saml adapter docs
This commit is contained in:
parent
a1b315adbd
commit
450e031da9
97 changed files with 697 additions and 539 deletions
|
@ -17,11 +17,11 @@
|
||||||
<outputDirectory>rest-api</outputDirectory>
|
<outputDirectory>rest-api</outputDirectory>
|
||||||
</fileSet>
|
</fileSet>
|
||||||
<fileSet>
|
<fileSet>
|
||||||
<directory>../../docbook/target/auth-server-docs/publish/en-US</directory>
|
<directory>../../docbook/auth-server-docs/target/docbook/publish/en-US</directory>
|
||||||
<outputDirectory>userguide/keycloak-server</outputDirectory>
|
<outputDirectory>userguide/keycloak-server</outputDirectory>
|
||||||
</fileSet>
|
</fileSet>
|
||||||
<fileSet>
|
<fileSet>
|
||||||
<directory>../../docbook/target/saml-adapter-docs/publish/en-US</directory>
|
<directory>../../docbook/saml-adapter-docs/target/docbook/publish/en-US</directory>
|
||||||
<outputDirectory>userguide/saml-client-adapter</outputDirectory>
|
<outputDirectory>userguide/saml-client-adapter</outputDirectory>
|
||||||
</fileSet>
|
</fileSet>
|
||||||
</fileSets>
|
</fileSets>
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
<h1>Keyloak Documentation</h1>
|
<h1>Keyloak Documentation</h1>
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="userguide/html/index.html">Userguide HTML</a></li>
|
<li><a href="userguide/keycloak-server/html/index.html">Server and Keycloak Adapter Userguide HTML</a></li>
|
||||||
<li><a href="userguide/html_single/index.html">Userguide HTML Single Page</a></li>
|
<li><a href="userguide/keycloak-server/html_single/index.html">Server and Keycloak Adapter Userguide HTML Single Page</a></li>
|
||||||
<li><a href="userguide/pdf/keycloak-reference-guide-en-US.pdf">Userguide PDF</a></li>
|
<li><a href="userguide/keycloak-server/pdf/keycloak-reference-guide-en-US.pdf">Server and Keycloak Adapter Userguide PDF</a></li>
|
||||||
|
<li><a href="userguide/saml-client-adapter/html/index.html">SAML Client Adapter Userguide HTML</a></li>
|
||||||
|
<li><a href="userguide/saml-client-adapter/html_single/index.html">>SAML Client Adapter Userguide HTML Single Page</a></li>
|
||||||
|
<li><a href="userguide/saml-client-adapter/pdf/keycloak-reference-guide-en-US.pdf">SAML Client Adapter Userguide PDF</a></li>
|
||||||
<li><a href="rest-api/overview-index.html">Admin REST API</a></li>
|
<li><a href="rest-api/overview-index.html">Admin REST API</a></li>
|
||||||
<li><a href="javadocs/index.html">Javadocs</a></li>
|
<li><a href="javadocs/index.html">Javadocs</a></li>
|
||||||
</ul>
|
</ul>
|
|
@ -5,380 +5,471 @@
|
||||||
look like:
|
look like:
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
<programlisting><![CDATA[{
|
<programlisting><![CDATA[
|
||||||
"realm" : "demo",
|
<keycloak-saml-adapter>
|
||||||
"resource" : "customer-portal",
|
<SP entityID="http://localhost:8081/sales-post-sig/"
|
||||||
"realm-public-key" : "MIGfMA0GCSqGSIb3D...31LwIDAQAB",
|
sslPolicy="EXTERNAL"
|
||||||
"auth-server-url" : "https://localhost:8443/auth",
|
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||||
"ssl-required" : "external",
|
logoutPage="/logout.jsp"
|
||||||
"use-resource-role-mappings" : false,
|
forceAuthentication="false">
|
||||||
"enable-cors" : true,
|
<Keys>
|
||||||
"cors-max-age" : 1000,
|
<Key signing="true" >
|
||||||
"cors-allowed-methods" : "POST, PUT, DELETE, GET",
|
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
||||||
"bearer-only" : false,
|
<PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
|
||||||
"enable-basic-auth" : false,
|
<Certificate alias="http://localhost:8080/sales-post-sig/"/>
|
||||||
"expose-token" : true,
|
</KeyStore>
|
||||||
"credentials" : {
|
</Key>
|
||||||
"secret" : "234234-234234-234234"
|
</Keys>
|
||||||
},
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
|
<RoleMapping>
|
||||||
|
<Attribute name="Role"/>
|
||||||
|
</RoleMapping>
|
||||||
|
<IDP entityID="idp"
|
||||||
|
signaturesRequired="true">
|
||||||
|
<SingleSignOnService requestBinding="POST"
|
||||||
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
/>
|
||||||
|
|
||||||
"connection-pool-size" : 20,
|
<SingleLogoutService
|
||||||
"disable-trust-manager": false,
|
requestBinding="POST"
|
||||||
"allow-any-hostname" : false,
|
responseBinding="POST"
|
||||||
"truststore" : "path/to/truststore.jks",
|
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
"truststore-password" : "geheim",
|
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
"client-keystore" : "path/to/client-keystore.jks",
|
/>
|
||||||
"client-keystore-password" : "geheim",
|
<Keys>
|
||||||
"client-key-password" : "geheim"
|
<Key signing="true">
|
||||||
}]]>
|
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
||||||
|
<Certificate alias="demo"/>
|
||||||
|
</KeyStore>
|
||||||
|
</Key>
|
||||||
|
</Keys>
|
||||||
|
</IDP>
|
||||||
|
</SP>
|
||||||
|
</keycloak-saml-adapter>]]>
|
||||||
|
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
Some of these configuration switches may be adapter specific and some are common across all adapters.
|
Some of these configuration switches may be adapter specific and some are common across all adapters.
|
||||||
For Java adapters you can use <literal>${...}</literal> enclosure as System property replacement.
|
For Java adapters you can use <literal>${...}</literal> enclosure as System property replacement.
|
||||||
For example <literal>${jboss.server.config.dir}</literal>. Also, you can obtain a template
|
For example <literal>${jboss.server.config.dir}</literal>.
|
||||||
for this config file from the admin console. Go to the realm and select the application you want a template for.
|
|
||||||
Go to the <literal>Installation</literal> tab and this will provide you with a template that includes
|
|
||||||
the public key of the realm.
|
|
||||||
</para>
|
</para>
|
||||||
|
<section>
|
||||||
|
<title>SP Element</title>
|
||||||
|
<para>
|
||||||
|
Here is the explanation of the SP element attributes
|
||||||
|
</para>
|
||||||
|
<para><![CDATA[
|
||||||
|
<SP entityID="sp"
|
||||||
|
sslPolicy="ssl"
|
||||||
|
nameIDPolicyFormat="format"
|
||||||
|
forceAuthentication="true">
|
||||||
|
...
