[KEYCLOAK-883] - Examples config and logging changes.
This commit is contained in:
parent
6e38964838
commit
8f263a43e3
9 changed files with 33 additions and 17 deletions
|
@ -39,6 +39,9 @@
|
||||||
"baseUrl": "/facebook-authentication",
|
"baseUrl": "/facebook-authentication",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"/facebook-authentication/*"
|
"/facebook-authentication/*"
|
||||||
|
],
|
||||||
|
"webOrigins": [
|
||||||
|
"http://localhost:8080"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
|
@ -39,6 +39,9 @@
|
||||||
"baseUrl": "/google-authentication",
|
"baseUrl": "/google-authentication",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"/google-authentication/*"
|
"/google-authentication/*"
|
||||||
|
],
|
||||||
|
"webOrigins": [
|
||||||
|
"http://localhost:8080"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
|
@ -38,8 +38,7 @@
|
||||||
"adminUrl": "/saml-broker-authentication",
|
"adminUrl": "/saml-broker-authentication",
|
||||||
"baseUrl": "/saml-broker-authentication",
|
"baseUrl": "/saml-broker-authentication",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"/saml-broker-authentication/*",
|
"/saml-broker-authentication/*"
|
||||||
"http://localhost:8080/saml-broker-authentication/*"
|
|
||||||
],
|
],
|
||||||
"webOrigins": [
|
"webOrigins": [
|
||||||
"http://localhost:8080"
|
"http://localhost:8080"
|
||||||
|
@ -55,7 +54,7 @@
|
||||||
"updateProfileFirstLogin" : "true",
|
"updateProfileFirstLogin" : "true",
|
||||||
"storeToken" : "true",
|
"storeToken" : "true",
|
||||||
"config": {
|
"config": {
|
||||||
"singleSignOnServiceUrl": "http://localhost:8081/auth/realms/saml-broker-realm/protocol/saml",
|
"singleSignOnServiceUrl": "http://localhost:8080/auth/realms/saml-broker-realm/protocol/saml",
|
||||||
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
"nameIDPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
||||||
"signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
|
"signingCertificate": "MIIDdzCCAl+gAwIBAgIEbySuqTANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTE1MDEyODIyMTYyMFoXDTE3MTAyNDIyMTYyMFowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAII/K9NNvXi9IySl7+l2zY/kKrGTtuR4WdCI0xLW/Jn4dLY7v1/HOnV4CC4ecFOzhdNFPtJkmEhP/q62CpmOYOKApXk3tfmm2rwEz9bWprVxgFGKnbrWlz61Z/cjLAlhD3IUj2ZRBquYgSXQPsYfXo1JmSWF5pZ9uh1FVqu9f4wvRqY20ZhUN+39F+1iaBsoqsrbXypCn1HgZkW1/9D9GZug1c3vB4wg1TwZZWRNGtxwoEhdK6dPrNcZ+6PdanVilWrbQFbBjY4wz8/7IMBzssoQ7Usmo8F1Piv0FGfaVeJqBrcAvbiBMpk8pT+27u6p8VyIX6LhGvnxIwM07NByeSUCAwEAAaMhMB8wHQYDVR0OBBYEFFlcNuTYwI9W0tQ224K1gFJlMam0MA0GCSqGSIb3DQEBCwUAA4IBAQB5snl1KWOJALtAjLqD0mLPg1iElmZP82Lq1htLBt3XagwzU9CaeVeCQ7lTp+DXWzPa9nCLhsC3QyrV3/+oqNli8C6NpeqI8FqN2yQW/QMWN1m5jWDbmrWwtQzRUn/rh5KEb5m3zPB+tOC6e/2bV3QeQebxeW7lVMD0tSCviUg1MQf1l2gzuXQo60411YwqrXwk6GMkDOhFDQKDlMchO3oRbQkGbcP8UeiKAXjMeHfzbiBr+cWz8NYZEtxUEDYDjTpKrYCSMJBXpmgVJCZ00BswbksxJwaGqGMPpUKmCV671pf3m8nq3xyiHMDGuGwtbU+GE8kVx85menmp8+964nin",
|
||||||
"wantAuthnRequestsSigned": true,
|
"wantAuthnRequestsSigned": true,
|
||||||
|
|
|
@ -28,10 +28,10 @@
|
||||||
},
|
},
|
||||||
"applications": [
|
"applications": [
|
||||||
{
|
{
|
||||||
"name": "http://localhost:8081/auth/",
|
"name": "http://localhost:8080/auth/",
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"http://localhost:8081/auth/realms/saml-broker-authentication-realm/broker/saml-identity-provider"
|
"http://localhost:8080/auth/realms/saml-broker-authentication-realm/broker/saml-identity-provider"
|
||||||
],
|
],
|
||||||
"attributes": {
|
"attributes": {
|
||||||
"saml.assertion.signature": "true",
|
"saml.assertion.signature": "true",
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
"realm" : "saml-broker-authentication-realm",
|
"realm" : "saml-broker-authentication-realm",
|
||||||
"resource" : "saml-broker-authentication",
|
"resource" : "saml-broker-authentication",
|
||||||
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
"auth-server-url": "http://localhost:8081/auth",
|
"auth-server-url": "/auth",
|
||||||
"ssl-required" : "external",
|
"ssl-required" : "external",
|
||||||
"public-client" : true
|
"public-client" : true
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
"realm" : "twitter-identity-provider-realm",
|
||||||
|
"resource" : "twitter-authentication",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
|
||||||
|
"auth-server-url": "/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"public-client" : true
