diff --git a/saml-core/pom.xml b/saml-core/pom.xml
index 008a158858..cc39c03d1e 100755
--- a/saml-core/pom.xml
+++ b/saml-core/pom.xml
@@ -31,8 +31,8 @@
- 1.8
- 1.8
+ 1.7
+ 1.7
${maven.build.timestamp}
true
diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
index f6fe90acad..e65a2e91a5 100755
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
@@ -23,6 +23,7 @@ import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
+import org.keycloak.saml.processing.core.util.FixXMLConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -116,9 +117,9 @@ public class TransformerUtil {
logger.warn("XML External Entity switches are not supported. You may get XML injection vulnerabilities.");
}
try {
- transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ transformerFactory.setAttribute(FixXMLConstants.ACCESS_EXTERNAL_DTD, "");
- transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+ transformerFactory.setAttribute(FixXMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
} catch (Exception ignored) {
// some platforms don't support this. For example our testsuite pulls Selenium which requires Xalan 2.7.1
logger.warn("XML External Entity switches are not supported. You may get XML injection vulnerabilities.");
diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/FixXMLConstants.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/FixXMLConstants.java
new file mode 100644
index 0000000000..027f3ee6c8
--- /dev/null
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/FixXMLConstants.java
@@ -0,0 +1,16 @@
+package org.keycloak.saml.processing.core.util;
+
+/**
+ * Constants copied from XMLConstants to work around issues with IntelliJ
+ *
+ * See https://issues.redhat.com/browse/KEYCLOAK-19403
+ */
+public class FixXMLConstants {
+
+ public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD";
+
+ public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
+
+ public static final String ACCESS_EXTERNAL_STYLESHEET = "http://javax.xml.XMLConstants/property/accessExternalStylesheet";
+
+}
diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
index a1405a6d62..ba1ec9ddc8 100755
--- a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
@@ -98,8 +98,8 @@ public class JAXPValidationUtil {
// Do not optimize the following into setProperty(...) && setProperty(...).
// This way if it fails in the first setProperty, it will try the subsequent setProperty anyway
// which it would not due to short-circuiting in case of an && expression.
- boolean successful1 = setProperty(validator, XMLConstants.ACCESS_EXTERNAL_DTD, "");
- successful1 &= setProperty(validator, XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+ boolean successful1 = setProperty(validator, FixXMLConstants.ACCESS_EXTERNAL_DTD, "");
+ successful1 &= setProperty(validator, FixXMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
boolean successful2 = setFeature(validator, feature_disallow_doctype_decl, true);
successful2 &= setFeature(validator, feature_external_general_entities, false);
successful2 &= setFeature(validator, feature_external_parameter_entities, false);