keycloak-aplcache
Changes
saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java 2(+2 -0)
saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java 21(+21 -0)
saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4809-IdPMetadata_test.xml 73(+73 -0)
Details
diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
index 5c3c30b..31dfc5f 100755
--- a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEntityDescriptorParser.java
@@ -366,6 +366,8 @@ public class SAMLEntityDescriptorParser extends AbstractDescriptorParser impleme
} else if (JBossSAMLConstants.ATTRIBUTE_PROFILE.get().equalsIgnoreCase(localPart)) {
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
attributeAuthority.addAttributeProfile(StaxParserUtil.getElementText(xmlEventReader));
+ } else if (JBossSAMLConstants.ATTRIBUTE.get().equalsIgnoreCase(localPart)) {
+ attributeAuthority.addAttribute(SAMLParserUtil.parseAttribute(xmlEventReader));
} else if (JBossSAMLConstants.KEY_DESCRIPTOR.get().equalsIgnoreCase(localPart)) {
attributeAuthority.addKeyDescriptor(parseKeyDescriptor(xmlEventReader));
} else if (JBossSAMLConstants.NAMEID_FORMAT.get().equalsIgnoreCase(localPart)) {
diff --git a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java
index 5990ec4..d5df478 100644
--- a/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java
+++ b/saml-core/src/test/java/org/keycloak/saml/processing/core/parsers/saml/SAMLParserTest.java
@@ -208,6 +208,27 @@ public class SAMLParserTest {
}
@Test
+ public void testSaml20MetadataEntityDescriptorIdP() throws IOException, ParsingException {
+ try (InputStream st = SAMLParserTest.class.getResourceAsStream("saml20-entity-descriptor-idp.xml")) {
+ parser.parse(st);
+ }
+ }
+
+ @Test
+ public void testSaml20MetadataEntityDescriptorSP() throws IOException, ParsingException {
+ try (InputStream st = SAMLParserTest.class.getResourceAsStream("saml20-entity-descriptor-sp.xml")) {
+ parser.parse(st);
+ }
+ }
+
+ @Test
+ public void testSaml20MetadataEntityDescriptorAdfsIdP() throws IOException, ParsingException {
+ try (InputStream st = SAMLParserTest.class.getResourceAsStream("KEYCLOAK-4809-IdPMetadata_test.xml")) {
+ parser.parse(st);
+ }
+ }
+
+ @Test
public void testAttributeProfileMetadata() throws Exception {
try (InputStream st = SAMLParserTest.class.getResourceAsStream("KEYCLOAK-4236-AttributeProfile-element.xml")) {
Object parsedObject = parser.parse(st);
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4809-IdPMetadata_test.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4809-IdPMetadata_test.xml
new file mode 100644
index 0000000..f83cb59
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/KEYCLOAK-4809-IdPMetadata_test.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<EntityDescriptor ID="_5495b16a-7b17-4411-bba2-832fb12b8fa0" entityID="https://erghplferkughduhf.dk/" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:a="urn:oasis:names:tc:SAML:2.0:assertion">
+ <IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="encryption">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>...</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>...</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sdhgrjhsdgrjhgdrjhgj.dk/adfs/ls/"/>
+ <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sdhgrjhsdgrjhgdrjhgj.dk/adfs/ls/"/>
+ <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
+ <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
+ <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sdhgrjhsdgrjhgdrjhgj.dk/adfs/ls/"/>
+ <a:Attribute Name="urn:oid:2.5.29.29" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Certificate Issuer DN"/>
+ <a:Attribute Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Common Name"/>
+ <a:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="email"/>
+ <a:Attribute Name="urn:oid:2.5.4.65" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="OCES Pseudonym"/>
+ <a:Attribute Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Organisation Name"/>
+ <a:Attribute Name="urn:oid:2.5.4.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Organisation Unit"/>
+ <a:Attribute Name="urn:oid:2.5.4.16" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Postal Address"/>
+ <a:Attribute Name="urn:oid:2.5.4.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Serialnumber"/>
+ <a:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="SubjectSerialNumber"/>
+ <a:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Surname"/>
+ <a:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Title"/>
+ <a:Attribute Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="User Certificate"/>
+ <a:Attribute Name="urn:liberty:disco:2006-08:DiscoveryEPR" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="STS Bootstrap Token" />
+ </IDPSSODescriptor>
+ <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="encryption">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>...</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="signing">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>...</X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </KeyDescriptor>
+ <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://attributequery.sdfjhjhgjsdghd.dk/AttributeQuery.svc"/>
+ <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</NameIDFormat>
+ <a:Attribute Name="urn:oid:2.5.29.29" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Certificate Issuer DN"/>
+ <a:Attribute Name="urn:oid:2.5.4.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Common Name"/>
+ <a:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="email"/>
+ <a:Attribute Name="urn:oid:2.5.4.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Organisation Name"/>
+ <a:Attribute Name="urn:oid:2.5.4.11" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Organisation Unit"/>
+ <a:Attribute Name="urn:oid:2.5.4.16" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Postal Address"/>
+ <a:Attribute Name="urn:oid:2.5.4.5" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Serialnumber"/>
+ <a:Attribute Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="SubjectSerialNumber"/>
+ <a:Attribute Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Surname"/>
+ <a:Attribute Name="urn:oid:2.5.4.12" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="Title"/>
