cleanup

docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml

@@ -275,8 +275,8 @@
                         <para>
                             This is the signature algorithm that the IDP expects signed documents
                             to use
-                            <emphasis>OPTIONAL.</emphasis>.  The default value is RSA_SHA1, but
-                            you can also use RSA_256, RSA_512, and DSA_SHA1.
+                            <emphasis>OPTIONAL.</emphasis>.  The default value is RSA_SHA256, but
+                            you can also use RSA_SHA1, RSA_256, RSA_512, and DSA_SHA1.
                         </para>
                     </listitem>
                 </varlistentry>

saml/client-adapter/core/src/main/java/org/keycloak/adapters/saml/SamlAuthenticator.java

@@ -292,15 +292,14 @@ public abstract class SamlAuthenticator {
                 }
             }
         }
-        if (deployment.getPrincipalNamePolicy() == SamlDeployment.PrincipalNamePolicy.FROM_ATTRIBUTE_NAME) {
+        if (deployment.getPrincipalNamePolicy() == SamlDeployment.PrincipalNamePolicy.FROM_ATTRIBUTE) {
             if (deployment.getPrincipalAttributeName() != null) {
                 String attribute = attributes.getFirst(deployment.getPrincipalAttributeName());
                 if (attribute != null) principalName = attribute;
-            }
-        } else   if (deployment.getPrincipalNamePolicy() == SamlDeployment.PrincipalNamePolicy.FROM_FRIENDLY_ATTRIBUTE_NAME) {
-            if (deployment.getPrincipalAttributeName() != null) {
-                String attribute = friendlyAttributes.getFirst(deployment.getPrincipalAttributeName());
-                if (attribute != null) principalName = attribute;
+                else {
+                    attribute = friendlyAttributes.getFirst(deployment.getPrincipalAttributeName());
+                    if (attribute != null) principalName = attribute;
+                }
             }
         }
 

saml/client-adapter/core/src/main/java/org/keycloak/adapters/saml/config/parsers/ConfigXmlConstants.java

@@ -37,7 +37,7 @@ public class ConfigXmlConstants {
     public static final String ATTRIBUTE_ATTR = "attribute";
 
 
-    public static final String ROLE_MAPPING_ELEMENT = "RoleMapping";
+    public static final String ROLE_IDENTIFIERS_ELEMENT = "RoleIdentifiers";
     public static final String ATTRIBUTE_ELEMENT = "Attribute";
     public static final String NAME_ATTR = "name";
 

saml/client-adapter/core/src/main/java/org/keycloak/adapters/saml/config/parsers/DeploymentBuilder.java

@@ -20,6 +20,8 @@ import java.security.KeyStoreException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.cert.Certificate;
+import java.util.HashSet;
+import java.util.Set;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -52,6 +54,11 @@ public class DeploymentBuilder {
             deployment.setPrincipalAttributeName(sp.getPrincipalNameMapping().getAttributeName());
         }
         deployment.setRoleAttributeNames(sp.getRoleAttributes());
+        if (sp.getRoleAttributes() == null) {
+            Set<String> roles = new HashSet<>();
+            roles.add("Role");
+            deployment.setRoleAttributeNames(roles);
+        }
         if (sp.getSslPolicy() != null) {
             SslRequired ssl = SslRequired.valueOf(sp.getSslPolicy());
             deployment.setSslRequired(ssl);

saml/client-adapter/core/src/main/java/org/keycloak/adapters/saml/config/parsers/SPXmlParser.java

@@ -10,12 +10,10 @@ import org.keycloak.util.StringPropertyReplacer;
 
 import javax.xml.namespace.QName;
 import javax.xml.stream.XMLEventReader;
-import javax.xml.stream.events.Attribute;
 import javax.xml.stream.events.EndElement;
 import javax.xml.stream.events.StartElement;
 import javax.xml.stream.events.XMLEvent;
 import java.util.HashSet;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
 
@@ -96,7 +94,7 @@ public class SPXmlParser extends AbstractParser {
                 mapping.setAttributeName(attribute);
                 sp.setPrincipalNameMapping(mapping);
 
-            } else if (tag.equals(ConfigXmlConstants.ROLE_MAPPING_ELEMENT)) {
+            } else if (tag.equals(ConfigXmlConstants.ROLE_IDENTIFIERS_ELEMENT)) {
                 parseRoleMapping(xmlEventReader, sp);
             } else if (tag.equals(ConfigXmlConstants.IDP_ELEMENT)) {
                 IDPXmlParser parser = new IDPXmlParser();
@@ -112,7 +110,7 @@ public class SPXmlParser extends AbstractParser {
 
     protected void parseRoleMapping(XMLEventReader xmlEventReader, SP sp)  throws ParsingException {
         StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
-        StaxParserUtil.validate(startElement, ConfigXmlConstants.ROLE_MAPPING_ELEMENT);
+        StaxParserUtil.validate(startElement, ConfigXmlConstants.ROLE_IDENTIFIERS_ELEMENT);
         Set<String> roleAttributes = new HashSet<>();
         while (xmlEventReader.hasNext()) {
             XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
@@ -121,7 +119,7 @@ public class SPXmlParser extends AbstractParser {
             if (xmlEvent instanceof EndElement) {
                 EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader);
                 String endElementName = StaxParserUtil.getEndElementName(endElement);
-                if (endElementName.equals(ConfigXmlConstants.ROLE_MAPPING_ELEMENT))
+                if (endElementName.equals(ConfigXmlConstants.ROLE_IDENTIFIERS_ELEMENT))
                     break;
                 else
                     continue;