Prosoft Git

keycloak-uncached

KEYCLOAK-5976 Fix client setting in brokered IdP-initiated

1/22/2018 2:50:53 PM
Hynek Mlnarik

Hynek Mlnarik

Commit: 4ba72e2

Tree: cc077ce

Parents: 5f49db6

Changes

services/src/main/java/org/keycloak/protocol/saml/SamlService.java 2(+2 -0)

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java 44(+39 -5)

Details

services/src/main/java/org/keycloak/protocol/saml/SamlService.java 2(+2 -0) 

diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
index 566ef3e..78e806a 100755
--- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -636,6 +636,8 @@ public class SamlService extends AuthorizationEndpointBase {
             return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REDIRECT_URI);
         }
 
+        session.getContext().setClient(client);
+
         AuthenticationSessionModel authSession = getOrCreateLoginSessionForIdpInitiatedSso(this.session, this.realm, client, relayState);
 
         return newBrowserAuthentication(authSession, false, false);

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java 44(+39 -5) 

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java
index bf136fd..f1f5bf1 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java
@@ -1,8 +1,3 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
 package org.keycloak.testsuite.broker;
 
 import org.keycloak.admin.client.resource.ClientsResource;
@@ -145,6 +140,10 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest {
         return getAuthRoot() + "/auth/realms/" + realmName + "/broker/saml-leaf/endpoint/clients/" + samlIdpInitiatedSsoUrlName;
     }
 
+    private String getSamlBrokerUrl(String realmName) {
+        return getAuthRoot() + "/auth/realms/" + realmName + "/broker/saml-leaf/endpoint";
+    }
+
     private void waitForPage(final String title) {
         WebDriverWait wait = new WebDriverWait(driver, 5);
 
@@ -182,6 +181,41 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest {
     }
 
     @Test
+    public void testConsumerIdpInitiatedLoginToApp() {
+        SAMLDocumentHolder samlResponse = new SamlClientBuilder()
+          .navigateTo(getSamlIdpInitiatedUrl(REALM_CONS_NAME, "sales"))
+          // Request login via saml-leaf
+          .login().idp("saml-leaf").build()
+
+          .processSamlResponse(Binding.POST)    // AuthnRequest to producer IdP
+            .targetAttributeSamlRequest()
+            .build()
+
+          // Login in provider realm
+          .login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build()
+
+          // Send the response to the consumer realm
+          .processSamlResponse(Binding.POST)
+          .transformObject(ob -> {
+              assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
+              ResponseType resp = (ResponseType) ob;
+              assertThat(resp.getDestination(), is(getSamlBrokerUrl(REALM_CONS_NAME)));
+              return ob;
+          })
+          .build()
+
+          .updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build()
+          .followOneRedirect()
+
+          // Obtain the response sent to the app
+          .getSamlResponse(Binding.POST);
+
+        assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
+        ResponseType resp = (ResponseType) samlResponse.getSamlObject();
+        assertThat(resp.getDestination(), is("http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth"));
+    }
+
+    @Test
     public void testTwoConsequentIdpInitiatedLogins() {
         SAMLDocumentHolder samlResponse = new SamlClientBuilder()
           .navigateTo(getSamlIdpInitiatedUrl(REALM_PROV_NAME, "samlbroker"))

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github