Merge pull request #1682 from patriot1burke/master
SAML eap adapter and docs
This commit is contained in:
commit
80dea9c0bd
159 changed files with 3730 additions and 240 deletions
|
@ -14,6 +14,7 @@
|
|||
<module name="org.apache.httpcomponents"/>
|
||||
<module name="org.bouncycastle" />
|
||||
<module name="org.keycloak.keycloak-common"/>
|
||||
<module name="org.picketbox"/>
|
||||
</dependencies>
|
||||
|
||||
</module>
|
||||
|
|
|
@ -17,8 +17,12 @@
|
|||
<outputDirectory>rest-api</outputDirectory>
|
||||
</fileSet>
|
||||
<fileSet>
|
||||
<directory>../../docbook/target/docbook/publish/en-US</directory>
|
||||
<outputDirectory>userguide</outputDirectory>
|
||||
<directory>../../docbook/auth-server-docs/target/docbook/publish/en-US</directory>
|
||||
<outputDirectory>userguide/keycloak-server</outputDirectory>
|
||||
</fileSet>
|
||||
<fileSet>
|
||||
<directory>../../docbook/saml-adapter-docs/target/docbook/publish/en-US</directory>
|
||||
<outputDirectory>userguide/saml-client-adapter</outputDirectory>
|
||||
</fileSet>
|
||||
</fileSets>
|
||||
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
<h1>Keyloak Documentation</h1>
|
||||
<ul>
|
||||
<li><a href="userguide/html/index.html">Userguide HTML</a></li>
|
||||
<li><a href="userguide/html_single/index.html">Userguide HTML Single Page</a></li>
|
||||
<li><a href="userguide/pdf/keycloak-reference-guide-en-US.pdf">Userguide PDF</a></li>
|
||||
<li><a href="userguide/keycloak-server/html/index.html">Server and Keycloak Adapter Userguide HTML</a></li>
|
||||
<li><a href="userguide/keycloak-server/html_single/index.html">Server and Keycloak Adapter Userguide HTML Single Page</a></li>
|
||||
<li><a href="userguide/keycloak-server/pdf/keycloak-reference-guide-en-US.pdf">Server and Keycloak Adapter Userguide PDF</a></li>
|
||||
<li><a href="userguide/saml-client-adapter/html/index.html">SAML Client Adapter Userguide HTML</a></li>
|
||||
<li><a href="userguide/saml-client-adapter/html_single/index.html">>SAML Client Adapter Userguide HTML Single Page</a></li>
|
||||
<li><a href="userguide/saml-client-adapter/pdf/keycloak-reference-guide-en-US.pdf">SAML Client Adapter Userguide PDF</a></li>
|
||||
<li><a href="rest-api/overview-index.html">Admin REST API</a></li>
|
||||
<li><a href="javadocs/index.html">Javadocs</a></li>
|
||||
</ul>
|
|
@ -248,7 +248,106 @@
|
|||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
</artifactItems>
|
||||
<outputDirectory>target/${project.version}/adapters</outputDirectory>
|
||||
<outputDirectory>target/${project.version}/adapters/keycloak-oidc</outputDirectory>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>saml-adapter-downloads</id>
|
||||
<phase>install</phase>
|
||||
<goals>
|
||||
<goal>copy</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<artifactItems>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-adapter-dist</artifactId>
|
||||
<type>zip</type>
|
||||
</artifactItem>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-adapter-dist</artifactId>
|
||||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-eap6-adapter-dist</artifactId>
|
||||
<type>zip</type>
|
||||
</artifactItem>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-eap6-adapter-dist</artifactId>
|
||||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty81-adapter-dist</artifactId>
|
||||
<type>zip</type>
|
||||
</artifactItem>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty81-adapter-dist</artifactId>
|
||||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty92-adapter-dist</artifactId>
|
||||
<type>zip</type>
|
||||
</artifactItem>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty92-adapter-dist</artifactId>
|
||||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat6-adapter-dist</artifactId>
|
||||
<type>zip</type>
|
||||
</artifactItem>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat6-adapter-dist</artifactId>
|
||||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat7-adapter-dist</artifactId>
|
||||
<type>zip</type>
|
||||
</artifactItem>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat7-adapter-dist</artifactId>
|
||||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat8-adapter-dist</artifactId>
|
||||
<type>zip</type>
|
||||
</artifactItem>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat8-adapter-dist</artifactId>
|
||||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-wf9-adapter-dist</artifactId>
|
||||
<type>zip</type>
|
||||
</artifactItem>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-wf9-adapter-dist</artifactId>
|
||||
<type>tar.gz</type>
|
||||
</artifactItem>
|
||||
</artifactItems>
|
||||
<outputDirectory>target/${project.version}/adapters/saml</outputDirectory>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
|
|
36
distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
Executable file
36
distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,36 @@
|
|||
<assembly>
|
||||
<id>war-dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<fileSets>
|
||||
<fileSet>
|
||||
<directory>${project.build.directory}/unpacked</directory>
|
||||
<includes>
|
||||
<include>org/keycloak/keycloak-common/**</include>
|
||||
<include>org/keycloak/keycloak-saml-core/**</include>
|
||||
<include>org/keycloak/keycloak-saml-adapter-core/**</include>
|
||||
<include>org/keycloak/keycloak-adapter-spi/**</include>
|
||||
<include>org/keycloak/keycloak-jboss-adapter-core/**</include>
|
||||
<include>org/bouncycastle/**</include>
|
||||
<include>org/keycloak/keycloak-saml-as7-adapter/**</include>
|
||||
<include>org/keycloak/keycloak-saml-as7-subsystem/**</include>
|
||||
<include>org/keycloak/keycloak-saml-adapter-subsystem/**</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>**/*.war</exclude>
|
||||
</excludes>
|
||||
<outputDirectory>modules</outputDirectory>
|
||||
</fileSet>
|
||||
</fileSets>
|
||||
<files>
|
||||
<file>
|
||||
<source>../../shared-cli/adapter-install.cli</source>
|
||||
<outputDirectory>bin</outputDirectory>
|
||||
</file>
|
||||
</files>
|
||||
</assembly>
|
79
distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
Executable file
79
distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,79 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-as7-adapter-dist</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Keycloak SAML AS7 Adapter Distro</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-dependency-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>unpack</id>
|
||||
<phase>prepare-package</phase>
|
||||
<goals>
|
||||
<goal>unpack</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<artifactItems>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||
<type>zip</type>
|
||||
<outputDirectory>${project.build.directory}/unpacked</outputDirectory>
|
||||
</artifactItem>
|
||||
</artifactItems>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
22
distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml
Executable file
22
distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml
Executable file
|
@ -0,0 +1,22 @@
|
|||
<assembly>
|
||||
<id>dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<fileSets>
|
||||
<fileSet>
|
||||
<directory>../../</directory>
|
||||
<includes>
|
||||
<include>License.html</include>
|
||||
</includes>
|
||||
<outputDirectory></outputDirectory>
|
||||
</fileSet>
|
||||
<fileSet>
|
||||
<directory>${project.build.directory}/modules</directory>
|
||||
<outputDirectory></outputDirectory>
|
||||
</fileSet>
|
||||
</fileSets>
|
||||
</assembly>
|
88
distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml
Executable file
88
distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml
Executable file
|
@ -0,0 +1,88 @@
|
|||
<!--
|
||||
~ JBoss, Home of Professional Open Source.
|
||||
~ Copyright 2012, Red Hat, Inc., and individual contributors
|
||||
~ as indicated by the @author tags. See the copyright.txt file in the
|
||||
~ distribution for a full listing of individual contributors.
|
||||
~
|
||||
~ This is free software; you can redistribute it and/or modify it
|
||||
~ under the terms of the GNU Lesser General Public License as
|
||||
~ published by the Free Software Foundation; either version 2.1 of
|
||||
~ the License, or (at your option) any later version.
|
||||
~
|
||||
~ This software is distributed in the hope that it will be useful,
|
||||
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
~ Lesser General Public License for more details.
|
||||
~
|
||||
~ You should have received a copy of the GNU Lesser General Public
|
||||
~ License along with this software; if not, write to the Free
|
||||
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||
-->
|
||||
|
||||
<project name="module-repository" basedir="." default="all">
|
||||
|
||||
<import file="lib.xml"/>
|
||||
|
||||
<property name="output.dir" value="target"/>
|
||||
|
||||
<target name="all">
|
||||
<antcall target="modules">
|
||||
<param name="mavenized.modules" value="false"/>
|
||||
<param name="output.dir" value="target"/>
|
||||
</antcall>
|
||||
</target>
|
||||
|
||||
|
||||
<target name="modules">
|
||||
|
||||
<!-- server min dependencies -->
|
||||
|
||||
<module-def name="org.keycloak.keycloak-common">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-common"/>
|
||||
</module-def>
|
||||
<module-def name="org.bouncycastle">
|
||||
<maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
|
||||
<maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
|
||||
</module-def>
|
||||
|
||||
<!-- subsystems -->
|
||||
|
||||
<module-def name="org.keycloak.keycloak-adapter-spi">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-adapter-spi"/>
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-tomcat-adapter-spi"/>
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-as7-adapter-spi"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.keycloak.keycloak-saml-core">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-saml-core"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.keycloak.keycloak-saml-adapter-core">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-saml-adapter-core"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.keycloak.keycloak-jboss-adapter-core">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-jboss-adapter-core"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.keycloak.keycloak-saml-as7-adapter">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-saml-as7-adapter"/>
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-saml-tomcat-adapter-core"/>
|
||||
</module-def>
|
||||
|
||||
<module-def name="org.keycloak.keycloak-saml-as7-subsystem">
|
||||
<maven-resource group="org.keycloak" artifact="keycloak-saml-as7-subsystem"/>
|
||||
</module-def>
|
||||
|
||||
</target>
|
||||
|
||||
<target name="clean-target">
|
||||
<delete dir="${output.dir}"/>
|
||||
</target>
|
||||
|
||||
<target name="clean" depends="clean-target">
|
||||
<delete file="maven-ant-tasks.jar"/>
|
||||
</target>
|
||||
|
||||
</project>
|
282
distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml
Executable file
282
distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml
Executable file
|
@ -0,0 +1,282 @@
|
|||
<!--
|
||||
~ JBoss, Home of Professional Open Source.
|
||||
~ Copyright 2010, Red Hat, Inc., and individual contributors
|
||||
~ as indicated by the @author tags. See the copyright.txt file in the
|
||||
~ distribution for a full listing of individual contributors.
|
||||
~
|
||||
~ This is free software; you can redistribute it and/or modify it
|
||||
~ under the terms of the GNU Lesser General Public License as
|
||||
~ published by the Free Software Foundation; either version 2.1 of
|
||||
~ the License, or (at your option) any later version.
|
||||
~
|
||||
~ This software is distributed in the hope that it will be useful,
|
||||
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
~ Lesser General Public License for more details.