+ <a:Attribute Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.8" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic" FriendlyName="User Certificate"/>
+ </AttributeAuthorityDescriptor>
+ <ContactPerson contactType="administrative">
+ <Company>Thadfjhkj</Company>
+ <GivenName>Hasfkjk</GivenName>
+ <SurName>Hasfjfjjris</SurName>
+ <EmailAddress>ydfthshe@yudff.dk</EmailAddress>
+ <TelephoneNumber>12345678</TelephoneNumber>
+ </ContactPerson>
+</EntityDescriptor>
\ No newline at end of file
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-idp.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-idp.xml
new file mode 100644
index 0000000..aa8c9f1
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-idp.xml
@@ -0,0 +1,101 @@
+<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ entityID="https://IdentityProvider.com/SAML">
+ <ds:Signature>...</ds:Signature>
+ <IDPSSODescriptor WantAuthnRequestsSigned="true"
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:KeyName>IdentityProvider.com SSO Key</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <ArtifactResolutionService isDefault="true" index="0"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://IdentityProvider.com/SAML/Artifact"/>
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://IdentityProvider.com/SAML/SLO/SOAP"/>
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://IdentityProvider.com/SAML/SLO/Browser"
+ ResponseLocation="https://IdentityProvider.com/SAML/SLO/Response"/>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
+ </NameIDFormat>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+ </NameIDFormat>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </NameIDFormat>
+ <SingleSignOnService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://IdentityProvider.com/SAML/SSO/Browser"/>
+ <SingleSignOnService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="https://IdentityProvider.com/SAML/SSO/Browser"/>
+ <saml:Attribute
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
+ FriendlyName="eduPersonPrincipalName">
+ </saml:Attribute>
+ <saml:Attribute
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
+ FriendlyName="eduPersonAffiliation">
+ <saml:AttributeValue>member</saml:AttributeValue>
+ <saml:AttributeValue>student</saml:AttributeValue>
+ <saml:AttributeValue>faculty</saml:AttributeValue>
+ <saml:AttributeValue>employee</saml:AttributeValue>
+ <saml:AttributeValue>staff</saml:AttributeValue>
+ </saml:Attribute>
+ </IDPSSODescriptor>
+ <AttributeAuthorityDescriptor
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:KeyName>IdentityProvider.com AA Key</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <AttributeService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://IdentityProvider.com/SAML/AA/SOAP"/>
+ <AssertionIDRequestService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:URI"
+ Location="https://IdentityProvider.com/SAML/AA/URI"/>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
+ </NameIDFormat>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+ </NameIDFormat>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </NameIDFormat>
+ <saml:Attribute
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
+ FriendlyName="eduPersonPrincipalName">
+ </saml:Attribute>
+ <saml:Attribute
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
+ FriendlyName="eduPersonAffiliation">
+ <saml:AttributeValue>member</saml:AttributeValue>
+ <saml:AttributeValue>student</saml:AttributeValue>
+ <saml:AttributeValue>faculty</saml:AttributeValue>
+ <saml:AttributeValue>employee</saml:AttributeValue>
+ <saml:AttributeValue>staff</saml:AttributeValue>
+ </saml:Attribute>
+ </AttributeAuthorityDescriptor>
+ <Organization>
+ <OrganizationName xml:lang="en">Identity Providers R
+ US</OrganizationName>
+ <OrganizationDisplayName xml:lang="en">
+ Identity Providers R US, a Division of Lerxst Corp.
+ </OrganizationDisplayName>
+ <OrganizationURL
+ xml:lang="en">https://IdentityProvider.com</OrganizationURL>
+ </Organization>
+</EntityDescriptor>
diff --git a/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-sp.xml b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-sp.xml
new file mode 100644
index 0000000..9834d92
--- /dev/null
+++ b/saml-core/src/test/resources/org/keycloak/saml/processing/core/parsers/saml/saml20-entity-descriptor-sp.xml
@@ -0,0 +1,56 @@
+<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ entityID="https://ServiceProvider.com/SAML">
+ <ds:Signature>...</ds:Signature>
+ <SPSSODescriptor AuthnRequestsSigned="true"
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <KeyDescriptor use="signing">
+ <ds:KeyInfo>
+ <ds:KeyName>ServiceProvider.com SSO Key</ds:KeyName>
+ </ds:KeyInfo>
+ </KeyDescriptor>
+ <KeyDescriptor use="encryption">
+ <ds:KeyInfo>
+ <ds:KeyName>ServiceProvider.com Encrypt Key</ds:KeyName>
+ </ds:KeyInfo>
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ </KeyDescriptor>
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+ Location="https://ServiceProvider.com/SAML/SLO/SOAP"/>
+ <SingleLogoutService
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://ServiceProvider.com/SAML/SLO/Browser"
+ ResponseLocation="https://ServiceProvider.com/SAML/SLO/Response"/>
+ <NameIDFormat>
+ urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+ </NameIDFormat>
+ <AssertionConsumerService isDefault="true" index="0"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+ Location="https://ServiceProvider.com/SAML/SSO/Artifact"/>
+ <AssertionConsumerService index="1"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="https://ServiceProvider.com/SAML/SSO/POST"/>
+ <AttributeConsumingService index="0">
+ <ServiceName xml:lang="en">Academic Journals R US</ServiceName>
+ <RequestedAttribute
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
+ FriendlyName="eduPersonEntitlement">
+ <saml:AttributeValue>
+ https://ServiceProvider.com/entitlements/123456789
+ </saml:AttributeValue>
+ </RequestedAttribute>
+ </AttributeConsumingService>
+ </SPSSODescriptor>
+ <Organization>
+ <OrganizationName xml:lang="en">Academic Journals R
+ US</OrganizationName>
+ <OrganizationDisplayName xml:lang="en">
+ Academic Journals R US, a Division of Dirk Corp.
+ </OrganizationDisplayName>
+ <OrganizationURL
+ xml:lang="en">https://ServiceProvider.com</OrganizationURL>
+ </Organization>
+</EntityDescriptor>
\ No newline at end of file