From b2f09feebf05cb1bac88f63310d29910d1f53bad Mon Sep 17 00:00:00 2001 From: Douglas Palmer Date: Tue, 23 Apr 2024 10:52:26 -0700 Subject: [PATCH] Remove servlet filter saml adapters Closes #28786 Signed-off-by: Douglas Palmer --- adapters/saml/pom.xml | 1 - adapters/saml/servlet-filter/pom.xml | 82 ------- .../saml/servlet/FilterSamlSessionStore.java | 176 -------------- .../adapters/saml/servlet/SamlFilter.java | 220 ------------------ .../topics/overview/getting-started.adoc | 4 - .../topics/saml/java/java-adapters.adoc | 1 - .../saml/java/servlet-filter-adapter.adoc | 71 ------ pom.xml | 5 - .../servers/app-server/jetty/common/pom.xml | 4 - .../servers/app-server/undertow/pom.xml | 4 - ...ilterJakartaLoginResponseHandlingTest.java | 28 --- .../SAMLFilterLoginResponseHandlingTest.java | 33 --- .../servlet/SAMLFilterServletAdapterTest.java | 130 ----------- .../SAMLFilterServletJakartaAdapterTest.java | 28 --- ...ilterServletJakartaSessionTimeoutTest.java | 28 --- .../SAMLFilterServletSessionTimeoutTest.java | 26 --- testsuite/utils/pom.xml | 4 - 17 files changed, 845 deletions(-) delete mode 100755 adapters/saml/servlet-filter/pom.xml delete mode 100755 adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java delete mode 100755 adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java delete mode 100644 docs/documentation/securing_apps/topics/saml/java/servlet-filter-adapter.adoc delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterJakartaLoginResponseHandlingTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterLoginResponseHandlingTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaAdapterTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaSessionTimeoutTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletSessionTimeoutTest.java diff --git a/adapters/saml/pom.xml b/adapters/saml/pom.xml index 6afd216808..19cc182783 100755 --- a/adapters/saml/pom.xml +++ b/adapters/saml/pom.xml @@ -36,7 +36,6 @@ core-jakarta undertow wildfly - servlet-filter jakarta-servlet-filter wildfly-elytron wildfly-elytron-jakarta diff --git a/adapters/saml/servlet-filter/pom.xml b/adapters/saml/servlet-filter/pom.xml deleted file mode 100755 index 5fc0270429..0000000000 --- a/adapters/saml/servlet-filter/pom.xml +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - keycloak-parent - org.keycloak - 999.0.0-SNAPSHOT - ../../../pom.xml - - 4.0.0 - - keycloak-saml-servlet-filter-adapter - Keycloak SAML Servlet Filter - - - - - org.jboss.logging - jboss-logging - - - org.keycloak - keycloak-common - - - org.keycloak - keycloak-adapter-spi - - - org.keycloak - keycloak-servlet-adapter-spi - - - org.bouncycastle - bcprov-jdk18on - - - org.keycloak - keycloak-saml-core - - - org.keycloak - keycloak-saml-adapter-api-public - - - org.keycloak - keycloak-saml-adapter-core - - - org.keycloak - keycloak-crypto-default - - - org.jboss.spec.javax.servlet - jboss-servlet-api_3.0_spec - provided - - - junit - junit - test - - - - diff --git a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java b/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java deleted file mode 100755 index 731bdba26a..0000000000 --- a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.servlet; - -import org.jboss.logging.Logger; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlSession; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.saml.SamlUtil; -import org.keycloak.adapters.servlet.FilterSessionStore; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.adapters.spi.KeycloakAccount; -import org.keycloak.adapters.spi.SessionIdMapper; -import org.keycloak.common.util.KeycloakUriBuilder; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; -import javax.servlet.http.HttpSession; -import java.util.LinkedList; -import java.util.List; -import java.util.Set; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class FilterSamlSessionStore extends FilterSessionStore implements SamlSessionStore { - protected static Logger log = Logger.getLogger(SamlSessionStore.class); - protected final SessionIdMapper idMapper; - private final SamlDeployment deployment; - - public FilterSamlSessionStore(HttpServletRequest request, HttpFacade facade, int maxBuffer, SessionIdMapper idMapper, SamlDeployment deployment) { - super(request, facade, maxBuffer); - this.idMapper = idMapper; - this.deployment = deployment; - } - - @Override - public void