KEYCLOAK-3564 Added token-minimum-time-to-live and min-time-between-jwks-requests to adapter subsystem
This commit is contained in:
parent
0f9798a10d
commit
7447ca7b58
10 changed files with 47 additions and 0 deletions
|
@ -80,6 +80,8 @@ keycloak.secure-deployment.register-node-period=how often to re-register node
|
||||||
keycloak.secure-deployment.token-store=cookie or session storage for auth session data
|
keycloak.secure-deployment.token-store=cookie or session storage for auth session data
|
||||||
keycloak.secure-deployment.principal-attribute=token attribute to use to set Principal name
|
keycloak.secure-deployment.principal-attribute=token attribute to use to set Principal name
|
||||||
keycloak.secure-deployment.turn-off-change-session-id-on-login=The session id is changed by default on a successful login. Change this to true if you want to turn this off
|
keycloak.secure-deployment.turn-off-change-session-id-on-login=The session id is changed by default on a successful login. Change this to true if you want to turn this off
|
||||||
|
keycloak.secure-deployment.token-minimum-time-to-live=The adapter will refresh the token if the current token is expired OR will expire in 'token-minimum-time-to-live' seconds or less
|
||||||
|
keycloak.secure-deployment.min-time-between-jwks-requests=If adapter recognize token signed by unknown public key, it will try to download new public key from keycloak server. However it won't try to download if already tried it in less than 'min-time-between-jwks-requests' seconds
|
||||||
|
|
||||||
keycloak.secure-deployment.credential=Credential value
|
keycloak.secure-deployment.credential=Credential value
|
||||||
|
|
||||||
|
|
|
@ -105,6 +105,8 @@
|
||||||
<xs:element name="principal-attribute" type="xs:string" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="principal-attribute" type="xs:string" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="enable-basic-auth" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="enable-basic-auth" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="turn-off-change-session-id-on-login" type="xs:boolean" minOccurs="0" maxOccurs="1" />
|
<xs:element name="turn-off-change-session-id-on-login" type="xs:boolean" minOccurs="0" maxOccurs="1" />
|
||||||
|
<xs:element name="token-minimum-time-to-live" type="xs:integer" minOccurs="0" maxOccurs="1"/>
|
||||||
|
<xs:element name="min-time-between-jwks-requests" type="xs:integer" minOccurs="0" maxOccurs="1"/>
|
||||||
</xs:all>
|
</xs:all>
|
||||||
<xs:attribute name="name" type="xs:string" use="required">
|
<xs:attribute name="name" type="xs:string" use="required">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
|
|
|
@ -22,6 +22,7 @@ import org.jboss.as.controller.SimpleAttributeDefinition;
|
||||||
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
|
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
|
||||||
import org.jboss.as.controller.SimpleResourceDefinition;
|
import org.jboss.as.controller.SimpleResourceDefinition;
|
||||||
import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
|
import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
|
||||||
|
import org.jboss.as.controller.operations.validation.IntRangeValidator;
|
||||||
import org.jboss.as.controller.operations.validation.StringLengthValidator;
|
import org.jboss.as.controller.operations.validation.StringLengthValidator;
|
||||||
import org.jboss.as.controller.registry.ManagementResourceRegistration;
|
import org.jboss.as.controller.registry.ManagementResourceRegistration;
|
||||||
import org.jboss.dmr.ModelNode;
|
import org.jboss.dmr.ModelNode;
|
||||||
|
@ -83,6 +84,18 @@ public class SecureDeploymentDefinition extends SimpleResourceDefinition {
|
||||||
.setAllowExpression(true)
|
.setAllowExpression(true)
|
||||||
.setDefaultValue(new ModelNode(false))
|
.setDefaultValue(new ModelNode(false))
|
||||||
.build();
|
.build();
|
||||||
|
protected static final SimpleAttributeDefinition TOKEN_MINIMUM_TIME_TO_LIVE =
|
||||||
|
new SimpleAttributeDefinitionBuilder("token-minimum-time-to-live", ModelType.INT, true)
|
||||||
|
