keycloak-aplcache
Changes
saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java 2(+2 -0)
saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeQueryParserTest.java 87(+87 -0)
saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAuthNRequestParserTest.java 84(+84 -0)
saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParserTest.java 69(+69 -0)
saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4552-saml20-aslo-response-via-extension.xml 9(+9 -0)
saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery.xml 16(+16 -0)
saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery-with-extension.xml 19(+19 -0)
Details
diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java
index 457f332..4d722a5 100755
--- a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLRequestAbstractParser.java
@@ -98,6 +98,8 @@ public abstract class SAMLRequestAbstractParser {
request.setIssuer(issuer);
} else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) {
request.setSignature(StaxParserUtil.getDOMElement(xmlEventReader));
+ } else if (JBossSAMLConstants.EXTENSIONS.get().equals(elementName)) {
+ request.setExtensions(new SAMLExtensionsParser().parse(xmlEventReader));
}
}
diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeQueryParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeQueryParserTest.java
new file mode 100644
index 0000000..a7ea4c5
--- /dev/null
+++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAttributeQueryParserTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.saml.processing.core.parsers.saml;
+
+
+import org.keycloak.dom.saml.v2.assertion.NameIDType;
+import org.keycloak.dom.saml.v2.protocol.AttributeQueryType;
+import java.io.InputStream;
+
+import org.junit.Test;
+
+import org.junit.Before;
+import org.w3c.dom.Element;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test class for SAML AttributeQuery parser.
+ *
+ * @author hmlnarik
+ */
+public class SAMLAttributeQueryParserTest {
+
+ private SAMLParser parser;
+
+ @Before
+ public void initParser() {
+ this.parser = new SAMLParser();
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20AttributeQuery() throws Exception {
+ try (InputStream is = SAMLAttributeQueryParserTest.class.getResourceAsStream("saml20-attributequery.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(AttributeQueryType.class));
+
+ AttributeQueryType query = (AttributeQueryType) parsedObject;
+ assertThat(query.getSignature(), nullValue());
+ assertThat(query.getConsent(), nullValue());
+ assertThat(query.getIssuer(), not(nullValue()));
+ assertThat(query.getIssuer().getValue(), is("https://sp/"));
+
+ NameIDType nameId = (NameIDType) query.getSubject().getSubType().getBaseID();
+ assertThat(nameId.getValue(), is("CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US"));
+ }
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20AttributeQueryWithExtension() throws Exception {
+ try (InputStream is = SAMLAttributeQueryParserTest.class.getResourceAsStream("saml20-attributequery-with-extension.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(AttributeQueryType.class));
+
+ AttributeQueryType query = (AttributeQueryType) parsedObject;
+ assertThat(query.getSignature(), nullValue());
+ assertThat(query.getConsent(), nullValue());
+ assertThat(query.getIssuer(), not(nullValue()));
+ assertThat(query.getIssuer().getValue(), is("https://sp/"));
+
+ NameIDType nameId = (NameIDType) query.getSubject().getSubType().getBaseID();
+ assertThat(nameId.getValue(), is("CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US"));
+
+ assertThat(query.getExtensions(), not(nullValue()));
+ assertThat(query.getExtensions().getAny().size(), is(1));
+ assertThat(query.getExtensions().getAny().get(0), instanceOf(Element.class));
+ Element el = (Element) query.getExtensions().getAny().get(0);
+ assertThat(el.getLocalName(), is("KeyInfo"));
+ assertThat(el.getNamespaceURI(), is("urn:keycloak:ext:key:1.0"));
+ assertThat(el.getAttribute("MessageSigningKeyId"), is("FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"));
+ }
+ }
+}
diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAuthNRequestParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAuthNRequestParserTest.java
new file mode 100644
index 0000000..e16a3d0
--- /dev/null
+++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLAuthNRequestParserTest.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.saml.processing.core.parsers.saml;
+
+
+import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
+import java.io.InputStream;
+
+import org.junit.Test;
+
+import org.junit.Before;
+import org.w3c.dom.Element;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test class for SAML AuthNRequest parser.
+ *
+ * @author hmlnarik
+ */
+public class SAMLAuthNRequestParserTest {
+
+ private SAMLParser parser;
+
+ @Before
+ public void initParser() {
+ this.parser = new SAMLParser();
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20AttributeQuery() throws Exception {
+ try (InputStream is = SAMLAuthNRequestParserTest.class.getResourceAsStream("saml20-authnrequest.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(AuthnRequestType.class));
+
+ AuthnRequestType req = (AuthnRequestType) parsedObject;
+ assertThat(req.getSignature(), nullValue());
+ assertThat(req.getConsent(), nullValue());
+ assertThat(req.getIssuer(), not(nullValue()));
+ assertThat(req.getIssuer().getValue(), is("https://sp/"));
+
+ assertThat(req.getNameIDPolicy().getFormat().toString(), is("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
+ }
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20AttributeQueryWithExtension() throws Exception {
+ try (InputStream is = SAMLAuthNRequestParserTest.class.getResourceAsStream("saml20-authnrequest-with-extension.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(AuthnRequestType.class));
+
+ AuthnRequestType req = (AuthnRequestType) parsedObject;
+ assertThat(req.getSignature(), nullValue());
+ assertThat(req.getConsent(), nullValue());
+ assertThat(req.getIssuer(), not(nullValue()));
+ assertThat(req.getIssuer().getValue(), is("https://sp/"));
+
+ assertThat(req.getNameIDPolicy().getFormat().toString(), is("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"));
+
+ assertThat(req.getExtensions(), not(nullValue()));
+ assertThat(req.getExtensions().getAny().size(), is(1));
+ assertThat(req.getExtensions().getAny().get(0), instanceOf(Element.class));
+ Element el = (Element) req.getExtensions().getAny().get(0);
+ assertThat(el.getLocalName(), is("KeyInfo"));
+ assertThat(el.getNamespaceURI(), is("urn:keycloak:ext:key:1.0"));
+ assertThat(el.getAttribute("MessageSigningKeyId"), is("FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"));
+ }
+ }
+}
diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParserTest.java
new file mode 100644
index 0000000..6967465
--- /dev/null
+++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParserTest.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.saml.processing.core.parsers.saml;
+
+
+import org.keycloak.dom.saml.v2.assertion.NameIDType;
+import org.keycloak.dom.saml.v2.protocol.LogoutRequestType;
+import java.io.InputStream;
+
+import org.junit.Test;
+
+import org.junit.Before;
+import org.w3c.dom.Element;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Test class for SAML SLO parser.
