KEYCLOAK-17756 KEYCLOAK-17757 Optimize IdP-first lookup

model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java

@@ -28,6 +28,7 @@ import javax.persistence.EntityManager;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_ID;
 import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
@@ -36,6 +37,10 @@ public class JpaClientProviderFactory implements ClientProviderFactory {
 
     private Set<String> clientSearchableAttributes = null;
 
+    private static final List<String> REQUIRED_SEARCHABLE_ATTRIBUTES = Arrays.asList(
+      "saml_idp_initiated_sso_url_name"
+    );
+
     @Override
     public void init(Config.Scope config) {
         String[] searchableAttrsArr = config.getArray("searchableAttributes");
@@ -43,12 +48,11 @@ public class JpaClientProviderFactory implements ClientProviderFactory {
             String s = System.getProperty("keycloak.client.searchableAttributes");
             searchableAttrsArr = s == null ? null : s.split("\\s*,\\s*");
         }
+        HashSet<String> s = new HashSet<>(REQUIRED_SEARCHABLE_ATTRIBUTES);
         if (searchableAttrsArr != null) {
-            clientSearchableAttributes = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(searchableAttrsArr)));
-        }
-        else {
-            clientSearchableAttributes = Collections.emptySet();
+            s.addAll(Arrays.asList(searchableAttrsArr));
         }
+        clientSearchableAttributes = Collections.unmodifiableSet(s);
     }
 
     @Override

services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java

@@ -114,6 +114,7 @@ import org.w3c.dom.NodeList;
 import java.net.URI;
 import java.security.cert.CertificateException;
 
+import java.util.Collections;
 import javax.ws.rs.core.MultivaluedMap;
 import javax.xml.crypto.dsig.XMLSignature;
 
@@ -544,9 +545,9 @@ public class SAMLEndpoint {
         private AuthenticationSessionModel samlIdpInitiatedSSO(final String clientUrlName) {
             event.event(EventType.LOGIN);
             CacheControlUtil.noBackButtonCacheControlHeader();
-            Optional<ClientModel> oClient = SAMLEndpoint.this.realm.getClientsStream()
-                    .filter(c -> Objects.equals(c.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME), clientUrlName))
-                    .findFirst();
+            Optional<ClientModel> oClient = SAMLEndpoint.this.session.clients()
+              .searchClientsByAttributes(realm, Collections.singletonMap(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME, clientUrlName), 0, 1)
+              .findFirst();
 
             if (! oClient.isPresent()) {
                 event.error(Errors.CLIENT_NOT_FOUND);

services/src/main/java/org/keycloak/protocol/saml/SamlService.java

@@ -134,6 +134,7 @@ import java.io.InputStream;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.security.PublicKey;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Objects;
@@ -919,9 +920,8 @@ public class SamlService extends AuthorizationEndpointBase {
     public Response idpInitiatedSSO(@PathParam("client") String clientUrlName, @QueryParam("RelayState") String relayState) {
         event.event(EventType.LOGIN);
         CacheControlUtil.noBackButtonCacheControlHeader();
-        ClientModel client = realm.getClientsStream()
-                .filter(c -> Objects.nonNull(c.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME)))
-                .filter(c -> Objects.equals(c.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME), clientUrlName))
+        ClientModel client = session.clients()
+                .searchClientsByAttributes(realm, Collections.singletonMap(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME, clientUrlName), 0, 1)
                 .findFirst().orElse(null);
 
         if (client == null) {