diff --git a/adapters/saml/pom.xml b/adapters/saml/pom.xml
index 443ad2a468..ae89efd98d 100755
--- a/adapters/saml/pom.xml
+++ b/adapters/saml/pom.xml
@@ -36,7 +36,6 @@
core-jakarta
jetty
undertow
- tomcat
wildfly
servlet-filter
jakarta-servlet-filter
diff --git a/adapters/saml/tomcat/pom.xml b/adapters/saml/tomcat/pom.xml
deleted file mode 100755
index 70bd25315d..0000000000
--- a/adapters/saml/tomcat/pom.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-
-
-
-
- keycloak-parent
- org.keycloak
- 999.0.0-SNAPSHOT
- ../../../pom.xml
-
- Keycloak SAML Tomcat Integration
-
- 4.0.0
-
- keycloak-saml-tomcat-integration-pom
- pom
-
-
- tomcat-core
- tomcat
-
-
diff --git a/adapters/saml/tomcat/tomcat-core/pom.xml b/adapters/saml/tomcat/tomcat-core/pom.xml
deleted file mode 100755
index 651c4a8196..0000000000
--- a/adapters/saml/tomcat/tomcat-core/pom.xml
+++ /dev/null
@@ -1,90 +0,0 @@
-
-
-
-
-
- keycloak-saml-tomcat-integration-pom
- org.keycloak
- 999.0.0-SNAPSHOT
- ../pom.xml
-
- 4.0.0
-
- keycloak-saml-tomcat-adapter-core
- Keycloak Tomcat Core SAML Integration
-
-
-
-
- org.jboss.logging
- jboss-logging
-
-
- org.jboss.logging
- commons-logging-jboss-logging
- runtime
-
-
- org.keycloak
- keycloak-common
-
-
- org.keycloak
- keycloak-adapter-spi
-
-
- org.keycloak
- keycloak-tomcat-adapter-spi
-
-
- org.apache.httpcomponents
- httpclient
-
-
- org.bouncycastle
- bcprov-jdk18on
-
-
- org.keycloak
- keycloak-saml-core
-
-
- org.keycloak
- keycloak-saml-adapter-api-public
-
-
- org.keycloak
- keycloak-saml-adapter-core
-
-
-
- org.apache.tomcat
- tomcat-catalina
- ${tomcat8.version}
- compile
-
-
-
- junit
- junit
- test
-
-
-
-
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java
deleted file mode 100755
index a7b8f41fd0..0000000000
--- a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/AbstractSamlAuthenticatorValve.java
+++ /dev/null
@@ -1,352 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.adapters.saml;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleEvent;
-import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.authenticator.FormAuthenticator;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.jboss.logging.Logger;
-
-import org.keycloak.adapters.saml.config.parsers.DeploymentBuilder;
-import org.keycloak.adapters.saml.config.parsers.ResourceLoader;
-import org.keycloak.adapters.spi.*;
-import org.keycloak.adapters.tomcat.CatalinaHttpFacade;
-import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
-import org.keycloak.adapters.tomcat.PrincipalFactory;
-import org.keycloak.saml.common.exceptions.ParsingException;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.lang.reflect.*;
-import java.util.regex.Pattern;
-
-/**
- * Keycloak authentication valve
- *
- * @author Davide Ungari
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public abstract class AbstractSamlAuthenticatorValve extends FormAuthenticator implements LifecycleListener {
-
- public static final String TOKEN_STORE_NOTE = "TOKEN_STORE_NOTE";
-
- private final static Logger log = Logger.getLogger(AbstractSamlAuthenticatorValve.class);
- protected CatalinaUserSessionManagement userSessionManagement = new CatalinaUserSessionManagement();
- protected SamlDeploymentContext deploymentContext;
- protected SessionIdMapper mapper = new InMemorySessionIdMapper();
- protected SessionIdMapperUpdater idMapperUpdater = SessionIdMapperUpdater.DIRECT;
-
- @Override
- public void lifecycleEvent(LifecycleEvent event) {
- if (Lifecycle.START_EVENT.equals(event.getType())) {
- cache = false;
- } else if (Lifecycle.AFTER_START_EVENT.equals(event.getType())) {
- keycloakInit();
- } else if (Lifecycle.BEFORE_STOP_EVENT.equals(event.getType())) {
- beforeStop();
- }
- }
-
- protected void logoutInternal(Request request) {
- CatalinaHttpFacade facade = new CatalinaHttpFacade(null, request);
- SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
- SamlSessionStore tokenStore = getSessionStore(request, facade, deployment);
- tokenStore.logoutAccount();
- request.setUserPrincipal(null);
- }
-
- @SuppressWarnings("UseSpecificCatch")
- public void keycloakInit() {
- // Possible scenarios:
- // 1) The deployment has a keycloak.config.resolver specified and it exists:
- // Outcome: adapter uses the resolver
- // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
- // Outcome: adapter is left unconfigured
- // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
- // Outcome: adapter uses it
- // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
- // Outcome: adapter is left unconfigured
-
- String configResolverClass = context.getServletContext().getInitParameter("keycloak.config.resolver");
- if (configResolverClass != null) {
- try {
- SamlConfigResolver configResolver = (SamlConfigResolver) context.getLoader().getClassLoader().loadClass(configResolverClass).newInstance();
- deploymentContext = new SamlDeploymentContext(configResolver);
- log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
- } catch (Exception ex) {
- log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", configResolverClass, ex.getMessage());
- deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
- }
- } else {
- InputStream is = getConfigInputStream(context);
- final SamlDeployment deployment;
- if (is == null) {
- log.error("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
