keycloak-scim/topics/saml/java/general-config.adoc

[[_saml-general-config]]

==== General Adapter Config

Each SAML client adapter supported by {{book.project.name}} can be configured by a simple XML text file.
This is what one might look like: 

[source,xml]
----
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
    <SP entityID="http://localhost:8081/sales-post-sig/"
        sslPolicy="EXTERNAL"
        nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
        logoutPage="/logout.jsp"
        forceAuthentication="false"
        isPassive="false"
        turnOffChangeSessionIdOnLogin="false">
        <Keys>
            <Key signing="true" >
                <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
                    <PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
                    <Certificate alias="http://localhost:8080/sales-post-sig/"/>
                </KeyStore>
            </Key>
        </Keys>
        <PrincipalNameMapping policy="FROM_NAME_ID"/>
        <RoleMapping>
            <Attribute name="Role"/>
        </RoleMapping>
        <IDP entityID="idp"
             signaturesRequired="true">
        <SingleSignOnService requestBinding="POST"
                             bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
                    />

            <SingleLogoutService
                    requestBinding="POST"
                    responseBinding="POST"
                    postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
                    redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
                    />
            <Keys>
                <Key signing="true">
                    <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
                        <Certificate alias="demo"/>
                    </KeyStore>
                </Key>
            </Keys>
        </IDP>
     </SP>
</keycloak-saml-adapter>
----    

Some of these configuration switches may be adapter specific and some are common across all adapters.
For Java adapters you can use `$\{...}` enclosure as System property replacement.
For example `$\{jboss.server.config.dir}`.
initial saml 2016-06-02 16:07:45 +00:00			`[[_saml-general-config]]`

			`==== General Adapter Config`

saml general config 2016-06-02 20:50:43 +00:00			`Each SAML client adapter supported by {{book.project.name}} can be configured by a simple XML text file.`
initial saml 2016-06-02 16:07:45 +00:00			`This is what one might look like:`

			`[source,xml]`
			`----`
KEYCLOAK-3870 Refer to keycloak-saml.xml schema in the example 2016-11-09 10:02:53 +00:00			`<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"`
			`xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"`
			`xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">`
initial saml 2016-06-02 16:07:45 +00:00			`<SP entityID="http://localhost:8081/sales-post-sig/"`
			`sslPolicy="EXTERNAL"`
			`nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"`
			`logoutPage="/logout.jsp"`
			`forceAuthentication="false"`
			`isPassive="false"`
			`turnOffChangeSessionIdOnLogin="false">`
			`<Keys>`
			`<Key signing="true" >`
			`<KeyStore resource="/WEB-INF/keystore.jks" password="store123">`
			`<PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>`
			`<Certificate alias="http://localhost:8080/sales-post-sig/"/>`
			`</KeyStore>`
			`</Key>`
			`</Keys>`
			`<PrincipalNameMapping policy="FROM_NAME_ID"/>`
			`<RoleMapping>`
			`<Attribute name="Role"/>`
			`</RoleMapping>`
			`<IDP entityID="idp"`
			`signaturesRequired="true">`
			`<SingleSignOnService requestBinding="POST"`
			`bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"`
			`/>`

			`<SingleLogoutService`
			`requestBinding="POST"`
			`responseBinding="POST"`
			`postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"`
			`redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"`
			`/>`
			`<Keys>`
			`<Key signing="true">`
			`<KeyStore resource="/WEB-INF/keystore.jks" password="store123">`
			`<Certificate alias="demo"/>`
			`</KeyStore>`
			`</Key>`
			`</Keys>`
			`</IDP>`
			`</SP>`
			`</keycloak-saml-adapter>`
			`----`

			`Some of these configuration switches may be adapter specific and some are common across all adapters.`
saml general config 2016-06-02 20:50:43 +00:00			For Java adapters you can use `$\{...}` enclosure as System property replacement.
			For example `$\{jboss.server.config.dir}`.
initial saml 2016-06-02 16:07:45 +00:00