setCurrentAction(CurrentAction action) { - if (action == CurrentAction.NONE && request.getSession(false) == null) return; - request.getSession().setAttribute(CURRENT_ACTION, action); - } - - @Override - public boolean isLoggingIn() { - HttpSession session = request.getSession(false); - if (session == null) return false; - CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION); - return action == CurrentAction.LOGGING_IN; - } - - @Override - public boolean isLoggingOut() { - HttpSession session = request.getSession(false); - if (session == null) return false; - CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION); - return action == CurrentAction.LOGGING_OUT; - } - - @Override - public void logoutAccount() { - HttpSession session = request.getSession(false); - if (session == null) return; - if (session != null) { - if (idMapper != null) idMapper.removeSession(session.getId()); - SamlSession samlSession = (SamlSession)session.getAttribute(SamlSession.class.getName()); - if (samlSession != null) { - session.removeAttribute(SamlSession.class.getName()); - } - clearSavedRequest(session); - } - } - - @Override - public void logoutByPrincipal(String principal) { - SamlSession account = getAccount(); - if (account != null && account.getPrincipal().getSamlSubject().equals(principal)) { - logoutAccount(); - } - if (idMapper != null) { - Set sessions = idMapper.getUserSessions(principal); - if (sessions != null) { - List ids = new LinkedList(); - ids.addAll(sessions); - for (String id : ids) { - idMapper.removeSession(id); - } - } - } - - } - - @Override - public void logoutBySsoId(List ssoIds) { - SamlSession account = getAccount(); - for (String ssoId : ssoIds) { - if (account != null && account.getSessionIndex().equals(ssoId)) { - logoutAccount(); - } else if (idMapper != null) { - String sessionId = idMapper.getSessionFromSSO(ssoId); - idMapper.removeSession(sessionId); - } - } - } - - @Override - public boolean isLoggedIn() { - HttpSession session = request.getSession(false); - if (session == null) { - log.debug("session was null, returning false"); - return false; - } - final SamlSession samlSession = SamlUtil.validateSamlSession(session.getAttribute(SamlSession.class.getName()), deployment); - if (samlSession == null) { - log.debug("SamlSession was not in session, returning null"); - return false; - } - if (idMapper != null && !idMapper.hasSession(session.getId())) { - logoutAccount(); - return false; - } - - needRequestRestore = restoreRequest(); - return true; - } - - public HttpServletRequestWrapper getWrap() { - HttpSession session = request.getSession(true); - final SamlSession samlSession = (SamlSession)session.getAttribute(SamlSession.class.getName()); - final KeycloakAccount account = samlSession; - return buildWrapper(session, account); - } - - @Override - public void saveAccount(SamlSession account) { - HttpSession session = request.getSession(true); - session.setAttribute(SamlSession.class.getName(), account); - if (idMapper != null) idMapper.map(account.getSessionIndex(), account.getPrincipal().getSamlSubject(), session.getId()); - } - - @Override - public SamlSession getAccount() { - HttpSession session = request.getSession(false); - if (session == null) return null; - return (SamlSession)session.getAttribute(SamlSession.class.getName()); - } - - @Override - public String getRedirectUri() { - HttpSession session = request.getSession(false); - if (session == null) return null; - String redirect = (String)session.getAttribute(REDIRECT_URI); - if (redirect == null) { - String contextPath = request.getContextPath(); - String baseUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()).replacePath(contextPath).build().toString(); - return SamlUtil.getRedirectTo(facade, contextPath, baseUri); - } - return redirect; - } - -} diff --git a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java b/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java deleted file mode 100755 index 093f203d53..0000000000 --- a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java +++ /dev/null @@ -1,220 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.servlet; - -import org.keycloak.adapters.saml.DefaultSamlDeployment; -import org.keycloak.adapters.saml.SamlAuthenticator; -import org.keycloak.adapters.saml.SamlConfigResolver; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlDeploymentContext; -import