|
||||
~
|
||||
~ You should have received a copy of the GNU Lesser General Public
|
||||
~ License along with this software; if not, write to the Free
|
||||
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||
-->
|
||||
|
||||
<project name="module-repository-lib">
|
||||
|
||||
<property name="src.dir" value="src"/>
|
||||
<property name="module.repo.src.dir" value="${src.dir}/main/resources/modules"/>
|
||||
<property name="module.xml" value="module.xml"/>
|
||||
|
||||
<taskdef resource="net/sf/antcontrib/antlib.xml"/>
|
||||
<taskdef name="jandex" classname="org.jboss.jandex.JandexAntTask" />
|
||||
|
||||
<macrodef name="module-def">
|
||||
<attribute name="name"/>
|
||||
<attribute name="slot" default="main"/>
|
||||
<element name="resources" implicit="yes" optional="yes"/>
|
||||
|
||||
<sequential>
|
||||
<echo message="Initializing module -> @{name}"/>
|
||||
<property name="module.repo.output.dir" value="${output.dir}/modules"/>
|
||||
<!-- Figure out the correct module path -->
|
||||
<define-module-dir name="@{name}" slot="@{slot}"/>
|
||||
|
||||
<!-- Make the module output director -->
|
||||
<mkdir dir="${module.repo.output.dir}/${current.module.path}"/>
|
||||
|
||||
<!-- Copy the module.xml and other stuff to the output director -->
|
||||
<copy todir="${module.repo.output.dir}/${current.module.path}" overwrite="true">
|
||||
<fileset dir="${module.repo.src.dir}/${current.module.path}">
|
||||
<include name="**"/>
|
||||
</fileset>
|
||||
</copy>
|
||||
|
||||
<!-- Process the resource -->
|
||||
<resources/>
|
||||
|
||||
<!-- Add keycloak version property to module xml -->
|
||||
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}"
|
||||
token="$${project.version}"
|
||||
value="${project.version}"/>
|
||||
|
||||
<!-- Some final cleanup -->
|
||||
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||
<replacetoken>
|
||||
<![CDATA[
|
||||
<!-- Insert resources here -->]]></replacetoken>
|
||||
<replacevalue>
|
||||
</replacevalue>
|
||||
</replace>
|
||||
|
||||
</sequential>
|
||||
</macrodef>
|
||||
|
||||
<macrodef name="bundle-def">
|
||||
<attribute name="name"/>
|
||||
<attribute name="slot" default="main"/>
|
||||
<element name="resources" implicit="yes" optional="yes"/>
|
||||
|
||||
<sequential>
|
||||
<echo message="Initializing bundle -> @{name}"/>
|
||||
<property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
|
||||
<!-- Figure out the correct bundle path -->
|
||||
<define-bundle-dir name="@{name}" slot="@{slot}" />
|
||||
|
||||
<!-- Make the bundle output director -->
|
||||
<mkdir dir="${bundle.repo.output.dir}/${current.bundle.path}"/>
|
||||
|
||||
<!-- Process the resource -->
|
||||
<resources/>
|
||||
|
||||
</sequential>
|
||||
</macrodef>
|
||||
|
||||
<macrodef name="maven-bundle" >
|
||||
<attribute name="group"/>
|
||||
<attribute name="artifact"/>
|
||||
|
||||
<sequential>
|
||||
<!-- Copy the jar to the bundle dir -->
|
||||
<property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
|
||||
<copy todir="${bundle.repo.output.dir}/${current.bundle.path}" failonerror="true">
|
||||
<fileset file="${@{group}:@{artifact}:jar}"/>
|
||||
<mapper type="flatten" />
|
||||
</copy>
|
||||
</sequential>
|
||||
</macrodef>
|
||||
|
||||
<scriptdef name="define-module-dir" language="javascript" manager="bsf">
|
||||
<attribute name="name"/>
|
||||
<attribute name="slot"/>
|
||||
<![CDATA[
|
||||
name = attributes.get("name");
|
||||
name = name.replace(".", "/");
|
||||
project.setProperty("current.module.path", name + "/" + attributes.get("slot"));
|
||||
]]>
|
||||
</scriptdef>
|
||||
|
||||
<scriptdef name="define-bundle-dir" language="javascript" manager="bsf">
|
||||
<attribute name="name"/>
|
||||
<attribute name="slot"/>
|
||||
<![CDATA[
|
||||
name = attributes.get("name");
|
||||
name = name.replace(".", "/");
|
||||
project.setProperty("current.bundle.path", name + "/" + attributes.get("slot"));
|
||||
]]>
|
||||
</scriptdef>
|
||||
|
||||
<!--
|
||||
Get the version from the parent directory of the jar. If the parent directory is 'target' this
|
||||
means that the jar is contained in AS build so extract the version from the file name
|
||||
-->
|
||||
<scriptdef name="define-maven-artifact" language="javascript" manager="bsf">
|
||||
<attribute name="group"/>
|
||||
<attribute name="artifact"/>
|
||||
<attribute name="classifier"/>
|
||||
<attribute name="element"/>
|
||||
<attribute name="path"/>
|
||||
<![CDATA[
|
||||
importClass(Packages.java.io.File);
|
||||
group = attributes.get("group");
|
||||
artifact = attributes.get("artifact");
|
||||
classifier = attributes.get("classifier");
|
||||
element = attributes.get("element");
|
||||
path = attributes.get("path");
|
||||
if(path.indexOf('${') != -1) {
|
||||
throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
|
||||
}
|
||||
fp = new File(path);
|
||||
version = fp.getParentFile().getName();
|
||||
if (version.equals("target")) {
|
||||
version = fp.getName();
|
||||
version = version.substring(artifact.length() + 1);
|
||||
suffix = ".jar";
|
||||
if (classifier) {
|
||||
suffix = "-" + classifier + suffix;
|
||||
}
|
||||
version = version.replace(suffix, "");
|
||||
}
|
||||
|
||||
root = "<" + element + " name=\"" + group + ":" + artifact + ":" + version;
|
||||
if (classifier) {
|
||||
root = root + ":" + classifier;
|
||||
}
|
||||
root = root + "\"/>";
|
||||
project.setProperty("current.maven.root", root);
|
||||
]]>
|
||||
</scriptdef>
|
||||
|
||||
<macrodef name="maven-resource" >
|
||||
<attribute name="group"/>
|
||||
<attribute name="artifact"/>
|
||||
<attribute name="jandex" default="false" />
|
||||
|
||||
<sequential>
|
||||
<if>
|
||||
<equals arg1="${mavenized.modules}" arg2="true"/>
|
||||
<then>
|
||||
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" path="${@{group}:@{artifact}:jar}"/>
|
||||
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||
<replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
|
||||
</replace>
|
||||
</then>
|
||||
|
||||
<else>
|
||||
<!-- Copy the jar to the module dir -->
|
||||
<copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
|
||||
<fileset file="${@{group}:@{artifact}:jar}"/>
|
||||
<mapper type="flatten" />
|
||||
</copy>
|
||||
|
||||
<basename file="${@{group}:@{artifact}:jar}" property="resourcename.@{group}.@{artifact}"/>
|
||||
<!-- Generate the Jandex Index -->
|
||||
<jandex run="@{jandex}" newJar="true" >
|
||||
<fileset dir="${module.repo.output.dir}/${current.module.path}" />
|
||||
</jandex>
|
||||
<!-- Update the resource entry in module.xml -->
|
||||
<define-resource-root path="${resourcename.@{group}.@{artifact}}" jandex="@{jandex}"/>
|
||||
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||
<replacefilter token="<!-- Insert resources here -->" value="${current.resource.root} <!-- Insert resources here -->"/>
|
||||
</replace>
|
||||
</else>
|
||||
</if>
|
||||
</sequential>
|
||||
</macrodef>
|
||||
|
||||
|
||||
|
||||
<macrodef name="maven-resource-with-classifier" >
|
||||
<attribute name="group"/>
|
||||
<attribute name="artifact"/>
|
||||
<attribute name="classifier"/>
|
||||
<attribute name="jandex" default="false" />
|
||||
|
||||
<sequential>
|
||||
<if>
|
||||
<equals arg1="${mavenized.modules}" arg2="true"/>
|
||||
<then>
|
||||
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" classifier="@{classifier}" path="${@{group}:@{artifact}:jar:@{classifier}}"/>
|
||||
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||
<replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
|
||||
</replace>
|
||||
</then>
|
||||
<else>
|
||||
<!-- Copy the jar to the module dir -->
|
||||
<copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
|
||||
<fileset file="${@{group}:@{artifact}:jar:@{classifier}}"/>
|
||||
<!-- http://jira.codehaus.org/browse/MANTRUN-159 -->
|
||||
<mapper type="flatten" />
|
||||
</copy>
|
||||
|
||||
<basename file="${@{group}:@{artifact}:jar:@{classifier}}" property="resourcename.@{group}.@{artifact}.@{classifier}"/>
|
||||
|
||||
<!-- Update the resource entry in module.xml -->
|
||||
<define-resource-root path="${resourcename.@{group}.@{artifact}.@{classifier}}"/>
|
||||
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||
<replacefilter token="<!-- Insert resources here -->" value="${current.resource.root} <!-- Insert resources here -->"/>
|
||||
</replace>
|
||||
</else>
|
||||
</if>
|
||||
</sequential>
|
||||
</macrodef>
|
||||
|
||||
<macrodef name="extract-native-jar" >
|
||||
<attribute name="group"/>
|
||||
<attribute name="artifact"/>
|
||||
<sequential>
|
||||
<if>
|
||||
<equals arg1="${mavenized.modules}" arg2="true"/>
|
||||
<then>
|
||||
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="native-artifact" path="${@{group}:@{artifact}:jar}"/>
|
||||
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||
<replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
|
||||
</replace>
|
||||
</then>
|
||||
|
||||
<else>
|
||||
<unzip src="${@{group}:@{artifact}:jar}" dest="${module.repo.output.dir}/${current.module.path}">
|
||||
<patternset>
|
||||
<include name="lib/**"/>
|
||||
</patternset>
|
||||
</unzip>
|
||||
</else>
|
||||
</if>
|
||||
</sequential>
|
||||
</macrodef>
|
||||
|
||||
<scriptdef name="define-resource-root" language="javascript" manager="bsf">
|
||||
<attribute name="path"/>
|
||||
<attribute name="jandex"/>
|
||||
<![CDATA[
|
||||
path = attributes.get("path");
|
||||
root = "<resource-root path=\"" + path + "\"/>";
|
||||
if(path.indexOf('${') != -1) {
|
||||
throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
|
||||
}
|
||||
if(attributes.get("jandex") == "true" ) {
|
||||
root = root + "\n\t<resource-root path=\"" + path.replace(".jar","-jandex.jar") + "\"/>";
|
||||
}
|
||||
project.setProperty("current.resource.root", root);
|
||||
]]>
|
||||
</scriptdef>
|
||||
|
||||
</project>
|
179
distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml
Executable file
179
distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml
Executable file
|
@ -0,0 +1,179 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||
|
||||
<name>Keycloak SAML AS7 / JBoss EAP 6 Modules</name>
|
||||
<packaging>pom</packaging>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-common</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-adapter-spi</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-as7-adapter-spi</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-adapter-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat-adapter-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-jboss-adapter-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-subsystem</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-tomcat-adapter-spi</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-jboss-adapter-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcpkix-jdk15on</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-antrun-plugin</artifactId>
|
||||
<inherited>false</inherited>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>build-dist</id>
|
||||
<goals>
|
||||
<goal>run</goal>
|
||||
</goals>
|
||||
<phase>compile</phase>
|
||||
<configuration>
|
||||
<target>
|
||||
<ant antfile="build.xml" inheritRefs="true">
|
||||
<target name="all"/>
|
||||
</ant>
|
||||
</target>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.jboss</groupId>
|
||||
<artifactId>jandex</artifactId>
|
||||
<version>1.0.3.Final</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>ant-contrib</groupId>
|
||||
<artifactId>ant-contrib</artifactId>
|
||||
<version>1.0b3</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>ant</groupId>
|
||||
<artifactId>ant</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.ant</groupId>
|
||||
<artifactId>ant-apache-bsf</artifactId>
|
||||
<version>1.9.3</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.bsf</groupId>
|
||||
<artifactId>bsf-api</artifactId>
|
||||
<version>3.1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>rhino</groupId>
|
||||
<artifactId>js</artifactId>
|
||||
<version>1.7R2</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-resources</id>
|
||||
<!-- here the phase you need -->
|
||||
<phase>validate</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-saml-adapter-subsystem</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem</directory>
|
||||
<filtering>true</filtering>
|
||||
</resource>
|
||||
</resources>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">
|
||||
<resources>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="javax.api"/>
|
||||
</dependencies>
|
||||
</module>
|
|
@ -0,0 +1,20 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-spi">
|
||||
<resources>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="javax.api"/>
|
||||
<module name="org.jboss.logging"/>
|
||||
<module name="org.jboss.as.web"/>
|
||||
<module name="javax.servlet.api"/>
|
||||
<module name="org.apache.httpcomponents"/>
|
||||
<module name="org.bouncycastle" />
|
||||
<module name="org.keycloak.keycloak-common"/>
|
||||
<module name="org.picketbox"/>
|
||||
</dependencies>
|
||||
|
||||
</module>
|
|
@ -0,0 +1,17 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-common">
|
||||
<resources>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="org.bouncycastle" />
|
||||
<module name="javax.api"/>
|
||||
<module name="javax.activation.api"/>
|
||||
<module name="sun.jdk" optional="true" />
|
||||
<module name="sun.jdk.jgss" optional="true" />
|
||||
</dependencies>
|
||||
|
||||
</module>
|
|
@ -0,0 +1,17 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-jboss-adapter-core">
|
||||
<resources>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="javax.api"/>
|
||||
<module name="org.jboss.logging"/>
|
||||
<module name="org.picketbox"/>
|
||||
<module name="org.keycloak.keycloak-adapter-spi"/>
|
||||
<module name="org.keycloak.keycloak-common"/>
|
||||
</dependencies>
|
||||
|
||||
</module>
|
|
@ -0,0 +1,17 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-adapter-core">
|
||||
<resources>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="javax.api"/>
|
||||
<module name="org.jboss.logging"/>
|
||||
<module name="org.keycloak.keycloak-adapter-spi"/>
|
||||
<module name="org.keycloak.keycloak-saml-core"/>
|
||||
<module name="org.keycloak.keycloak-common"/>
|
||||
</dependencies>
|
||||
|
||||
</module>
|
|
@ -0,0 +1,35 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<!--
|
||||
~ JBoss, Home of Professional Open Source.
|
||||
~ Copyright 2014, Red Hat, Inc., and individual contributors
|
||||
~ as indicated by the @author tags. See the copyright.txt file in the
|
||||
~ distribution for a full listing of individual contributors.
|
||||
~
|
||||
~ This is free software; you can redistribute it and/or modify it
|
||||
~ under the terms of the GNU Lesser General Public License as
|
||||
~ published by the Free Software Foundation; either version 2.1 of
|
||||
~ the License, or (at your option) any later version.
|
||||
~
|
||||
~ This software is distributed in the hope that it will be useful,
|
||||
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
~ Lesser General Public License for more details.
|
||||
~
|
||||
~ You should have received a copy of the GNU Lesser General Public
|
||||
~ License along with this software; if not, write to the Free
|
||||
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||
-->
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-adapter-subsystem">
|
||||
|
||||
<resources>
|
||||
<resource-root path="."/>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
|
||||
<dependencies>
|
||||
<module name="org.keycloak.keycloak-saml-as7-subsystem" export="true" services="export"/>
|
||||
</dependencies>
|
||||
</module>
|
|
@ -0,0 +1,24 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-as7-adapter">
|
||||
<resources>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="javax.api"/>
|
||||
<module name="org.bouncycastle" />
|
||||
<module name="javax.servlet.api"/>
|
||||
<module name="org.jboss.logging"/>
|
||||
<module name="org.jboss.as.security"/>
|
||||
<module name="org.jboss.as.web"/>
|
||||
<module name="org.picketbox"/>
|
||||
<module name="org.keycloak.keycloak-saml-as7-adapter"/>
|
||||
<module name="org.keycloak.keycloak-adapter-spi"/>
|
||||
<module name="org.keycloak.keycloak-saml-core"/>
|
||||
<module name="org.keycloak.keycloak-saml-adapter-core"/>
|
||||
<module name="org.keycloak.keycloak-common"/>
|
||||
</dependencies>
|
||||
|
||||
</module>
|
|
@ -0,0 +1,45 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
<!--
|
||||
~ JBoss, Home of Professional Open Source.
|
||||
~ Copyright 2014, Red Hat, Inc., and individual contributors
|
||||
~ as indicated by the @author tags. See the copyright.txt file in the
|
||||
~ distribution for a full listing of individual contributors.
|
||||
~
|
||||
~ This is free software; you can redistribute it and/or modify it
|
||||
~ under the terms of the GNU Lesser General Public License as
|
||||
~ published by the Free Software Foundation; either version 2.1 of
|
||||
~ the License, or (at your option) any later version.
|
||||
~
|
||||
~ This software is distributed in the hope that it will be useful,
|
||||
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
~ Lesser General Public License for more details.