|
||||||
|
</SP>]]></para>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>entityID</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This is the identifier for this client. The IDP needs this value to determine
|
||||||
|
who the client is that is communicating with it.
|
||||||
|
<emphasis>REQUIRED.</emphasis>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>sslPolicy</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This is the SSL policy the adapter will enforce. Valid values are:
|
||||||
|
ALL, EXTERNAL, and NONE. For ALL, all requests must come in via HTTPS. For
|
||||||
|
EXTERNAL, only non-private IP addresses must come over the wire via HTTPS. For
|
||||||
|
NONE, no requests are required to come over via HTTPS. This is
|
||||||
|
<emphasis>OPTIONAL.</emphasis> and defaults to EXTERNAL.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>nameIDPolicyFormat</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
SAML clients can request a specific NameID Subject format. Fill in this value
|
||||||
|
if you want a specific format. It must be a standard SAML format identifier, i.e.
|
||||||
|
<literal>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</literal>
|
||||||
|
<emphasis>OPTIONAL.</emphasis>. By default, no special format is requested.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>forceAuthentication</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
SAML clients can request that a user is re-authenticated even if
|
||||||
|
they are already logged in at the IDP. Set this to true if you
|
||||||
|
want this.
|
||||||
|
<emphasis>OPTIONAL.</emphasis>. Set to <literal>false</literal> by default.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section id="sp_keys">
|
||||||
|
<title>SP Keys and Key elements</title>
|
||||||
|
<para>
|
||||||
|
If the IDP requires that the SP sign all of its requests and/or if the IDP will
|
||||||
|
encrypt assertions, you must define the keys used to do this. For client signed
|
||||||
|
documents you must define both the private and public key or certificate that will
|
||||||
|
be used to sign documents. For encryption, you only have to define the private key
|
||||||
|
that will be used to decrypt.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
There are two ways to describe your keys. Either they are stored within a Java KeyStore
|
||||||
|
or you can cut and paste the keys directly within <literal>keycloak-saml.xml</literal>
|
||||||
|
in the PEM format.
|
||||||
|
</para>
|
||||||
|
<para><![CDATA[
|
||||||
|
<Keys>
|
||||||
|
<Key signing="true" >
|
||||||
|
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
||||||
|
<PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
|
||||||
|
<Certificate alias="http://localhost:8080/sales-post-sig/"/>
|
||||||
|
</KeyStore>
|
||||||
|
</Key>
|
||||||
|
</Keys>
|
||||||
|
]]>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The <literal>Key</literal> element has two optional attributes <literal>signing</literal>
|
||||||
|
and <literal>encryption</literal>. When set to true these tell the adapter what the
|
||||||
|
key will be used for. If both attributes are set to true, then the key will be used for both
|
||||||
|
signing documents and decrypting encrypted assertions. You must set at least one of these
|
||||||
|
attributes to true.
|
||||||
|
</para>
|
||||||
|
<section id="keystore">
|
||||||
|
<title>KeyStore element</title>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>file</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
File path to the key store.
|
||||||
|
<emphasis>OPTIONAL.</emphasis> The file or resource attribute
|
||||||
|
must be set.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>resource</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
WAR resource path to the KeyStore. This is a path used in method call to ServletContext.getResourceAsStream().
|
||||||
|
<emphasis>OPTIONAL.</emphasis> The file or resource attribute
|
||||||
|
must be set.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>password</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The password of the KeyStore
|
||||||
|
<emphasis>REQUIRED.</emphasis>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
You can and must also specify references to your private keys and certificates within
|
||||||
|
the Java KeyStore. The <literal>PrivateKey</literal> and <literal>Certificate</literal>
|
||||||
|
elements do this. The <literal>alias</literal> attribute defines the alias within the
|
||||||
|
KeyStore for the key. For <literal>PrivateKey</literal>, a password is required to access this key
|
||||||
|
specify that value in the <literal>password</literal> attribute.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section id="key_pems">
|
||||||
|
<title>Key PEMS</title>
|
||||||
|
<para>
|
||||||
|
Within the <literal>Key</literal> element you alternatively declare your keys and certificates
|
||||||
|
directly using the sub elements <literal>PrivateKeyPem</literal>, <literal>PublicKeyPem</literal>, and
|
||||||
|
<literal>CertificatePem</literal>. The values contained in these elements must conform to the
|
||||||
|
PEM key format. You usually use this option if you are generating keys using <literal>openssl</literal>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
<section>
|
||||||
|
<title>SP PrincipalNameMapping element</title>
|
||||||
|
<para>
|
||||||
|
This element is optional. When creating a Java Principal object that you obtain from
|
||||||
|
methods like HttpServletRequest.getUserPrincipal(), you can define what name that is returned
|
||||||
|
by the Principal.getName() method. The <literal>policy</literal> attribute defines the
|
||||||
|
policy used to populate this value. The values are <literal>FROM_NAME_ID</literal>. This policy
|
||||||
|
just grabs whatever the SAML subject value is. The other is <literal>FROM_ATTRIBUTE</literal>. This will
|
||||||
|
pull the value of Principal.getName() from one of the attributes in the SAML assertion received from the server.
|
||||||
|
The default value is <literal>FROM_NAME_ID</literal>.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section>
|
||||||
|
<title>RoleIdentifiers element</title>
|
||||||
|
<para><![CDATA[
|
||||||
|
<RoleIdentifiers>
|
||||||
|
<Attribute name="Role"/>
|
||||||
|
<Attribute name="member"/>
|
||||||
|
<Attribute name="memberOf"/>
|
||||||
|
</RoleIdentifiers>
|
||||||
|
]]></para>
|
||||||
|
<para>
|
||||||
|
This element is optional. It defines which SAML attribute values in the assertion should be
|
||||||
|
mapped to a Java EE role. By default <literal>Role</literal> attribute values are converted
|
||||||
|
to Java EE roles. Some IDPs send roles via a <literal>member</literal> or <literal>memberOf</literal>
|
||||||
|
attribute assertion. You define one or more <literal>Attribute</literal> elements to specify
|
||||||
|
which SAML attributes must be converted into roles.
