From 12e2a4698df39ec323d21fc1c128b7a2a1019404 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Tue, 28 Oct 2014 12:49:31 -0400 Subject: [PATCH] idp descriptor --- docbook/reference/en/en-US/modules/saml.xml | 5 +++- .../keycloak/protocol/saml/SamlService.java | 20 +++++++++++++ .../main/resources/idp-metadata-template.xml | 29 +++++++++++++++++++ .../services/resources/RealmsResource.java | 8 +++++ 4 files changed, 61 insertions(+), 1 deletion(-) create mode 100755 saml/saml-protocol/src/main/resources/idp-metadata-template.xml diff --git a/docbook/reference/en/en-US/modules/saml.xml b/docbook/reference/en/en-US/modules/saml.xml index 85219073bc..5ba2e009e9 100755 --- a/docbook/reference/en/en-US/modules/saml.xml +++ b/docbook/reference/en/en-US/modules/saml.xml @@ -100,11 +100,14 @@ in the response.
- SAML Entity Descriptor Import + SAML Entity Descriptor If you go into the admin console in the application list menu page you will see an Import button. If you click on that you can import SAML Service Provider definitions using the Entity Descriptor format described in SAML 2.0. You should review all the information there to make sure everything is set up correctly. + + Each realm has a URL where you can view the XML entity descriptor for the IDP. root/realms/{realm}/protocol/saml/descriptor +
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java index 8f51234a48..1c8c31700c 100755 --- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java +++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java @@ -19,7 +19,9 @@ import org.keycloak.models.UserSessionModel; import org.keycloak.protocol.oidc.OpenIDConnectService; import org.keycloak.services.managers.AuthenticationManager; import org.keycloak.services.managers.ClientSessionCode; +import org.keycloak.services.resources.RealmsResource; import org.keycloak.services.resources.flows.Flows; +import org.keycloak.util.StreamUtil; import org.picketlink.common.constants.GeneralConstants; import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder; import org.picketlink.identity.federation.saml.v2.SAML2Object; @@ -32,6 +34,8 @@ import javax.ws.rs.Consumes; import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Context; import javax.ws.rs.core.HttpHeaders; @@ -42,6 +46,7 @@ import javax.ws.rs.core.SecurityContext; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriInfo; import javax.ws.rs.ext.Providers; +import java.io.InputStream; import java.net.URI; import java.security.PublicKey; import java.security.Signature; @@ -379,4 +384,19 @@ public class SamlService { return new PostBindingProtocol().execute(samlRequest, samlResponse, relayState); } + @GET + @Path("descriptor") + @Produces(MediaType.APPLICATION_XML) + public String getDescriptor() throws Exception { + InputStream is = getClass().getResourceAsStream("/idp-metadata-template.xml"); + String template = StreamUtil.readString(is); + template = template.replace("${idp.entityID}", RealmsResource.realmBaseUrl(uriInfo).build(realm.getName()).toString()); + template = template.replace("${idp.sso.HTTP-POST}", RealmsResource.protocolUrl(uriInfo).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString()); + template = template.replace("${idp.sso.HTTP-Redirect}", RealmsResource.protocolUrl(uriInfo).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString()); + template = template.replace("${idp.sls.HTTP-POST}", RealmsResource.protocolUrl(uriInfo).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString()); + template = template.replace("${idp.signing.certificate}", realm.getCertificatePem()); + return template; + + } + } diff --git a/saml/saml-protocol/src/main/resources/idp-metadata-template.xml b/saml/saml-protocol/src/main/resources/idp-metadata-template.xml new file mode 100755 index 0000000000..5468cfc1e5 --- /dev/null +++ b/saml/saml-protocol/src/main/resources/idp-metadata-template.xml @@ -0,0 +1,29 @@ + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + + + + + + + ${idp.signing.certificate} + + + + + + + \ No newline at end of file diff --git a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java index 2feeaaaebf..a7fe6c4855 100755 --- a/services/src/main/java/org/keycloak/services/resources/RealmsResource.java +++ b/services/src/main/java/org/keycloak/services/resources/RealmsResource.java @@ -77,6 +77,14 @@ public class RealmsResource { return base.path(RealmsResource.class).path(RealmsResource.class, "getAccountService"); } + public static UriBuilder protocolUrl(UriBuilder base) { + return base.path(RealmsResource.class).path(RealmsResource.class, "getProtocol"); + } + + public static UriBuilder protocolUrl(UriInfo uriInfo) { + return uriInfo.getBaseUriBuilder().path(RealmsResource.class).path(RealmsResource.class, "getProtocol"); + } + @Path("{realm}/login-status-iframe.html") @GET @Produces(MediaType.TEXT_HTML)