|
||||
~
|
||||
~ You should have received a copy of the GNU Lesser General Public
|
||||
~ License along with this software; if not, write to the Free
|
||||
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||
-->
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-as7-subsystem">
|
||||
|
||||
<resources>
|
||||
<resource-root path="."/>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
|
||||
<dependencies>
|
||||
<module name="javax.api"/>
|
||||
<module name="org.keycloak.keycloak-saml-as7-adapter"/>
|
||||
<module name="org.jboss.staxmapper"/>
|
||||
<module name="org.jboss.as.controller"/>
|
||||
<module name="org.jboss.as.server"/>
|
||||
<module name="org.jboss.as.web"/>
|
||||
<module name="org.jboss.modules"/>
|
||||
<module name="org.jboss.msc"/>
|
||||
<module name="org.jboss.logging"/>
|
||||
<module name="org.jboss.vfs"/>
|
||||
<module name="org.jboss.metadata"/>
|
||||
</dependencies>
|
||||
</module>
|
|
@ -0,0 +1,20 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
|
||||
|
||||
|
||||
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-core">
|
||||
<resources>
|
||||
<!-- Insert resources here -->
|
||||
</resources>
|
||||
<dependencies>
|
||||
<module name="org.jboss.logging"/>
|
||||
<module name="org.keycloak.keycloak-common"/>
|
||||
<module name="org.apache.santuario.xmlsec">
|
||||
<imports>
|
||||
<exclude path="javax/*"/>
|
||||
</imports>
|
||||
</module>
|
||||
<module name="javax.api"/>
|
||||
</dependencies>
|
||||
|
||||
</module>
|
36
distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
Executable file
36
distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,36 @@
|
|||
<assembly>
|
||||
<id>war-dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<fileSets>
|
||||
<fileSet>
|
||||
<directory>${project.build.directory}/unpacked</directory>
|
||||
<includes>
|
||||
<include>org/keycloak/keycloak-common/**</include>
|
||||
<include>org/keycloak/keycloak-saml-core/**</include>
|
||||
<include>org/keycloak/keycloak-saml-adapter-core/**</include>
|
||||
<include>org/keycloak/keycloak-adapter-spi/**</include>
|
||||
<include>org/keycloak/keycloak-jboss-adapter-core/**</include>
|
||||
<include>org/bouncycastle/**</include>
|
||||
<include>org/keycloak/keycloak-saml-as7-adapter/**</include>
|
||||
<include>org/keycloak/keycloak-saml-as7-subsystem/**</include>
|
||||
<include>org/keycloak/keycloak-saml-adapter-subsystem/**</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>**/*.war</exclude>
|
||||
</excludes>
|
||||
<outputDirectory>modules/system/layers/base</outputDirectory>
|
||||
</fileSet>
|
||||
</fileSets>
|
||||
<files>
|
||||
<file>
|
||||
<source>../../shared-cli/adapter-install.cli</source>
|
||||
<outputDirectory>bin</outputDirectory>
|
||||
</file>
|
||||
</files>
|
||||
</assembly>
|
79
distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
Executable file
79
distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,79 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-eap6-adapter-dist</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Keycloak SAML JBoss EAP 6 Adapter Distro</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-as7-adapter</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-as7-modules</artifactId>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-dependency-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>unpack</id>
|
||||
<phase>prepare-package</phase>
|
||||
<goals>
|
||||
<goal>unpack</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<artifactItems>
|
||||
<artifactItem>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||
<type>zip</type>
|
||||
<outputDirectory>${project.build.directory}/unpacked</outputDirectory>
|
||||
</artifactItem>
|
||||
</artifactItems>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
21
distribution/saml-adapters/as7-eap6-adapter/pom.xml
Executable file
21
distribution/saml-adapters/as7-eap6-adapter/pom.xml
Executable file
|
@ -0,0 +1,21 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
<name>Keycloak SAML AS7 / JBoss EAP 6 Adapter Distros</name>
|
||||
<description/>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>keycloak-saml-as7-eap6-adapter-dist-pom</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<modules>
|
||||
<module>as7-modules</module>
|
||||
<module>as7-adapter-zip</module>
|
||||
<module>eap6-adapter-zip</module>
|
||||
</modules>
|
||||
</project>
|
26
distribution/saml-adapters/jetty81-adapter-zip/assembly.xml
Executable file
26
distribution/saml-adapters/jetty81-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,26 @@
|
|||
<assembly>
|
||||
<id>war-dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<dependencySets>
|
||||
<dependencySet>
|
||||
<unpack>false</unpack>
|
||||
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||
<includes>
|
||||
<include>org.keycloak:keycloak-saml-jetty81-adapter</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>org.eclipse.jetty:jetty-server</exclude>
|
||||
<exclude>org.eclipse.jetty:jetty-util</exclude>
|
||||
<exclude>org.eclipse.jetty:jetty-security</exclude>
|
||||
</excludes>
|
||||
<outputDirectory>lib/keycloak</outputDirectory>
|
||||
</dependencySet>
|
||||
</dependencySets>
|
||||
</assembly>
|
51
distribution/saml-adapters/jetty81-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/jetty81-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-jetty81-adapter-dist</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Keycloak SAML Jetty 8.1.x Adapter Distro</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty81-adapter</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
39
distribution/saml-adapters/jetty91-adapter-zip/assembly.xml
Executable file
39
distribution/saml-adapters/jetty91-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,39 @@
|
|||
<assembly>
|
||||
<id>war-dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<fileSets>
|
||||
<fileSet>
|
||||
<directory></directory>
|
||||
<includes>
|
||||
<include>keycloak.mod</include>
|
||||
</includes>
|
||||
<outputDirectory>modules</outputDirectory>
|
||||
</fileSet>
|
||||
<fileSet>
|
||||
<directory>${project.build.directory}/modules</directory>
|
||||
<outputDirectory></outputDirectory>
|
||||
</fileSet>
|
||||
</fileSets>
|
||||
<dependencySets>
|
||||
<dependencySet>
|
||||
<unpack>false</unpack>
|
||||
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||
<includes>
|
||||
<include>org.keycloak:keycloak-saml-jetty91-adapter</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>org.eclipse.jetty:jetty-server</exclude>
|
||||
<exclude>org.eclipse.jetty:jetty-util</exclude>
|
||||
<exclude>org.eclipse.jetty:jetty-security</exclude>
|
||||
</excludes>
|
||||
<outputDirectory>lib/keycloak</outputDirectory>
|
||||
</dependencySet>
|
||||
</dependencySets>
|
||||
</assembly>
|
11
distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod
Executable file
11
distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod
Executable file
|
@ -0,0 +1,11 @@
|
|||
#
|
||||
# Keycloak Jetty Adapter
|
||||
#
|
||||
|
||||
[depend]
|
||||
server
|
||||
security
|
||||
|
||||
[lib]
|
||||
lib/keycloak/*.jar
|
||||
|
51
distribution/saml-adapters/jetty91-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/jetty91-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-jetty91-adapter-dist</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Keycloak SAML Jetty 9.1.x Adapter Distro</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty91-adapter</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
39
distribution/saml-adapters/jetty92-adapter-zip/assembly.xml
Executable file
39
distribution/saml-adapters/jetty92-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,39 @@
|
|||
<assembly>
|
||||
<id>war-dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<fileSets>
|
||||
<fileSet>
|
||||
<directory></directory>
|
||||
<includes>
|
||||
<include>keycloak.mod</include>
|
||||
</includes>
|
||||
<outputDirectory>modules</outputDirectory>
|
||||
</fileSet>
|
||||
<fileSet>
|
||||
<directory>${project.build.directory}/modules</directory>
|
||||
<outputDirectory></outputDirectory>
|
||||
</fileSet>
|
||||
</fileSets>
|
||||
<dependencySets>
|
||||
<dependencySet>
|
||||
<unpack>false</unpack>
|
||||
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||
<includes>
|
||||
<include>org.keycloak:keycloak-saml-jetty92-adapter</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>org.eclipse.jetty:jetty-server</exclude>
|
||||
<exclude>org.eclipse.jetty:jetty-util</exclude>
|
||||
<exclude>org.eclipse.jetty:jetty-security</exclude>
|
||||
</excludes>
|
||||
<outputDirectory>lib/keycloak</outputDirectory>
|
||||
</dependencySet>
|
||||
</dependencySets>
|
||||
</assembly>
|
11
distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod
Executable file
11
distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod
Executable file
|
@ -0,0 +1,11 @@
|
|||
#
|
||||
# Keycloak Jetty Adapter
|
||||
#
|
||||
|
||||
[depend]
|
||||
server
|
||||
security
|
||||
|
||||
[lib]
|
||||
lib/keycloak/*.jar
|
||||
|
51
distribution/saml-adapters/jetty92-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/jetty92-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-jetty92-adapter-dist</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Keycloak SAML Jetty 9.2.x Adapter Distro</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty92-adapter</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
|
@ -16,5 +16,13 @@
|
|||
|
||||
<modules>
|
||||
<module>wf9-adapter</module>
|
||||
<module>tomcat6-adapter-zip</module>
|
||||
<module>tomcat7-adapter-zip</module>
|
||||
<module>tomcat8-adapter-zip</module>
|
||||
<module>jetty81-adapter-zip</module>
|
||||
<!-- jetty 9.1 doesn't work right now
|
||||
<module>jetty91-adapter-zip</module> -->
|
||||
<module>jetty92-adapter-zip</module>
|
||||
<module>as7-eap6-adapter</module>
|
||||
</modules>
|
||||
</project>
|
||||
|
|
24
distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml
Executable file
24
distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,24 @@
|
|||
<assembly>
|
||||
<id>war-dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<dependencySets>
|
||||
<dependencySet>
|
||||
<unpack>false</unpack>
|
||||
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||
<includes>
|
||||
<include>org.keycloak:keycloak-saml-tomcat6-adapter</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>org.apache.tomcat:catalina</exclude>
|
||||
</excludes>
|
||||
<outputDirectory></outputDirectory>
|
||||
</dependencySet>
|
||||
</dependencySets>
|
||||
</assembly>
|
51
distribution/saml-adapters/tomcat6-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/tomcat6-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-tomcat6-adapter-dist</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Keycloak SAML Tomcat 6 Adapter Distro</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat6-adapter</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
25
distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml
Executable file
25
distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,25 @@
|
|||
<assembly>
|
||||
<id>war-dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<dependencySets>
|
||||
<dependencySet>
|
||||
<unpack>false</unpack>
|
||||
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||
<includes>
|
||||
<include>org.keycloak:keycloak-saml-tomcat7-adapter</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>org.apache.tomcat:tomcat-servlet-api</exclude>
|
||||
<exclude>org.apache.tomcat:tomcat-catalina</exclude>
|
||||
</excludes>
|
||||
<outputDirectory></outputDirectory>
|
||||
</dependencySet>
|
||||
</dependencySets>
|
||||
</assembly>
|
51
distribution/saml-adapters/tomcat7-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/tomcat7-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-tomcat7-adapter-dist</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Keycloak SAML Tomcat 7 Adapter Distro</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat7-adapter</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
25
distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml
Executable file
25
distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,25 @@
|
|||
<assembly>
|
||||
<id>war-dist</id>
|
||||
|
||||
<formats>
|
||||
<format>zip</format>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<includeBaseDirectory>false</includeBaseDirectory>
|
||||
|
||||
<dependencySets>
|
||||
<dependencySet>
|
||||
<unpack>false</unpack>
|
||||
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||
<includes>
|
||||
<include>org.keycloak:keycloak-saml-tomcat8-adapter</include>
|
||||
</includes>
|
||||
<excludes>
|
||||
<exclude>org.apache.tomcat:tomcat-servlet-api</exclude>
|
||||
<exclude>org.apache.tomcat:tomcat-catalina</exclude>
|
||||
</excludes>
|
||||
<outputDirectory></outputDirectory>
|
||||
</dependencySet>
|
||||
</dependencySets>
|
||||
</assembly>
|
51
distribution/saml-adapters/tomcat8-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/tomcat8-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-tomcat8-adapter-dist</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
<name>Keycloak SAML Tomcat 8 Adapter Distro</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat8-adapter</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>assemble</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>assembly.xml</descriptor>
|
||||
</descriptors>
|
||||
<outputDirectory>
|
||||
target
|
||||
</outputDirectory>
|
||||
<workDirectory>
|
||||
target/assembly/work
|
||||
</workDirectory>
|
||||
<appendAssemblyId>false</appendAssemblyId>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
|
@ -94,6 +94,12 @@ This one is short
|
|||
types are supported and how to configure and install them so that you can use Keycloak to secure
|
||||
your applications.
|
||||
</para>
|
||||
<para>
|
||||
These client adapters use an extension of the OpenID Connect protocol (a derivate of OAuth 2.0).
|
||||
This extension provides support for clustering, backchannel logout, and other non-standard adminstrative functions.
|
||||
The Keycloak project also provides a separate, standalone, generic, SAML client adapter. But that is describe in a separate
|
||||
document and has a different download.
|
||||
</para>
|
||||
&AdapterConfig;
|
||||
&JBossAdapter;
|
||||
&TomcatAdapter;
|
||||
|
|
|
@ -1,6 +1,12 @@
|
|||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
||||
"http://www.docbook.org/xml/4.4/docbookx.dtd"
|
||||
[
|
||||
<!ENTITY AdapterConfig SYSTEM "modules/adapter-config.xml">
|
||||
<!ENTITY JBossAdapter SYSTEM "modules/jboss-adapter.xml">
|
||||
<!ENTITY TomcatAdapter SYSTEM "modules/tomcat-adapter.xml">
|
||||
<!ENTITY Jetty9Adapter SYSTEM "modules/jetty9-adapter.xml">
|
||||
<!ENTITY Jetty8Adapter SYSTEM "modules/jetty8-adapter.xml">
|
||||
<!ENTITY Logout SYSTEM "modules/logout.xml">
|
||||
]>
|
||||
|
||||
<book>
|
||||
|
@ -33,6 +39,13 @@ This one is short
|
|||
</programlisting>
|
||||
</para>
|
||||
</preface>
|
||||
&AdapterConfig;
|
||||
&JBossAdapter;
|
||||
&TomcatAdapter;
|
||||
&Jetty9Adapter;
|
||||
&Jetty8Adapter;
|
||||
&Logout;
|
||||
|
||||
|
||||
|
||||
</book>
|
||||
|
|
475
docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml
Executable file
475
docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml
Executable file
|
@ -0,0 +1,475 @@
|
|||
<chapter id="adapter-config">
|
||||
<title>General Adapter Config</title>
|
||||
<para>
|
||||
Each SAML adapter supported by Keycloak can be configured by a simple XML text file. This is what one might
|
||||
look like:
|
||||
</para>
|
||||
<para>
|
||||
<programlisting><![CDATA[
|
||||
<keycloak-saml-adapter>
|
||||
<SP entityID="http://localhost:8081/sales-post-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
forceAuthentication="false">
|
||||
<Keys>
|
||||
<Key signing="true" >
|
||||
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
||||
<PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
|
||||
<Certificate alias="http://localhost:8080/sales-post-sig/"/>
|
||||
</KeyStore>
|
||||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
<IDP entityID="idp"
|
||||
signaturesRequired="true">
|
||||
<SingleSignOnService requestBinding="POST"
|
||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
/>
|
||||
|
||||
<SingleLogoutService
|
||||
requestBinding="POST"
|
||||
responseBinding="POST"
|
||||
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
/>
|
||||
<Keys>
|
||||
<Key signing="true">
|
||||
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
||||
<Certificate alias="demo"/>
|
||||
</KeyStore>
|
||||
</Key>
|
||||
</Keys>
|
||||
</IDP>
|
||||
</SP>
|
||||
</keycloak-saml-adapter>]]>
|
||||
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Some of these configuration switches may be adapter specific and some are common across all adapters.
|
||||
For Java adapters you can use <literal>${...}</literal> enclosure as System property replacement.
|
||||
For example <literal>${jboss.server.config.dir}</literal>.
|
||||
</para>
|
||||
<section>
|
||||
<title>SP Element</title>
|
||||
<para>
|
||||
Here is the explanation of the SP element attributes
|
||||
</para>
|
||||
<para><![CDATA[
|
||||
<SP entityID="sp"
|
||||
sslPolicy="ssl"
|
||||
nameIDPolicyFormat="format"
|
||||
forceAuthentication="true">
|
||||
...
|
||||
</SP>]]></para>
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>entityID</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the identifier for this client. The IDP needs this value to determine
|
||||
who the client is that is communicating with it.
|
||||
<emphasis>REQUIRED.</emphasis>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>sslPolicy</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the SSL policy the adapter will enforce. Valid values are:
|
||||
ALL, EXTERNAL, and NONE. For ALL, all requests must come in via HTTPS. For
|
||||
EXTERNAL, only non-private IP addresses must come over the wire via HTTPS. For
|
||||
NONE, no requests are required to come over via HTTPS. This is
|
||||
<emphasis>OPTIONAL.</emphasis> and defaults to EXTERNAL.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>nameIDPolicyFormat</term>
|
||||
<listitem>
|
||||
<para>
|
||||
SAML clients can request a specific NameID Subject format. Fill in this value
|
||||
if you want a specific format. It must be a standard SAML format identifier, i.e.