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section>
|
||||||
|
<title>IDP Element</title>
|
||||||
|
<para>
|
||||||
|
Everything in the IDP element describes the settings for the IDP the SP is communicating
|
||||||
|
with.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<![CDATA[
|
||||||
|
<IDP entityID="idp"
|
||||||
|
signaturesRequired="true"
|
||||||
|
signatureAlgorithm="RSA_SHA1"
|
||||||
|
signatureCanonicalizationMethod="http://www.w3.org/2001/10/xml-exc-c14n#">
|
||||||
|
...
|
||||||
|
</IDP>]]>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>entityID</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This is the issuer ID of the IDP.
|
||||||
|
<emphasis>REQUIRED.</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>signaturesRequired</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If set to true, the client adapter will sign every document
|
||||||
|
it sends to the IDP. Also, the client will expect that the IDP
|
||||||
|
will be signing an documents sent to it. This switch sets
|
||||||
|
the default for all request and response types, but you will see
|
||||||
|
later that you have some fine grain control over this.
|
||||||
|
<emphasis>OPTIONAL.</emphasis>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>signatureAlgorithm</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This is the signature algorithm that the IDP expects signed documents
|
||||||
|
to use
|
||||||
|
<emphasis>OPTIONAL.</emphasis>. The default value is RSA_SHA1, but
|
||||||
|
you can also use RSA_256, RSA_512, and DSA_SHA1.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>signatureCanonicalizationMethod</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This is the signature canonicalization method that the IDP expects signed documents
|
||||||
|
to use
|
||||||
|
<emphasis>OPTIONAL.</emphasis>. The default value is <literal>http://www.w3.org/2001/10/xml-exc-c14n#</literal>
|
||||||
|
and should be good for most IDPs.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
<section>
|
||||||
|
<title>IDP SingleSignOnService sub element</title>
|
||||||
|
<para>
|
||||||
|
The <literal>SignleSignOnService</literal> sub element defines the
|
||||||
|
login SAML endpoint of the IDP.
|
||||||
|
</para>
|
||||||
|
<para><![CDATA[
|
||||||
|
<SingleSignOnService signRequest="true"
|
||||||
|
validateResponseSignature="true"
|
||||||
|
requestBinding="post"
|
||||||
|
bindingUrl="url"/>
|
||||||
|
]]></para>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>signRequest</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Should the client sign authn requests?
|
||||||
|
<emphasis>OPTIONAL.</emphasis>. Defaults to whatever the
|
||||||
|
IDP <literal>signaturesRequired</literal> element value is.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>validateResponseSignature</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Should the client expect the IDP to sign the assertion response document
|
||||||
|
sent back from an auhtn request?
|
||||||
|
<emphasis>OPTIONAL.</emphasis> Defaults to whatever the
|
||||||
|
IDP <literal>signaturesRequired</literal> element value is.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>requestBinding</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This is the SAML binding type used for communicating with the IDP
|
||||||
|
<emphasis>OPTIONAL.</emphasis>. The default value is POST, but
|
||||||
|
you can set it to REDIRECT as well.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>responseBinding</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
SAML allows the client to request what binding type it wants authn responses
|
||||||
|
to use. The values of this can be POST or REDIRECT
|
||||||
|
<emphasis>OPTIONAL.</emphasis>. The default is that the client will not request
|
||||||
|
a specific binding type for responses.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>bindingUrl</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This is the URL for the ID login service that the client will send requests to.
|
||||||
|
<emphasis>REQUIRED.</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</section> <section>
|
||||||
|
<title>IDP SingleSignOnService sub element</title>
|
||||||
<para>
|
<para>
|
||||||
Here is a description of each item:
|
The <literal>SignleSignOnService</literal> sub element defines the
|
||||||
|
login SAML endpoint of the IDP.
|
||||||
</para>
|
</para>
|
||||||
|
<para><![CDATA[
|
||||||
|
<SingleLogoutService validateRequestSignature="true"
|
||||||
|
validateResponseSignature="true"
|
||||||
|
signRequest="true"
|
||||||
|
signResponse="true"
|
||||||
|
requestBinding="redirect"
|
||||||
|
responseBinding="post"
|
||||||
|
postBindingUrl="posturl"
|
||||||
|
redirectBindingUrl="redirecturl">
|
||||||
|
]]></para>
|
||||||
<para>
|
<para>
|
||||||
<variablelist>
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>realm</term>
|
<term>signRequest</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Name of the realm representing the users of your distributed applications and services.
|
Should the client sign logout requests it makes to the IDP?
|
||||||
This is
|
<emphasis>OPTIONAL.</emphasis>. Defaults to whatever the
|
||||||
<emphasis>REQUIRED.</emphasis>
|
IDP <literal>signaturesRequired</literal> element value is.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>resource</term>
|
<term>signResponse</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Username of the application. Each application has a username that is used when the
|
Should the client sign logout responses it sends to the IDP requests?
|
||||||
application connects with the Keycloak server to turn an access code into an access token
|
<emphasis>OPTIONAL.</emphasis>. Defaults to whatever the
|
||||||
(part of the OAuth 2.0 protocol). This is
|
IDP <literal>signaturesRequired</literal> element value is.
|
||||||
<emphasis>REQUIRED.</emphasis>
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>realm-public-key</term>
|
<term>validateRequestSignature</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
PEM format of public key. You can obtain this from the administration console.
|
Should the client expect signed logout request documents from the IDP?
|
||||||
This is
|
<emphasis>OPTIONAL.</emphasis> Defaults to whatever the
|
||||||
<emphasis>REQUIRED.</emphasis>
|
IDP <literal>signaturesRequired</literal> element value is.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>auth-server-url</term>
|
<term>validateResponseSignature</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The base URL of the Keycloak Server. All other Keycloak pages and REST services are derived
|
Should the client expect signed logout response documents from the IDP?
|
||||||
from this. It is usually of the form <literal>https://host:port/auth</literal>
|
<emphasis>OPTIONAL.</emphasis> Defaults to whatever the
|
||||||
This is
|
IDP <literal>signaturesRequired</literal> element value is.
|
||||||
<emphasis>REQUIRED.</emphasis>
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>ssl-required</term>
|
<term>requestBinding</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
Ensures that all communication to and from the Keycloak server from the adapter is over HTTPS.
|
This is the SAML binding type used for communicating SAML requests to the IDP
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is
|
<emphasis>OPTIONAL.</emphasis>. The default value is POST, but
|
||||||
<emphasis>external</emphasis>
|
you can set it to REDIRECT as well.
|
||||||
meaning that HTTPS is required by default for external requests. Valid values are 'all', 'external'
|
|
||||||
and 'none'.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>use-resource-role-mappings</term>
|
<term>responseBinding</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
If set to true, the adapter will look inside the token for application level role mappings for
|
This is the SAML binding type used for communicating SAML responses to the IDP
|
||||||
the
|
The values of this can be POST or REDIRECT
|
||||||
user. If false, it will look at the realm level for user role mappings.
|
<emphasis>OPTIONAL.</emphasis>. The default value is POST, but
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
you can set it to REDIRECT as well.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>public-client</term>
|
<term>postBindingUrl</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
If set to true, the adapter will not send credentials for the client to Keycloak.
|
This is the URL for the IDP's logout service when using the POST binding.
|
||||||
The default value is <emphasis>false</emphasis>.
|
<emphasis>REQUIRED</emphasis> if using the POST binding at all.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>enable-cors</term>
|
<term>redirectBindingUrl</term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
This enables CORS support. It will handle CORS preflight requests. It will also look into
|
This is the URL for the IDP's logout service when using the REDIRECT binding.
|
||||||
the access token to determine valid origins.
|
<emphasis>REQUIRED</emphasis> if using the REDIRECT binding at all.
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>cors-max-age</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If CORS is enabled, this sets the value of the
|
|
||||||
<literal>Access-Control-Max-Age</literal>
|
|
||||||
header.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
|
|
||||||
responses.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>cors-allowed-methods</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If CORS is enabled, this sets the value of the
|
|
||||||
<literal>Access-Control-Allow-Methods</literal>
|
|
||||||
header. This should be a comma-separated string.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
|
|
||||||
responses.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>cors-allowed-headers</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If CORS is enabled, this sets the value of the
|
|
||||||
<literal>Access-Control-Allow-Headers</literal>
|
|
||||||
header. This should be a comma-separated string.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
|
|
||||||
responses.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>bearer-only</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
This tells the adapter to only do bearer token authentication. That is, it will not do
|
|
||||||
OAuth 2.0 redirects, but only accept bearer tokens through the
|
|
||||||
<literal>Authorization</literal>
|
|
||||||
header.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>enable-basic-auth</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
This tells the adapter to also support basic authentication. If this option is enabled,
|
|
||||||
then <emphasis>secret</emphasis> must also be provided.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>expose-token</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If <literal>true</literal>, an authenticated browser client (via a Javascript HTTP invocation)
|
|
||||||
can obtain the signed access token via the URL <literal>root/k_query_bearer_token</literal>.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>credentials</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Specify the credentials of the application. This is an object notation where the key
|
|
||||||
is the credential type and the value is the value of the credential type. Currently only
|
|
||||||
<literal>password</literal>
|
|
||||||
is supported.
|
|
||||||
This is <emphasis>REQUIRED</emphasis>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>connection-pool-size</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Adapters will make separate HTTP invocations to the Keycloak Server to turn an access code
|
|
||||||
into an access token. This config option defines how many connections to the Keycloak Server
|
|
||||||
should be pooled.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>20</literal>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>disable-trust-manager</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If the Keycloak Server requires HTTPS and this config option is set to <literal>true</literal>
|
|
||||||
you do not have to specify a truststore. While convenient, this setting is not recommended
|
|
||||||
as you will not be verifying the host name of the Keycloak Server.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>false</literal>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>allow-any-hostname</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If the Keycloak Server requires HTTPS and this config option is set to <literal>true</literal>
|
|
||||||
the Keycloak Server's certificate is validated via the truststore, but host name validation is
|
|
||||||
not done. This is not a recommended. This seting may be useful in test environments
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>false</literal>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term>truststore</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
This setting is for Java adapters. The value is the file path to a Java keystore file. If
|
|
||||||
you prefix the path with <literal>classpath:</literal>, then the truststore will be obtained
|
|
||||||
from the deployment's classpath instead.
|
|
||||||
Used for outgoing HTTPS communications to the Keycloak server. Client making HTTPS
|
|
||||||
requests need a way to verify the host of the server they are talking to. This is
|
|
||||||
what the trustore does. The keystore contains one or more trusted
|
|
||||||
host certificates or certificate authorities. You can
|
|
||||||
create this truststore by extracting the public certificate of the Keycloak server's SSL
|
|
||||||
keystore.
|
|
||||||
This is
|
|
||||||
<emphasis>OPTIONAL</emphasis>
|
|
||||||
if
|
|
||||||
<literal>ssl-required</literal>
|
|
||||||
is
|
|
||||||
<literal>none</literal>
|
|
||||||
or
|
|
||||||
<literal>disable-trust-manager</literal>
|
|
||||||
is <literal>true</literal>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>truststore-password</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Password for the truststore keystore.
|
|
||||||
This is
|
|
||||||
<emphasis>REQUIRED</emphasis>
|
|
||||||
if
|
|
||||||
<literal>truststore</literal>
|
|
||||||
is set.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>client-keystore</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
<emphasis>Not supported yet, but we will support in future versions.</emphasis>
|
|
||||||
|
|
||||||
This setting is for Java adapters. This is the file path to a Java keystore file.
|
|
||||||
This keystore contains client certificate for two-way SSL when the adapter makes
|
|
||||||
HTTPS requests to the Keycloak server.
|
|
||||||
This is <emphasis>OPTIONAL</emphasis>.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>client-keystore-password</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
<emphasis>Not supported yet, but we will support in future versions.</emphasis>
|
|
||||||
Password for the client keystore.
|
|
||||||
This is
|
|
||||||
<emphasis>REQUIRED</emphasis>
|
|
||||||
if
|
|
||||||
<literal>client-keystore</literal>
|
|
||||||
is set.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>client-key-password</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
<emphasis>Not supported yet, but we will support in future versions.</emphasis>
|
|
||||||
Password for the client's key.
|
|
||||||
This is
|
|
||||||
<emphasis>REQUIRED</emphasis>
|
|
||||||
if
|
|
||||||
<literal>client-keystore</literal>
|
|
||||||
is set.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>auth-server-url-for-backend-requests</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Alternative location of auth-server-url used just for backend requests. It must be absolute URI. Useful
|
|
||||||
especially in cluster (see <link linkend="relative-uri-optimization">Relative URI Optimization</link>) or if you would like to use <emphasis>https</emphasis> for browser requests
|
|
||||||
but stick with <emphasis>http</emphasis> for backend requests etc.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>always-refresh-token</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If <emphasis>true</emphasis>, Keycloak will refresh token in every request. More info in <link linkend="refresh-token-each-req">Refresh token in each request</link> .
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>register-node-at-startup</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
If <emphasis>true</emphasis>, then adapter will send registration request to Keycloak. It's <emphasis>false</emphasis>
|
|
||||||
by default and useful just in cluster (See <link linkend="registration-app-nodes">Registration of application nodes to Keycloak</link>)
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>register-node-period</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Period for re-registration adapter to Keycloak. Useful in cluster. See <link linkend="registration-app-nodes">Registration of application nodes to Keycloak</link> for details.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>token-store</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
Possible values are <emphasis>session</emphasis> and <emphasis>cookie</emphasis>. Default is <emphasis>session</emphasis>,
|
|
||||||
which means that adapter stores account info in HTTP Session. Alternative <emphasis>cookie</emphasis> means storage of info in cookie.
|
|
||||||
See <link linkend="stateless-token-store">Stateless token store</link> for details.
|
|
||||||
</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>principal-attribute</term>
|
|
||||||
<listitem>
|
|
||||||
<para>
|
|
||||||
OpenID Connection ID Token attribute to populate the UserPrincipal name with. If token attribute is null, defaults to <literal>sub</literal>.
|
|
||||||
Possible values are <literal>sub</literal>, <literal>preferred_username</literal>, <literal>email</literal>, <literal>name</literal>, <literal>nickname</literal>, <literal>given_name</literal>, <literal>family_name</literal>.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</para>
|
</para>
|
||||||
|
</section>
|
||||||
|
<section>
|
||||||
|
<title>IDP Keys subelement</title>
|
||||||
|
<para>
|
||||||
|
The Keys sub element of IDP is only used to define the certificate or
|
||||||
|
public key to use to verify documents signed by the IDP. It is defined
|
||||||
|
in the same way as the <link linkend="sp_keys">SP's Key's element</link>. But
|
||||||
|
again, you only have to define one certificate or public key reference.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
</chapter>
|
</chapter>
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
42
pom.xml
42
pom.xml
|
@ -1269,6 +1269,48 @@
|
||||||
<version>${project.version}</version>
|
<version>${project.version}</version>
|
||||||
<type>zip</type>
|
<type>zip</type>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-tomcat6-adapter-dist</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-tomcat7-adapter-dist</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-tomcat8-adapter-dist</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-jetty81-adapter-dist</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-jetty92-adapter-dist</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-adapter-dist</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-eap6-adapter-dist</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.keycloak</groupId>
|
<groupId>org.keycloak</groupId>
|
||||||
<artifactId>keycloak-testsuite-integration</artifactId>
|
<artifactId>keycloak-testsuite-integration</artifactId>
|
||||||
|
|
|
@ -67,8 +67,7 @@ public interface SamlDeployment {
|
||||||
|
|
||||||
enum PrincipalNamePolicy {
|
enum PrincipalNamePolicy {
|
||||||
FROM_NAME_ID,
|
FROM_NAME_ID,
|
||||||
FROM_ATTRIBUTE_NAME,
|
FROM_ATTRIBUTE
|
||||||
FROM_FRIENDLY_ATTRIBUTE_NAME
|
|
||||||
}
|
}
|
||||||
PrincipalNamePolicy getPrincipalNamePolicy();
|
PrincipalNamePolicy getPrincipalNamePolicy();
|
||||||
String getPrincipalAttributeName();
|
String getPrincipalAttributeName();
|
||||||
|
|
|
@ -24,16 +24,16 @@ public class IDPXmlParser extends AbstractParser {
|
||||||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.IDP_ELEMENT);
|
StaxParserUtil.validate(startElement, ConfigXmlConstants.IDP_ELEMENT);
|
||||||
IDP idp = new IDP();
|
IDP idp = new IDP();
|
||||||
String entityID = StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.ENTITY_ID_ATTR);
|
String entityID = SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.ENTITY_ID_ATTR);
|
||||||
if (entityID == null) {
|
if (entityID == null) {
|
||||||
throw new ParsingException("entityID must be set on IDP");
|
throw new ParsingException("entityID must be set on IDP");
|
||||||
|
|
||||||
}
|
}
|
||||||
idp.setEntityID(entityID);
|
idp.setEntityID(entityID);
|
||||||
|
|
||||||
boolean signaturesRequired = StaxParserUtil.getBooleanAttributeValue(startElement, ConfigXmlConstants.SIGNATURES_REQUIRED_ATTR);
|
boolean signaturesRequired = SPXmlParser.getBooleanAttributeValue(startElement, ConfigXmlConstants.SIGNATURES_REQUIRED_ATTR);
|
||||||
idp.setSignatureCanonicalizationMethod(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.SIGNATURE_CANONICALIZATION_METHOD_ATTR));
|
idp.setSignatureCanonicalizationMethod(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.SIGNATURE_CANONICALIZATION_METHOD_ATTR));
|
||||||
idp.setSignatureAlgorithm(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.SIGNATURE_ALGORITHM_ATTR));
|
idp.setSignatureAlgorithm(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.SIGNATURE_ALGORITHM_ATTR));
|
||||||
while (xmlEventReader.hasNext()) {
|
while (xmlEventReader.hasNext()) {
|
||||||
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
||||||
if (xmlEvent == null)
|
if (xmlEvent == null)
|
||||||
|
@ -73,25 +73,25 @@ public class IDPXmlParser extends AbstractParser {
|
||||||
protected IDP.SingleLogoutService parseSingleLogoutService(XMLEventReader xmlEventReader, boolean signaturesRequired) throws ParsingException {
|
protected IDP.SingleLogoutService parseSingleLogoutService(XMLEventReader xmlEventReader, boolean signaturesRequired) throws ParsingException {
|
||||||
IDP.SingleLogoutService slo = new IDP.SingleLogoutService();
|
IDP.SingleLogoutService slo = new IDP.SingleLogoutService();
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
slo.setSignRequest(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_REQUEST_ATTR, signaturesRequired));
|
slo.setSignRequest(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_REQUEST_ATTR, signaturesRequired));
|
||||||
slo.setValidateResponseSignature(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_RESPONSE_SIGNATURE_ATTR, signaturesRequired));
|
slo.setValidateResponseSignature(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_RESPONSE_SIGNATURE_ATTR, signaturesRequired));
|
||||||
slo.setValidateRequestSignature(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_REQUEST_SIGNATURE_ATTR, signaturesRequired));
|
slo.setValidateRequestSignature(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_REQUEST_SIGNATURE_ATTR, signaturesRequired));
