Merge pull request #4 from cloudtrust/ws-fed11

Support for SAML 1.1 tokens * Applies for WS-Fed for both WS-Fed clients (with Keycloak as STS/IDP) and WS-Fed identity providers (with Keycloak as identity broker). * "Keycloak as STS/IDP" side of the code has been reviewed and been shown to work. There is a minor problem with the installation template. An [issue](#5) has been opened for the problem. * "Keycloak as Identity Broker" side of the WS-Fed code doesn't currently seem to be functioning correctly, but code analysis and tests indicate that the problem doesn't lie in the code introduced for the SAML 1.1 tokens. An [issue](#6) has been opened for the problem.
cloudtrust · Dec 11, 2017 · 68ce02b · 68ce02b
2 parents afba030 + 6f13c8e
commit 68ce02b
Show file tree

Hide file tree

Showing 14 changed files with 673 additions and 76 deletions.
diff --git a/module.xml b/module.xml
@@ -7,6 +7,7 @@
     </resources>
 
     <dependencies>
+        <module name="org.keycloak.keycloak-common"/>
         <module name="org.keycloak.keycloak-server-spi"/>
         <module name="org.keycloak.keycloak-server-spi-private"/>
         <module name="org.keycloak.keycloak-saml-core"/>
@@ -20,6 +21,6 @@
         <module name="javax.api"/>
         <module name="org.keycloak.keycloak-common"/>
         <module name="org.apache.httpcomponents"/>
-        <module name="org.apache.commons.lang3"/>
+        <module name="org.apache.commons.lang"/>
     </dependencies>
-</module>
+</module>
diff --git a/pom.xml b/pom.xml
@@ -40,7 +40,7 @@
     </organization>
 
     <properties>
-        <apache.commons.lang>3.3.2</apache.commons.lang>
+        <apache.commons.lang>2.6</apache.commons.lang>
         <mockito.version>1.10.19</mockito.version>
     </properties>
 
@@ -87,8 +87,8 @@
 
         <!-- Apache -->
         <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-lang3</artifactId>
+            <groupId>commons-lang</groupId>
+            <artifactId>commons-lang</artifactId>
             <version>${apache.commons.lang}</version>
             <scope>provided</scope>
         </dependency>

diff --git a/src/main/java/com/quest/keycloak/broker/wsfed/RequestedToken.java b/src/main/java/com/quest/keycloak/broker/wsfed/RequestedToken.java
@@ -18,8 +18,25 @@
 
 import org.keycloak.events.EventBuilder;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.saml.common.exceptions.ProcessingException;
+import org.keycloak.saml.processing.core.util.JAXPValidationUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
 
 import javax.ws.rs.core.Response;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpression;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+import java.io.IOException;
+import java.io.StringReader;
 import java.security.PublicKey;
 
 public interface RequestedToken {
@@ -34,4 +51,46 @@ public interface RequestedToken {
     String getSessionIndex();
 
     Object getToken();
+
+    String getFirstName();
+
+    String getLastName();
+
+    default Document createXmlDocument(String response) throws ProcessingException, ParserConfigurationException {
+        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+        factory.setNamespaceAware(true);
+        DocumentBuilder builder = factory.newDocumentBuilder();
+
+        InputSource source = new InputSource();
+        source.setCharacterStream(new StringReader(response));
+        try {
+            Document document = builder.parse(source);
+            JAXPValidationUtil.checkSchemaValidation(document);
+            return document;
+        } catch (SAXException | IOException e) {
+            throw new ProcessingException("Error while extracting SAML from WSFed response.");
+        }
+    }
+
+    default Document extractSamlDocument(Document document) throws ProcessingException, XPathExpressionException {
+        try {
+            DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+            factory.setNamespaceAware(true);
+            XPath xpath = XPathFactory.newInstance().newXPath();
+            XPathExpression xPathExpression = xpath.compile("//*[local-name() = 'Assertion']");
+
+            NodeList samlNodes = (NodeList) xPathExpression.evaluate(document, XPathConstants.NODESET);
+            Document samlDoc = factory.newDocumentBuilder().newDocument();
+            for (int i = 0; i < samlNodes.getLength(); i++) {
+                Node node = samlNodes.item(i);
+                Node copyNode = samlDoc.importNode(node, true);
+                samlDoc.appendChild(copyNode);
+            }
+            return samlDoc;
+        } catch (XPathExpressionException | ParserConfigurationException e) {
+            throw new ProcessingException("Error while extracting SAML Assertion from WSFed XML document.");
+        }
+    }
+
+
 }