+ *
+ * @author hmlnarik
+ */
+public class SAMLSloRequestParserTest {
+
+ private SAMLParser parser;
+
+ @Before
+ public void initParser() {
+ this.parser = new SAMLParser();
+ }
+
+ @Test(timeout = 2000)
+ public void testSaml20SloResponseWithExtension() throws Exception {
+ try (InputStream is = SAMLSloRequestParserTest.class.getResourceAsStream("KEYCLOAK-4552-saml20-aslo-response-via-extension.xml")) {
+ Object parsedObject = parser.parse(is);
+ assertThat(parsedObject, instanceOf(LogoutRequestType.class));
+
+ LogoutRequestType resp = (LogoutRequestType) parsedObject;
+ assertThat(resp.getSignature(), nullValue());
+ assertThat(resp.getConsent(), nullValue());
+ assertThat(resp.getIssuer(), not(nullValue()));
+ assertThat(resp.getIssuer().getValue(), is("https://sp/"));
+
+ NameIDType nameId = resp.getNameID();
+ assertThat(nameId.getValue(), is("G-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"));
+
+ assertThat(resp.getExtensions(), not(nullValue()));
+ assertThat(resp.getExtensions().getAny().size(), is(1));
+ assertThat(resp.getExtensions().getAny().get(0), instanceOf(Element.class));
+ Element el = (Element) resp.getExtensions().getAny().get(0);
+ assertThat(el.getLocalName(), is("Asynchronous"));
+ assertThat(el.getNamespaceURI(), is("urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo"));
+ }
+ }
+}
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4552-saml20-aslo-response-via-extension.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4552-saml20-aslo-response-via-extension.xml
new file mode 100644
index 0000000..aa62a2f
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4552-saml20-aslo-response-via-extension.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://keycloak/auth/realms/XXX/protocol/saml" ID="_b89618b16ed98fed3d2f90b2ddee8027" IssueInstant="2017-03-09T09:32:00Z" Version="2.0">
+ <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sp/</saml:Issuer>
+ <saml:NameID xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">G-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX</saml:NameID>
+ <samlp:Extensions>
+ <aslo:Asynchronous xmlns:aslo="urn:oasis:names:tc:SAML:2.0:protocol:ext:async-slo"/>
+ </samlp:Extensions>
+ <samlp:SessionIndex>a1b93b43-4652-4e76-937a-cf3b982d683a</samlp:SessionIndex>
+</samlp:LogoutRequest>
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery.xml
new file mode 100644
index 0000000..0e64bbf
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery.xml
@@ -0,0 +1,16 @@
+<samlp:AttributeQuery
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ ID="aaf23196-1773-2113-474a-fe114412ab72"
+ Version="2.0"
+ IssueInstant="2006-07-17T20:31:40">
+ <saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
+ https://sp/
+ </saml:Issuer>
+ <saml:Subject>
+ <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
+ CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US
+ </saml:NameID>
+ </saml:Subject>
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.42" FriendlyName="givenName"/>
+</samlp:AttributeQuery>
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery-with-extension.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery-with-extension.xml
new file mode 100644
index 0000000..525e692
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-attributequery-with-extension.xml
@@ -0,0 +1,19 @@
+<samlp:AttributeQuery
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ ID="aaf23196-1773-2113-474a-fe114412ab72"
+ Version="2.0"
+ IssueInstant="2006-07-17T20:31:40">
+ <samlp:Extensions>
+ <kckey:KeyInfo xmlns:kckey="urn:keycloak:ext:key:1.0" MessageSigningKeyId="FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"/>
+ </samlp:Extensions>
+ <saml:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
+ https://sp/
+ </saml:Issuer>
+ <saml:Subject>
+ <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
+ CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US
+ </saml:NameID>
+ </saml:Subject>
+ <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:2.5.4.42" FriendlyName="givenName"/>
+</samlp:AttributeQuery>
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest.xml
new file mode 100644
index 0000000..7e63302
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest.xml
@@ -0,0 +1,5 @@
+<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2004-12-05T09:21:59">
+ <saml:Issuer>https://sp/</saml:Issuer>
+ <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
+</samlp:AuthnRequest>
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest-with-extension.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest-with-extension.xml
new file mode 100644
index 0000000..655eae6
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-authnrequest-with-extension.xml
@@ -0,0 +1,8 @@
+<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="aaf23196-1773-2113-474a-fe114412ab72" Version="2.0" IssueInstant="2004-12-05T09:21:59">
+ <saml:Issuer>https://sp/</saml:Issuer>
+ <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
+ <samlp:Extensions>
+ <kckey:KeyInfo xmlns:kckey="urn:keycloak:ext:key:1.0" MessageSigningKeyId="FJ86GcF3jTbNLOco4NvZkUCIUmfYCqoqtOQeMfbhNlE"/>
+ </samlp:Extensions>
+</samlp:AuthnRequest>
\ No newline at end of file