|
||||
<literal>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</literal>
|
||||
<emphasis>OPTIONAL.</emphasis>. By default, no special format is requested.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>forceAuthentication</term>
|
||||
<listitem>
|
||||
<para>
|
||||
SAML clients can request that a user is re-authenticated even if
|
||||
they are already logged in at the IDP. Set this to true if you
|
||||
want this.
|
||||
<emphasis>OPTIONAL.</emphasis>. Set to <literal>false</literal> by default.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</section>
|
||||
<section id="sp_keys">
|
||||
<title>SP Keys and Key elements</title>
|
||||
<para>
|
||||
If the IDP requires that the SP sign all of its requests and/or if the IDP will
|
||||
encrypt assertions, you must define the keys used to do this. For client signed
|
||||
documents you must define both the private and public key or certificate that will
|
||||
be used to sign documents. For encryption, you only have to define the private key
|
||||
that will be used to decrypt.
|
||||
</para>
|
||||
<para>
|
||||
There are two ways to describe your keys. Either they are stored within a Java KeyStore
|
||||
or you can cut and paste the keys directly within <literal>keycloak-saml.xml</literal>
|
||||
in the PEM format.
|
||||
</para>
|
||||
<para><![CDATA[
|
||||
<Keys>
|
||||
<Key signing="true" >
|
||||
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
||||
<PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
|
||||
<Certificate alias="http://localhost:8080/sales-post-sig/"/>
|
||||
</KeyStore>
|
||||
</Key>
|
||||
</Keys>
|
||||
]]>
|
||||
</para>
|
||||
<para>
|
||||
The <literal>Key</literal> element has two optional attributes <literal>signing</literal>
|
||||
and <literal>encryption</literal>. When set to true these tell the adapter what the
|
||||
key will be used for. If both attributes are set to true, then the key will be used for both
|
||||
signing documents and decrypting encrypted assertions. You must set at least one of these
|
||||
attributes to true.
|
||||
</para>
|
||||
<section id="keystore">
|
||||
<title>KeyStore element</title>
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>file</term>
|
||||
<listitem>
|
||||
<para>
|
||||
File path to the key store.
|
||||
<emphasis>OPTIONAL.</emphasis> The file or resource attribute
|
||||
must be set.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>resource</term>
|
||||
<listitem>
|
||||
<para>
|
||||
WAR resource path to the KeyStore. This is a path used in method call to ServletContext.getResourceAsStream().
|
||||
<emphasis>OPTIONAL.</emphasis> The file or resource attribute
|
||||
must be set.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>password</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The password of the KeyStore
|
||||
<emphasis>REQUIRED.</emphasis>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</para>
|
||||
<para>
|
||||
You can and must also specify references to your private keys and certificates within
|
||||
the Java KeyStore. The <literal>PrivateKey</literal> and <literal>Certificate</literal>
|
||||
elements do this. The <literal>alias</literal> attribute defines the alias within the
|
||||
KeyStore for the key. For <literal>PrivateKey</literal>, a password is required to access this key
|
||||
specify that value in the <literal>password</literal> attribute.
|
||||
</para>
|
||||
</section>
|
||||
<section id="key_pems">
|
||||
<title>Key PEMS</title>
|
||||
<para>
|
||||
Within the <literal>Key</literal> element you alternatively declare your keys and certificates
|
||||
directly using the sub elements <literal>PrivateKeyPem</literal>, <literal>PublicKeyPem</literal>, and
|
||||
<literal>CertificatePem</literal>. The values contained in these elements must conform to the
|
||||
PEM key format. You usually use this option if you are generating keys using <literal>openssl</literal>
|
||||
</para>
|
||||
</section>
|
||||
</section>
|
||||
<section>
|
||||
<title>SP PrincipalNameMapping element</title>
|
||||
<para>
|
||||
This element is optional. When creating a Java Principal object that you obtain from
|
||||
methods like HttpServletRequest.getUserPrincipal(), you can define what name that is returned
|
||||
by the Principal.getName() method. The <literal>policy</literal> attribute defines the
|
||||
policy used to populate this value. The values are <literal>FROM_NAME_ID</literal>. This policy
|
||||
just grabs whatever the SAML subject value is. The other is <literal>FROM_ATTRIBUTE</literal>. This will
|
||||
pull the value of Principal.getName() from one of the attributes in the SAML assertion received from the server.
|
||||
The default value is <literal>FROM_NAME_ID</literal>.
|
||||
</para>
|
||||
</section>
|
||||
<section>
|
||||
<title>RoleIdentifiers element</title>
|
||||
<para><![CDATA[
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
<Attribute name="member"/>
|
||||
<Attribute name="memberOf"/>
|
||||
</RoleIdentifiers>
|
||||
]]></para>
|
||||
<para>
|
||||
This element is optional. It defines which SAML attribute values in the assertion should be
|
||||
mapped to a Java EE role. By default <literal>Role</literal> attribute values are converted
|
||||
to Java EE roles. Some IDPs send roles via a <literal>member</literal> or <literal>memberOf</literal>
|
||||
attribute assertion. You define one or more <literal>Attribute</literal> elements to specify
|
||||
which SAML attributes must be converted into roles.
|
||||
</para>
|
||||
</section>
|
||||
<section>
|
||||
<title>IDP Element</title>
|
||||
<para>
|
||||
Everything in the IDP element describes the settings for the IDP the SP is communicating
|
||||
with.
|
||||
</para>
|
||||
<para>
|
||||
<![CDATA[
|
||||
<IDP entityID="idp"
|
||||
signaturesRequired="true"
|
||||
signatureAlgorithm="RSA_SHA1"
|
||||
signatureCanonicalizationMethod="http://www.w3.org/2001/10/xml-exc-c14n#">
|
||||
...
|
||||
</IDP>]]>
|
||||
</para>
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>entityID</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the issuer ID of the IDP.
|
||||
<emphasis>REQUIRED.</emphasis>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>signaturesRequired</term>
|
||||
<listitem>
|
||||
<para>
|
||||
If set to true, the client adapter will sign every document
|
||||
it sends to the IDP. Also, the client will expect that the IDP
|
||||
will be signing an documents sent to it. This switch sets
|
||||
the default for all request and response types, but you will see
|
||||
later that you have some fine grain control over this.
|
||||
<emphasis>OPTIONAL.</emphasis>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>signatureAlgorithm</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the signature algorithm that the IDP expects signed documents
|
||||
to use
|
||||
<emphasis>OPTIONAL.</emphasis>. The default value is RSA_SHA256, but
|
||||
you can also use RSA_SHA1, RSA_256, RSA_512, and DSA_SHA1.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>signatureCanonicalizationMethod</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the signature canonicalization method that the IDP expects signed documents
|
||||
to use
|
||||
<emphasis>OPTIONAL.</emphasis>. The default value is <literal>http://www.w3.org/2001/10/xml-exc-c14n#</literal>
|
||||
and should be good for most IDPs.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</section>
|
||||
<section>
|
||||
<title>IDP SingleSignOnService sub element</title>
|
||||
<para>
|
||||
The <literal>SignleSignOnService</literal> sub element defines the
|
||||
login SAML endpoint of the IDP.
|
||||
</para>
|
||||
<para><![CDATA[
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
requestBinding="post"
|
||||
bindingUrl="url"/>
|
||||
]]></para>
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>signRequest</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Should the client sign authn requests?
|
||||
<emphasis>OPTIONAL.</emphasis>. Defaults to whatever the
|
||||
IDP <literal>signaturesRequired</literal> element value is.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>validateResponseSignature</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Should the client expect the IDP to sign the assertion response document
|
||||
sent back from an auhtn request?
|
||||
<emphasis>OPTIONAL.</emphasis> Defaults to whatever the
|
||||
IDP <literal>signaturesRequired</literal> element value is.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>requestBinding</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the SAML binding type used for communicating with the IDP
|
||||
<emphasis>OPTIONAL.</emphasis>. The default value is POST, but
|
||||
you can set it to REDIRECT as well.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>responseBinding</term>
|
||||
<listitem>
|
||||
<para>
|
||||
SAML allows the client to request what binding type it wants authn responses
|
||||
to use. The values of this can be POST or REDIRECT
|
||||
<emphasis>OPTIONAL.</emphasis>. The default is that the client will not request
|
||||
a specific binding type for responses.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>bindingUrl</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the URL for the ID login service that the client will send requests to.
|
||||
<emphasis>REQUIRED.</emphasis>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</section> <section>
|
||||
<title>IDP SingleSignOnService sub element</title>
|
||||
<para>
|
||||
The <literal>SignleSignOnService</literal> sub element defines the
|
||||
login SAML endpoint of the IDP.
|
||||
</para>
|
||||
<para><![CDATA[
|
||||
<SingleLogoutService validateRequestSignature="true"
|
||||
validateResponseSignature="true"
|
||||
signRequest="true"
|
||||
signResponse="true"
|
||||
requestBinding="redirect"
|
||||
responseBinding="post"
|
||||
postBindingUrl="posturl"
|
||||
redirectBindingUrl="redirecturl">
|
||||
]]></para>
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>signRequest</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Should the client sign logout requests it makes to the IDP?
|
||||
<emphasis>OPTIONAL.</emphasis>. Defaults to whatever the
|
||||
IDP <literal>signaturesRequired</literal> element value is.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>signResponse</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Should the client sign logout responses it sends to the IDP requests?
|
||||
<emphasis>OPTIONAL.</emphasis>. Defaults to whatever the
|
||||
IDP <literal>signaturesRequired</literal> element value is.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>validateRequestSignature</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Should the client expect signed logout request documents from the IDP?
|
||||
<emphasis>OPTIONAL.</emphasis> Defaults to whatever the
|
||||
IDP <literal>signaturesRequired</literal> element value is.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>validateResponseSignature</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Should the client expect signed logout response documents from the IDP?
|
||||
<emphasis>OPTIONAL.</emphasis> Defaults to whatever the
|
||||
IDP <literal>signaturesRequired</literal> element value is.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>requestBinding</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the SAML binding type used for communicating SAML requests to the IDP
|
||||
<emphasis>OPTIONAL.</emphasis>. The default value is POST, but
|
||||
you can set it to REDIRECT as well.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>responseBinding</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the SAML binding type used for communicating SAML responses to the IDP
|
||||
The values of this can be POST or REDIRECT
|
||||
<emphasis>OPTIONAL.</emphasis>. The default value is POST, but
|
||||
you can set it to REDIRECT as well.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>postBindingUrl</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the URL for the IDP's logout service when using the POST binding.
|
||||
<emphasis>REQUIRED</emphasis> if using the POST binding at all.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>redirectBindingUrl</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This is the URL for the IDP's logout service when using the REDIRECT binding.
|
||||
<emphasis>REQUIRED</emphasis> if using the REDIRECT binding at all.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</section>
|
||||
<section>
|
||||
<title>IDP Keys subelement</title>
|
||||
<para>
|
||||
The Keys sub element of IDP is only used to define the certificate or
|
||||
public key to use to verify documents signed by the IDP. It is defined
|
||||
in the same way as the <link linkend="sp_keys">SP's Key's element</link>. But
|
||||
again, you only have to define one certificate or public key reference.
|
||||
</para>
|
||||
|
||||
</section>
|
||||
|
||||
</chapter>
|
188
docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml
Executable file
188
docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml
Executable file
|
@ -0,0 +1,188 @@
|
|||
<chapter id="jboss-adapter">
|
||||
<title>JBoss/Wildfly Adapter</title>
|
||||
<para>
|
||||
To be able to secure WAR apps deployed on JBoss EAP 6.x or Wildfly, you must install and
|
||||
configure the Keycloak SAML Adapter Subsystem. You then provide a keycloak
|
||||
config, <literal>/WEB-INF/keycloak-saml</literal> file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml.
|
||||
Both methods are described in this section.
|
||||
</para>
|
||||
<section id="jboss-adapter-installation">
|
||||
<title>Adapter Installation</title>
|
||||
<para>
|
||||
SAML Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
|
||||
the Keycloak download site. They are also available as a maven artifact.
|
||||
</para>
|
||||
<para>
|
||||
Install on Wildfly 9:
|
||||
<programlisting>
|
||||
$ cd $WILDFLY_HOME
|
||||
$ unzip keycloak-saml-wf9-adapter-dist.zip
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Install on JBoss EAP 6.x:
|
||||
<programlisting>
|
||||
$ cd $JBOSS_HOME
|
||||
$ unzip keycloak-saml-eap6-adapter-dist.zip
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
This zip file creates new JBoss Modules specific to the Wildfly Keycloak SAML Adapter within your Wildfly distro.
|
||||
</para>
|
||||
<para>
|
||||
After adding the Keycloak modules, you must then enable the Keycloak SAML Subsystem within your app server's server configuration:
|
||||
<literal>domain.xml</literal> or <literal>standalone.xml</literal>.
|
||||
</para>
|
||||
<para>
|
||||
There is a CLI script that will help you modify your server configuration. Start the server and run the script
|
||||
from the server's bin directory:
|
||||
<programlisting>
|
||||
$ cd $JBOSS_HOME/bin
|
||||
$ jboss-cli.sh -c --file=adapter-install.cli
|
||||
</programlisting>
|
||||
The script will add the extension, subsystem, and optional security-domain as described below.
|
||||
</para>
|
||||
<para>
|
||||
<programlisting><![CDATA[
|
||||
<server xmlns="urn:jboss:domain:1.4">
|
||||
|
||||
<extensions>
|
||||
<extension module="org.keycloak.keycloak-saml-adapter-subsystem"/>
|
||||
...
|
||||
</extensions>
|
||||
|
||||
<profile>
|
||||
<subsystem xmlns="urn:jboss:domain:keycloak-saml:1.6"/>
|
||||
...
|
||||
</profile>
|
||||
]]>
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
The keycloak security domain should be used with EJBs and other components when you need the security context created
|
||||
in the secured web tier to be propagated to the EJBs (other EE component) you are invoking. Otherwise
|
||||
this configuration is optional.
|
||||
</para>
|
||||
<programlisting><![CDATA[
|
||||
<server xmlns="urn:jboss:domain:1.4">
|
||||
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
||||
<security-domains>
|
||||
...
