SLO and ACS Binding are linked with AuthnRequest Binding in SAML Identity Broker Metadata
Closes #11079
This commit is contained in:
parent
d7a408d081
commit
e41e1a971a
2 changed files with 70 additions and 3 deletions
|
@ -344,12 +344,17 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
|
|||
public Response export(UriInfo uriInfo, RealmModel realm, String format) {
|
||||
try
|
||||
{
|
||||
URI authnBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri();
|
||||
URI authnResponseBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri();
|
||||
|
||||
if (getConfig().isPostBindingAuthnRequest()) {
|
||||
authnBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri();
|
||||
authnResponseBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri();
|
||||
}
|
||||
|
||||
URI logoutBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri();
|
||||
|
||||
if (getConfig().isPostBindingLogout()) {
|
||||
logoutBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri();
|
||||
}
|
||||
URI endpoint = uriInfo.getBaseUriBuilder()
|
||||
.path("realms").path(realm.getName())
|
||||
.path("broker")
|
||||
|
@ -407,7 +412,7 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
|
|||
SAMLMetadataWriter metadataWriter = new SAMLMetadataWriter(writer);
|
||||
|
||||
EntityDescriptorType entityDescriptor = SPMetadataDescriptor.buildSPDescriptor(
|
||||
authnBinding, authnBinding, endpoint, endpoint,
|
||||
authnResponseBinding, logoutBinding, endpoint, endpoint,
|
||||
wantAuthnRequestsSigned, wantAssertionsSigned, wantAssertionsEncrypted,
|
||||
entityId, nameIDPolicyFormat, signingKeys, encryptionKeys);
|
||||
|
||||
|
|
|
@ -380,4 +380,66 @@ public class KcSamlSpDescriptorTest extends AbstractBrokerTest {
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMetadataBindingEqualsKeycloakPOSTBindingSettingsOn()
|
||||
throws IOException, ParsingException, URISyntaxException {
|
||||
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource)
|
||||
.setAttribute(SAMLIdentityProviderConfig.POST_BINDING_AUTHN_REQUEST, "true")
|
||||
.setAttribute(SAMLIdentityProviderConfig.POST_BINDING_LOGOUT, "true")
|
||||
//To ensure that backward compatibility is maintained, the value is intentionally reversed from isPostBindingAuthnRequest.
|
||||
.setAttribute(SAMLIdentityProviderConfig.POST_BINDING_RESPONSE, "false")
|
||||
.update())
|
||||
{
|
||||
|
||||
String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
|
||||
SAMLParser parser = SAMLParser.getInstance();
|
||||
EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
|
||||
SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
|
||||
|
||||
assertThat(spDescriptor.getSingleLogoutService().get(0).getBinding().toString(),
|
||||
is(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get()));
|
||||
assertThat(spDescriptor.getAssertionConsumerService().get(0).getBinding().toString(),
|
||||
is(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get()));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMetadataBindingEqualsKeycloakPOSTBindingSettingsOff()
|
||||
throws IOException, ParsingException, URISyntaxException {
|
||||
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource)
|
||||
.setAttribute(SAMLIdentityProviderConfig.POST_BINDING_AUTHN_REQUEST, "false")
|
||||
.setAttribute(SAMLIdentityProviderConfig.POST_BINDING_LOGOUT, "false")
|
||||
//To ensure that backward compatibility is maintained, the value is intentionally reversed from isPostBindingAuthnRequest.
|
||||
.setAttribute(SAMLIdentityProviderConfig.POST_BINDING_RESPONSE, "true")
|
||||
.update()) {
|
||||
|
||||
String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
|
||||
SAMLParser parser = SAMLParser.getInstance();
|
||||
EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
|
||||
SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
|
||||
|
||||
assertThat(spDescriptor.getSingleLogoutService().get(0).getBinding().toString(),
|
||||
is(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get()));
|
||||
assertThat(spDescriptor.getAssertionConsumerService().get(0).getBinding().toString(),
|
||||
is(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get()));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testMetadataBindingEqualsKeycloakSLOBindingSettingsIsDefault()
|
||||
throws IOException, ParsingException, URISyntaxException {
|
||||
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).update()){
|
||||
|
||||
String spDescriptorString = identityProviderResource.export(null).readEntity(String.class);
|
||||
SAMLParser parser = SAMLParser.getInstance();
|
||||
EntityDescriptorType o = (EntityDescriptorType) parser.parse(new StringInputStream(spDescriptorString));
|
||||
SPSSODescriptorType spDescriptor = o.getChoiceType().get(0).getDescriptors().get(0).getSpDescriptor();
|
||||
|
||||
assertThat(spDescriptor.getSingleLogoutService().get(0).getBinding().toString(),
|
||||
is(spDescriptor.getAssertionConsumerService().get(0).getBinding().toString()));
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue