2016-06-02 16:07:45 +00:00
|
|
|
[[_saml-general-config]]
|
|
|
|
|
|
|
|
==== General Adapter Config
|
|
|
|
|
2016-06-02 20:50:43 +00:00
|
|
|
Each SAML client adapter supported by {{book.project.name}} can be configured by a simple XML text file.
|
2016-06-02 16:07:45 +00:00
|
|
|
This is what one might look like:
|
|
|
|
|
|
|
|
[source,xml]
|
|
|
|
----
|
2016-11-09 10:02:53 +00:00
|
|
|
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
|
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
|
|
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
2016-06-02 16:07:45 +00:00
|
|
|
<SP entityID="http://localhost:8081/sales-post-sig/"
|
|
|
|
sslPolicy="EXTERNAL"
|
|
|
|
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
|
|
|
logoutPage="/logout.jsp"
|
|
|
|
forceAuthentication="false"
|
|
|
|
isPassive="false"
|
2017-06-06 14:50:33 +00:00
|
|
|
turnOffChangeSessionIdOnLogin="false"
|
|
|
|
autodetectBearerOnly="false">
|
2016-06-02 16:07:45 +00:00
|
|
|
<Keys>
|
|
|
|
<Key signing="true" >
|
|
|
|
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
|
|
|
<PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
|
|
|
|
<Certificate alias="http://localhost:8080/sales-post-sig/"/>
|
|
|
|
</KeyStore>
|
|
|
|
</Key>
|
|
|
|
</Keys>
|
|
|
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
2016-12-04 20:44:53 +00:00
|
|
|
<RoleIdentifiers>
|
2016-06-02 16:07:45 +00:00
|
|
|
<Attribute name="Role"/>
|
2016-12-05 15:14:37 +00:00
|
|
|
</RoleIdentifiers>
|
2016-06-02 16:07:45 +00:00
|
|
|
<IDP entityID="idp"
|
|
|
|
signaturesRequired="true">
|
|
|
|
<SingleSignOnService requestBinding="POST"
|
|
|
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
|
|
|
/>
|
|
|
|
|
|
|
|
<SingleLogoutService
|
|
|
|
requestBinding="POST"
|
|
|
|
responseBinding="POST"
|
|
|
|
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
|
|
|
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
|
|
|
/>
|
|
|
|
<Keys>
|
|
|
|
<Key signing="true">
|
|
|
|
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
|
|
|
<Certificate alias="demo"/>
|
|
|
|
</KeyStore>
|
|
|
|
</Key>
|
|
|
|
</Keys>
|
|
|
|
</IDP>
|
|
|
|
</SP>
|
|
|
|
</keycloak-saml-adapter>
|
|
|
|
----
|
|
|
|
|
|
|
|
Some of these configuration switches may be adapter specific and some are common across all adapters.
|
2016-06-02 20:50:43 +00:00
|
|
|
For Java adapters you can use `$\{...}` enclosure as System property replacement.
|
|
|
|
For example `$\{jboss.server.config.dir}`.
|
2016-06-02 16:07:45 +00:00
|
|
|
|
|
|
|
|