|
||||
<security-domain name="keycloak">
|
||||
<authentication>
|
||||
<login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule"
|
||||
flag="required"/>
|
||||
</authentication>
|
||||
</security-domain>
|
||||
</security-domains>
|
||||
]]>
|
||||
</programlisting>
|
||||
<para>
|
||||
For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want
|
||||
to annotate it with the @SecurityDomain annotation as follows:
|
||||
</para>
|
||||
<programlisting><![CDATA[
|
||||
import org.jboss.ejb3.annotation.SecurityDomain;
|
||||
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||
|
||||
import javax.annotation.security.RolesAllowed;
|
||||
import javax.ejb.EJB;
|
||||
import javax.ejb.Stateless;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
@Path("customers")
|
||||
@Stateless
|
||||
@SecurityDomain("keycloak")
|
||||
public class CustomerService {
|
||||
|
||||
@EJB
|
||||
CustomerDB db;
|
||||
|
||||
@GET
|
||||
@Produces("application/json")
|
||||
@NoCache
|
||||
@RolesAllowed("db_user")
|
||||
public List<String> getCustomers() {
|
||||
return db.getCustomers();
|
||||
}
|
||||
}
|
||||
]]>
|
||||
</programlisting>
|
||||
<para>
|
||||
We hope to improve our integration in the future so that you don't have to specify the @SecurityDomain
|
||||
annotation when you want to propagate a keycloak security context to the EJB tier.
|
||||
</para>
|
||||
|
||||
</section>
|
||||
<section>
|
||||
<title>Required Per WAR Configuration</title>
|
||||
<para>
|
||||
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||
</para>
|
||||
<para>
|
||||
The first thing you must do is create
|
||||
a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
|
||||
of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
|
||||
section.
|
||||
</para>
|
||||
<para>
|
||||
Next you must set the <literal>auth-method</literal> to <literal>KEYCLOAK-SAML</literal> in <literal>web.xml</literal>. You also
|
||||
have to use standard servlet security to specify role-base constraints on your URLs. Here's an example
|
||||
pulled from one of the examples that comes distributed with Keycloak.
|
||||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
<![CDATA[
|
||||
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||
version="3.0">
|
||||
|
||||
<module-name>customer-portal</module-name>
|
||||
|
||||
<security-constraint>
|
||||
<web-resource-collection>
|
||||
<web-resource-name>Admins</web-resource-name>
|
||||
<url-pattern>/admin/*</url-pattern>
|
||||
</web-resource-collection>
|
||||
<auth-constraint>
|
||||
<role-name>admin</role-name>
|
||||
</auth-constraint>
|
||||
<user-data-constraint>
|
||||
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
|
||||
</user-data-constraint>
|
||||
</security-constraint>
|
||||
<security-constraint>
|
||||
<web-resource-collection>
|
||||
<web-resource-name>Customers</web-resource-name>
|
||||
<url-pattern>/customers/*</url-pattern>
|
||||
</web-resource-collection>
|
||||
<auth-constraint>
|
||||
<role-name>user</role-name>
|
||||
</auth-constraint>
|
||||
<user-data-constraint>
|
||||
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
|
||||
</user-data-constraint>
|
||||
</security-constraint>
|
||||
|
||||
<login-config>
|
||||
<auth-method>KEYCLOAK-SAML</auth-method>
|
||||
<realm-name>this is ignored currently</realm-name>
|
||||
</login-config>
|
||||
|
||||
<security-role>
|
||||
<role-name>admin</role-name>
|
||||
</security-role>
|
||||
<security-role>
|
||||
<role-name>user</role-name>
|
||||
</security-role>
|
||||
</web-app>
|
||||
]]>
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
49
docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml
Executable file
49
docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml
Executable file
|
@ -0,0 +1,49 @@
|
|||
<chapter id="jetty8-adapter">
|
||||
<title>Jetty 8.1.x SAML Adapter</title>
|
||||
<para>
|
||||
Keycloak has a separate SAML adapter for Jetty 8.1.x that you will have to install into your Jetty
|
||||
installation. You then have to provide some extra configuration in each WAR you deploy to
|
||||
Jetty. Let's go over these steps.
|
||||
</para>
|
||||
<section id="jetty8-adapter-installation">
|
||||
<title>Adapter Installation</title>
|
||||
<para>
|
||||
Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
|
||||
the Keycloak download site. They are also available as a maven artifact.
|
||||
</para>
|
||||
<para>
|
||||
You must unzip the Jetty 8.1.x distro into Jetty 8.1.x's root directory. Including
|
||||
adapter's jars within your WEB-INF/lib directory will not work!
|
||||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
$ cd $JETTY_HOME
|
||||
$ unzip keycloak-saml-jetty81-adapter-dist.zip
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Next, you will have to enable the keycloak option. Edit start.ini and add keycloak to the options
|
||||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
<![CDATA[
|
||||
#===========================================================
|
||||
# Start classpath OPTIONS.
|
||||
# These control what classes are on the classpath
|
||||
# for a full listing do
|
||||
# java -jar start.jar --list-options
|
||||
#-----------------------------------------------------------
|
||||
OPTIONS=Server,jsp,jmx,resources,websocket,ext,plus,annotations,keycloak
|
||||
]]>
|
||||
</programlisting>
|
||||
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Required Per WAR Configuration</title>
|
||||
<para>
|
||||
Enabling Keycloak for your WARs is the same as the Jetty 9.x adapter. See <link linkend="jetty9_per_war">Required Per WAR Configuration</link>
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
106
docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml
Executable file
106
docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml
Executable file
|
@ -0,0 +1,106 @@
|
|||
<chapter id="jetty9-adapter">
|
||||
<title>Jetty 9.x SAML Adapters</title>
|
||||
<para>
|
||||
Keycloak has a separate SAML adapter for Jetty 9.x. You then have to provide some extra configuration in each WAR you deploy to
|
||||
Jetty. Let's go over these steps.
|
||||
</para>
|
||||
<section id="jetty9-adapter-installation">
|
||||
<title>Adapter Installation</title>
|
||||
<para>
|
||||
Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
|
||||
the Keycloak download site. They are also available as a maven artifact.
|
||||
</para>
|
||||
<para>
|
||||
You must unzip the Jetty 9.x distro into Jetty 9.x's root directory. Including
|
||||
adapter's jars within your WEB-INF/lib directory will not work!
|
||||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
$ cd $JETTY_HOME
|
||||
$ unzip keycloak-saml-jetty92-adapter-dist.zip
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
Next, you will have to enable the keycloak module for your jetty.base.
|
||||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
$ cd your-base
|
||||
$ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak
|
||||
</programlisting>
|
||||
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section id="jetty9_per_war">
|
||||
<title>Required Per WAR Configuration</title>
|
||||
<para>
|
||||
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||
</para>
|
||||
<para>
|
||||
The first thing you must do is create a <literal>WEB-INF/jetty-web.xml</literal> file in your WAR package. This is
|
||||
a Jetty specific config file and you must define a Keycloak specific authenticator within it.
|
||||
</para>
|
||||
<programlisting>
|
||||
<![CDATA[
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||
<Get name="securityHandler">
|
||||
<Set name="authenticator">
|
||||
<New class="org.keycloak.adapters.saml.jetty.KeycloakSamlAuthenticator">
|
||||
</New>
|
||||
</Set>
|
||||
</Get>
|
||||
</Configure>]]>
|
||||
</programlisting>
|
||||
<para>
|
||||
Next you must create
|
||||
a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
|
||||
of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
|
||||
section.
|
||||
</para>
|
||||
<para>
|
||||
Finally you must specify both a <literal>login-config</literal> and use standard servlet security to specify
|
||||
role-base constraints on your URLs. Here's an example:
|
||||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
<![CDATA[
|
||||
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||
version="3.0">
|
||||
|
||||
<module-name>customer-portal</module-name>
|
||||
|
||||
<security-constraint>
|
||||
<web-resource-collection>
|
||||
<web-resource-name>Customers</web-resource-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</web-resource-collection>
|
||||
<auth-constraint>
|
||||
<role-name>user</role-name>
|
||||
</auth-constraint>
|
||||
<user-data-constraint>
|
||||
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
|
||||
</user-data-constraint>
|
||||
</security-constraint>
|
||||
|
||||
<login-config>
|
||||
<auth-method>BASIC</auth-method>
|
||||
<realm-name>this is ignored currently</realm-name>
|
||||
</login-config>
|
||||
|
||||
<security-role>
|
||||
<role-name>admin</role-name>
|
||||
</security-role>
|
||||
<security-role>
|
||||
<role-name>user</role-name>
|
||||
</security-role>
|
||||
</web-app>
|
||||
]]>
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
10
docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml
Executable file
10
docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml
Executable file
|
@ -0,0 +1,10 @@
|
|||
<chapter>
|
||||
<title>Logout</title>
|
||||
<para>
|
||||
There are multiple ways you can logout from a web application. For Java EE servlet containers, you can call
|
||||
HttpServletRequest.logout().
|
||||
For any other browser application, you can point the browser at any url of your web application that has
|
||||
a security constraing and pass in a query parameter GLO, i.e. <literal>http://myapp?GLO=true</literal>.
|
||||
This will log you out if you have an SSO session with your browser.
|
||||
</para>
|
||||
</chapter>
|
56
docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml
Executable file
56
docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml
Executable file
|
@ -0,0 +1,56 @@
|
|||
<chapter id="multi_tenancy">
|
||||
<title>Multi Tenancy</title>
|
||||
<para>
|
||||
Multi Tenancy, in our context, means that one single target application (WAR) can be secured by a single (or clustered) Keycloak server, authenticating
|
||||
its users against different realms. In practice, this means that one application needs to use different <literal>keycloak.json</literal> files.
|
||||
For this case, there are two possible solutions:
|
||||
<itemizedlist>
|
||||
|
||||
<listitem>
|
||||
The same WAR file deployed under two different names, each with its own Keycloak configuration (probably via the Keycloak Subsystem).
|
||||
This scenario is suitable when the number of realms is known in advance or when there's a dynamic provision of application instances.
|
||||
One example would be a service provider that dynamically creates servers/deployments for their clients, like a PaaS.
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
A WAR file deployed once (possibly in a cluster), that decides which realm to authenticate against based on the request parameters.
|
||||
This scenario is suitable when there are an undefined number of realms. One example would be a SaaS provider that have only one deployment
|
||||
(perhaps in a cluster) serving several companies, differentiating between clients based on the hostname
|
||||
(<literal>client1.acme.com</literal>, <literal>client2.acme.com</literal>) or path (<literal>/app/client1/</literal>,
|
||||
<literal>/app/client2/</literal>) or even via a special HTTP Header.
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
|
||||
This chapter of the reference guide focus on this second scenario.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Keycloak provides an extension point for applications that need to evaluate the realm on a request basis. During the authentication
|
||||
and authorization phase of the incoming request, Keycloak queries the application via this extension point and expects the application
|
||||
to return a complete representation of the realm. With this, Keycloak then proceeds the authentication and authorization process,
|
||||
accepting or refusing the request based on the incoming credentials and on the returned realm.
|
||||
|
||||
For this scenario, an application needs to:
|
||||
|
||||
<itemizedlist>
|
||||
|
||||
<listitem>
|
||||
Add a context parameter to the <literal>web.xml</literal>, named <literal>keycloak.config.resolver</literal>.
|
||||
The value of this property should be the fully qualified name of the class extending
|
||||
<literal>org.keycloak.adapters.KeycloakConfigResolver</literal>.
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
A concrete implementation of <literal>org.keycloak.adapters.KeycloakConfigResolver</literal>. Keycloak will call the
|
||||
<literal>resolve(org.keycloak.adapters.HttpFacade.Request)</literal> method and expects a complete
|
||||
<literal>org.keycloak.adapters.KeycloakDeployment</literal> in response. Note that Keycloak will call this for every request,
|
||||
so, take the usual performance precautions.
|
||||
</listitem>
|
||||
|
||||
</itemizedlist>
|
||||
</para>
|
||||
<para>
|
||||
An implementation of this feature can be found in the examples.
|
||||
</para>
|
||||
</chapter>
|
92
docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml
Executable file
92
docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml
Executable file
|
@ -0,0 +1,92 @@
|
|||
<chapter id="tomcat-adapter">
|
||||
<title>Tomcat 6, 7 and 8 SAML dapters</title>
|
||||
<para>
|
||||
To be able to secure WAR apps deployed on Tomcat 6, 7 and 8 you must install the Keycloak Tomcat 6, 7 or 8 SAML adapter
|
||||
into your Tomcat installation. You then have to provide some extra configuration in each WAR you deploy to
|
||||
Tomcat. Let's go over these steps.
|
||||
</para>
|
||||
<section id="tomcat-adapter-installation">
|
||||
<title>Adapter Installation</title>
|
||||
<para>
|
||||
Adapters are no longer included with the appliance or war distribution. Each adapter is a separate download on
|
||||
the Keycloak download site. They are also available as a maven artifact.
|
||||
</para>
|
||||
<para>
|
||||
You must unzip the adapter distro into Tomcat's <literal>lib/</literal> directory. Including
|
||||
adapter's jars within your WEB-INF/lib directory will not work! The Keycloak SAML adapter is implemented as a Valve
|
||||
and valve code must reside in Tomcat's main lib/ directory.
|
||||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
$ cd $TOMCAT_HOME/lib
|
||||
$ unzip keycloak-saml-tomcat6-adapter-dist.zip
|
||||
or
|
||||
$ unzip keycloak-saml-tomcat7-adapter-dist.zip
|
||||
or
|
||||
$ unzip keycloak-saml-tomcat8-adapter-dist.zip
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Required Per WAR Configuration</title>
|
||||
<para>
|
||||
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||
</para>
|
||||
<para>
|
||||
The first thing you must do is create a <literal>META-INF/context.xml</literal> file in your WAR package. This is
|
||||
a Tomcat specific config file and you must define a Keycloak specific Valve.
|
||||
</para>
|
||||
<programlisting>
|
||||
<![CDATA[
|
||||
<Context path="/your-context-path">
|
||||
<Valve className="org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve"/>
|
||||
</Context>]]>
|
||||
</programlisting>
|
||||
<para>
|
||||
Next you must create
|
||||
a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
|
||||
of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
|
||||
section.