org.keycloak.adapters.saml.SamlSession; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.saml.config.parsers.DeploymentBuilder; -import org.keycloak.adapters.saml.config.parsers.ResourceLoader; -import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler; -import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler; -import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint; -import org.keycloak.adapters.servlet.ServletHttpFacade; -import org.keycloak.adapters.spi.AuthChallenge; -import org.keycloak.adapters.spi.AuthOutcome; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.adapters.spi.InMemorySessionIdMapper; -import org.keycloak.adapters.spi.SessionIdMapper; -import org.keycloak.saml.common.exceptions.ParsingException; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; -import javax.servlet.http.HttpServletResponse; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.util.logging.Level; -import java.util.logging.Logger; -import java.util.regex.Pattern; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class SamlFilter implements Filter { - protected SamlDeploymentContext deploymentContext; - protected SessionIdMapper idMapper; - private final static Logger log = Logger.getLogger("" + SamlFilter.class); - private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9+.-]*:"); - - @Override - public void init(final FilterConfig filterConfig) throws ServletException { - deploymentContext = (SamlDeploymentContext)filterConfig.getServletContext().getAttribute(SamlDeploymentContext.class.getName()); - if (deploymentContext != null) { - idMapper = (SessionIdMapper)filterConfig.getServletContext().getAttribute(SessionIdMapper.class.getName()); - return; - } - String configResolverClass = filterConfig.getInitParameter("keycloak.config.resolver"); - if (configResolverClass != null) { - try { - SamlConfigResolver configResolver = (SamlConfigResolver) getClass().getClassLoader().loadClass(configResolverClass).newInstance(); - deploymentContext = new SamlDeploymentContext(configResolver); - log.log(Level.INFO, "Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass); - } catch (Exception ex) { - log.log(Level.WARNING, "The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() }); - deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment()); - } - } else { - String fp = filterConfig.getInitParameter("keycloak.config.file"); - InputStream is = null; - if (fp != null) { - try { - is = new FileInputStream(fp); - } catch (FileNotFoundException e) { - throw new RuntimeException(e); - } - } else { - String path = "/WEB-INF/keycloak-saml.xml"; - String pathParam = filterConfig.getInitParameter("keycloak.config.path"); - if (pathParam != null) - path = pathParam; - is = filterConfig.getServletContext().getResourceAsStream(path); - } - final SamlDeployment deployment; - if (is == null) { - log.info("No adapter configuration. Keycloak is unconfigured and will deny all requests."); - deployment = new DefaultSamlDeployment(); - } else { - try { - ResourceLoader loader = new ResourceLoader() { - @Override - public InputStream getResourceAsStream(String resource) { - return filterConfig.getServletContext().getResourceAsStream(resource); - } - }; - deployment = new DeploymentBuilder().build(is, loader); - } catch (ParsingException e) { - throw new RuntimeException(e); - } - } - deploymentContext = new SamlDeploymentContext(deployment); - log.fine("Keycloak is using a per-deployment configuration."); - } - idMapper = new InMemorySessionIdMapper(); - filterConfig.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext); - filterConfig.getServletContext().setAttribute(SessionIdMapper.class.getName(), idMapper); - - } - - @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { - HttpServletRequest request = (HttpServletRequest) req; - HttpServletResponse response = (HttpServletResponse) res; - ServletHttpFacade facade = new ServletHttpFacade(request, response); - SamlDeployment deployment = deploymentContext.resolveDeployment(facade); - if (deployment == null || !deployment.isConfigured()) { - response.sendError(403); - log.fine("deployment not configured"); - return; - } - FilterSamlSessionStore tokenStore = new FilterSamlSessionStore(request, facade, 100000, idMapper, deployment); - boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml"); - SamlAuthenticator authenticator; - if (isEndpoint) { - authenticator = new SamlAuthenticator(facade, deployment, tokenStore) { - @Override - protected void completeAuthentication(SamlSession account) { - - } - - @Override - protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) { - return new SamlEndpoint(facade, deployment, sessionStore); - } - }; - - } else { - authenticator = new SamlAuthenticator(facade, deployment, tokenStore) { - @Override - protected void completeAuthentication(SamlSession account) { - - } - - @Override - protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) { - return new BrowserHandler(facade, deployment, sessionStore); - } - }; - } - AuthOutcome outcome = authenticator.authenticate(); - if (outcome == AuthOutcome.AUTHENTICATED) { - log.fine("AUTHENTICATED"); - if (facade.isEnded()) { - return; - } - HttpServletRequestWrapper wrapper = tokenStore.getWrap(); - chain.doFilter(wrapper, res); - return; - } - if (outcome == AuthOutcome.LOGGED_OUT) { - tokenStore.logoutAccount(); - String logoutPage = deployment.getLogoutPage(); - if (logoutPage != null) { - if (PROTOCOL_PATTERN.matcher(logoutPage).find()) { - response.sendRedirect(logoutPage); - log.log(Level.FINE, "Redirected to logout page {0}", logoutPage); - } else { - RequestDispatcher disp = req.getRequestDispatcher(logoutPage); - disp.forward(req, res); - } - return; - } - chain.doFilter(req, res); - return; - } - - AuthChallenge challenge = authenticator.getChallenge(); - if (challenge != null) { - log.fine("challenge"); - challenge.challenge(facade); - return; - } - - if (deployment.isIsPassive() && outcome == AuthOutcome.NOT_AUTHENTICATED) { - log.fine("PASSIVE_NOT_AUTHENTICATED"); - if (facade.isEnded()) { - return; - } - chain.doFilter(req, res); - return; - } - - if (!facade.isEnded()) { - response.sendError(403); - } - - } - - @Override - public void destroy() { - - } -} diff --git a/docs/documentation/securing_apps/topics/overview/getting-started.adoc b/docs/documentation/securing_apps/topics/overview/getting-started.adoc index 2c5cc14cf2..3e2a0e5d82 100644 --- a/docs/documentation/securing_apps/topics/overview/getting-started.adoc +++ b/docs/documentation/securing_apps/topics/overview/getting-started.adoc @@ -14,7 +14,6 @@ ifeval::[{project_community}==true] * {quickstartRepo_link}/tree/latest/jakarta/servlet-authz-client[Wildfly Elytron OIDC] * {quickstartRepo_link}/tree/latest/spring/rest-authz-resource-server[Spring Boot] * <<_jboss_adapter, {project_name} Wildfly Adapter>> (Deprecated) -* <<_servlet_filter_adapter,{project_name} Servlet Filter>> (Deprecated) endif::[] ===== JavaScript (client-side) @@ -49,9 +48,6 @@ endif::[] ifeval::[{project_community}==true] * <<_saml_jboss_adapter,WildFly>> endif::[] -ifeval::[{project_community}==true] -* <<_java-servlet-filter-adapter,Servlet filter>> -endif::[] ifeval::[{project_community}==true] ===== Apache HTTP Server diff --git a/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc b/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc index 1dbd8897d6..b61c370098 100644 --- a/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc +++ b/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc @@ -25,7 +25,6 @@ include::jboss-adapter/securing_wars.adoc[] ifeval::[{project_community}==true] endif::[] -include::servlet-filter-adapter.adoc[] include::idp-registration.adoc[] include::logout.adoc[] include::assertion-api.adoc[] diff --git a/docs/documentation/securing_apps/topics/saml/java/servlet-filter-adapter.adoc b/docs/documentation/securing_apps/topics/saml/java/servlet-filter-adapter.adoc deleted file mode 100644 index f78252954c..0000000000 --- a/docs/documentation/securing_apps/topics/saml/java/servlet-filter-adapter.adoc +++ /dev/null @@ -1,71 +0,0 @@ -[[_java-servlet-filter-adapter]] -==== Java Servlet filter adapter - -If you want to use SAML with a Java servlet application that doesn't have an adapter for that servlet platform, you can -opt to use the servlet filter adapter that {project_name} has. -This adapter works a little differently than the other adapters. -You still have to specify a `/WEB-INF/keycloak-saml.xml` file as defined in -the <<_saml-general-config,General Adapter Config>> section, but -you do not define security constraints in _web.xml_. -Instead you define a filter mapping using the {project_name} servlet filter adapter to secure the url patterns you want to secure. - -NOTE: Backchannel logout works a bit differently than the standard adapters. - Instead of invalidating the http session it instead marks the session ID as logged out. - There's just no way of arbitrarily invalidating an HTTP session based on a session ID. - -WARNING: Backchannel logout does not currently work when you have a clustered application that uses the SAML filter. - -[source,xml] ----- - - - customer-portal - - - Keycloak Filter - org.keycloak.adapters.saml.servlet.SamlFilter - - - Keycloak Filter - /* - - ----- - -The {project_name} filter has the same configuration parameters available as the other adapters except you must -define them as filter init params instead of context params. - -You can define multiple filter mappings if you have various different secure and unsecure url patterns. - -WARNING: You must have a filter mapping that covers `/saml`. - This mapping covers all server callbacks. - -When registering SPs with an IdP, you must register `http[s]://hostname/{context-root}/saml` as your Assert Consumer Service URL and Single Logout Service URL. - -To use this filter, include this maven artifact in your WAR poms: - -[source,xml,subs="attributes+"] ----- - - org.keycloak - keycloak-saml-servlet-filter-adapter - {project_versionMvn} - ----- - -In order to use <<_saml_multi_tenancy,Multi Tenancy>> the `keycloak.config.resolver` parameter should be passed as a filter parameter. - -[source,xml] ----- - - Keycloak Filter - org.keycloak.adapters.saml.servlet.SamlFilter - - keycloak.config.resolver - example.SamlMultiTenantResolver - - ----- diff --git a/pom.xml b/pom.xml index d7393e4c97..d996e7cc42 100644 --- a/pom.xml +++ b/pom.xml @@ -1084,11 +1084,6 @@ keycloak-js-adapter-jar ${project.version} - - org.keycloak - keycloak-saml-servlet-filter-adapter - ${project.version} - org.keycloak keycloak-saml-jakarta-servlet-filter-adapter diff --git a/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml b/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml index 1e1cfb5b95..95b09c06fa 100644 --- a/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml @@ -29,10 +29,6 @@ integration-arquillian-servers-app-server-jetty-common - - org.keycloak - keycloak-saml-servlet-filter-adapter - org.keycloak.testsuite integration-arquillian-servers-app-server-spi diff --git a/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml b/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml index 1f708815e3..99878ebfff 100644 --- a/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml +++ b/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml @@ -38,10 +38,6 @@ keycloak-saml-undertow-adapter-jakarta ${project.version} - - org.keycloak - keycloak-saml-servlet-filter-adapter - org.keycloak.testsuite integration-arquillian-servers-app-server-spi diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterJakartaLoginResponseHandlingTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterJakartaLoginResponseHandlingTest.java deleted file mode 100644 index 3d393964ad..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterJakartaLoginResponseHandlingTest.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2023 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.servlet; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; -import org.keycloak.testsuite.utils.annotation.UseServletFilter; -import org.keycloak.testsuite.utils.arquillian.ContainerConstants; - -@AppServerContainer(ContainerConstants.APP_SERVER_EAP8) -@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter", - filterDependency = "org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter") -public class SAMLFilterJakartaLoginResponseHandlingTest extends SAMLFilterLoginResponseHandlingTest { -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterLoginResponseHandlingTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterLoginResponseHandlingTest.java deleted file mode 100644 index f3450f5ddb..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterLoginResponseHandlingTest.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.keycloak.testsuite.adapter.servlet; - -import org.junit.Ignore; -import org.junit.Test; -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; -import org.keycloak.testsuite.utils.annotation.UseServletFilter; -import org.keycloak.testsuite.utils.arquillian.ContainerConstants; - -/** - * @author mhajas - */ -@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW) -@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP6) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP71) -@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter", - filterDependency = "org.keycloak:keycloak-saml-servlet-filter-adapter") -public class SAMLFilterLoginResponseHandlingTest extends SAMLLoginResponseHandlingTest { - @Test - @Override - @Ignore - public void testErrorHandlingUnsigned() { - - } - - @Test - @Override - @Ignore - public void testErrorHandlingSigned() { - - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java deleted file mode 100644 index b354073f9b..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java +++ /dev/null @@ -1,130 +0,0 @@ -package org.keycloak.testsuite.adapter.servlet; - -import org.junit.After; -import org.junit.Assume; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Ignore; -import org.junit.Test; -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; -import org.keycloak.testsuite.util.ContainerAssume; -import org.keycloak.testsuite.utils.annotation.UseServletFilter; -import org.keycloak.testsuite.utils.arquillian.ContainerConstants; - -/** - * @author mhajas - */ -@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW) -@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP6) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP71) -@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter", - filterDependency = "org.keycloak:keycloak-saml-servlet-filter-adapter") -public class SAMLFilterServletAdapterTest extends SAMLServletAdapterTest { - - @BeforeClass - public static void enabled() { - String appServerJavaHome = System.getProperty("app.server.java.home", ""); - Assume.assumeFalse(appServerJavaHome.contains("1.7") || appServerJavaHome.contains("ibm-java-70")); - - // SAMLServletAdapterTest has too many deployments, with so many deployments (with filter dependency in each - // of them) it is impossible to reload container after TLS is enabled, GC time limit exceeds - ContainerAssume.assumeNotAppServerSSL(); - } - - @Before - public void checkRoles() { - badClientSalesPostSigServletPage.checkRoles(true); - badRealmSalesPostSigServletPage.checkRoles(true); - employeeAcsServletPage.checkRoles(true); - employeeSigServletPage.checkRoles(true); - employeeSigFrontServletPage.checkRoles(true); - salesMetadataServletPage.checkRoles(true); - salesPostServletPage.checkRoles(true); - salesPostEncServletPage.checkRoles(true); - salesPostEncSignAssertionsOnlyServletPage.checkRoles(true); - salesPostSigServletPage.checkRoles(true); - salesPostPassiveServletPage.checkRoles(true); - salesPostSigPersistentServletPage.checkRoles(true); - salesPostSigTransientServletPage.checkRoles(true); - salesPostAssertionAndResponseSigPage.checkRoles(true); - employeeSigPostNoIdpKeyServletPage.checkRoles(true); - employeeSigRedirNoIdpKeyServletPage.checkRoles(true); - employeeSigRedirOptNoIdpKeyServletPage.checkRoles(true); - employeeRoleMappingPage.setupLoginInfo(testRealmSAMLPostLoginPage, bburkeUser); - - //using endpoint instead of query param because we are not able to put query param to IDP initiated login - employee2ServletPage.navigateTo(); - testRealmLoginPage.form().login(bburkeUser); - employee2ServletPage.checkRolesEndPoint(true); - employee2ServletPage.logout(); - - salesPostSigEmailServletPage.navigateTo(); - testRealmLoginPage.form().login(bburkeUser); - salesPostSigEmailServletPage.checkRolesEndPoint(true); - salesPostSigEmailServletPage.logout(); - } - - @After - public void uncheckRoles() { - badClientSalesPostSigServletPage.checkRoles(false); - badRealmSalesPostSigServletPage.checkRoles(false); - employeeAcsServletPage.checkRoles(false); - employee2ServletPage.checkRoles(false); - employeeSigServletPage.checkRoles(false); - employeeSigFrontServletPage.checkRoles(false); - salesMetadataServletPage.checkRoles(false); - salesPostServletPage.checkRoles(false); - salesPostEncServletPage.checkRoles(false); - salesPostEncSignAssertionsOnlyServletPage.checkRoles(false); - salesPostSigServletPage.checkRoles(false); - salesPostPassiveServletPage.checkRoles(false); - salesPostSigEmailServletPage.checkRoles(false); - salesPostSigPersistentServletPage.checkRoles(false); - salesPostSigTransientServletPage.checkRoles(false); - employeeSigPostNoIdpKeyServletPage.checkRoles(false); - employeeSigRedirNoIdpKeyServletPage.checkRoles(false); - employeeSigRedirOptNoIdpKeyServletPage.checkRoles(false); - employeeRoleMappingPage.clearLoginInfo(); - } - - @Test - @Override - @Ignore - public void testSavedPostRequest() { - - } - - @Test - @Override - @Ignore - public void multiTenant1SamlTest() throws Exception { - - } - - @Test - @Override - @Ignore - public void multiTenant2SamlTest() throws Exception { - - } - - /** - * Tests that the adapter is using the configured role mappings provider to map the roles extracted from the assertion - * into roles that exist in the application domain. For this test a {@link org.keycloak.adapters.saml.PropertiesBasedRoleMapper} - * has been setup in the adapter, performing the mappings as specified in the {@code role-mappings.properties} file. - * - * @throws Exception if an error occurs while running the test. - */ - @Test - @Override - public void testAdapterRoleMappings() throws Exception { - try { - employeeRoleMappingPage.setRolesToCheck("manager,coordinator,team-lead,employee"); - super.testAdapterRoleMappings(); - } finally { - employeeRoleMappingPage.checkRolesEndPoint(false); - } - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaAdapterTest.java deleted file mode 100644 index ad08ebb03b..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaAdapterTest.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2023 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.servlet; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; -import org.keycloak.testsuite.utils.annotation.UseServletFilter; -import org.keycloak.testsuite.utils.arquillian.ContainerConstants; - -@AppServerContainer(ContainerConstants.APP_SERVER_EAP8) -@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter", - filterDependency = "org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter") -public class SAMLFilterServletJakartaAdapterTest extends SAMLFilterServletAdapterTest { -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaSessionTimeoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaSessionTimeoutTest.java deleted file mode 100644 index 9218d140e4..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaSessionTimeoutTest.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright 2023 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.adapter.servlet; - -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; -import org.keycloak.testsuite.utils.annotation.UseServletFilter; -import org.keycloak.testsuite.utils.arquillian.ContainerConstants; - -@AppServerContainer(ContainerConstants.APP_SERVER_EAP8) -@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter", - filterDependency = "org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter") -public class SAMLFilterServletJakartaSessionTimeoutTest extends SAMLFilterServletSessionTimeoutTest { -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletSessionTimeoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletSessionTimeoutTest.java deleted file mode 100644 index c833003cc5..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletSessionTimeoutTest.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.keycloak.testsuite.adapter.servlet; - -import org.junit.Assume; -import org.junit.BeforeClass; -import org.keycloak.testsuite.arquillian.annotation.AppServerContainer; -import org.keycloak.testsuite.utils.annotation.UseServletFilter; -import org.keycloak.testsuite.utils.arquillian.ContainerConstants; - -/** - * @author mhajas - */ -@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW) -@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP6) -@AppServerContainer(ContainerConstants.APP_SERVER_EAP71) -@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter", - filterDependency = "org.keycloak:keycloak-saml-servlet-filter-adapter") -public class SAMLFilterServletSessionTimeoutTest extends SAMLServletSessionTimeoutTest { - - @BeforeClass - public static void enabled() { - String appServerJavaHome = System.getProperty("app.server.java.home", ""); - Assume.assumeFalse(appServerJavaHome.contains("1.7") || appServerJavaHome.contains("ibm-java-70")); - } -} diff --git a/testsuite/utils/pom.xml b/testsuite/utils/pom.xml index 37ef77282f..b0dcc404ee 100755 --- a/testsuite/utils/pom.xml +++ b/testsuite/utils/pom.xml @@ -186,10 +186,6 @@ org.keycloak keycloak-authz-client - - org.keycloak - keycloak-saml-servlet-filter-adapter - org.keycloak keycloak-servlet-filter-adapter