- deployment = new DefaultSamlDeployment();
- } else {
- try {
- ResourceLoader loader = new ResourceLoader() {
- @Override
- public InputStream getResourceAsStream(String resource) {
- return context.getServletContext().getResourceAsStream(resource);
- }
- };
- deployment = new DeploymentBuilder().build(is, loader);
- } catch (ParsingException e) {
- throw new RuntimeException(e);
- }
- }
- deploymentContext = new SamlDeploymentContext(deployment);
- log.debug("Keycloak is using a per-deployment configuration.");
- }
-
- context.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
-
- addTokenStoreUpdaters();
- }
-
- protected void beforeStop() {
- }
-
- private static InputStream getConfigFromServletContext(ServletContext servletContext) {
- String xml = servletContext.getInitParameter(AdapterConstants.AUTH_DATA_PARAM_NAME);
- if (xml == null) {
- return null;
- }
- log.trace("**** using " + AdapterConstants.AUTH_DATA_PARAM_NAME);
- return new ByteArrayInputStream(xml.getBytes());
- }
-
- private static InputStream getConfigInputStream(Context context) {
- InputStream is = getConfigFromServletContext(context.getServletContext());
- if (is == null) {
- String path = context.getServletContext().getInitParameter("keycloak.config.file");
- if (path == null) {
- log.trace("**** using /WEB-INF/keycloak-saml.xml");
- is = context.getServletContext().getResourceAsStream("/WEB-INF/keycloak-saml.xml");
- } else {
- try {
- is = new FileInputStream(path);
- } catch (FileNotFoundException e) {
- log.errorv("NOT FOUND {0}", path);
- throw new RuntimeException(e);
- }
- }
- }
- return is;
- }
-
- @Override
- public void invoke(Request request, Response response) throws IOException, ServletException {
- log.trace("*********************** SAML ************");
- CatalinaHttpFacade facade = new CatalinaHttpFacade(response, request);
- SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
- if (request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml")) {
- if (deployment != null && deployment.isConfigured()) {
- SamlSessionStore tokenStore = getSessionStore(request, facade, deployment);
- SamlAuthenticator authenticator = new CatalinaSamlEndpoint(facade, deployment, tokenStore);
- executeAuthenticator(request, response, facade, deployment, authenticator);
- return;
- }
-
- }
-
- try {
- getSessionStore(request, facade, deployment).isLoggedIn(); // sets request UserPrincipal if logged in. we do this so that the UserPrincipal is available on unsecured, unconstrainted URLs
- super.invoke(request, response);
- } finally {
- }
-
- }
-
- protected abstract PrincipalFactory createPrincipalFactory();
- protected abstract boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException;
- private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9+.-]*:");
-
- protected void forwardToLogoutPage(Request request, HttpServletResponse response, SamlDeployment deployment) {
- final String location = deployment.getLogoutPage();
-
- try {
- //make sure the login page is never cached
- response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Expires", "0");
-
- if (location == null) {
- log.warn("Logout page not set.");
- response.sendError(HttpServletResponse.SC_NOT_FOUND);
- } else if (PROTOCOL_PATTERN.matcher(location).find()) {
- response.sendRedirect(response.encodeRedirectURL(location));
- } else {
- RequestDispatcher disp = request.getRequestDispatcher(location);
-
- disp.forward(request.getRequest(), response);
- }
- } catch (ServletException e) {
- throw new RuntimeException(e);
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
-
- }
-
- protected boolean authenticateInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException {
- log.trace("authenticateInternal");
- CatalinaHttpFacade facade = new CatalinaHttpFacade(response, request);
- SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
- if (deployment == null || !deployment.isConfigured()) {
- log.trace("deployment not configured");
- return false;
- }
- SamlSessionStore tokenStore = getSessionStore(request, facade, deployment);
-
-
- SamlAuthenticator authenticator = new CatalinaSamlAuthenticator(facade, deployment, tokenStore);
- return executeAuthenticator(request, response, facade, deployment, authenticator);
- }
-
- protected boolean executeAuthenticator(Request request, HttpServletResponse response, CatalinaHttpFacade facade, SamlDeployment deployment, SamlAuthenticator authenticator) {
- AuthOutcome outcome = authenticator.authenticate();
- if (outcome == AuthOutcome.AUTHENTICATED) {
- log.trace("AUTHENTICATED");
- if (facade.isEnded()) {
- return false;
- }
- return true;
- }
- if (outcome == AuthOutcome.LOGGED_OUT) {
- logoutInternal(request);
- if (deployment.getLogoutPage() != null) {
- forwardToLogoutPage(request, response, deployment);
-
- }
- log.trace("Logging OUT");
- return false;
- }
-
- AuthChallenge challenge = authenticator.getChallenge();
- if (challenge != null) {
- log.trace("challenge");
- challenge.challenge(facade);
- }
- return false;
- }
-
- public void keycloakSaveRequest(Request request) throws IOException {
- saveRequest(request, request.getSessionInternal(true));
- }
-
- public boolean keycloakRestoreRequest(Request request) {
- try {
- return restoreRequest(request, request.getSessionInternal());
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- protected SamlSessionStore getSessionStore(Request request, HttpFacade facade, SamlDeployment resolvedDeployment) {
- SamlSessionStore store = (SamlSessionStore)request.getNote(TOKEN_STORE_NOTE);
- if (store != null) {
- return store;
- }
-
- store = createSessionStore(request, facade, resolvedDeployment);
-
- request.setNote(TOKEN_STORE_NOTE, store);
- return store;
- }
-
- protected SamlSessionStore createSessionStore(Request request, HttpFacade facade, SamlDeployment resolvedDeployment) {
- SamlSessionStore store;
- store = new CatalinaSamlSessionStore(userSessionManagement, createPrincipalFactory(), mapper, idMapperUpdater, request, this, facade, resolvedDeployment);
- return store;
- }
-
- protected void addTokenStoreUpdaters() {
- SessionIdMapperUpdater updater = getIdMapperUpdater();
-
- try {
- String idMapperSessionUpdaterClasses = context.getServletContext().getInitParameter("keycloak.sessionIdMapperUpdater.classes");
- if (idMapperSessionUpdaterClasses == null) {
- return;
- }
-
- for (String clazz : idMapperSessionUpdaterClasses.split("\\s*,\\s*")) {
- if (! clazz.isEmpty()) {
- updater = invokeAddTokenStoreUpdaterMethod(clazz, updater);
- }
- }
- } finally {
- setIdMapperUpdater(updater);
- }
- }
-
- private SessionIdMapperUpdater invokeAddTokenStoreUpdaterMethod(String idMapperSessionUpdaterClass, SessionIdMapperUpdater previousIdMapperUpdater) {
- try {
- Class clazz = context.getLoader().getClassLoader().loadClass(idMapperSessionUpdaterClass);
- Method addTokenStoreUpdatersMethod = clazz.getMethod("addTokenStoreUpdaters", Context.class, SessionIdMapper.class, SessionIdMapperUpdater.class);
- if (! Modifier.isStatic(addTokenStoreUpdatersMethod.getModifiers())
- || ! Modifier.isPublic(addTokenStoreUpdatersMethod.getModifiers())
- || ! SessionIdMapperUpdater.class.isAssignableFrom(addTokenStoreUpdatersMethod.getReturnType())) {
- log.errorv("addTokenStoreUpdaters method in class {0} has to be public static. Ignoring class.", idMapperSessionUpdaterClass);
- return previousIdMapperUpdater;
- }
-
- log.debugv("Initializing sessionIdMapperUpdater class {0}", idMapperSessionUpdaterClass);
- return (SessionIdMapperUpdater) addTokenStoreUpdatersMethod.invoke(null, context, mapper, previousIdMapperUpdater);
- } catch (ClassNotFoundException ex) {
- log.warnv(ex, "Cannot use sessionIdMapperUpdater class {0}", idMapperSessionUpdaterClass);
- return previousIdMapperUpdater;
- } catch (NoSuchMethodException ex) {
- log.warnv(ex, "Cannot use sessionIdMapperUpdater class {0}", idMapperSessionUpdaterClass);
- return previousIdMapperUpdater;
- } catch (SecurityException ex) {
- log.warnv(ex, "Cannot use sessionIdMapperUpdater class {0}", idMapperSessionUpdaterClass);
- return previousIdMapperUpdater;
- } catch (IllegalAccessException ex) {
- log.warnv(ex, "Cannot use {0}.addTokenStoreUpdaters(DeploymentInfo, SessionIdMapper) method", idMapperSessionUpdaterClass);
- return previousIdMapperUpdater;
- } catch (IllegalArgumentException ex) {
- log.warnv(ex, "Cannot use {0}.addTokenStoreUpdaters(DeploymentInfo, SessionIdMapper) method", idMapperSessionUpdaterClass);
- return previousIdMapperUpdater;
- } catch (InvocationTargetException ex) {
- log.warnv(ex, "Cannot use {0}.addTokenStoreUpdaters(DeploymentInfo, SessionIdMapper) method", idMapperSessionUpdaterClass);
- return previousIdMapperUpdater;
- }
- }
-
- public SessionIdMapperUpdater getIdMapperUpdater() {
- return idMapperUpdater;
- }
-
- public void setIdMapperUpdater(SessionIdMapperUpdater idMapperUpdater) {
- this.idMapperUpdater = idMapperUpdater;
- }
-}
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlAuthenticator.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlAuthenticator.java
deleted file mode 100755
index 0f4ec04ed6..0000000000
--- a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlAuthenticator.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.adapters.saml;
-
-import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
-import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler;
-import org.keycloak.adapters.spi.HttpFacade;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class CatalinaSamlAuthenticator extends SamlAuthenticator {
- public CatalinaSamlAuthenticator(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
- super(facade, deployment, sessionStore);
- }
-
- @Override
- protected void completeAuthentication(SamlSession account) {
- // complete
- }
-
- @Override
- protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
- return new BrowserHandler(facade, deployment, sessionStore);
- }
-
-}
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlEndpoint.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlEndpoint.java
deleted file mode 100755
index 36c94a2cf6..0000000000
--- a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlEndpoint.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.adapters.saml;
-
-import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
-import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint;
-import org.keycloak.adapters.spi.HttpFacade;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class CatalinaSamlEndpoint extends SamlAuthenticator {
- public CatalinaSamlEndpoint(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
- super(facade, deployment, sessionStore);
- }
-
- @Override
- protected void completeAuthentication(SamlSession account) {
- // complete
- }
-
- @Override
- protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
- return new SamlEndpoint(facade, deployment, sessionStore);
- }
-
-
-}
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java
deleted file mode 100755
index ff122ac5a6..0000000000
--- a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/CatalinaSamlSessionStore.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.adapters.saml;
-
-import org.apache.catalina.Manager;
-import org.apache.catalina.Session;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.realm.GenericPrincipal;
-import org.jboss.logging.Logger;
-import org.keycloak.adapters.spi.HttpFacade;
-import org.keycloak.adapters.spi.SessionIdMapper;
-import org.keycloak.adapters.spi.SessionIdMapperUpdater;
-import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
-import org.keycloak.adapters.tomcat.PrincipalFactory;
-import org.keycloak.common.util.KeycloakUriBuilder;
-
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Set;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class CatalinaSamlSessionStore implements SamlSessionStore {
- protected static Logger log = Logger.getLogger(SamlSessionStore.class);
- public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI";
-
- private final CatalinaUserSessionManagement sessionManagement;
- protected final PrincipalFactory principalFactory;
- private final SessionIdMapper idMapper;
- private final SessionIdMapperUpdater idMapperUpdater;
- protected final Request request;
- protected final AbstractSamlAuthenticatorValve valve;
- protected final HttpFacade facade;
- protected final SamlDeployment deployment;
-
- public CatalinaSamlSessionStore(CatalinaUserSessionManagement sessionManagement, PrincipalFactory principalFactory,
- SessionIdMapper idMapper, SessionIdMapperUpdater idMapperUpdater,
- Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade,
- SamlDeployment deployment) {
- this.sessionManagement = sessionManagement;
- this.principalFactory = principalFactory;
- this.idMapper = idMapper;
- this.idMapperUpdater = idMapperUpdater;
- this.request = request;
- this.valve = valve;
- this.facade = facade;
- this.deployment = deployment;
- }
-
- @Override
- public void setCurrentAction(CurrentAction action) {
- if (action == CurrentAction.NONE && request.getSession(false) == null) return;
- request.getSession().setAttribute(CURRENT_ACTION, action);
- }
-
- @Override
- public boolean isLoggingIn() {
- HttpSession session = request.getSession(false);
- if (session == null) return false;
- CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION);
- return action == CurrentAction.LOGGING_IN;
- }
-
- @Override
- public boolean isLoggingOut() {
- HttpSession session = request.getSession(false);
- if (session == null) return false;
- CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION);
- return action == CurrentAction.LOGGING_OUT;
- }
-
- @Override
- public void logoutAccount() {
- Session sessionInternal = request.getSessionInternal(false);
- if (sessionInternal == null) return;
- HttpSession session = sessionInternal.getSession();
- List ids = new LinkedList();
- if (session != null) {
- SamlSession samlSession = (SamlSession)session.getAttribute(SamlSession.class.getName());
- if (samlSession != null) {
- if (samlSession.getSessionIndex() != null) {
- ids.add(session.getId());
- idMapperUpdater.removeSession(idMapper, session.getId());
- }
- session.removeAttribute(SamlSession.class.getName());
- }
- session.removeAttribute(SAML_REDIRECT_URI);
- }
- sessionInternal.setPrincipal(null);
- sessionInternal.setAuthType(null);
- logoutSessionIds(ids);
- }
-
- @Override
- public void logoutByPrincipal(String principal) {
- Set sessions = idMapper.getUserSessions(principal);
- if (sessions != null) {
- List ids = new LinkedList();
- ids.addAll(sessions);
- logoutSessionIds(ids);
- for (String id : ids) {
- idMapperUpdater.removeSession(idMapper, id);
- }
- }
-
- }
-
- @Override
- public void logoutBySsoId(List ssoIds) {
- if (ssoIds == null) return;
- List sessionIds = new LinkedList();
- for (String id : ssoIds) {
- String sessionId = idMapper.getSessionFromSSO(id);
- if (sessionId != null) {
- sessionIds.add(sessionId);
- idMapperUpdater.removeSession(idMapper, sessionId);
- }
-
- }
- logoutSessionIds(sessionIds);
- }
-
- protected void logoutSessionIds(List sessionIds) {
- if (sessionIds == null || sessionIds.isEmpty()) return;
- Manager sessionManager = request.getContext().getManager();
- sessionManagement.logoutHttpSessions(sessionManager, sessionIds);
- }
-
- @Override
- public boolean isLoggedIn() {
- Session session = request.getSessionInternal(false);
- if (session == null) {
- log.debug("session was null, returning null");
- return false;
- }
- final SamlSession samlSession = SamlUtil.validateSamlSession(session.getSession().getAttribute(SamlSession.class.getName()), deployment);
- if (samlSession == null) {
- return false;
- }
-
- GenericPrincipal principal = (GenericPrincipal) session.getPrincipal();
- // in clustered environment in JBossWeb, principal is not serialized or saved
- if (principal == null) {
- principal = principalFactory.createPrincipal(request.getContext().getRealm(), samlSession.getPrincipal(), samlSession.getRoles());
- session.setPrincipal(principal);
- session.setAuthType("KEYCLOAK-SAML");
-
- }
- else if (samlSession.getPrincipal().getName().equals(principal.getName())){
- if (!principal.getUserPrincipal().getName().equals(samlSession.getPrincipal().getName())) {
- throw new RuntimeException("Unknown State");
- }
- log.debug("************principal already in");
- if (log.isDebugEnabled()) {
- for (String role : principal.getRoles()) {
- log.debug("principal role: " + role);
- }
- }
-
- }
- request.setUserPrincipal(principal);
- request.setAuthType("KEYCLOAK-SAML");
- restoreRequest();
- return true;
- }
-
- @Override
- public void saveAccount(SamlSession account) {
- Session session = request.getSessionInternal(true);
- session.getSession().setAttribute(SamlSession.class.getName(), account);
- GenericPrincipal principal = (GenericPrincipal) session.getPrincipal();
- // in clustered environment in JBossWeb, principal is not serialized or saved
- if (principal == null) {
- principal = principalFactory.createPrincipal(request.getContext().getRealm(), account.getPrincipal(), account.getRoles());
- session.setPrincipal(principal);
- session.setAuthType("KEYCLOAK-SAML");
-
- }
- request.setUserPrincipal(principal);
- request.setAuthType("KEYCLOAK-SAML");
- String newId = changeSessionId(session);
- idMapperUpdater.map(idMapper, account.getSessionIndex(), account.getPrincipal().getSamlSubject(), newId);
-
- }
-
- protected String changeSessionId(Session session) {
- return session.getId();
- }
-
- @Override
- public SamlSession getAccount() {
- HttpSession session = getSession(true);
- return (SamlSession)session.getAttribute(SamlSession.class.getName());
- }
-
- @Override
- public String getRedirectUri() {
- String redirect = (String)getSession(true).getAttribute(SAML_REDIRECT_URI);
- if (redirect == null) {
- String contextPath = request.getContextPath();
- String baseUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()).replacePath(contextPath).build().toString();
- return SamlUtil.getRedirectTo(facade, contextPath, baseUri);
- }
- return redirect;
- }
-
- @Override
- public void saveRequest() {
- try {
- valve.keycloakSaveRequest(request);
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
-
- getSession(true).setAttribute(SAML_REDIRECT_URI, facade.getRequest().getURI());
-
- }
-
- @Override
- public boolean restoreRequest() {
- getSession(true).removeAttribute(SAML_REDIRECT_URI);
- return valve.keycloakRestoreRequest(request);
- }
-
- protected HttpSession getSession(boolean create) {
- Session session = request.getSessionInternal(create);
- if (session == null) return null;
- return session.getSession();
- }
-}
diff --git a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/IdMapperUpdaterSessionListener.java b/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/IdMapperUpdaterSessionListener.java
deleted file mode 100644
index 4fc78149fd..0000000000
--- a/adapters/saml/tomcat/tomcat-core/src/main/java/org/keycloak/adapters/saml/IdMapperUpdaterSessionListener.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright 2017 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.adapters.saml;
-
-import org.keycloak.adapters.spi.SessionIdMapper;
-
-import java.util.Objects;
-import javax.servlet.http.*;
-
-/**
- *
- * @author hmlnarik
- */
-public class IdMapperUpdaterSessionListener implements HttpSessionListener, HttpSessionAttributeListener {
-
- private final SessionIdMapper idMapper;
-
- public IdMapperUpdaterSessionListener(SessionIdMapper idMapper) {
- this.idMapper = idMapper;
- }
-
- @Override
- public void sessionCreated(HttpSessionEvent hse) {
- HttpSession session = hse.getSession();
- Object value = session.getAttribute(SamlSession.class.getName());
- map(session.getId(), value);
- }
-
- @Override
- public void sessionDestroyed(HttpSessionEvent hse) {
- HttpSession session = hse.getSession();
- unmap(session.getId(), session.getAttribute(SamlSession.class.getName()));
- }
-
- @Override
- public void attributeAdded(HttpSessionBindingEvent hsbe) {
- HttpSession session = hsbe.getSession();
- if (Objects.equals(hsbe.getName(), SamlSession.class.getName())) {
- map(session.getId(), hsbe.getValue());
- }
- }
-
- @Override
- public void attributeRemoved(HttpSessionBindingEvent hsbe) {
- HttpSession session = hsbe.getSession();
- if (Objects.equals(hsbe.getName(), SamlSession.class.getName())) {
- unmap(session.getId(), hsbe.getValue());
- }
- }
-
- @Override
- public void attributeReplaced(HttpSessionBindingEvent hsbe) {
- HttpSession session = hsbe.getSession();
- if (Objects.equals(hsbe.getName(), SamlSession.class.getName())) {
- unmap(session.getId(), hsbe.getValue());
- map(session.getId(), session.getAttribute(SamlSession.class.getName()));
- }
- }
-
- private void map(String sessionId, Object value) {
- if (! (value instanceof SamlSession) || sessionId == null) {
- return;
- }
- SamlSession account = (SamlSession) value;
-
- idMapper.map(account.getSessionIndex(), account.getPrincipal().getSamlSubject(), sessionId);
- }
-
- private void unmap(String sessionId, Object value) {
- if (! (value instanceof SamlSession) || sessionId == null) {
- return;
- }
-
- SamlSession samlSession = (SamlSession) value;
- if (samlSession.getSessionIndex() != null) {
- idMapper.removeSession(sessionId);
- }
- }
-}
diff --git a/adapters/saml/tomcat/tomcat/pom.xml b/adapters/saml/tomcat/tomcat/pom.xml
deleted file mode 100755
index a1257cdf68..0000000000
--- a/adapters/saml/tomcat/tomcat/pom.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-
-
-
-
-
- keycloak-saml-tomcat-integration-pom
- org.keycloak
- 999.0.0-SNAPSHOT
- ../pom.xml
-
- 4.0.0
-
- keycloak-saml-tomcat-adapter
- Keycloak Tomcat SAML Integration
-
-
-
-
- org.jboss.logging
- jboss-logging
-
-
- org.jboss.logging
- commons-logging-jboss-logging
- runtime
-
-
- org.apache.tomcat
- tomcat-servlet-api
- ${tomcat8.version}
- provided
-
-
- org.apache.tomcat
- tomcat-catalina
- ${tomcat8.version}
- provided
-
-
-
- org.keycloak
- keycloak-saml-tomcat-adapter-core
-
-
- org.apache.tomcat
- tomcat-servlet-api
-
-
- org.apache.tomcat
- tomcat-catalina
-
-
- org.apache.tomcat
- catalina
-
-
-
-
- org.apache.httpcomponents
- httpclient
-
-
- org.bouncycastle
- bcprov-jdk18on
-
-
- junit
- junit
- test
-
-
-
-
diff --git a/adapters/saml/tomcat/tomcat/src/main/java/org/keycloak/adapters/saml/tomcat/SamlAuthenticatorValve.java b/adapters/saml/tomcat/tomcat/src/main/java/org/keycloak/adapters/saml/tomcat/SamlAuthenticatorValve.java
deleted file mode 100755
index 58c041091f..0000000000
--- a/adapters/saml/tomcat/tomcat/src/main/java/org/keycloak/adapters/saml/tomcat/SamlAuthenticatorValve.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.adapters.saml.tomcat;
-
-import org.apache.catalina.authenticator.FormAuthenticator;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.core.StandardContext;
-import org.apache.catalina.realm.GenericPrincipal;
-import org.apache.tomcat.util.descriptor.web.LoginConfig;
-import org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve;
-import org.keycloak.adapters.saml.SamlDeployment;
-import org.keycloak.adapters.saml.SamlSessionStore;
-import org.keycloak.adapters.spi.HttpFacade;
-import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
-
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.lang.reflect.Method;
-import java.security.Principal;
-import java.util.List;
-
-/**
- * Keycloak authentication valve
- *
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class SamlAuthenticatorValve extends AbstractSamlAuthenticatorValve {
- /**
- * Method called by Tomcat < 8.5.5
- */
- @Override
- public boolean authenticate(Request request, HttpServletResponse response) throws IOException {
- return authenticateInternal(request, response, request.getContext().getLoginConfig());
- }
-
- /**
- * Method called by Tomcat >= 8.5.5
- */
- @Override
- protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException {
- return this.authenticate(request, response);
- }
-
- @Override
- protected boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException {
- if (loginConfig == null) return false;
- LoginConfig config = (LoginConfig)loginConfig;
- if (config.getErrorPage() == null) return false;
- // had to do this to get around compiler/IDE issues :(
- try {
- Method method = FormAuthenticator.class.getDeclaredMethod("forwardToErrorPage", Request.class, HttpServletResponse.class, LoginConfig.class);
- method.setAccessible(true);
- method.invoke(this, request, response, config);
- } catch (Exception e) {
- throw new RuntimeException(e);
- }
- return true;
- }
-
- @Override
- protected void initInternal() {
- StandardContext standardContext = (StandardContext) context;
- standardContext.addLifecycleListener(this);
- }
-
- @Override
- public void logout(Request request) {
- logoutInternal(request);
- }
-
- @Override
- protected GenericPrincipalFactory createPrincipalFactory() {
- return new GenericPrincipalFactory() {
- @Override
- protected GenericPrincipal createPrincipal(Principal userPrincipal, List roles) {
- return new GenericPrincipal(userPrincipal.getName(), null, roles, userPrincipal, null);
- }
- };
- }
-
- @Override
- protected SamlSessionStore createSessionStore(Request request, HttpFacade facade, SamlDeployment resolvedDeployment) {
- SamlSessionStore store;
- store = new TomcatSamlSessionStore(userSessionManagement, createPrincipalFactory(), mapper, request, this, facade, resolvedDeployment);
- return store;
- }
-
-}
diff --git a/adapters/saml/tomcat/tomcat/src/main/java/org/keycloak/adapters/saml/tomcat/TomcatSamlSessionStore.java b/adapters/saml/tomcat/tomcat/src/main/java/org/keycloak/adapters/saml/tomcat/TomcatSamlSessionStore.java
deleted file mode 100755
index c1e04dd048..0000000000
--- a/adapters/saml/tomcat/tomcat/src/main/java/org/keycloak/adapters/saml/tomcat/TomcatSamlSessionStore.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.adapters.saml.tomcat;
-
-import org.apache.catalina.Session;
-import org.apache.catalina.connector.Request;
-import org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve;
-import org.keycloak.adapters.saml.CatalinaSamlSessionStore;
-import org.keycloak.adapters.saml.SamlDeployment;
-import org.keycloak.adapters.spi.HttpFacade;
-import org.keycloak.adapters.spi.SessionIdMapper;
-import org.keycloak.adapters.spi.SessionIdMapperUpdater;
-import org.keycloak.adapters.tomcat.CatalinaUserSessionManagement;
-import org.keycloak.adapters.tomcat.PrincipalFactory;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class TomcatSamlSessionStore extends CatalinaSamlSessionStore {
- public TomcatSamlSessionStore(CatalinaUserSessionManagement sessionManagement, PrincipalFactory principalFactory, SessionIdMapper idMapper, Request request, AbstractSamlAuthenticatorValve valve, HttpFacade facade, SamlDeployment deployment) {
- super(sessionManagement, principalFactory, idMapper, SessionIdMapperUpdater.DIRECT, request, valve, facade, deployment);
- }
-
- @Override
- protected String changeSessionId(Session session) {
- Request request = this.request;
- if (!deployment.turnOffChangeSessionIdOnLogin()) return request.changeSessionId();
- else return session.getId();
- }
-}
diff --git a/distribution/downloads/src/main/resources/files b/distribution/downloads/src/main/resources/files
index 8eb4b4d9a0..bdf595f6a7 100644
--- a/distribution/downloads/src/main/resources/files
+++ b/distribution/downloads/src/main/resources/files
@@ -3,8 +3,6 @@ mvn:keycloak-api-docs-dist:keycloak-api-docs
mvn:keycloak-tomcat-adapter-dist:keycloak-oidc-tomcat-adapter
-mvn:keycloak-saml-tomcat-adapter-dist:keycloak-saml-tomcat-adapter
-
mvn:documentation/keycloak-documentation:keycloak-documentation
npm:js/libs/keycloak-admin-client/target/keycloak-keycloak-admin-client-$$VERSION$$.tgz:keycloak-admin-client-$$VERSION$$.tgz
diff --git a/distribution/saml-adapters/tomcat-adapter-zip/assembly.xml b/distribution/saml-adapters/tomcat-adapter-zip/assembly.xml
deleted file mode 100755
index 8fce0fa734..0000000000
--- a/distribution/saml-adapters/tomcat-adapter-zip/assembly.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-
-
-
- war-dist
-
-
- zip
- tar.gz
-
- false
-
-
-
- false
- true
- true
-
- org.keycloak:keycloak-saml-tomcat-adapter
-
-
- org.apache.tomcat:tomcat-servlet-api
- org.apache.tomcat:tomcat-catalina
-
-
-
-
-
diff --git a/distribution/saml-adapters/tomcat-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat-adapter-zip/pom.xml
deleted file mode 100755
index 3710b43611..0000000000
--- a/distribution/saml-adapters/tomcat-adapter-zip/pom.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-
-
-
- 4.0.0
-
- keycloak-parent
- org.keycloak
- 999.0.0-SNAPSHOT
- ../../../pom.xml
-
-
- keycloak-saml-tomcat-adapter-dist
- pom
- Keycloak SAML Tomcat Adapter Distro
-
-
-
-
- org.keycloak
- keycloak-saml-tomcat-adapter
-
-
-
-
-
- maven-assembly-plugin
-
-
- assemble
- package
-
- single
-
-
-
- assembly.xml
-
-
- target
-
-
- target/assembly/work
-
- false
-
-
-
-
-
-
-
-
diff --git a/docs/documentation/release_notes/topics/11_0_0.adoc b/docs/documentation/release_notes/topics/11_0_0.adoc
index 22bfd5ab67..576d935219 100644
--- a/docs/documentation/release_notes/topics/11_0_0.adoc
+++ b/docs/documentation/release_notes/topics/11_0_0.adoc
@@ -26,8 +26,7 @@ please take a look at link:{upgradingguide_link_latest}[{upgradingguide_name}].
The `SameSite` value `None` for `JSESSIONID` cookie is necessary for correct behavior of the {project_name} SAML adapter.
Usage of a different value is causing resetting of the container's session with each request to {project_name}, when
the SAML POST binging is used. Refer to the following steps for
-link:{adapterguide_link}#_saml-jboss-adapter-samesite-setting[Wildfly] and
-link:{adapterguide_link}#_saml-tomcat-adapter-samesite-setting[Tomcat] to keep the correct behavior. Notice, that this
+link:{adapterguide_link}#_saml-jboss-adapter-samesite-setting[Wildfly] to keep the correct behavior. Notice, that this
workaround should be working also with the previous versions of the adapter.
== Other improvements
diff --git a/docs/documentation/securing_apps/topics/overview/getting-started.adoc b/docs/documentation/securing_apps/topics/overview/getting-started.adoc
index fdb9bb8c60..badcd39f43 100644
--- a/docs/documentation/securing_apps/topics/overview/getting-started.adoc
+++ b/docs/documentation/securing_apps/topics/overview/getting-started.adoc
@@ -51,7 +51,6 @@ endif::[]
* <<_saml_jboss_adapter,JBoss EAP>>
ifeval::[{project_community}==true]
* <<_saml_jboss_adapter,WildFly>>
-* <<_saml-tomcat-adapter,Tomcat>>
endif::[]
ifeval::[{project_community}==true]
* <<_java-servlet-filter-adapter,Servlet filter>>
diff --git a/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc b/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc
index fdd9ba5e94..1dbd8897d6 100644
--- a/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc
+++ b/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc
@@ -23,10 +23,6 @@ include::jboss-adapter/jboss-adapter-samesite-setting.adoc[]
include::jboss-adapter/required_per_war_configuration.adoc[]
include::jboss-adapter/securing_wars.adoc[]
ifeval::[{project_community}==true]
-include::tomcat-adapter.adoc[]
-include::tomcat-adapter/tomcat_adapter_installation.adoc[]
-include::tomcat-adapter/tomcat_adapter_per_war_config.adoc[]
-include::tomcat-adapter/tomcat-adapter-samesite-setting.adoc[]
endif::[]
include::servlet-filter-adapter.adoc[]
diff --git a/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter.adoc b/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter.adoc
deleted file mode 100644
index 3df0d7d390..0000000000
--- a/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-[[_saml-tomcat-adapter]]
-
-==== Tomcat SAML adapters
-
-WARNING: The {project_name} Tomcat SAML adapter is deprecated. We recommend that you use another client adapter if possible.
-
-To be able to secure WAR apps deployed on Tomcat 8 or 9 you must install the Keycloak Tomcat SAML adapter into your Tomcat installation.
-You then have to provide some extra configuration in each WAR you deploy to Tomcat.
-
-
diff --git a/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat-adapter-samesite-setting.adoc b/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat-adapter-samesite-setting.adoc
deleted file mode 100644
index 8861a0d14d..0000000000
--- a/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat-adapter-samesite-setting.adoc
+++ /dev/null
@@ -1,24 +0,0 @@
-[[_saml-tomcat-adapter-samesite-setting]]
-===== Setting SameSite value for JSESSIONID cookie
-
-Browsers are planning to set the default value for the `SameSite` attribute for cookies to `Lax`. This setting means
-that cookies will be sent to applications only if the request originates in the same domain. This behavior can affect
-the SAML POST binding which may become non-functional. To preserve full functionality of the SAML adapter, we recommend
-setting the `SameSite` value to `None` for the `JSESSIONID` cookie created by your container. Not doing so may result in
-resetting the container's session with each request to {project_name}.
-
-NOTE: To avoid setting the `SameSite` attribute to `None`, consider switching to the REDIRECT binding
-if it is acceptable, or to OIDC protocol where this workaround is not necessary.
-
-To set the `SameSite` value to `None` for `JSESSIONID` cookie in Tomcat add following configuration to the`context.xml`
-of your application. Note, this will set the `SameSite` value to `None` for all cookies created by Tomcat container.
-
-[source,xml]
-----
-
-----
-
-WARNING: It is not possible to set the `SameSite` attribute only to a subset of cookies, therefore all cookies created
-for your application will have this attribute set to `None`.
-
-The support for this feature is available in Tomcat from versions 9.0.29 and 8.5.49.
diff --git a/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat_adapter_installation.adoc b/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat_adapter_installation.adoc
deleted file mode 100644
index a5d3e94911..0000000000
--- a/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat_adapter_installation.adoc
+++ /dev/null
@@ -1,26 +0,0 @@
-
-[[_saml-tomcat-adapter-installation]]
-===== Installing the adapter
-
-Adapters are no longer included with the appliance or war distribution.
-Each adapter is a separate download on the Keycloak Downloads site.
-They are also available as a maven artifact.
-
-.Procedure
-
-. Download the adapter for the Tomcat version on your system from the link:https://www.keycloak.org/downloads[Keycloak Downloads] site:
-
-. Install on the Tomcat version on your system:
-
-* Install on Tomcat 8 or 9:
-+
-[source]
-----
-$ cd $TOMCAT_HOME/lib
-$ unzip keycloak-saml-tomcat-adapter-dist.zip
-----
-
-====
-[NOTE]
-Including the adapter's jars within your WEB-INF/lib directory will not work. The Keycloak SAML adapter is implemented as a Valve and valve code must reside in Tomcat's main lib/ directory.
-====
diff --git a/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat_adapter_per_war_config.adoc b/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat_adapter_per_war_config.adoc
deleted file mode 100644
index 3119addaf1..0000000000
--- a/docs/documentation/securing_apps/topics/saml/java/tomcat-adapter/tomcat_adapter_per_war_config.adoc
+++ /dev/null
@@ -1,57 +0,0 @@
-
-===== Securing a WAR
-
-Use this procedure to secure a WAR directly by adding config and editing files within your WAR package.
-
-.Procedure
-
-. Create a `META-INF/context.xml` file in your WAR package.
-This is a Tomcat specific config file and you must define a Keycloak specific Valve.
-+
-[source,xml]
-----
-
-
-
-----
-
-. Create a `keycloak-saml.xml` adapter config file within the `WEB-INF` directory of your WAR.
-The format of this config file is described in the <<_saml-general-config,General Adapter Config>> section.
-
-. Specify both a `login-config` and use standard servlet security to specify role-base constraints on your URLs.
-Here's an example:
-+
-[source,xml]
-----
-
-
- customer-portal
-
-
-
- Customers
- /*
-
-
- user
-
-
-
-
- BASIC
- this is ignored currently
-
-
-
- admin
-
-
- user
-
-
-----
-
-If the `keycloak-saml.xml` does not explicitly set `assertionConsumerServiceUrl`, the SAML adapter will implicitly listen for SAML assertions at the location `/my-context-path/saml`. This has to match `Master SAML Processing URL` in the IDP realm/client settings, for example `\http://sp.domain.com/my-context-path/saml`. If not, Tomcat will probably redirect infinitely to the IDP login service, as it does not receive the SAML assertion after the user logged in.
diff --git a/pom.xml b/pom.xml
index 1198f7ced2..1a4e3c679d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1152,11 +1152,6 @@
keycloak-saml-as7-subsystem
${project.version}
-
- org.keycloak
- keycloak-saml-tomcat-adapter
- ${project.version}
-
org.keycloak
keycloak-tomcat-adapter
@@ -1268,11 +1263,6 @@
${project.version}
zip
-
- org.keycloak
- keycloak-saml-tomcat-adapter-core
- ${project.version}
-
org.keycloak
keycloak-saml-jetty-adapter-core
@@ -1477,12 +1467,6 @@
${project.version}
zip
-
- org.keycloak
- keycloak-saml-tomcat-adapter-dist
- ${project.version}
- zip
-
org.keycloak
keycloak-saml-jetty94-adapter-dist
diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml
index ebf2b1cf6b..4bc3140c8f 100644
--- a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml
+++ b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat8/pom.xml
@@ -37,7 +37,6 @@
apache-tomcat-${tomcat8.version}
keycloak-tomcat-adapter-dist
- keycloak-saml-tomcat-adapter-dist
false
diff --git a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml
index cbb1c5b0bc..03c099eac9 100644
--- a/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml
+++ b/testsuite/integration-arquillian/servers/app-server/tomcat/tomcat9/pom.xml
@@ -37,7 +37,6 @@
apache-tomcat-${tomcat9.version}
keycloak-tomcat-adapter-dist
- keycloak-saml-tomcat-adapter-dist
false