|
||||
</para>
|
||||
<para>
|
||||
Finally you must specify both a <literal>login-config</literal> and use standard servlet security to specify
|
||||
role-base constraints on your URLs. Here's an example:
|
||||
</para>
|
||||
<para>
|
||||
<programlisting>
|
||||
<![CDATA[
|
||||
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||
version="3.0">
|
||||
|
||||
<module-name>customer-portal</module-name>
|
||||
|
||||
<security-constraint>
|
||||
<web-resource-collection>
|
||||
<web-resource-name>Customers</web-resource-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</web-resource-collection>
|
||||
<auth-constraint>
|
||||
<role-name>user</role-name>
|
||||
</auth-constraint>
|
||||
</security-constraint>
|
||||
|
||||
<login-config>
|
||||
<auth-method>BASIC</auth-method>
|
||||
<realm-name>this is ignored currently</realm-name>
|
||||
</login-config>
|
||||
|
||||
<security-role>
|
||||
<role-name>admin</role-name>
|
||||
</security-role>
|
||||
<security-role>
|
||||
<role-name>user</role-name>
|
||||
</security-role>
|
||||
</web-app>
|
||||
]]>
|
||||
</programlisting>
|
||||
</para>
|
||||
</section>
|
||||
</chapter>
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
58
pom.xml
58
pom.xml
|
@ -892,6 +892,16 @@
|
|||
<artifactId>keycloak-saml-tomcat6-adapter</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-subsystem</artifactId>
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat7-adapter</artifactId>
|
||||
|
@ -1098,6 +1108,12 @@
|
|||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-as7-modules</artifactId>
|
||||
|
@ -1253,6 +1269,48 @@
|
|||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat6-adapter-dist</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat7-adapter-dist</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat8-adapter-dist</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty81-adapter-dist</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-jetty92-adapter-dist</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-adapter-dist</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-eap6-adapter-dist</artifactId>
|
||||
<version>${project.version}</version>
|
||||
<type>zip</type>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-testsuite-integration</artifactId>
|
||||
|
|
101
saml/client-adapter/as7-eap6/adapter/pom.xml
Executable file
101
saml/client-adapter/as7-eap6/adapter/pom.xml
Executable file
|
@ -0,0 +1,101 @@
|
|||
<?xml version="1.0"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||
<name>Keycloak SAML AS7 Integration</name>
|
||||
<description/>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-common</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-as7-adapter-spi</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-adapter-spi</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-adapter-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-adapter-core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.spec.javax.servlet</groupId>
|
||||
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.logging</groupId>
|
||||
<artifactId>jboss-logging</artifactId>
|
||||
<version>${jboss.logging.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.web</groupId>
|
||||
<artifactId>jbossweb</artifactId>
|
||||
<version>7.0.17.Final</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jboss.as</groupId>
|
||||
<artifactId>jboss-as-web</artifactId>
|
||||
<version>7.1.2.Final</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-tomcat-adapter-core</artifactId>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>org.apache.tomcat</groupId>
|
||||
<artifactId>tomcat-servlet-api</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.tomcat</groupId>
|
||||
<artifactId>tomcat-catalina</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.tomcat</groupId>
|
||||
<artifactId>catalina</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<configuration>
|
||||
<source>${maven.compiler.source}</source>
|
||||
<target>${maven.compiler.target}</target>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
|
@ -0,0 +1,57 @@
|
|||
package org.keycloak.adapters.saml.jbossweb;
|
||||
|
||||
import org.apache.catalina.LifecycleException;
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.catalina.core.StandardContext;
|
||||
import org.apache.catalina.deploy.LoginConfig;
|
||||
import org.keycloak.adapters.jbossweb.JBossWebPrincipalFactory;
|
||||
import org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve;
|
||||
import org.keycloak.adapters.saml.SamlDeployment;
|
||||
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
|
||||
/**
|
||||
* Keycloak authentication valve
|
||||
*
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class SamlAuthenticatorValve extends AbstractSamlAuthenticatorValve {
|
||||
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws java.io.IOException {
|
||||
return authenticateInternal(request, response, config);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException {
|
||||
if (loginConfig == null) return false;
|
||||
LoginConfig config = (LoginConfig)loginConfig;
|
||||
if (config.getErrorPage() == null) return false;
|
||||
forwardToErrorPage(request, (Response)response, config);
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void forwardToLogoutPage(Request request, HttpServletResponse response, SamlDeployment deployment) {
|
||||
super.forwardToLogoutPage(request, response, deployment);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void start() throws LifecycleException {
|
||||
StandardContext standardContext = (StandardContext) context;
|
||||
standardContext.addLifecycleListener(this);
|
||||
super.start();
|
||||
}
|
||||
|
||||
|
||||
public void logout(Request request) {
|
||||
logoutInternal(request);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected GenericPrincipalFactory createPrincipalFactory() {
|
||||
return new JBossWebPrincipalFactory();
|
||||
}
|
||||
}
|
20
saml/client-adapter/as7-eap6/pom.xml
Executable file
20
saml/client-adapter/as7-eap6/pom.xml
Executable file
|
@ -0,0 +1,20 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<parent>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
<name>Keycloak SAML EAP Integration</name>
|
||||
<description/>
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<artifactId>keycloak-saml-eap-integration-pom</artifactId>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<modules>
|
||||
<module>adapter</module>
|
||||
<module>subsystem</module>
|
||||
</modules>
|
||||
</project>
|
115
saml/client-adapter/as7-eap6/subsystem/pom.xml
Executable file
115
saml/client-adapter/as7-eap6/subsystem/pom.xml
Executable file
|
@ -0,0 +1,115 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright 2013 JBoss Inc
|
||||
~
|
||||
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
~ you may not use this file except in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing, software
|
||||
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
~ See the License for the specific language governing permissions and
|
||||
~ limitations under the License.
|
||||
-->
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
|
||||
<parent>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-parent</artifactId>
|
||||
<version>1.6.0.Final-SNAPSHOT</version>
|
||||
<relativePath>../../../../pom.xml</relativePath>
|
||||
</parent>
|
||||
|
||||
<artifactId>keycloak-saml-as7-subsystem</artifactId>
|
||||
<name>Keycloak SAML AS7 Subsystem</name>
|
||||
<description/>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<version>2.8.1</version>
|
||||
<configuration>
|
||||
<redirectTestOutputToFile>false</redirectTestOutputToFile>
|
||||
<enableAssertions>true</enableAssertions>
|
||||
<argLine>-Xmx512m</argLine>
|
||||
<systemProperties>
|
||||
<property>
|
||||
<name>jboss.home</name>
|
||||
<value>${jboss.home}</value>
|
||||
</property>
|
||||
</systemProperties>
|
||||
<includes>
|
||||
<include>**/*TestCase.java</include>
|
||||
</includes>
|
||||
<forkMode>once</forkMode>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.keycloak</groupId>
|
||||
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jboss.as</groupId>
|
||||
<artifactId>jboss-as-naming</artifactId>
|
||||
<version>${jboss.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jboss.as</groupId>
|
||||
<artifactId>jboss-as-server</artifactId>
|
||||
<version>${jboss.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jboss.as</groupId>
|
||||
<artifactId>jboss-as-ee</artifactId>
|
||||
<version>${jboss.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jboss.as</groupId>
|
||||
<artifactId>jboss-as-web</artifactId>
|
||||
<version>${jboss.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jboss.logging</groupId>
|
||||
<artifactId>jboss-logging</artifactId>
|
||||
<version>3.1.0.GA</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jboss.logging</groupId>
|
||||
<artifactId>jboss-logging-processor</artifactId>
|
||||
<!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
|
||||
projects that depend on this project.-->
|
||||
<scope>provided</scope>
|
||||
<optional>true</optional>
|
||||
<version>1.0.0.Final</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.jboss.msc</groupId>
|
||||
<artifactId>jboss-msc</artifactId>
|
||||
<version>1.0.2.GA</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
|
@ -0,0 +1,93 @@
|
|||
/*
|
||||
* Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
|
||||
* as indicated by the @author tags. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy of
|
||||
* the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.server.deployment.DeploymentPhaseContext;
|
||||
import org.jboss.as.server.deployment.DeploymentUnit;
|
||||
import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
|
||||
import org.jboss.as.server.deployment.DeploymentUnitProcessor;
|
||||
import org.jboss.as.web.deployment.WarMetaData;
|
||||
import org.jboss.logging.Logger;
|
||||
import org.jboss.metadata.javaee.spec.ParamValueMetaData;
|
||||
import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
||||
import org.jboss.metadata.web.jboss.ValveMetaData;
|
||||
import org.jboss.metadata.web.spec.LoginConfigMetaData;
|
||||
import org.keycloak.adapters.saml.jbossweb.SamlAuthenticatorValve;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
|
||||
*
|
||||
* @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
|
||||
*/
|
||||
public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitProcessor {
|
||||
protected Logger log = Logger.getLogger(KeycloakAdapterConfigDeploymentProcessor.class);
|
||||
|
||||
// This param name is defined again in Keycloak Undertow Integration class
|
||||
// org.keycloak.adapters.undertow.KeycloakServletExtension. We have this value in
|
||||
// two places to avoid dependency between Keycloak Subsystem and Keyclaok Undertow Integration.
|
||||
public static final String AUTH_DATA_PARAM_NAME = "org.keycloak.saml.adapterConfig";
|
||||
|
||||
|
||||
@Override
|
||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||
String deploymentName = deploymentUnit.getName();
|
||||
|
||||
// if it's not a web-app there's nothing to secure
|
||||
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||
if (warMetaData == null) {
|
||||
return;
|
||||
}
|
||||
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
||||
if (webMetaData == null) {
|
||||
webMetaData = new JBossWebMetaData();
|
||||
warMetaData.setMergedJBossWebMetaData(webMetaData);
|
||||
}
|
||||
|
||||
// otherwise
|
||||
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
|
||||
|
||||
boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod());
|
||||
|
||||
if (webRequiresKC) {
|
||||
log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentName);
|
||||
addValve(webMetaData);
|
||||
}
|
||||
}
|
||||
|
||||
private void addValve(JBossWebMetaData webMetaData) {
|
||||
List<ValveMetaData> valves = webMetaData.getValves();
|
||||
if (valves == null) {
|
||||
valves = new ArrayList<ValveMetaData>(1);
|
||||
webMetaData.setValves(valves);
|
||||
}
|
||||
ValveMetaData valve = new ValveMetaData();
|
||||
valve.setValveClass(SamlAuthenticatorValve.class.getName());
|
||||
valve.setModule("org.keycloak.keycloak-saml-as7-adapter");
|
||||
//log.info("******* adding Keycloak valve to: " + deploymentName);
|
||||
valves.add(valve);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void undeploy(DeploymentUnit du) {
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,67 @@
|
|||
/*
|
||||
* Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
|
||||
* as indicated by the @author tags. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy of
|
||||
* the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.server.deployment.Attachments;
|
||||
import org.jboss.as.server.deployment.DeploymentPhaseContext;
|
||||
import org.jboss.as.server.deployment.DeploymentUnit;
|
||||
import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
|
||||
import org.jboss.as.server.deployment.DeploymentUnitProcessor;
|
||||
import org.jboss.as.server.deployment.module.ModuleDependency;
|
||||
import org.jboss.as.server.deployment.module.ModuleSpecification;
|
||||
import org.jboss.modules.Module;
|
||||
import org.jboss.modules.ModuleIdentifier;
|
||||
import org.jboss.modules.ModuleLoader;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
||||
*/
|
||||
public abstract class KeycloakDependencyProcessor implements DeploymentUnitProcessor {
|
||||
|
||||
private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core");
|
||||
private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core");
|
||||
private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common");
|
||||
|
||||
@Override
|
||||
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||
|
||||
// Next phase, need to detect if this is a Keycloak deployment. If not, don't add the modules.
|
||||
|
||||
final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
|
||||
final ModuleLoader moduleLoader = Module.getBootModuleLoader();
|
||||
addCommonModules(moduleSpecification, moduleLoader);
|
||||
addPlatformSpecificModules(moduleSpecification, moduleLoader);
|
||||
}
|
||||
|
||||
private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
|
||||
// ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
|
||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false));
|
||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false));
|
||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
|
||||
}
|
||||
|
||||
abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
|
||||
|
||||
@Override
|
||||
public void undeploy(DeploymentUnit du) {
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,19 @@
|
|||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.server.deployment.module.ModuleDependency;
|
||||
import org.jboss.as.server.deployment.module.ModuleSpecification;
|
||||
import org.jboss.modules.ModuleIdentifier;
|
||||
import org.jboss.modules.ModuleLoader;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:marko.strukelj@gmail.com">Marko Strukelj</a>
|
||||
*/
|
||||
public class KeycloakDependencyProcessorAS7 extends KeycloakDependencyProcessor {
|
||||
|
||||
private static final ModuleIdentifier KEYCLOAK_AS7_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-as7-adapter");
|
||||
|
||||
@Override
|
||||
protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
|
||||
// ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
|
||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_AS7_ADAPTER, false, false, true, false));
|
||||
}}
|
|
@ -0,0 +1,76 @@
|
|||
/*
|
||||
* Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
|
||||
* as indicated by the @author tags. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy of
|
||||
* the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.controller.Extension;
|
||||
import org.jboss.as.controller.ExtensionContext;
|
||||
import org.jboss.as.controller.PathElement;
|
||||
import org.jboss.as.controller.ResourceDefinition;
|
||||
import org.jboss.as.controller.SubsystemRegistration;
|
||||
import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
|
||||
import org.jboss.as.controller.parsing.ExtensionParsingContext;
|
||||
import org.jboss.as.controller.registry.ManagementResourceRegistration;
|
||||
|
||||
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
|
||||
|
||||
|
||||
/**
|
||||
* Main Extension class for the subsystem.
|
||||
*
|
||||
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
||||
*/
|
||||
public class KeycloakSamlExtension implements Extension {
|
||||
|
||||
public static final String SUBSYSTEM_NAME = "keycloak-saml";
|
||||
public static final String NAMESPACE = "urn:jboss:domain:keycloak-saml:1.6";
|
||||
private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser();
|
||||
static final PathElement PATH_SUBSYSTEM = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
|
||||
private static final String RESOURCE_NAME = KeycloakSamlExtension.class.getPackage().getName() + ".LocalDescriptions";
|
||||
private static final int MGMT_API_VERSION_MAJOR = 1;
|
||||
private static final int MGMT_API_VERSION_MINOR = 1;
|
||||
|
||||
static final PathElement SUBSYSTEM_PATH = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
|
||||
private static final ResourceDefinition KEYCLOAK_SUBSYSTEM_RESOURCE = new KeycloakSubsystemDefinition();
|
||||
|
||||
public static StandardResourceDescriptionResolver getResourceDescriptionResolver(final String... keyPrefix) {
|
||||
StringBuilder prefix = new StringBuilder(SUBSYSTEM_NAME);
|
||||
for (String kp : keyPrefix) {
|
||||
prefix.append('.').append(kp);
|
||||
}
|
||||
return new StandardResourceDescriptionResolver(prefix.toString(), RESOURCE_NAME, KeycloakSamlExtension.class.getClassLoader(), true, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public void initializeParsers(final ExtensionParsingContext context) {
|
||||
context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakSamlExtension.NAMESPACE, PARSER);
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public void initialize(final ExtensionContext context) {
|
||||
final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, MGMT_API_VERSION_MAJOR, MGMT_API_VERSION_MINOR);
|
||||
|
||||
ManagementResourceRegistration registration = subsystem.registerSubsystemModel(KEYCLOAK_SUBSYSTEM_RESOURCE);
|
||||
|
||||
subsystem.registerXMLElementWriter(PARSER);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,59 @@
|
|||
/*
|
||||
* Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
|
||||
* as indicated by the @author tags. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy of
|
||||
* the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
|
||||
import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
|
||||
import org.jboss.as.controller.OperationContext;
|
||||
import org.jboss.as.controller.OperationFailedException;
|
||||
import org.jboss.as.controller.ServiceVerificationHandler;
|
||||
import org.jboss.as.server.AbstractDeploymentChainStep;
|
||||
import org.jboss.as.server.DeploymentProcessorTarget;
|
||||
import org.jboss.as.server.deployment.Phase;
|
||||
import org.jboss.dmr.ModelNode;
|
||||
import org.jboss.msc.service.ServiceController;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* The Keycloak subsystem add update handler.