.setXmlName("token-minimum-time-to-live")
|
||||||
|
.setValidator(new IntRangeValidator(-1, true))
|
||||||
|
.setAllowExpression(true)
|
||||||
|
.build();
|
||||||
|
protected static final SimpleAttributeDefinition MIN_TIME_BETWEEN_JWKS_REQUESTS =
|
||||||
|
new SimpleAttributeDefinitionBuilder("min-time-between-jwks-requests", ModelType.INT, true)
|
||||||
|
.setXmlName("min-time-between-jwks-requests")
|
||||||
|
.setValidator(new IntRangeValidator(-1, true))
|
||||||
|
.setAllowExpression(true)
|
||||||
|
.build();
|
||||||
|
|
||||||
protected static final List<SimpleAttributeDefinition> DEPLOYMENT_ONLY_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
|
protected static final List<SimpleAttributeDefinition> DEPLOYMENT_ONLY_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
|
||||||
static {
|
static {
|
||||||
|
@ -93,6 +106,8 @@ public class SecureDeploymentDefinition extends SimpleResourceDefinition {
|
||||||
DEPLOYMENT_ONLY_ATTRIBUTES.add(ENABLE_BASIC_AUTH);
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(ENABLE_BASIC_AUTH);
|
||||||
DEPLOYMENT_ONLY_ATTRIBUTES.add(PUBLIC_CLIENT);
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(PUBLIC_CLIENT);
|
||||||
DEPLOYMENT_ONLY_ATTRIBUTES.add(TURN_OFF_CHANGE_SESSION);
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(TURN_OFF_CHANGE_SESSION);
|
||||||
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(TOKEN_MINIMUM_TIME_TO_LIVE);
|
||||||
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(MIN_TIME_BETWEEN_JWKS_REQUESTS);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static final List<SimpleAttributeDefinition> ALL_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
|
protected static final List<SimpleAttributeDefinition> ALL_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
|
||||||
|
|
|
@ -81,6 +81,8 @@ keycloak.secure-deployment.register-node-period=how often to re-register node
|
||||||
keycloak.secure-deployment.token-store=cookie or session storage for auth session data
|
keycloak.secure-deployment.token-store=cookie or session storage for auth session data
|
||||||
keycloak.secure-deployment.principal-attribute=token attribute to use to set Principal name
|
keycloak.secure-deployment.principal-attribute=token attribute to use to set Principal name
|
||||||
keycloak.secure-deployment.turn-off-change-session-id-on-login=The session id is changed by default on a successful login. Change this to true if you want to turn this off
|
keycloak.secure-deployment.turn-off-change-session-id-on-login=The session id is changed by default on a successful login. Change this to true if you want to turn this off
|
||||||
|
keycloak.secure-deployment.token-minimum-time-to-live=The adapter will refresh the token if the current token is expired OR will expire in 'token-minimum-time-to-live' seconds or less
|
||||||
|
keycloak.secure-deployment.min-time-between-jwks-requests=If adapter recognize token signed by unknown public key, it will try to download new public key from keycloak server. However it won't try to download if already tried it in less than 'min-time-between-jwks-requests' seconds
|
||||||
|
|
||||||
keycloak.secure-deployment.credential=Credential value
|
keycloak.secure-deployment.credential=Credential value
|
||||||
|
|
||||||
|
|
|
@ -105,6 +105,8 @@
|
||||||
<xs:element name="principal-attribute" type="xs:string" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="principal-attribute" type="xs:string" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="enable-basic-auth" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="enable-basic-auth" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="turn-off-change-session-id-on-login" type="xs:boolean" minOccurs="0" maxOccurs="1" />
|
<xs:element name="turn-off-change-session-id-on-login" type="xs:boolean" minOccurs="0" maxOccurs="1" />
|
||||||
|
<xs:element name="token-minimum-time-to-live" type="xs:integer" minOccurs="0" maxOccurs="1"/>
|
||||||
|
<xs:element name="min-time-between-jwks-requests" type="xs:integer" minOccurs="0" maxOccurs="1"/>
|
||||||
</xs:all>
|
</xs:all>
|
||||||
