KEYCLOAK-7604-rename-ids-saml-clients
This commit is contained in:
parent
df22c4d613
commit
bd4098191b
42 changed files with 120 additions and 95 deletions
|
@ -66,11 +66,33 @@ public class SamlSPFacade extends HttpServlet {
|
|||
pw.flush();
|
||||
}
|
||||
|
||||
/*
|
||||
* https://idp.ssocircle.com/sso/toolbox/samlEncode.jsp
|
||||
*
|
||||
* returns (https instead of http in case ssl is required)
|
||||
*
|
||||
* <samlp:AuthnRequest
|
||||
* xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
|
||||
* xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
* AssertionConsumerServiceURL="http://localhost:8280/employee/"
|
||||
* Destination="http://localhost:8180/auth/realms/demo/protocol/saml"
|
||||
* ForceAuthn="false"
|
||||
* ID="ID_4d8e5ce2-7206-472b-a897-2d837090c005"
|
||||
* IsPassive="false"
|
||||
* IssueInstant="2015-03-06T22:22:17.854Z"
|
||||
* ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
|
||||
* Version="2.0">
|
||||
* <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">saml-employee</saml:Issuer>
|
||||
* <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
|
||||
* </samlp:AuthnRequest>
|
||||
*
|
||||
* It should be replaced by dynamically generated code. See KEYCLOAK-8245
|
||||
*/
|
||||
private String getSamlRequest() {
|
||||
if (System.getProperty("auth.server.ssl.required", "false").equals("true")) {
|
||||
return "jZJJT8MwEIXvSPyHyPfUTrokWE2lQoWoxBLRwoELMs6UWnLs4HFY%2Fj1OoALEIiQfLPt55r1vPEVR64bPW781l%2FDQAvroudYGeX9RkNYZbgUq5EbUgNxLvpqfnfJ0wHjjrLfSavL25G%2BxQATnlTUkmu%2B2R9ZgW4NbgXtUEq4uTwuy9b5BTqm2UuitRc%2FzyWhIoW60fQGgJFoEk8qIrsCP8nGQixCIOhC6RlpBbenOK%2B1ykejYOgl96oJshEYg0XJRkOXidlTlMJaQxlnKJvEoS%2B9ikR9kcVrlw4wdMMnYOIixDIHUI3w8R2xhadAL4wuSsmQcs2HMJus05WEl2SAYuyFR%2BW7kUJlKmfu%2Fod29iZCfrNdlXF6s1iS6Bod99CAgs%2F29aZeI9%2B3dp9n9dxqzjuBXgCxPPnhP6af6u3YNPw8ll4vSaiVfornW9uko4PaBh3ct9IBr4X83kQyS%2FkRV8aaX8tZgA1JtFFSEdo3o9785ewU%3D";
|
||||
return "jVLbTgIxEP2Vpu9Ly3JZbFgSlBhJUDeAPvhianeQJt127XS9%2FL1lwWiiokkfms6ZOZfpGGVlajFtwtYu4akBDOS1MhZFW8hp461wEjUKKytAEZRYTS8XIu1wUXsXnHKG7luOgyUi%2BKCdpWT6cT1zFpsK%2FAr8s1Zws1zkdBtCjYIx45Q0W4dBjIb9HoOqNu4NgFEyiyK1lbsBP8IHES6jIeZBmgpZCZVjH1rZzhcl584raF3ndCMNAiXzWU7ns%2Ft%2BOYKBgjTJUj5M%2Bln6kMjRSZak5aiX8ROuOB9EMBbRkH6Gz3bEBuYWg7QhpynvDhLeS%2FhwnaYinm7WicLuKCkOQk61LbV9PB7awx6E4mK9LpLierWm5BY8ttYjgE7IeGdItOz%2By%2Br%2Bu4zJX3mP2ReCA10truLI%2BaxwRqs3MjXGvZzFtEOMI%2FgG2nwrGX4X0e102xddJpsWKhqLNSi90VBSFnnY9585eQc%3D";
|
||||
}
|
||||
|
||||
return "jZJdS8MwFIbvBf9DyX2XNG62hnUwHeLAj7JNL7yRmJ65QJrUnNSPf29WHQp%2BIOQiJM%2FJed%2F3ZIyyMa2YdmFjF%2FDYAYbkpTEWRX9Rks5b4SRqFFY2gCIosZxenAs%2BYKL1LjjlDHkv%2BRuWiOCDdpYk0932xFnsGvBL8E9awfXivCSbEFpBqXFKmo3DIApeMApNa9wrACXJLGrUVm7rf6KzSMtoh3qQpkFaQ%2BPoTinduiLJqfMKes8lWUuDQJL5rCTz2d2wLmCkgKc5Z4fpMOf3qSyO8pTXxUHOjphibBRhrKId%2FQSf5YgdzC0GaUNJOMtGKTtI2eGKcxFXlg%2BK0fCWJNWHkGNta20f%2Fo7s%2Fh1CcbZaVWl1tVyR5AY89s4jQCb7e%2BOtI9G3918m999ZTL4HyIrsM%2B4x%2FfL%2Brl0rLuOT81nljFavydQY93wS4w4xj%2BA76ANuZPhdRDbI%2BhNdp%2BseFZ3FFpRea6gJ3Tai33%2Fm5A0%3D";
|
||||
return "jZJRT9swFIX%2FiuX31I5pSbCaSoVqWiXYIlp42Asyzu1qybGDr1PWfz83LQKJAZP8YNnf9T3nXE9RtbaT8z5u3S089YCR%2FGmtQzlcVLQPTnqFBqVTLaCMWq7mN9dSjLjsgo9ee0uPJZ%2FDChFCNN5RMn%2FZXnmHfQthBWFnNNzdXld0G2MnGbNeK7v1GGUpSs6g7azfAzBKFkmjcepQ%2Fy86T7RKdlgAZVtkDbSevShlB1eUfPNBw%2BC5ohtlEShZLiq6XDyMmxImGkRWCH6ejQvxmKnyoshEU54V%2FIJrzicJxjrZMTt4LUfsYekwKhcrKng%2ByfhZxs%2FXQsi08mJUTsa%2FKKlPQi6Na4z7%2FXlkj0cI5ff1us7qn6s1JfcQcHCeADoj04MhOXQPbwb3v6OYfZH2lL15%2F9Stkz%2FSi8tF7a3RezK31j9fpbBjSiOGHoZ4WxU%2F1pCP8uHENNlmQGXvsANtNgYaylIf9v5bzv4C";
|
||||
}
|
||||
}
|
||||
|
|
|
@ -27,7 +27,7 @@ import java.net.URL;
|
|||
*/
|
||||
public class SalesPostEncServlet extends SAMLServlet {