|
||||||
slo.setRequestBinding(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.REQUEST_BINDING_ATTR));
|
slo.setRequestBinding(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.REQUEST_BINDING_ATTR));
|
||||||
slo.setResponseBinding(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.RESPONSE_BINDING_ATTR));
|
slo.setResponseBinding(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.RESPONSE_BINDING_ATTR));
|
||||||
slo.setSignResponse(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_RESPONSE_ATTR, signaturesRequired));
|
slo.setSignResponse(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_RESPONSE_ATTR, signaturesRequired));
|
||||||
slo.setPostBindingUrl(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.POST_BINDING_URL_ATTR));
|
slo.setPostBindingUrl(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.POST_BINDING_URL_ATTR));
|
||||||
slo.setRedirectBindingUrl(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.REDIRECT_BINDING_URL_ATTR));
|
slo.setRedirectBindingUrl(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.REDIRECT_BINDING_URL_ATTR));
|
||||||
return slo;
|
return slo;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected IDP.SingleSignOnService parseSingleSignOnService(XMLEventReader xmlEventReader, boolean signaturesRequired) throws ParsingException {
|
protected IDP.SingleSignOnService parseSingleSignOnService(XMLEventReader xmlEventReader, boolean signaturesRequired) throws ParsingException {
|
||||||
IDP.SingleSignOnService sso = new IDP.SingleSignOnService();
|
IDP.SingleSignOnService sso = new IDP.SingleSignOnService();
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
sso.setSignRequest(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_REQUEST_ATTR, signaturesRequired));
|
sso.setSignRequest(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_REQUEST_ATTR, signaturesRequired));
|
||||||
sso.setValidateResponseSignature(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_RESPONSE_SIGNATURE_ATTR, signaturesRequired));
|
sso.setValidateResponseSignature(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_RESPONSE_SIGNATURE_ATTR, signaturesRequired));
|
||||||
sso.setRequestBinding(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.REQUEST_BINDING_ATTR));
|
sso.setRequestBinding(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.REQUEST_BINDING_ATTR));
|
||||||
sso.setResponseBinding(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.RESPONSE_BINDING_ATTR));
|
sso.setResponseBinding(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.RESPONSE_BINDING_ATTR));
|
||||||
sso.setBindingUrl(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.BINDING_URL_ATTR));
|
sso.setBindingUrl(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.BINDING_URL_ATTR));
|
||||||
return sso;
|
return sso;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,6 @@ import org.keycloak.saml.common.util.StaxParserUtil;
|
||||||
|
|
||||||
import javax.xml.namespace.QName;
|
import javax.xml.namespace.QName;
|
||||||
import javax.xml.stream.XMLEventReader;
|
import javax.xml.stream.XMLEventReader;
|
||||||
import javax.xml.stream.XMLStreamException;
|
|
||||||
import javax.xml.stream.events.Characters;
|
|
||||||
import javax.xml.stream.events.EndElement;
|
import javax.xml.stream.events.EndElement;
|
||||||
import javax.xml.stream.events.StartElement;
|
import javax.xml.stream.events.StartElement;
|
||||||
import javax.xml.stream.events.XMLEvent;
|
import javax.xml.stream.events.XMLEvent;
|
||||||
|
@ -24,8 +22,8 @@ public class KeyXmlParser extends AbstractParser {
|
||||||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.KEY_ELEMENT);
|
StaxParserUtil.validate(startElement, ConfigXmlConstants.KEY_ELEMENT);
|
||||||
Key key = new Key();
|
Key key = new Key();
|
||||||
key.setSigning(StaxParserUtil.getBooleanAttributeValue(startElement, ConfigXmlConstants.SIGNING_ATTR));
|
key.setSigning(SPXmlParser.getBooleanAttributeValue(startElement, ConfigXmlConstants.SIGNING_ATTR));
|
||||||
key.setEncryption(StaxParserUtil.getBooleanAttributeValue(startElement, ConfigXmlConstants.ENCRYPTION_ATTR));
|
key.setEncryption(SPXmlParser.getBooleanAttributeValue(startElement, ConfigXmlConstants.ENCRYPTION_ATTR));
|
||||||
while (xmlEventReader.hasNext()) {
|
while (xmlEventReader.hasNext()) {
|
||||||
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
||||||
if (xmlEvent == null)
|
if (xmlEvent == null)
|
||||||
|
@ -46,13 +44,13 @@ public class KeyXmlParser extends AbstractParser {
|
||||||
key.setKeystore(parseKeyStore(xmlEventReader));
|
key.setKeystore(parseKeyStore(xmlEventReader));
|
||||||
} else if (tag.equals(ConfigXmlConstants.CERTIFICATE_PEM_ELEMENT)) {
|
} else if (tag.equals(ConfigXmlConstants.CERTIFICATE_PEM_ELEMENT)) {
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
key.setCertificatePem(StaxParserUtil.getElementText(xmlEventReader));
|
key.setCertificatePem(SPXmlParser.getElementText(xmlEventReader));
|
||||||
} else if (tag.equals(ConfigXmlConstants.PUBLIC_KEY_PEM_ELEMENT)) {
|
} else if (tag.equals(ConfigXmlConstants.PUBLIC_KEY_PEM_ELEMENT)) {
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
key.setPublicKeyPem(StaxParserUtil.getElementText(xmlEventReader));
|
key.setPublicKeyPem(SPXmlParser.getElementText(xmlEventReader));
|
||||||
} else if (tag.equals(ConfigXmlConstants.PRIVATE_KEY_PEM_ELEMENT)) {
|
} else if (tag.equals(ConfigXmlConstants.PRIVATE_KEY_PEM_ELEMENT)) {
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
key.setPrivateKeyPem(StaxParserUtil.getElementText(xmlEventReader));
|
key.setPrivateKeyPem(SPXmlParser.getElementText(xmlEventReader));
|
||||||
} else {
|
} else {
|
||||||
StaxParserUtil.bypassElementBlock(xmlEventReader, tag);
|
StaxParserUtil.bypassElementBlock(xmlEventReader, tag);
|
||||||
}
|
}
|
||||||
|
@ -65,14 +63,14 @@ public class KeyXmlParser extends AbstractParser {
|
||||||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.KEYS_STORE_ELEMENT);
|
StaxParserUtil.validate(startElement, ConfigXmlConstants.KEYS_STORE_ELEMENT);
|
||||||
Key.KeyStoreConfig keyStore = new Key.KeyStoreConfig();
|
Key.KeyStoreConfig keyStore = new Key.KeyStoreConfig();
|
||||||
keyStore.setType(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.TYPE_ATTR));
|
keyStore.setType(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.TYPE_ATTR));
|
||||||
keyStore.setAlias(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.ALIAS_ATTR));
|
keyStore.setAlias(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.ALIAS_ATTR));
|
||||||
keyStore.setFile(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.FILE_ATTR));
|
keyStore.setFile(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.FILE_ATTR));
|
||||||
keyStore.setResource(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.RESOURCE_ATTR));