|
||||||
|
}
|
|
@ -40,6 +40,9 @@
|
||||||
"baseUrl": "/twitter-authentication",
|
"baseUrl": "/twitter-authentication",
|
||||||
"redirectUris": [
|
"redirectUris": [
|
||||||
"/twitter-authentication/*"
|
"/twitter-authentication/*"
|
||||||
|
],
|
||||||
|
"webOrigins": [
|
||||||
|
"http://localhost:8080"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -171,7 +171,7 @@ module.config([ '$routeProvider', function($routeProvider) {
|
||||||
controller : 'RealmIdentityProviderCtrl'
|
controller : 'RealmIdentityProviderCtrl'
|
||||||
})
|
})
|
||||||
.when('/realms/:realm/identity-provider-settings/provider/:provider_id/:id', {
|
.when('/realms/:realm/identity-provider-settings/provider/:provider_id/:id', {
|
||||||
templateUrl : function(params){ return 'partials/realm-identity-provider-' + params.provider_id + '.html'; },
|
templateUrl : function(params){ return resourceUrl + '/partials/realm-identity-provider-' + params.provider_id + '.html'; },
|
||||||
resolve : {
|
resolve : {
|
||||||
realm : function(RealmLoader) {
|
realm : function(RealmLoader) {
|
||||||
return RealmLoader();
|
return RealmLoader();
|
||||||
|
|
|
@ -323,7 +323,7 @@ public class IdentityBrokerService {
|
||||||
federatedUser.addRequiredAction(UPDATE_PROFILE);
|
federatedUser.addRequiredAction(UPDATE_PROFILE);
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
return redirectToLoginPage(e.getMessage(), clientCode);
|
return redirectToErrorPage(e.getMessage(), e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -439,6 +439,10 @@ public class IdentityBrokerService {
|
||||||
}
|
}
|
||||||
|
|
||||||
private Response redirectToErrorPage(String message, Throwable throwable) {
|
private Response redirectToErrorPage(String message, Throwable throwable) {
|
||||||
|
if (message == null) {
|
||||||
|
message = "Unexpected error when authenticating with identity provider";
|
||||||
|
}
|
||||||
|
|
||||||
fireErrorEvent(message, throwable);
|
fireErrorEvent(message, throwable);
|
||||||
return Flows.forwardToSecurityFailurePage(this.session, this.realmModel, this.uriInfo, message);
|
return Flows.forwardToSecurityFailurePage(this.session, this.realmModel, this.uriInfo, message);
|
||||||
}
|
}
|
||||||
|
@ -448,14 +452,6 @@ public class IdentityBrokerService {
|
||||||
return Flows.errors().error(message, Status.BAD_REQUEST);
|
return Flows.errors().error(message, Status.BAD_REQUEST);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Response redirectToLoginPage(String message, ClientSessionCode clientCode) {
|
|
||||||
fireErrorEvent(message);
|
|
||||||
return Flows.forms(this.session, this.realmModel, clientCode.getClientSession().getClient(), this.uriInfo)
|
|
||||||
.setClientSessionCode(clientCode.getCode())
|
|
||||||
.setError(message)
|
|
||||||
.createLogin();
|
|
||||||
}
|
|
||||||
|
|
||||||
private IdentityProvider getIdentityProvider(String providerId) {
|
private IdentityProvider getIdentityProvider(String providerId) {
|
||||||
IdentityProviderModel identityProviderModel = this.realmModel.getIdentityProviderById(providerId);
|
IdentityProviderModel identityProviderModel = this.realmModel.getIdentityProviderById(providerId);
|
||||||
|
|
||||||
|
@ -513,7 +509,11 @@ public class IdentityBrokerService {
|
||||||
FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(updatedIdentity.getIdentityProviderId(), updatedIdentity.getId(),
|
FederatedIdentityModel federatedIdentityModel = new FederatedIdentityModel(updatedIdentity.getIdentityProviderId(), updatedIdentity.getId(),
|
||||||
updatedIdentity.getUsername(), updatedIdentity.getToken());
|
updatedIdentity.getUsername(), updatedIdentity.getToken());
|
||||||
// Check if no user already exists with this username or email
|
// Check if no user already exists with this username or email
|
||||||
UserModel existingUser = this.session.users().getUserByEmail(updatedIdentity.getEmail(), this.realmModel);
|
UserModel existingUser = null;
|
||||||
|
|
||||||
|
if (updatedIdentity.getEmail() != null) {
|
||||||
|
existingUser = this.session.users().getUserByEmail(updatedIdentity.getEmail(), this.realmModel);
|
||||||
|
}
|
||||||
|
|
||||||
if (existingUser != null) {
|
if (existingUser != null) {
|
||||||
fireErrorEvent(Errors.FEDERATED_IDENTITY_EMAIL_EXISTS);
|
fireErrorEvent(Errors.FEDERATED_IDENTITY_EMAIL_EXISTS);
|
||||||
|
|
Loading…
Reference in a new issue