Merge pull request #1000 from pedroigor/master

[KEYCLOAK-883] - Examples config and logging changes.

examples/broker/facebook-authentication/facebook-identity-provider-realm.json

@@ -39,6 +39,9 @@
             "baseUrl": "/facebook-authentication",
             "redirectUris": [
               "/facebook-authentication/*"
+            ],
+            "webOrigins": [
+              "http://localhost:8080"
             ]
         }
     ],

examples/broker/google-authentication/google-identity-provider-realm.json

@@ -39,6 +39,9 @@
             "baseUrl": "/google-authentication",
             "redirectUris": [
               "/google-authentication/*"
+            ],
+            "webOrigins": [
+              "http://localhost:8080"
             ]
         }
     ],

examples/broker/saml-broker-authentication/saml-broker-authentication-realm.json

@@ -38,8 +38,7 @@
             "adminUrl": "/saml-broker-authentication",
             "baseUrl": "/saml-broker-authentication",
             "redirectUris": [
-              "/saml-broker-authentication/*",
+              "/saml-broker-authentication/*"
-              "http://localhost:8080/saml-broker-authentication/*"
             ],
             "webOrigins": [
               "http://localhost:8080"
@@ -55,7 +54,7 @@
           "updateProfileFirstLogin" : "true",
           "storeToken" : "true",
           "config": {
-              "singleSignOnServiceUrl": "http://localhost:8081/auth/realms/saml-broker-realm/protocol/saml",
+              "singleSignOnServiceUrl": "http://localhost:8080/auth/realms/saml-broker-realm/protocol/saml",
               "nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
               "signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
               "wantAuthnRequestsSigned": true,

examples/broker/saml-broker-authentication/saml-broker-realm.json

@@ -28,10 +28,10 @@
     },
     "applications": [
         {
-            "name": "http://localhost:8081/auth/",
+            "name": "http://localhost:8080/auth/",
             "enabled": true,
             "redirectUris": [
-              "http://localhost:8081/auth/realms/saml-broker-authentication-realm/broker/saml-identity-provider"
+              "http://localhost:8080/auth/realms/saml-broker-authentication-realm/broker/saml-identity-provider"
             ],
           "attributes": {
             "saml.assertion.signature": "true",

examples/broker/saml-broker-authentication/src/main/webapp/keycloak.json

@@ -2,7 +2,7 @@
   "realm" : "saml-broker-authentication-realm",
   "resource" : "saml-broker-authentication",
   "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
-  "auth-server-url": "http://localhost:8081/auth",
+  "auth-server-url": "/auth",
   "ssl-required" : "external",
   "public-client" : true
 }

examples/broker/twitter-authentication/src/main/webapp/keycloak.json

@@ -0,0 +1,8 @@
+{
+  "realm" : "twitter-identity-provider-realm",
+  "resource" : "twitter-authentication",
+  "realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
+  "auth-server-url": "/auth",
+  "ssl-required" : "external",
+  "public-client" : true
+}

examples/broker/twitter-authentication/twitter-identity-provider-realm.json

@@ -40,6 +40,9 @@
             "baseUrl": "/twitter-authentication",
             "redirectUris": [
                 "/twitter-authentication/*"
+            ],
+            "webOrigins": [
+              "http://localhost:8080"
             ]
         },
         {

forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js

@@ -171,7 +171,7 @@ module.config([ '$routeProvider', function($routeProvider) {
             controller : 'RealmIdentityProviderCtrl'
         })
         .when('/realms/:realm/identity-provider-settings/provider/:provider_id/:id', {
-            templateUrl : function(params){ return 'partials/realm-identity-provider-' + params.provider_id + '.html'; },
+            templateUrl : function(params){ return resourceUrl + '/partials/realm-identity-provider-' + params.provider_id + '.html'; },
             resolve : {
                 realm : function(RealmLoader) {
                     return RealmLoader();

services/src/main/java/org/keycloak/services/resources/IdentityBrokerService.java

@@ -323,7 +323,7 @@ public class IdentityBrokerService {
                     federatedUser.addRequiredAction(UPDATE_PROFILE);
                 }
             } catch (Exception e) {
-                return redirectToLoginPage(e.getMessage(), clientCode);
+                return redirectToErrorPage(e.getMessage(), e);
             }
         }
 
@@ -439,6 +439,10 @@ public class IdentityBrokerService {
     }
 
     private Response redirectToErrorPage(String message, Throwable throwable) {
+        if (message == null) {
+            message = "Unexpected error when authenticating with identity provider";
+        }
+
         fireErrorEvent(message, throwable);
         return Flows.forwardToSecurityFailurePage(this.session, this.realmModel, this.uriInfo, message);
     }
@@ -448,14 +452,6 @@ public class IdentityBrokerService {
         return Flows.errors().error(message, Status.BAD_REQUEST);
     }
 
-    private Response redirectToLoginPage(String message, ClientSessionCode clientCode) {
-        fireErrorEvent(message);
-        return Flows.forms(this.session, this.realmModel, clientCode.getClientSession().getClient(), this.uriInfo)
-                .setClientSessionCode(clientCode.getCode())
-                .setError(message)
-                .createLogin();
-    }
-
     private IdentityProvider getIdentityProvider(String providerId) {
         IdentityProviderModel identityProviderModel = this.realmModel.getIdentityProviderById(providerId);
 
@@ -513,7 +509,11 @@ public class IdentityBrokerService {
         FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(updatedIdentity.getIdentityProviderId(), updatedIdentity.getId(),
                 updatedIdentity.getUsername(), updatedIdentity.getToken());
         // Check if no user already exists with this username or email
-        UserModel existingUser = this.session.users().getUserByEmail(updatedIdentity.getEmail(), this.realmModel);
+        UserModel existingUser = null;
+
+        if (updatedIdentity.getEmail() != null) {
+            existingUser = this.session.users().getUserByEmail(updatedIdentity.getEmail(), this.realmModel);
+        }
 
         if (existingUser != null) {
             fireErrorEvent(Errors.FEDERATED_IDENTITY_EMAIL_EXISTS);