|
keyStore.setResource(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.RESOURCE_ATTR));
|
||||||
if (keyStore.getFile() == null && keyStore.getResource() == null) {
|
if (keyStore.getFile() == null && keyStore.getResource() == null) {
|
||||||
throw new ParsingException("KeyStore element must have the url or classpath attribute set");
|
throw new ParsingException("KeyStore element must have the url or classpath attribute set");
|
||||||
}
|
}
|
||||||
keyStore.setPassword(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.PASSWORD_ATTR));
|
keyStore.setPassword(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.PASSWORD_ATTR));
|
||||||
if (keyStore.getPassword() == null) {
|
if (keyStore.getPassword() == null) {
|
||||||
throw new ParsingException("KeyStore element must have the password attribute set");
|
throw new ParsingException("KeyStore element must have the password attribute set");
|
||||||
}
|
}
|
||||||
|
@ -97,19 +95,19 @@ public class KeyXmlParser extends AbstractParser {
|
||||||
String tag = StaxParserUtil.getStartElementName(startElement);
|
String tag = StaxParserUtil.getStartElementName(startElement);
|
||||||
if (tag.equals(ConfigXmlConstants.CERTIFICATE_ELEMENT)) {
|
if (tag.equals(ConfigXmlConstants.CERTIFICATE_ELEMENT)) {
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
keyStore.setCertificateAlias(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.ALIAS_ATTR));
|
keyStore.setCertificateAlias(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.ALIAS_ATTR));
|
||||||
if (keyStore.getCertificateAlias() == null) {
|
if (keyStore.getCertificateAlias() == null) {
|
||||||
throw new ParsingException("KeyStore Certificate element must have the alias attribute set");
|
throw new ParsingException("KeyStore Certificate element must have the alias attribute set");
|
||||||
|
|
||||||
}
|
}
|
||||||
} else if (tag.equals(ConfigXmlConstants.PRIVATE_KEY_ELEMENT)) {
|
} else if (tag.equals(ConfigXmlConstants.PRIVATE_KEY_ELEMENT)) {
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
keyStore.setPrivateKeyAlias(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.ALIAS_ATTR));
|
keyStore.setPrivateKeyAlias(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.ALIAS_ATTR));
|
||||||
if (keyStore.getPrivateKeyAlias() == null) {
|
if (keyStore.getPrivateKeyAlias() == null) {
|
||||||
throw new ParsingException("KeyStore PrivateKey element must have the alias attribute set");
|
throw new ParsingException("KeyStore PrivateKey element must have the alias attribute set");
|
||||||
|
|
||||||
}
|
}
|
||||||
keyStore.setPrivateKeyPassword(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.PASSWORD_ATTR));
|
keyStore.setPrivateKeyPassword(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.PASSWORD_ATTR));
|
||||||
if (keyStore.getPrivateKeyPassword() == null) {
|
if (keyStore.getPrivateKeyPassword() == null) {
|
||||||
throw new ParsingException("KeyStore PrivateKey element must have the password attribute set");
|
throw new ParsingException("KeyStore PrivateKey element must have the password attribute set");
|
||||||
|
|
||||||
|
|
|
@ -6,9 +6,11 @@ import org.keycloak.adapters.saml.config.SP;
|
||||||
import org.keycloak.saml.common.exceptions.ParsingException;
|
import org.keycloak.saml.common.exceptions.ParsingException;
|
||||||
import org.keycloak.saml.common.parsers.AbstractParser;
|
import org.keycloak.saml.common.parsers.AbstractParser;
|
||||||
import org.keycloak.saml.common.util.StaxParserUtil;
|
import org.keycloak.saml.common.util.StaxParserUtil;
|
||||||
|
import org.keycloak.util.StringPropertyReplacer;
|
||||||
|
|
||||||
import javax.xml.namespace.QName;
|
import javax.xml.namespace.QName;
|
||||||
import javax.xml.stream.XMLEventReader;
|
import javax.xml.stream.XMLEventReader;
|
||||||
|
import javax.xml.stream.events.Attribute;
|
||||||
import javax.xml.stream.events.EndElement;
|
import javax.xml.stream.events.EndElement;
|
||||||
import javax.xml.stream.events.StartElement;
|
import javax.xml.stream.events.StartElement;
|
||||||
import javax.xml.stream.events.XMLEvent;
|
import javax.xml.stream.events.XMLEvent;
|
||||||
|
@ -23,21 +25,44 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
public class SPXmlParser extends AbstractParser {
|
public class SPXmlParser extends AbstractParser {
|
||||||
|
|
||||||
|
public static String getAttributeValue(StartElement startElement, String tag) {
|
||||||
|
String str = StaxParserUtil.getAttributeValue(startElement, tag);
|
||||||
|
if (str != null) return StringPropertyReplacer.replaceProperties(str);
|
||||||
|
else return str;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static boolean getBooleanAttributeValue(StartElement startElement, String tag, boolean defaultValue) {
|
||||||
|
String result = getAttributeValue(startElement, tag);
|
||||||
|
if (result == null) return defaultValue;
|
||||||
|
return Boolean.valueOf(result);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static boolean getBooleanAttributeValue(StartElement startElement, String tag) {
|
||||||
|
return getBooleanAttributeValue(startElement, tag, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String getElementText(XMLEventReader xmlEventReader) throws ParsingException {
|
||||||
|
String result = StaxParserUtil.getElementText(xmlEventReader);
|
||||||
|
if (result != null) result = StringPropertyReplacer.replaceProperties(result);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
|
public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
|
||||||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.SP_ELEMENT);
|
StaxParserUtil.validate(startElement, ConfigXmlConstants.SP_ELEMENT);
|
||||||
SP sp = new SP();
|
SP sp = new SP();
|
||||||
String entityID = StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.ENTITY_ID_ATTR);
|
String entityID = getAttributeValue(startElement, ConfigXmlConstants.ENTITY_ID_ATTR);
|
||||||
if (entityID == null) {
|
if (entityID == null) {
|
||||||
throw new ParsingException("entityID must be set on SP");
|
throw new ParsingException("entityID must be set on SP");
|
||||||
|
|
||||||
}
|
}
|
||||||
sp.setEntityID(entityID);
|
sp.setEntityID(entityID);
|
||||||
sp.setSslPolicy(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.SSL_POLICY_ATTR));
|
sp.setSslPolicy(getAttributeValue(startElement, ConfigXmlConstants.SSL_POLICY_ATTR));
|
||||||
sp.setLogoutPage(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.LOGOUT_PAGE_ATTR));
|
sp.setLogoutPage(getAttributeValue(startElement, ConfigXmlConstants.LOGOUT_PAGE_ATTR));
|
||||||
sp.setNameIDPolicyFormat(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.NAME_ID_POLICY_FORMAT_ATTR));
|
sp.setNameIDPolicyFormat(getAttributeValue(startElement, ConfigXmlConstants.NAME_ID_POLICY_FORMAT_ATTR));
|
||||||