|
||||
public static final String DEPLOYMENT_NAME = "sales-post-enc";
|
||||
public static final String CLIENT_NAME = "http://localhost:8081/sales-post-enc/";
|
||||
public static final String CLIENT_NAME = "http://localhost:8280/sales-post-enc/";
|
||||
|
||||
@ArquillianResource
|
||||
@OperateOnDeployment(DEPLOYMENT_NAME)
|
||||
|
|
|
@ -27,7 +27,7 @@ import java.net.URL;
|
|||
*/
|
||||
public class SalesPostEncSignAssertionsOnlyServlet extends SAMLServlet {
|
||||
public static final String DEPLOYMENT_NAME = "sales-post-enc-sign-assertions-only";
|
||||
public static final String CLIENT_NAME = "http://localhost:8081/sales-post-enc-sign-assertions-only/";
|
||||
public static final String CLIENT_NAME = "http://localhost:8280/sales-post-enc-sign-assertions-only/";
|
||||
|
||||
@ArquillianResource
|
||||
@OperateOnDeployment(DEPLOYMENT_NAME)
|
||||
|
|
|
@ -27,7 +27,7 @@ import java.net.URL;
|
|||
*/
|
||||
public class SalesPostServlet extends SAMLServlet {
|
||||
public static final String DEPLOYMENT_NAME = "sales-post";
|
||||
public static final String CLIENT_NAME = "http://localhost:8081/sales-post/";
|
||||
public static final String CLIENT_NAME = "http://localhost:8280/sales-post/";
|
||||
|
||||
@ArquillianResource
|
||||
@OperateOnDeployment(DEPLOYMENT_NAME)
|
||||
|
|
|
@ -145,7 +145,7 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
|
|||
if (AUTH_SERVER_SSL_REQUIRED) {
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.https.port"));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "http", "https");
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8081", System.getProperty("app.server.https.port"));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8080", System.getProperty("app.server.https.port"));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "http", "https");
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.https.port"));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "http", "https");
|
||||
|
@ -155,7 +155,7 @@ public class DeploymentArchiveProcessor implements ApplicationArchiveProcessor {
|
|||
modifyDocElementAttribute(doc, "SP", "logoutPage", "http", "https");
|
||||
} else {
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port"));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8081", System.getProperty("app.server.http.port"));
|
||||
modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8080", System.getProperty("app.server.http.port"));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port"));
|
||||
modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port"));
|
||||
modifyDocElementAttribute(doc, "SP", "logoutPage", "8081", System.getProperty("app.server.http.port"));
|
||||
|
|
|
@ -138,6 +138,7 @@ import org.keycloak.testsuite.auth.page.login.SAMLIDPInitiatedLogin;
|
|||
import org.keycloak.testsuite.auth.page.login.SAMLPostLoginTenant1;
|
||||
import org.keycloak.testsuite.auth.page.login.SAMLPostLoginTenant2;
|
||||
import org.keycloak.testsuite.page.AbstractPage;
|
||||
import org.keycloak.testsuite.saml.AbstractSamlTest;
|
||||
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
|
||||
import org.keycloak.testsuite.util.SamlClient;
|
||||
import org.keycloak.testsuite.util.SamlClient.Binding;
|
||||
|
@ -501,7 +502,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
|
|||
|
||||
@Test
|
||||
public void disabledClientTest() {
|
||||
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "http://localhost:8081/sales-post-sig/");
|
||||
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG);
|
||||
ClientRepresentation client = clientResource.toRepresentation();
|
||||
client.setEnabled(false);
|
||||
