiBe+xSDTco72PmuYPJKTV4wQdeBUIkYbfLc4RxVmXEvgkQgyW86EoMPxlWJpj7+mTIR+l+2thZPr/VgwTs82rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAA/Ip/Hi8RoVu5ouaFFlc5whT7ltuK8slfLGW4tM4vJXhInYwsqIRQKBNDYW/64xle3eII4u1yAH1OYRRwEs7Em1pr4QuFuTY1at+aE0sE46XDlyESI0txJjWxYoT133vM0We2pj1b2nxgU30rwjKA3whnKEfTEYT/n3JBSqNggy6l8ZGw/oPSgvPaR4+xeB1tfQFC4VrLoYKoqH6hAL530nKxL+qV8AIfL64NDEE8ankIAEDAAFe8x3CPUfXR/p4KOANKkpz8ieQaHDb1eITkAwUwjESj6UF9D1aePlhWls/HX0gujFXtWfWfrJ8CU/ogwlH8y1jgRuLjFQYZk6llc=
|
||||
</dsig:X509Certificate>
|
||||
</dsig:X509Data>
|
||||
</dsig:KeyInfo>
|
||||
<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep">
|
||||
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
|
||||
</md:EncryptionMethod>
|
||||
</KeyDescriptor>
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="http://localhost:8080/auth/realms/master/protocol/saml" />
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
|
||||
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
Location="http://localhost:8080/auth/realms/master/protocol/saml" />
|
||||
</IDPSSODescriptor>
|
||||
</EntityDescriptor>
|
Loading…
Reference in a new issue