sp.setForceAuthentication(StaxParserUtil.getBooleanAttributeValue(startElement, ConfigXmlConstants.FORCE_AUTHENTICATION_ATTR));
|
sp.setForceAuthentication(getBooleanAttributeValue(startElement, ConfigXmlConstants.FORCE_AUTHENTICATION_ATTR));
|
||||||
while (xmlEventReader.hasNext()) {
|
while (xmlEventReader.hasNext()) {
|
||||||
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
||||||
if (xmlEvent == null)
|
if (xmlEvent == null)
|
||||||
|
@ -60,12 +85,12 @@ public class SPXmlParser extends AbstractParser {
|
||||||
sp.setKeys(keys);
|
sp.setKeys(keys);
|
||||||
} else if (tag.equals(ConfigXmlConstants.PRINCIPAL_NAME_MAPPING_ELEMENT)) {
|
} else if (tag.equals(ConfigXmlConstants.PRINCIPAL_NAME_MAPPING_ELEMENT)) {
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
String policy = StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.POLICY_ATTR);
|
String policy = getAttributeValue(element, ConfigXmlConstants.POLICY_ATTR);
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
throw new ParsingException("PrincipalNameMapping element must have the policy attribute set");
|
throw new ParsingException("PrincipalNameMapping element must have the policy attribute set");
|
||||||
|
|
||||||
}
|
}
|
||||||
String attribute = StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.ATTRIBUTE_ATTR);
|
String attribute = getAttributeValue(element, ConfigXmlConstants.ATTRIBUTE_ATTR);
|
||||||
SP.PrincipalNameMapping mapping = new SP.PrincipalNameMapping();
|
SP.PrincipalNameMapping mapping = new SP.PrincipalNameMapping();
|
||||||
mapping.setPolicy(policy);
|
mapping.setPolicy(policy);
|
||||||
mapping.setAttributeName(attribute);
|
mapping.setAttributeName(attribute);
|
||||||
|
@ -107,7 +132,7 @@ public class SPXmlParser extends AbstractParser {
|
||||||
String tag = StaxParserUtil.getStartElementName(startElement);
|
String tag = StaxParserUtil.getStartElementName(startElement);
|
||||||
if (tag.equals(ConfigXmlConstants.ATTRIBUTE_ELEMENT)) {
|
if (tag.equals(ConfigXmlConstants.ATTRIBUTE_ELEMENT)) {
|
||||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||||
String attributeValue = StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.NAME_ATTR);
|
String attributeValue = getAttributeValue(element, ConfigXmlConstants.NAME_ATTR);
|
||||||
if (attributeValue == null) {
|
if (attributeValue == null) {
|
||||||
throw new ParsingException("RoleMapping Attribute element must have the name attribute set");
|
throw new ParsingException("RoleMapping Attribute element must have the name attribute set");
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
<xs:all>
|
<xs:all>
|
||||||
<xs:element name="Keys" type="keys-type" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="Keys" type="keys-type" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="PrincipalNameMapping" type="principal-name-mapping-type" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="PrincipalNameMapping" type="principal-name-mapping-type" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="RoleMapping" type="role-mapping-type" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="RoleIdentifiers" type="role-identifiers-type" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="IDP" type="idp-type" minOccurs="1" maxOccurs="1"/>
|
<xs:element name="IDP" type="idp-type" minOccurs="1" maxOccurs="1"/>
|
||||||
</xs:all>
|
</xs:all>
|
||||||
<xs:attribute name="entityID" type="xs:string" use="required"/>
|
<xs:attribute name="entityID" type="xs:string" use="required"/>
|
||||||
|
@ -70,7 +70,7 @@
|
||||||
<xs:attribute name="policy" type="xs:string" use="required"/>
|
<xs:attribute name="policy" type="xs:string" use="required"/>
|
||||||
<xs:attribute name="attribute" type="xs:string" use="optional"/>
|
<xs:attribute name="attribute" type="xs:string" use="optional"/>
|
||||||
</xs:complexType>
|
</xs:complexType>
|
||||||
<xs:complexType name="role-mapping-type">
|
<xs:complexType name="role-identifiers-type">
|
||||||
<xs:choice minOccurs="0" maxOccurs="unbounded">
|
<xs:choice minOccurs="0" maxOccurs="unbounded">
|
||||||
<xs:element name="Attribute" maxOccurs="unbounded" minOccurs="0" type="attribute-type"/>
|
<xs:element name="Attribute" maxOccurs="unbounded" minOccurs="0" type="attribute-type"/>
|
||||||
</xs:choice>
|
</xs:choice>
|
||||||
|
|
|
@ -20,9 +20,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="policy" attribute="attribute"/>
|
<PrincipalNameMapping policy="policy" attribute="attribute"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="member"/>
|
<Attribute name="member"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp"
|
<IDP entityID="idp"
|
||||||
signatureAlgorithm="RSA"
|
signatureAlgorithm="RSA"
|
||||||
signatureCanonicalizationMethod="canon"
|
signatureCanonicalizationMethod="canon"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp"
|
<IDP entityID="idp"
|
||||||
signaturesRequired="true">
|
signaturesRequired="true">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="memberOf"/>
|
<Attribute name="memberOf"/>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp"
|
<IDP entityID="idp"
|
||||||
signaturesRequired="true">
|
signaturesRequired="true">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="memberOf"/>
|
<Attribute name="memberOf"/>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="memberOf"/>
|
<Attribute name="memberOf"/>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="memberOf"/>
|
<Attribute name="memberOf"/>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="memberOf"/>
|
<Attribute name="memberOf"/>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="memberOf"/>
|
<Attribute name="memberOf"/>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,10 +5,10 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="memberOf"/>
|
<Attribute name="memberOf"/>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -12,9 +12,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -13,9 +13,9 @@
|
||||||
</Key>
|
</Key>
|
||||||
</Keys>
|
</Keys>
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService signRequest="true"
|
<SingleSignOnService signRequest="true"
|
||||||
validateResponseSignature="true"
|
validateResponseSignature="true"
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
logoutPage="/logout.jsp"
|
logoutPage="/logout.jsp"
|
||||||
forceAuthentication="false">
|
forceAuthentication="false">
|
||||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||||
<RoleMapping>
|
<RoleIdentifiers>
|
||||||
<Attribute name="Role"/>
|
<Attribute name="Role"/>
|
||||||
</RoleMapping>
|
</RoleIdentifiers>
|
||||||
<IDP entityID="idp">
|
<IDP entityID="idp">
|
||||||
<SingleSignOnService requestBinding="POST"
|
<SingleSignOnService requestBinding="POST"
|
||||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||||
|
|
Loading…
Reference in a new issue