|
||||
*
|
||||
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
||||
*/
|
||||
class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
|
||||
|
||||
static final KeycloakSubsystemAdd INSTANCE = new KeycloakSubsystemAdd();
|
||||
|
||||
@Override
|
||||
protected void performBoottime(final OperationContext context, ModelNode operation, final ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) {
|
||||
context.addStep(new AbstractDeploymentChainStep() {
|
||||
@Override
|
||||
protected void execute(DeploymentProcessorTarget processorTarget) {
|
||||
processorTarget.addDeploymentProcessor(Phase.DEPENDENCIES, 0, new KeycloakDependencyProcessorAS7());
|
||||
processorTarget.addDeploymentProcessor(
|
||||
Phase.POST_MODULE, // PHASE
|
||||
Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY
|
||||
new KeycloakAdapterConfigDeploymentProcessor());
|
||||
}
|
||||
}, OperationContext.Stage.RUNTIME);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
|
||||
model.setEmptyObject();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,47 @@
|
|||
/*
|
||||
* Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
|
||||
* as indicated by the @author tags. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy of
|
||||
* the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
|
||||
import org.jboss.as.controller.SimpleResourceDefinition;
|
||||
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
|
||||
import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
|
||||
import org.jboss.as.controller.registry.ManagementResourceRegistration;
|
||||
import org.jboss.as.controller.registry.OperationEntry;
|
||||
|
||||
/**
|
||||
* Definition of subsystem=keycloak.
|
||||
*
|
||||
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
||||
*/
|
||||
public class KeycloakSubsystemDefinition extends SimpleResourceDefinition {
|
||||
protected KeycloakSubsystemDefinition() {
|
||||
super(KeycloakSamlExtension.SUBSYSTEM_PATH,
|
||||
KeycloakSamlExtension.getResourceDescriptionResolver("subsystem"),
|
||||
KeycloakSubsystemAdd.INSTANCE,
|
||||
ReloadRequiredRemoveStepHandler.INSTANCE
|
||||
);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void registerOperations(ManagementResourceRegistration resourceRegistration) {
|
||||
super.registerOperations(resourceRegistration);
|
||||
resourceRegistration.registerOperationHandler(ModelDescriptionConstants.DESCRIBE, GenericSubsystemDescribeHandler.INSTANCE, GenericSubsystemDescribeHandler.INSTANCE, false, OperationEntry.EntryType.PRIVATE);
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,67 @@
|
|||
/*
|
||||
* Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
|
||||
* as indicated by the @author tags. All rights reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
* use this file except in compliance with the License. You may obtain a copy of
|
||||
* the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
* License for the specific language governing permissions and limitations under
|
||||
* the License.
|
||||
*/
|
||||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.controller.PathAddress;
|
||||
import org.jboss.as.controller.parsing.ParseUtils;
|
||||
import org.jboss.as.controller.persistence.SubsystemMarshallingContext;
|
||||
import org.jboss.dmr.ModelNode;
|
||||
import org.jboss.staxmapper.XMLElementReader;
|
||||
import org.jboss.staxmapper.XMLElementWriter;
|
||||
import org.jboss.staxmapper.XMLExtendedStreamReader;
|
||||
import org.jboss.staxmapper.XMLExtendedStreamWriter;
|
||||
|
||||
import javax.xml.stream.XMLStreamConstants;
|
||||
import javax.xml.stream.XMLStreamException;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* The subsystem parser, which uses stax to read and write to and from xml
|
||||
*/
|
||||
class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<List<ModelNode>>, XMLElementWriter<SubsystemMarshallingContext> {
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public void readElement(final XMLExtendedStreamReader reader, final List<ModelNode> list) throws XMLStreamException {
|
||||
// Require no attributes
|
||||
ParseUtils.requireNoAttributes(reader);
|
||||
ModelNode addKeycloakSub = org.jboss.as.controller.operations.common.Util.createAddOperation(PathAddress.pathAddress(KeycloakSamlExtension.PATH_SUBSYSTEM));
|
||||
list.add(addKeycloakSub);
|
||||
|
||||
while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
|
||||
}
|
||||
}
|
||||
|
||||
// used for debugging
|
||||
private int nextTag(XMLExtendedStreamReader reader) throws XMLStreamException {
|
||||
return reader.nextTag();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@Override
|
||||
public void writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
|
||||
context.startSubsystemElement(KeycloakSamlExtension.NAMESPACE, false);
|
||||
writer.writeEndElement();
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,42 @@
|
|||
package org.keycloak.subsystem.saml.as7;
|
||||
|
||||
import org.jboss.as.controller.PathAddress;
|
||||
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
|
||||
import org.jboss.dmr.ModelNode;
|
||||
|
||||
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
|
||||
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class Util {
|
||||
public static ModelNode createAddOperation(final PathAddress address) {
|
||||
return createOperation(ModelDescriptionConstants.ADD, address);
|
||||
}
|
||||
|
||||
public static ModelNode createAddOperation() {
|
||||
return createEmptyOperation(ModelDescriptionConstants.ADD, null);
|
||||
}
|
||||
|
||||
public static ModelNode createRemoveOperation(final PathAddress address) {
|
||||
return createOperation(ModelDescriptionConstants.REMOVE, address);
|
||||
}
|
||||
|
||||
public static ModelNode createOperation(final String operationName, final PathAddress address) {
|
||||
return createEmptyOperation(operationName, address);
|
||||
}
|
||||
|
||||
public static ModelNode createEmptyOperation(String operationName, final PathAddress address) {
|
||||
ModelNode op = new ModelNode();
|
||||
op.get(OP).set(operationName);
|
||||
if (address != null) {
|
||||
op.get(OP_ADDR).set(address.toModelNode());
|
||||
} else {
|
||||
// Just establish the standard structure; caller can fill in address later
|
||||
op.get(OP_ADDR);
|
||||
}
|
||||
return op;
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
org.keycloak.subsystem.saml.as7.KeycloakSamlExtension
|
|
@ -292,15 +292,14 @@ public abstract class SamlAuthenticator {
|
|||
}
|
||||
}
|
||||
}
|
||||
if (deployment.getPrincipalNamePolicy() == SamlDeployment.PrincipalNamePolicy.FROM_ATTRIBUTE_NAME) {
|
||||
if (deployment.getPrincipalNamePolicy() == SamlDeployment.PrincipalNamePolicy.FROM_ATTRIBUTE) {
|
||||
if (deployment.getPrincipalAttributeName() != null) {
|
||||
String attribute = attributes.getFirst(deployment.getPrincipalAttributeName());
|
||||
if (attribute != null) principalName = attribute;
|
||||
}
|
||||
} else if (deployment.getPrincipalNamePolicy() == SamlDeployment.PrincipalNamePolicy.FROM_FRIENDLY_ATTRIBUTE_NAME) {
|
||||
if (deployment.getPrincipalAttributeName() != null) {
|
||||
String attribute = friendlyAttributes.getFirst(deployment.getPrincipalAttributeName());
|
||||
if (attribute != null) principalName = attribute;
|
||||
else {
|
||||
attribute = friendlyAttributes.getFirst(deployment.getPrincipalAttributeName());
|
||||
if (attribute != null) principalName = attribute;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -67,8 +67,7 @@ public interface SamlDeployment {
|
|||
|
||||
enum PrincipalNamePolicy {
|
||||
FROM_NAME_ID,
|
||||
FROM_ATTRIBUTE_NAME,
|
||||
FROM_FRIENDLY_ATTRIBUTE_NAME
|
||||
FROM_ATTRIBUTE
|
||||
}
|
||||
PrincipalNamePolicy getPrincipalNamePolicy();
|
||||
String getPrincipalAttributeName();
|
||||
|
|
|
@ -37,7 +37,7 @@ public class ConfigXmlConstants {
|
|||
public static final String ATTRIBUTE_ATTR = "attribute";
|
||||
|
||||
|
||||
public static final String ROLE_MAPPING_ELEMENT = "RoleMapping";
|
||||
public static final String ROLE_IDENTIFIERS_ELEMENT = "RoleIdentifiers";
|
||||
public static final String ATTRIBUTE_ELEMENT = "Attribute";
|
||||
public static final String NAME_ATTR = "name";
|
||||
|
||||
|
|
|
@ -20,6 +20,8 @@ import java.security.KeyStoreException;
|
|||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.Certificate;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
|
@ -52,6 +54,11 @@ public class DeploymentBuilder {
|
|||
deployment.setPrincipalAttributeName(sp.getPrincipalNameMapping().getAttributeName());
|
||||
}
|
||||
deployment.setRoleAttributeNames(sp.getRoleAttributes());
|
||||
if (sp.getRoleAttributes() == null) {
|
||||
Set<String> roles = new HashSet<>();
|
||||
roles.add("Role");
|
||||
deployment.setRoleAttributeNames(roles);
|
||||
}
|
||||
if (sp.getSslPolicy() != null) {
|
||||
SslRequired ssl = SslRequired.valueOf(sp.getSslPolicy());
|
||||
deployment.setSslRequired(ssl);
|
||||
|
|
|
@ -24,16 +24,16 @@ public class IDPXmlParser extends AbstractParser {
|
|||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.IDP_ELEMENT);
|
||||
IDP idp = new IDP();
|
||||
String entityID = StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.ENTITY_ID_ATTR);
|
||||
String entityID = SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.ENTITY_ID_ATTR);
|
||||
if (entityID == null) {
|
||||
throw new ParsingException("entityID must be set on IDP");
|
||||
|
||||
}
|
||||
idp.setEntityID(entityID);
|
||||
|
||||
boolean signaturesRequired = StaxParserUtil.getBooleanAttributeValue(startElement, ConfigXmlConstants.SIGNATURES_REQUIRED_ATTR);
|
||||
idp.setSignatureCanonicalizationMethod(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.SIGNATURE_CANONICALIZATION_METHOD_ATTR));
|
||||
idp.setSignatureAlgorithm(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.SIGNATURE_ALGORITHM_ATTR));
|
||||
boolean signaturesRequired = SPXmlParser.getBooleanAttributeValue(startElement, ConfigXmlConstants.SIGNATURES_REQUIRED_ATTR);
|
||||
idp.setSignatureCanonicalizationMethod(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.SIGNATURE_CANONICALIZATION_METHOD_ATTR));
|
||||
idp.setSignatureAlgorithm(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.SIGNATURE_ALGORITHM_ATTR));
|
||||
while (xmlEventReader.hasNext()) {
|
||||
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
||||
if (xmlEvent == null)
|
||||
|
@ -73,25 +73,25 @@ public class IDPXmlParser extends AbstractParser {
|
|||
protected IDP.SingleLogoutService parseSingleLogoutService(XMLEventReader xmlEventReader, boolean signaturesRequired) throws ParsingException {
|
||||
IDP.SingleLogoutService slo = new IDP.SingleLogoutService();
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
slo.setSignRequest(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_REQUEST_ATTR, signaturesRequired));
|
||||
slo.setValidateResponseSignature(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_RESPONSE_SIGNATURE_ATTR, signaturesRequired));
|
||||
slo.setValidateRequestSignature(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_REQUEST_SIGNATURE_ATTR, signaturesRequired));
|
||||
slo.setRequestBinding(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.REQUEST_BINDING_ATTR));
|
||||
slo.setResponseBinding(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.RESPONSE_BINDING_ATTR));
|
||||
slo.setSignResponse(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_RESPONSE_ATTR, signaturesRequired));
|
||||
slo.setPostBindingUrl(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.POST_BINDING_URL_ATTR));
|
||||
slo.setRedirectBindingUrl(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.REDIRECT_BINDING_URL_ATTR));
|
||||
slo.setSignRequest(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_REQUEST_ATTR, signaturesRequired));
|
||||
slo.setValidateResponseSignature(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_RESPONSE_SIGNATURE_ATTR, signaturesRequired));
|
||||
slo.setValidateRequestSignature(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_REQUEST_SIGNATURE_ATTR, signaturesRequired));
|
||||
slo.setRequestBinding(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.REQUEST_BINDING_ATTR));
|
||||
slo.setResponseBinding(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.RESPONSE_BINDING_ATTR));
|
||||
slo.setSignResponse(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_RESPONSE_ATTR, signaturesRequired));
|
||||
slo.setPostBindingUrl(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.POST_BINDING_URL_ATTR));
|
||||
slo.setRedirectBindingUrl(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.REDIRECT_BINDING_URL_ATTR));
|
||||
return slo;
|
||||
}
|
||||
|
||||
protected IDP.SingleSignOnService parseSingleSignOnService(XMLEventReader xmlEventReader, boolean signaturesRequired) throws ParsingException {
|
||||
IDP.SingleSignOnService sso = new IDP.SingleSignOnService();
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
sso.setSignRequest(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_REQUEST_ATTR, signaturesRequired));
|
||||
sso.setValidateResponseSignature(StaxParserUtil.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_RESPONSE_SIGNATURE_ATTR, signaturesRequired));
|
||||
sso.setRequestBinding(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.REQUEST_BINDING_ATTR));
|
||||
sso.setResponseBinding(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.RESPONSE_BINDING_ATTR));
|
||||
sso.setBindingUrl(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.BINDING_URL_ATTR));
|
||||
sso.setSignRequest(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.SIGN_REQUEST_ATTR, signaturesRequired));
|
||||
sso.setValidateResponseSignature(SPXmlParser.getBooleanAttributeValue(element, ConfigXmlConstants.VALIDATE_RESPONSE_SIGNATURE_ATTR, signaturesRequired));
|
||||
sso.setRequestBinding(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.REQUEST_BINDING_ATTR));
|
||||
sso.setResponseBinding(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.RESPONSE_BINDING_ATTR));
|
||||
sso.setBindingUrl(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.BINDING_URL_ATTR));
|
||||
return sso;
|
||||
}
|
||||
|
||||
|
|
|
@ -7,8 +7,6 @@ import org.keycloak.saml.common.util.StaxParserUtil;
|
|||
|
||||
import javax.xml.namespace.QName;
|
||||
import javax.xml.stream.XMLEventReader;
|
||||
import javax.xml.stream.XMLStreamException;
|
||||
import javax.xml.stream.events.Characters;
|
||||
import javax.xml.stream.events.EndElement;
|
||||
import javax.xml.stream.events.StartElement;
|
||||
import javax.xml.stream.events.XMLEvent;
|
||||
|
@ -24,8 +22,8 @@ public class KeyXmlParser extends AbstractParser {
|
|||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.KEY_ELEMENT);
|
||||
Key key = new Key();
|
||||
key.setSigning(StaxParserUtil.getBooleanAttributeValue(startElement, ConfigXmlConstants.SIGNING_ATTR));
|
||||
key.setEncryption(StaxParserUtil.getBooleanAttributeValue(startElement, ConfigXmlConstants.ENCRYPTION_ATTR));
|
||||