clientResource.update(client);
|
||||
|
@ -763,9 +764,9 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
|
|||
|
||||
clientRep.setAdminUrl(appServerUrl + "sales-metadata/saml");
|
||||
|
||||
Response response = testRealmResource().clients().create(clientRep);
|
||||
Assert.assertEquals(201, response.getStatus());
|
||||
response.close();
|
||||
try (Response response = testRealmResource().clients().create(clientRep)) {
|
||||
Assert.assertEquals(201, response.getStatus());
|
||||
}
|
||||
|
||||
testSuccessfulAndUnauthorizedLogin(salesMetadataServletPage, testRealmSAMLPostLoginPage);
|
||||
}
|
||||
|
@ -1159,7 +1160,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
|
|||
|
||||
@Test
|
||||
public void testAttributes() throws Exception {
|
||||
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "http://localhost:8081/employee2/");
|
||||
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2);
|
||||
ProtocolMappersResource protocolMappersResource = clientResource.getProtocolMappers();
|
||||
|
||||
Map<String, String> config = new LinkedHashMap<>();
|
||||
|
@ -1224,7 +1225,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
|
|||
|
||||
config = new LinkedHashMap<>();
|
||||
config.put("new.role.name", "pee-on");
|
||||
config.put("role", "http://localhost:8081/employee/.employee");
|
||||
config.put("role", "http://localhost:8280/employee/.employee");
|
||||
createProtocolMapper(protocolMappersResource, "renamed-employee-role", "saml", "saml-role-name-mapper", config);
|
||||
|
||||
for (ProtocolMapperRepresentation mapper : clientResource.toRepresentation().getProtocolMappers()) {
|
||||
|
@ -1265,7 +1266,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
|
|||
|
||||
@Test
|
||||
public void spMetadataValidation() throws Exception {
|
||||
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), "http://localhost:8081/sales-post-sig/");
|
||||
ClientResource clientResource = ApiUtil.findClientResourceByClientId(testRealmResource(), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG);
|
||||
ClientRepresentation representation = clientResource.toRepresentation();
|
||||
Client client = ClientBuilder.newClient();
|
||||
WebTarget target = client.target(authServerPage.toString() + "/admin/realms/" + SAMLSERVLETDEMO + "/clients/" + representation.getId() + "/installation/providers/saml-sp-descriptor");
|
||||
|
@ -1278,7 +1279,7 @@ public class SAMLServletAdapterTest extends AbstractServletsAdapterTest {
|
|||
//KEYCLOAK-4020
|
||||
public void testBooleanAttribute() throws Exception {
|
||||
new SamlClientBuilder()
|
||||
.authnRequest(getAuthServerSamlEndpoint(SAMLSERVLETDEMO), "http://localhost:8081/employee2/", getAppServerSamlEndpoint(employee2ServletPage).toString(), Binding.POST).build()
|
||||
.authnRequest(getAuthServerSamlEndpoint(SAMLSERVLETDEMO), AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2, getAppServerSamlEndpoint(employee2ServletPage).toString(), Binding.POST).build()
|
||||
.login().user(bburkeUser).build()
|
||||
.processSamlResponse(Binding.POST)
|
||||
.transformDocument(responseDoc -> {
|
||||
|
|
|
@ -24,13 +24,13 @@ public abstract class AbstractSamlTest extends AbstractAuthTest {
|
|||
public static final String REALM_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB";
|
||||
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST = "http://localhost:8080/sales-post/saml";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST = "http://localhost:8081/sales-post/";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST = "http://localhost:8280/sales-post/";
|
||||
