KEYCLOAK-14698 Support complex SAML Attribute Values (e.g. XUA++)
This commit is contained in:
mwalliczek
Hynek Mlnařík
parent
1c7ad83f90
commit
dc73397176
2 changed files with 69 additions and 0 deletions
|
|
@ -48,6 +48,8 @@ import org.keycloak.saml.SamlProtocolExtensionsAwareBuilder;
|
||||||
|
|
||||||
import static org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI;
|
import static org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI;
|
||||||
import static org.keycloak.saml.common.constants.JBossSAMLURIConstants.PROTOCOL_NSURI;
|
import static org.keycloak.saml.common.constants.JBossSAMLURIConstants.PROTOCOL_NSURI;
|
||||||
|
|
||||||
|
import org.w3c.dom.Element;
|
||||||
import org.w3c.dom.Node;
|
import org.w3c.dom.Node;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -174,6 +176,8 @@ public class BaseWriter {
|
||||||
writeNameIDTypeAttributeValue((NameIDType) attributeValue);
|
writeNameIDTypeAttributeValue((NameIDType) attributeValue);
|
||||||
} else if (attributeValue instanceof XMLGregorianCalendar) {
|
} else if (attributeValue instanceof XMLGregorianCalendar) {
|
||||||
writeDateAttributeValue((XMLGregorianCalendar) attributeValue);
|
writeDateAttributeValue((XMLGregorianCalendar) attributeValue);
|
||||||
|
} else if (attributeValue instanceof Element) {
|
||||||
|
writeElementAttributeValue((Element) attributeValue);
|
||||||
} else
|
} else
|
||||||
throw logger.writerUnsupportedAttributeValueError(attributeValue.getClass().getName());
|
throw logger.writerUnsupportedAttributeValueError(attributeValue.getClass().getName());
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -183,6 +187,13 @@ public class BaseWriter {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void writeElementAttributeValue(Element attributeValue) throws ProcessingException {
|
||||||
|
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(),
|
||||||
|
ASSERTION_NSURI.get());
|
||||||
|
StaxUtil.writeDOMElement(writer, attributeValue);
|
||||||
|
StaxUtil.writeEndElement(writer);
|
||||||
|
}
|
||||||
|
|
||||||
public void writeNameIDTypeAttributeValue(NameIDType attributeValue) throws ProcessingException {
|
public void writeNameIDTypeAttributeValue(NameIDType attributeValue) throws ProcessingException {
|
||||||
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), ASSERTION_NSURI.get());
|
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), ASSERTION_NSURI.get());
|
||||||
write((NameIDType)attributeValue, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
|
write((NameIDType)attributeValue, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,58 @@
|
||||||
|
package org.keycloak.saml.processing.core.saml.v2.writers;
|
||||||
|
|
||||||
|
import java.io.ByteArrayOutputStream;
|
||||||
|
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.keycloak.dom.saml.v2.assertion.AttributeStatementType;
|
||||||
|
import org.keycloak.dom.saml.v2.assertion.AttributeType;
|
||||||
|
import org.keycloak.saml.common.constants.GeneralConstants;
|
||||||
|
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
|
||||||
|
import org.keycloak.saml.common.exceptions.ConfigurationException;
|
||||||
|
import org.keycloak.saml.common.exceptions.ProcessingException;
|
||||||
|
import org.keycloak.saml.common.util.DocumentUtil;
|
||||||
|
import org.keycloak.saml.common.util.StaxUtil;
|
||||||
|
import org.w3c.dom.Attr;
|
||||||
|
import org.w3c.dom.Document;
|
||||||
|
import org.w3c.dom.Element;
|
||||||
|
|
||||||
|
public class XUATokenWriterTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testXUAToken() throws ConfigurationException, ProcessingException {
|
||||||
|
Document document = DocumentUtil.createDocument();
|
||||||
|
|
||||||
|
AttributeType roleAttr = new AttributeType("urn:oasis:names:tc:xacml:2.0:subject:role");
|
||||||
|
|
||||||
|
Element role = document.createElementNS("urn:hl7-org:v3", "Role");
|
||||||
|
role.setAttributeNS("urn:hl7-org:v3", "code", "46255001");
|
||||||
|
role.setAttributeNS("urn:hl7-org:v3", "codeSystem", "2.16.840.1.113883.6.96");
|
||||||
|
role.setAttributeNS("urn:hl7-org:v3", "codeSystemName", "SNOMED_CT");
|
||||||
|
role.setAttributeNS("urn:hl7-org:v3", "displayName", "Pharmacist");
|
||||||
|
Attr attrCEType = document.createAttributeNS(JBossSAMLURIConstants.XSI_NSURI.get(), "type");
|
||||||
|
attrCEType.setValue("CE");
|
||||||
|
attrCEType.setPrefix("xsi");
|
||||||
|
role.setAttributeNodeNS(attrCEType);
|
||||||
|
|
||||||
|
roleAttr.addAttributeValue(role);
|
||||||
|
|
||||||
|
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
|
||||||
|
SAMLAssertionWriter samlAssertionWriter =
|
||||||
|
new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream));
|
||||||
|
|
||||||
|
AttributeStatementType attributeStatementType = new AttributeStatementType();
|
||||||
|
attributeStatementType.addAttribute(new AttributeStatementType.ASTChoiceType(roleAttr));
|
||||||
|
|
||||||
|
samlAssertionWriter.write(attributeStatementType);
|
||||||
|
|
||||||
|
String serializedAssertion = new String(byteArrayOutputStream.toByteArray(), GeneralConstants.SAML_CHARSET);
|
||||||
|
Assert.assertEquals("<saml:AttributeStatement>"
|
||||||
|
+ "<saml:Attribute Name=\"urn:oasis:names:tc:xacml:2.0:subject:role\">"
|
||||||
|
+ "<saml:AttributeValue>"
|
||||||
|
+ "<Role xmlns=\"urn:hl7-org:v3\" code=\"46255001\" codeSystem=\"2.16.840.1.113883.6.96\" "
|
||||||
|
+ "codeSystemName=\"SNOMED_CT\" displayName=\"Pharmacist\" "
|
||||||
|
+ "xsi:type=\"CE\"></Role></saml:AttributeValue></saml:Attribute>"
|
||||||
|
+ "</saml:AttributeStatement>",
|
||||||
|
serializedAssertion);
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue