Merge pull request #2435 from patriot1burke/master

KEYCLOAK-2584
2016-03-25 00:08:32 -04:00 · 2016-03-25 00:08:32 -04:00 · add41ea92b
commit add41ea92b
parent cb4f95416c e497eb0950
1 changed files with 49 additions and 39 deletions
--- a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java
+++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java
@ -54,45 +54,8 @@ public abstract class AbstractInitiateLogin implements AuthChallenge {
    @Override
    public boolean challenge(HttpFacade httpFacade) {
        try {
-            String issuerURL = deployment.getEntityID();
+            SAML2AuthnRequestBuilder authnRequestBuilder = buildSaml2AuthnRequestBuilder(deployment);
-            String nameIDPolicyFormat = deployment.getNameIDPolicyFormat();
+            BaseSAML2BindingBuilder binding = createSaml2Binding(deployment);
            if (nameIDPolicyFormat == null) {
                nameIDPolicyFormat =  JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
            }
            SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder()
                    .destination(deployment.getIDP().getSingleSignOnService().getRequestBindingUrl())
                    .issuer(issuerURL)
                    .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
                    .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
            if (deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
                String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
                if (deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
                    protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
                }
                authnRequestBuilder.protocolBinding(protocolBinding);
            }
            if (deployment.getAssertionConsumerServiceUrl() != null) {
                authnRequestBuilder.assertionConsumerUrl(deployment.getAssertionConsumerServiceUrl());
            }
            BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
            if (deployment.getIDP().getSingleSignOnService().signRequest()) {
                KeyPair keypair = deployment.getSigningKeyPair();
                if (keypair == null) {
                    throw new RuntimeException("Signing keys not configured");
                }
                if (deployment.getSignatureCanonicalizationMethod() != null) {
                    binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
                }
                binding.signWith(keypair);
                binding.signDocument();
            }
            sessionStore.saveRequest();
            sendAuthnRequest(httpFacade, authnRequestBuilder, binding);
@ -103,6 +66,53 @@ public abstract class AbstractInitiateLogin implements AuthChallenge {
        return true;
    }
    public static BaseSAML2BindingBuilder createSaml2Binding(SamlDeployment deployment) {
        BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
        if (deployment.getIDP().getSingleSignOnService().signRequest()) {
            binding.signatureAlgorithm(deployment.getSignatureAlgorithm());
            KeyPair keypair = deployment.getSigningKeyPair();
            if (keypair == null) {
                throw new RuntimeException("Signing keys not configured");
            }
            if (deployment.getSignatureCanonicalizationMethod() != null) {
                binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
            }
            binding.signWith(keypair);
            binding.signDocument();
        }
        return binding;
    }
    public static SAML2AuthnRequestBuilder buildSaml2AuthnRequestBuilder(SamlDeployment deployment) {
        String issuerURL = deployment.getEntityID();
        String nameIDPolicyFormat = deployment.getNameIDPolicyFormat();
        if (nameIDPolicyFormat == null) {
            nameIDPolicyFormat =  JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
        }
        SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder()
                .destination(deployment.getIDP().getSingleSignOnService().getRequestBindingUrl())
                .issuer(issuerURL)
                .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
                .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
        if (deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
            String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
            if (deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
                protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
            }
            authnRequestBuilder.protocolBinding(protocolBinding);
        }
        if (deployment.getAssertionConsumerServiceUrl() != null) {
            authnRequestBuilder.assertionConsumerUrl(deployment.getAssertionConsumerServiceUrl());
        }
        return authnRequestBuilder;
    }
    protected abstract void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) throws ProcessingException, ConfigurationException, IOException;
 }