<xs:attribute name="name" type="xs:string" use="required">
|
<xs:attribute name="name" type="xs:string" use="required">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
|
|
|
@ -21,6 +21,8 @@
|
||||||
<resource>web-console</resource>
|
<resource>web-console</resource>
|
||||||
<use-resource-role-mappings>true</use-resource-role-mappings>
|
<use-resource-role-mappings>true</use-resource-role-mappings>
|
||||||
<turn-off-change-session-id-on-login>false</turn-off-change-session-id-on-login>
|
<turn-off-change-session-id-on-login>false</turn-off-change-session-id-on-login>
|
||||||
|
<token-minimum-time-to-live>10</token-minimum-time-to-live>
|
||||||
|
<min-time-between-jwks-requests>20</min-time-between-jwks-requests>
|
||||||
<realm-public-key>
|
<realm-public-key>
|
||||||
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4siLKUew0WYxdtq6/rwk4Uj/4amGFFnE/yzIxQVU0PUqz3QBRVkUWpDj0K6ZnS5nzJV/y6DHLEy7hjZTdRDphyF1sq09aDOYnVpzu8o2sIlMM8q5RnUyEfIyUZqwo8pSZDJ90fS0s+IDUJNCSIrAKO3w1lqZDHL6E/YFHXyzkvQIDAQAB
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4siLKUew0WYxdtq6/rwk4Uj/4amGFFnE/yzIxQVU0PUqz3QBRVkUWpDj0K6ZnS5nzJV/y6DHLEy7hjZTdRDphyF1sq09aDOYnVpzu8o2sIlMM8q5RnUyEfIyUZqwo8pSZDJ90fS0s+IDUJNCSIrAKO3w1lqZDHL6E/YFHXyzkvQIDAQAB
|
||||||
</realm-public-key>
|
</realm-public-key>
|
||||||
|
|
|
@ -22,6 +22,7 @@ import org.jboss.as.controller.SimpleAttributeDefinition;
|
||||||
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
|
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
|
||||||
import org.jboss.as.controller.SimpleResourceDefinition;
|
import org.jboss.as.controller.SimpleResourceDefinition;
|
||||||
import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
|
import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
|
||||||
|
import org.jboss.as.controller.operations.validation.IntRangeValidator;
|
||||||
import org.jboss.as.controller.operations.validation.StringLengthValidator;
|
import org.jboss.as.controller.operations.validation.StringLengthValidator;
|
||||||
import org.jboss.as.controller.registry.ManagementResourceRegistration;
|
import org.jboss.as.controller.registry.ManagementResourceRegistration;
|
||||||
import org.jboss.dmr.ModelNode;
|
import org.jboss.dmr.ModelNode;
|
||||||
|
@ -83,6 +84,19 @@ public class SecureDeploymentDefinition extends SimpleResourceDefinition {
|
||||||
.setAllowExpression(true)
|
.setAllowExpression(true)
|
||||||
.setDefaultValue(new ModelNode(false))
|
.setDefaultValue(new ModelNode(false))
|
||||||
.build();
|
.build();
|
||||||
|
protected static final SimpleAttributeDefinition TOKEN_MINIMUM_TIME_TO_LIVE =
|
||||||
|
new SimpleAttributeDefinitionBuilder("token-minimum-time-to-live", ModelType.INT, true)
|
||||||
|
.setXmlName("token-minimum-time-to-live")
|
||||||
|
.setValidator(new IntRangeValidator(-1, true))
|
||||||
|
.setAllowExpression(true)
|
||||||
|
.build();
|
||||||
|
protected static final SimpleAttributeDefinition MIN_TIME_BETWEEN_JWKS_REQUESTS =
|
||||||
|
new SimpleAttributeDefinitionBuilder("min-time-between-jwks-requests", ModelType.INT, true)
|
||||||
|
.setXmlName("min-time-between-jwks-requests")
|
||||||
|
.setValidator(new IntRangeValidator(-1, true))
|
||||||
|
.setAllowExpression(true)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
|
||||||
protected static final List<SimpleAttributeDefinition> DEPLOYMENT_ONLY_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
|
protected static final List<SimpleAttributeDefinition> DEPLOYMENT_ONLY_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
|
||||||
static {
|
static {
|
||||||
|
@ -93,6 +107,8 @@ public class SecureDeploymentDefinition extends SimpleResourceDefinition {
|
||||||
DEPLOYMENT_ONLY_ATTRIBUTES.add(ENABLE_BASIC_AUTH);
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(ENABLE_BASIC_AUTH);
|
||||||
DEPLOYMENT_ONLY_ATTRIBUTES.add(PUBLIC_CLIENT);
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(PUBLIC_CLIENT);
|
||||||
DEPLOYMENT_ONLY_ATTRIBUTES.add(TURN_OFF_CHANGE_SESSION);
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(TURN_OFF_CHANGE_SESSION);
|
||||||