key.setSigning(SPXmlParser.getBooleanAttributeValue(startElement, ConfigXmlConstants.SIGNING_ATTR));
|
||||
key.setEncryption(SPXmlParser.getBooleanAttributeValue(startElement, ConfigXmlConstants.ENCRYPTION_ATTR));
|
||||
while (xmlEventReader.hasNext()) {
|
||||
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
||||
if (xmlEvent == null)
|
||||
|
@ -46,13 +44,13 @@ public class KeyXmlParser extends AbstractParser {
|
|||
key.setKeystore(parseKeyStore(xmlEventReader));
|
||||
} else if (tag.equals(ConfigXmlConstants.CERTIFICATE_PEM_ELEMENT)) {
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
key.setCertificatePem(StaxParserUtil.getElementText(xmlEventReader));
|
||||
key.setCertificatePem(SPXmlParser.getElementText(xmlEventReader));
|
||||
} else if (tag.equals(ConfigXmlConstants.PUBLIC_KEY_PEM_ELEMENT)) {
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
key.setPublicKeyPem(StaxParserUtil.getElementText(xmlEventReader));
|
||||
key.setPublicKeyPem(SPXmlParser.getElementText(xmlEventReader));
|
||||
} else if (tag.equals(ConfigXmlConstants.PRIVATE_KEY_PEM_ELEMENT)) {
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
key.setPrivateKeyPem(StaxParserUtil.getElementText(xmlEventReader));
|
||||
key.setPrivateKeyPem(SPXmlParser.getElementText(xmlEventReader));
|
||||
} else {
|
||||
StaxParserUtil.bypassElementBlock(xmlEventReader, tag);
|
||||
}
|
||||
|
@ -65,14 +63,14 @@ public class KeyXmlParser extends AbstractParser {
|
|||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.KEYS_STORE_ELEMENT);
|
||||
Key.KeyStoreConfig keyStore = new Key.KeyStoreConfig();
|
||||
keyStore.setType(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.TYPE_ATTR));
|
||||
keyStore.setAlias(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.ALIAS_ATTR));
|
||||
keyStore.setFile(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.FILE_ATTR));
|
||||
keyStore.setResource(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.RESOURCE_ATTR));
|
||||
keyStore.setType(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.TYPE_ATTR));
|
||||
keyStore.setAlias(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.ALIAS_ATTR));
|
||||
keyStore.setFile(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.FILE_ATTR));
|
||||
keyStore.setResource(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.RESOURCE_ATTR));
|
||||
if (keyStore.getFile() == null && keyStore.getResource() == null) {
|
||||
throw new ParsingException("KeyStore element must have the url or classpath attribute set");
|
||||
}
|
||||
keyStore.setPassword(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.PASSWORD_ATTR));
|
||||
keyStore.setPassword(SPXmlParser.getAttributeValue(startElement, ConfigXmlConstants.PASSWORD_ATTR));
|
||||
if (keyStore.getPassword() == null) {
|
||||
throw new ParsingException("KeyStore element must have the password attribute set");
|
||||
}
|
||||
|
@ -97,19 +95,19 @@ public class KeyXmlParser extends AbstractParser {
|
|||
String tag = StaxParserUtil.getStartElementName(startElement);
|
||||
if (tag.equals(ConfigXmlConstants.CERTIFICATE_ELEMENT)) {
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
keyStore.setCertificateAlias(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.ALIAS_ATTR));
|
||||
keyStore.setCertificateAlias(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.ALIAS_ATTR));
|
||||
if (keyStore.getCertificateAlias() == null) {
|
||||
throw new ParsingException("KeyStore Certificate element must have the alias attribute set");
|
||||
|
||||
}
|
||||
} else if (tag.equals(ConfigXmlConstants.PRIVATE_KEY_ELEMENT)) {
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
keyStore.setPrivateKeyAlias(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.ALIAS_ATTR));
|
||||
keyStore.setPrivateKeyAlias(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.ALIAS_ATTR));
|
||||
if (keyStore.getPrivateKeyAlias() == null) {
|
||||
throw new ParsingException("KeyStore PrivateKey element must have the alias attribute set");
|
||||
|
||||
}
|
||||
keyStore.setPrivateKeyPassword(StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.PASSWORD_ATTR));
|
||||
keyStore.setPrivateKeyPassword(SPXmlParser.getAttributeValue(element, ConfigXmlConstants.PASSWORD_ATTR));
|
||||
if (keyStore.getPrivateKeyPassword() == null) {
|
||||
throw new ParsingException("KeyStore PrivateKey element must have the password attribute set");
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ import org.keycloak.adapters.saml.config.SP;
|
|||
import org.keycloak.saml.common.exceptions.ParsingException;
|
||||
import org.keycloak.saml.common.parsers.AbstractParser;
|
||||
import org.keycloak.saml.common.util.StaxParserUtil;
|
||||
import org.keycloak.util.StringPropertyReplacer;
|
||||
|
||||
import javax.xml.namespace.QName;
|
||||
import javax.xml.stream.XMLEventReader;
|
||||
|
@ -13,7 +14,6 @@ import javax.xml.stream.events.EndElement;
|
|||
import javax.xml.stream.events.StartElement;
|
||||
import javax.xml.stream.events.XMLEvent;
|
||||
import java.util.HashSet;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
|
@ -23,21 +23,44 @@ import java.util.Set;
|
|||
*/
|
||||
public class SPXmlParser extends AbstractParser {
|
||||
|
||||
public static String getAttributeValue(StartElement startElement, String tag) {
|
||||
String str = StaxParserUtil.getAttributeValue(startElement, tag);
|
||||
if (str != null) return StringPropertyReplacer.replaceProperties(str);
|
||||
else return str;
|
||||
}
|
||||
|
||||
public static boolean getBooleanAttributeValue(StartElement startElement, String tag, boolean defaultValue) {
|
||||
String result = getAttributeValue(startElement, tag);
|
||||
if (result == null) return defaultValue;
|
||||
return Boolean.valueOf(result);
|
||||
}
|
||||
|
||||
public static boolean getBooleanAttributeValue(StartElement startElement, String tag) {
|
||||
return getBooleanAttributeValue(startElement, tag, false);
|
||||
}
|
||||
|
||||
public static String getElementText(XMLEventReader xmlEventReader) throws ParsingException {
|
||||
String result = StaxParserUtil.getElementText(xmlEventReader);
|
||||
if (result != null) result = StringPropertyReplacer.replaceProperties(result);
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
|
||||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.SP_ELEMENT);
|
||||
SP sp = new SP();
|
||||
String entityID = StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.ENTITY_ID_ATTR);
|
||||
String entityID = getAttributeValue(startElement, ConfigXmlConstants.ENTITY_ID_ATTR);
|
||||
if (entityID == null) {
|
||||
throw new ParsingException("entityID must be set on SP");
|
||||
|
||||
}
|
||||
sp.setEntityID(entityID);
|
||||
sp.setSslPolicy(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.SSL_POLICY_ATTR));
|
||||
sp.setLogoutPage(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.LOGOUT_PAGE_ATTR));
|
||||
sp.setNameIDPolicyFormat(StaxParserUtil.getAttributeValue(startElement, ConfigXmlConstants.NAME_ID_POLICY_FORMAT_ATTR));
|
||||
sp.setForceAuthentication(StaxParserUtil.getBooleanAttributeValue(startElement, ConfigXmlConstants.FORCE_AUTHENTICATION_ATTR));
|
||||
sp.setSslPolicy(getAttributeValue(startElement, ConfigXmlConstants.SSL_POLICY_ATTR));
|
||||
sp.setLogoutPage(getAttributeValue(startElement, ConfigXmlConstants.LOGOUT_PAGE_ATTR));
|
||||
sp.setNameIDPolicyFormat(getAttributeValue(startElement, ConfigXmlConstants.NAME_ID_POLICY_FORMAT_ATTR));
|
||||
sp.setForceAuthentication(getBooleanAttributeValue(startElement, ConfigXmlConstants.FORCE_AUTHENTICATION_ATTR));
|
||||
while (xmlEventReader.hasNext()) {
|
||||
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
||||
if (xmlEvent == null)
|
||||
|
@ -60,18 +83,18 @@ public class SPXmlParser extends AbstractParser {
|
|||
sp.setKeys(keys);
|
||||
} else if (tag.equals(ConfigXmlConstants.PRINCIPAL_NAME_MAPPING_ELEMENT)) {
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
String policy = StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.POLICY_ATTR);
|
||||
String policy = getAttributeValue(element, ConfigXmlConstants.POLICY_ATTR);
|
||||
if (policy == null) {
|
||||
throw new ParsingException("PrincipalNameMapping element must have the policy attribute set");
|
||||
|
||||
}
|
||||
String attribute = StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.ATTRIBUTE_ATTR);
|
||||
String attribute = getAttributeValue(element, ConfigXmlConstants.ATTRIBUTE_ATTR);
|
||||
SP.PrincipalNameMapping mapping = new SP.PrincipalNameMapping();
|
||||
mapping.setPolicy(policy);
|
||||
mapping.setAttributeName(attribute);
|
||||
sp.setPrincipalNameMapping(mapping);
|
||||
|
||||
} else if (tag.equals(ConfigXmlConstants.ROLE_MAPPING_ELEMENT)) {
|
||||
} else if (tag.equals(ConfigXmlConstants.ROLE_IDENTIFIERS_ELEMENT)) {
|
||||
parseRoleMapping(xmlEventReader, sp);
|
||||
} else if (tag.equals(ConfigXmlConstants.IDP_ELEMENT)) {
|
||||
IDPXmlParser parser = new IDPXmlParser();
|
||||
|
@ -87,7 +110,7 @@ public class SPXmlParser extends AbstractParser {
|
|||
|
||||
protected void parseRoleMapping(XMLEventReader xmlEventReader, SP sp) throws ParsingException {
|
||||
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.ROLE_MAPPING_ELEMENT);
|
||||
StaxParserUtil.validate(startElement, ConfigXmlConstants.ROLE_IDENTIFIERS_ELEMENT);
|
||||
Set<String> roleAttributes = new HashSet<>();
|
||||
while (xmlEventReader.hasNext()) {
|
||||
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
|
||||
|
@ -96,7 +119,7 @@ public class SPXmlParser extends AbstractParser {
|
|||
if (xmlEvent instanceof EndElement) {
|
||||
EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader);
|
||||
String endElementName = StaxParserUtil.getEndElementName(endElement);
|
||||
if (endElementName.equals(ConfigXmlConstants.ROLE_MAPPING_ELEMENT))
|
||||
if (endElementName.equals(ConfigXmlConstants.ROLE_IDENTIFIERS_ELEMENT))
|
||||
break;
|
||||
else
|
||||
continue;
|
||||
|
@ -107,7 +130,7 @@ public class SPXmlParser extends AbstractParser {
|
|||
String tag = StaxParserUtil.getStartElementName(startElement);
|
||||
if (tag.equals(ConfigXmlConstants.ATTRIBUTE_ELEMENT)) {
|
||||
StartElement element = StaxParserUtil.getNextStartElement(xmlEventReader);
|
||||
String attributeValue = StaxParserUtil.getAttributeValue(element, ConfigXmlConstants.NAME_ATTR);
|
||||
String attributeValue = getAttributeValue(element, ConfigXmlConstants.NAME_ATTR);
|
||||
if (attributeValue == null) {
|
||||
throw new ParsingException("RoleMapping Attribute element must have the name attribute set");
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
<xs:all>
|
||||
<xs:element name="Keys" type="keys-type" minOccurs="0" maxOccurs="1"/>
|
||||
<xs:element name="PrincipalNameMapping" type="principal-name-mapping-type" minOccurs="0" maxOccurs="1"/>
|
||||
<xs:element name="RoleMapping" type="role-mapping-type" minOccurs="0" maxOccurs="1"/>
|
||||
<xs:element name="RoleIdentifiers" type="role-identifiers-type" minOccurs="0" maxOccurs="1"/>
|
||||
<xs:element name="IDP" type="idp-type" minOccurs="1" maxOccurs="1"/>
|
||||
</xs:all>
|
||||
<xs:attribute name="entityID" type="xs:string" use="required"/>
|
||||
|
@ -70,7 +70,7 @@
|
|||
<xs:attribute name="policy" type="xs:string" use="required"/>
|
||||
<xs:attribute name="attribute" type="xs:string" use="optional"/>
|
||||
</xs:complexType>
|
||||
<xs:complexType name="role-mapping-type">
|
||||
<xs:complexType name="role-identifiers-type">
|
||||
<xs:choice minOccurs="0" maxOccurs="unbounded">
|
||||
<xs:element name="Attribute" maxOccurs="unbounded" minOccurs="0" type="attribute-type"/>
|
||||
</xs:choice>
|
||||
|
|
|
@ -20,9 +20,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="policy" attribute="attribute"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="member"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp"
|
||||
signatureAlgorithm="RSA"
|
||||
signatureCanonicalizationMethod="canon"
|
||||
|
|
|
@ -19,5 +19,6 @@
|
|||
<module>tomcat</module>
|
||||
<module>jetty</module>
|
||||
<module>wildfly</module>
|
||||
<module>as7-eap6</module>
|
||||
</modules>
|
||||
</project>
|
||||
|
|
|
@ -167,7 +167,7 @@ public abstract class AbstractSamlAuthenticatorValve extends FormAuthenticator i
|
|||
|
||||
|
||||
try {
|
||||
disp.forward(request, response);
|
||||
disp.forward(request.getRequest(), response);
|
||||
} catch (ServletException e) {
|
||||
throw new RuntimeException(e);
|
||||
} catch (IOException e) {
|
||||
|
|
|
@ -36,7 +36,6 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
|
|||
|
||||
private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core");
|
||||
private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core");
|
||||
private static final ModuleIdentifier KEYCLOAK_CORE = ModuleIdentifier.create("org.keycloak.keycloak-core");
|
||||
private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common");
|
||||
|
||||
@Override
|
||||
|
@ -56,7 +55,6 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
|
|||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false));
|
||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false));
|
||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
|
||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE, false, false, false, false));
|
||||
}
|
||||
|
||||
abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp"
|
||||
signaturesRequired="true">
|
||||
<SingleSignOnService requestBinding="POST"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -5,10 +5,10 @@
|
|||
logoutPage="/logout.jsp"
|
||||
forceAuthentication="false">
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="memberOf"/>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService requestBinding="POST"
|
||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -12,9 +12,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp"
|
||||
signaturesRequired="true">
|
||||
<SingleSignOnService requestBinding="POST"
|
||||
|
|
|
@ -5,9 +5,9 @@
|
|||
logoutPage="/logout.jsp"
|
||||
forceAuthentication="false">
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService requestBinding="POST"
|
||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -5,10 +5,10 @@
|
|||
logoutPage="/logout.jsp"
|
||||
forceAuthentication="false">
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="memberOf"/>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService requestBinding="POST"
|
||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -12,9 +12,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
|
@ -5,9 +5,9 @@
|
|||
logoutPage="/logout.jsp"
|
||||
forceAuthentication="false">
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService requestBinding="POST"
|
||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
|
|
|
@ -13,9 +13,9 @@
|
|||
</Key>
|
||||
</Keys>
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleMapping>
|
||||
<RoleIdentifiers>
|
||||
<Attribute name="Role"/>
|
||||
</RoleMapping>
|
||||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue