keycloak-scim/securing_apps/topics/saml/java/general-config.adoc

65 lines
2.6 KiB
Text
Raw Normal View History

[[_saml-general-config]]
2016-06-02 16:07:45 +00:00
==== General Adapter Config
2017-08-28 12:50:14 +00:00
Each SAML client adapter supported by {project_name} can be configured by a simple XML text file.
2016-06-02 16:07:45 +00:00
This is what one might look like:
2017-08-30 07:26:56 +00:00
[source,xml,subs="attributes+"]
2016-06-02 16:07:45 +00:00
----
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
2017-08-30 07:26:56 +00:00
xsi:schemaLocation="urn:keycloak:saml:adapter {saml_adapter_xsd_urn}">
2016-06-02 16:07:45 +00:00
<SP entityID="http://localhost:8081/sales-post-sig/"
sslPolicy="EXTERNAL"
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
logoutPage="/logout.jsp"
forceAuthentication="false"
isPassive="false"
turnOffChangeSessionIdOnLogin="false"
autodetectBearerOnly="false">
2016-06-02 16:07:45 +00:00
<Keys>
<Key signing="true" >
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
<Certificate alias="http://localhost:8080/sales-post-sig/"/>
</KeyStore>
</Key>
</Keys>
<PrincipalNameMapping policy="FROM_NAME_ID"/>
2016-12-04 20:44:53 +00:00
<RoleIdentifiers>
2016-06-02 16:07:45 +00:00
<Attribute name="Role"/>
</RoleIdentifiers>
<RoleMappingsProvider id="properties-based-role-mapper">
<Property name="properties.resource.location" value="/WEB-INF/role-mappings.properties"/>
</RoleMappingsProvider>
2016-06-02 16:07:45 +00:00
<IDP entityID="idp"
signaturesRequired="true">
<SingleSignOnService requestBinding="POST"
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
/>
<SingleLogoutService
requestBinding="POST"
responseBinding="POST"
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
/>
<Keys>
<Key signing="true">
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<Certificate alias="demo"/>
</KeyStore>
</Key>
</Keys>
</IDP>
</SP>
</keycloak-saml-adapter>
----
Some of these configuration switches may be adapter specific and some are common across all adapters.
2017-09-05 07:49:24 +00:00
For Java adapters you can use `${...}` enclosure as System property replacement.
For example `${jboss.server.config.dir}`.
2016-06-02 16:07:45 +00:00