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(TOKEN_MINIMUM_TIME_TO_LIVE);
|
||||||
|
DEPLOYMENT_ONLY_ATTRIBUTES.add(MIN_TIME_BETWEEN_JWKS_REQUESTS);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected static final List<SimpleAttributeDefinition> ALL_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
|
protected static final List<SimpleAttributeDefinition> ALL_ATTRIBUTES = new ArrayList<SimpleAttributeDefinition>();
|
||||||
|
|
|
@ -81,6 +81,8 @@ keycloak.secure-deployment.register-node-period=how often to re-register node
|
||||||
keycloak.secure-deployment.token-store=cookie or session storage for auth session data
|
keycloak.secure-deployment.token-store=cookie or session storage for auth session data
|
||||||
keycloak.secure-deployment.principal-attribute=token attribute to use to set Principal name
|
keycloak.secure-deployment.principal-attribute=token attribute to use to set Principal name
|
||||||
keycloak.secure-deployment.turn-off-change-session-id-on-login=The session id is changed by default on a successful login. Change this to true if you want to turn this off
|
keycloak.secure-deployment.turn-off-change-session-id-on-login=The session id is changed by default on a successful login. Change this to true if you want to turn this off
|
||||||
|
keycloak.secure-deployment.token-minimum-time-to-live=The adapter will refresh the token if the current token is expired OR will expire in 'token-minimum-time-to-live' seconds or less
|
||||||
|
keycloak.secure-deployment.min-time-between-jwks-requests=If adapter recognize token signed by unknown public key, it will try to download new public key from keycloak server. However it won't try to download if already tried it in less than 'min-time-between-jwks-requests' seconds
|
||||||
|
|
||||||
keycloak.secure-deployment.credential=Credential value
|
keycloak.secure-deployment.credential=Credential value
|
||||||
|
|
||||||
|
|
|
@ -105,6 +105,8 @@
|
||||||
<xs:element name="principal-attribute" type="xs:string" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="principal-attribute" type="xs:string" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="enable-basic-auth" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
|
<xs:element name="enable-basic-auth" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
|
||||||
<xs:element name="turn-off-change-session-id-on-login" type="xs:boolean" minOccurs="0" maxOccurs="1" />
|
<xs:element name="turn-off-change-session-id-on-login" type="xs:boolean" minOccurs="0" maxOccurs="1" />
|
||||||
|
<xs:element name="token-minimum-time-to-live" type="xs:integer" minOccurs="0" maxOccurs="1"/>
|
||||||
|
<xs:element name="min-time-between-jwks-requests" type="xs:integer" minOccurs="0" maxOccurs="1"/>
|
||||||
</xs:all>
|
</xs:all>
|
||||||
<xs:attribute name="name" type="xs:string" use="required">
|
<xs:attribute name="name" type="xs:string" use="required">
|
||||||
<xs:annotation>
|
<xs:annotation>
|
||||||
|
|
|
@ -45,6 +45,8 @@
|
||||||
<resource>web-console</resource>
|
<resource>web-console</resource>
|
||||||
<use-resource-role-mappings>true</use-resource-role-mappings>
|
<use-resource-role-mappings>true</use-resource-role-mappings>
|
||||||
<turn-off-change-session-id-on-login>false</turn-off-change-session-id-on-login>
|
<turn-off-change-session-id-on-login>false</turn-off-change-session-id-on-login>
|
||||||
|
<token-minimum-time-to-live>10</token-minimum-time-to-live>
|
||||||
|
<min-time-between-jwks-requests>20</min-time-between-jwks-requests>
|
||||||
<realm-public-key>
|
<realm-public-key>
|
||||||
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4siLKUew0WYxdtq6/rwk4Uj/4amGFFnE/yzIxQVU0PUqz3QBRVkUWpDj0K6ZnS5nzJV/y6DHLEy7hjZTdRDphyF1sq09aDOYnVpzu8o2sIlMM8q5RnUyEfIyUZqwo8pSZDJ90fS0s+IDUJNCSIrAKO3w1lqZDHL6E/YFHXyzkvQIDAQAB
|
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4siLKUew0WYxdtq6/rwk4Uj/4amGFFnE/yzIxQVU0PUqz3QBRVkUWpDj0K6ZnS5nzJV/y6DHLEy7hjZTdRDphyF1sq09aDOYnVpzu8o2sIlMM8q5RnUyEfIyUZqwo8pSZDJ90fS0s+IDUJNCSIrAKO3w1lqZDHL6E/YFHXyzkvQIDAQAB
|
||||||
</realm-public-key>
|
</realm-public-key>
|
||||||
|
|
Loading…
Reference in a new issue