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST2 = "http://localhost:8080/sales-post2/saml";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST2 = "http://localhost:8081/sales-post2/";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST2 = "http://localhost:8280/sales-post2/";
|
||||
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG = "http://localhost:8080/sales-post-sig/";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST_SIG = "http://localhost:8081/sales-post-sig/";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST_SIG = "http://localhost:8280/sales-post-sig/";
|
||||
public static final String SAML_URL_SALES_POST_SIG = "http://localhost:8080/sales-post-sig/";
|
||||
public static final String SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY = "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBANUbxrvEY3pkiQNt55zJLKBwN+zKmNQw08ThAmOKzwHfXoK+xlDSFxNMtTKJGkeUdnKzaTfESEcEfKYULUA41y/NnOlvjS0CEsc7Wq0Ce63TSSGMB2NHea4tV0aQz/MwLsbmz2IjAFWHA5CHL5WwacIf3UTOSNnhJUSvnkomjJAlAgMBAAECgYANpO2gb/5+g5lSIuNFYov86bJq8r2+ODIW1OE2Rljioc6HSHeiDRF1JuAjECwikRrUVTBTZbnK8jqY14neJsWAKBzGo+ToaQALsNZ9B91DxxL50K5oVOzw5shAS9TnRjN40+KIXFED4ydq4JRdoqb8+cN+N3i0+Cu7tdm+UaHTAQJBAOwFs3ZwqQEqmv9vmgmIFwFpJm1aIw25gEOf3Hy45GP4bL/j0FQgwcXYRbLE5bPqhw/liLKc1GQ97bVm6zs8SvUCQQDnJZA6TFRMiDjezinE1J4e0v4RupyDniVjbE5ArTK5/FRVkjw4Ny0AqZUEyIIqlTeZlCq45pCJy4a2hymDGVJxAj9gzfXNnmezEsZ//kYvoqHM8lPQhifaeTsigW7tuOf0GPCBw+6uksDnZM0xhZCxOoArBPoMSEbU1pGo1Y2lvhUCQF6E5sBgHAybm53Ich4Rz4LNRqWbSIstrR5F2I3sBRU2kInZXZSjQ1zE+7HUCB4/nFfJ1dp8NdiTCEg1Zw072pECQQDnxyQALmWhQbBTl0tq6CwYf9rZDwBzxuY+CXB8Ky1gOmXwan96KZvV4rK8MQQs6HIiYC/j+5lX3A3zlXTFldaz";
|
||||
public static final String SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQAB";
|
||||
|
@ -41,10 +41,12 @@ public abstract class AbstractSamlTest extends AbstractAuthTest {
|
|||
public static final String SAML_CLIENT_SALES_POST_SIG_EXPIRED_CERTIFICATE = "MIICMTCCAZqgAwIBAgIJAPlizW20Nhe6MA0GCSqGSIb3DQEBCwUAMDAxLjAsBgNVBAMMJWh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9zYWxlcy1wb3N0LXNpZy8wHhcNMTYwODI5MDg1MjMzWhcNMTYwODMwMDg1MjMzWjAwMS4wLAYDVQQDDCVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKxs0adx1X+k4u+a5eZjwD17mvADwgiwDYpMznfNlSNEfDJdFAHIZH0VAbwXnaGySJ/a/MMMTHly5irDMp1udkmHgv2ceW+SumsjEtxliSIKi6af59aYlHiOLGyV5VI/VLVvkE6Roax7fZ+7O858KDahg1JI5smYnpBLKY3X885QIDAQABo1MwUTAdBgNVHQ4EFgQUE9C6Ck0jsdY+sjN064ZYwYkZJr4wHwYDVR0jBBgwFoAUE9C6Ck0jsdY+sjN064ZYwYkZJr4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQBuypHw5DMDBgfI6LcXBiCjpiQP3DLRLdwthh/RfCnZT7PrhXRJV8RMm8EqxqtEgfg2SKqMyA02uxMKH0p277U2iQveSDAaICTJRxtyFm6FERtgLNlsekusC2I14gZpLe84oHDf6L1w3dKFzzLEC9+bHg/XCg/KthWxW8iuVct5qg==";
|
||||
|
||||
public static final String SAML_ASSERTION_CONSUMER_URL_SALES_POST_ENC = "http://localhost:8080/sales-post-enc/";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST_ENC = "http://localhost:8081/sales-post-enc/";
|
||||
public static final String SAML_CLIENT_ID_SALES_POST_ENC = "http://localhost:8280/sales-post-enc/";
|
||||
public static final String SAML_CLIENT_SALES_POST_ENC_PRIVATE_KEY = "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t";
|
||||
public static final String SAML_CLIENT_SALES_POST_ENC_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQAB";
|
||||
|
||||
public static final String SAML_CLIENT_ID_EMPLOYEE_2 = "http://localhost:8280/employee2/";
|
||||
|
||||
public static final String SAML_BROKER_ALIAS = "saml-broker";
|
||||
|
||||
@Override
|
||||
|
|
|
@ -119,7 +119,7 @@ public class AuthnRequestNameIdFormatTest extends AbstractSamlTest {
|
|||
@Test
|
||||
public void testRedirectLoginNoNameIdPolicyForcePostBinding() throws Exception {
|
||||
ClientsResource clients = adminClient.realm(REALM_NAME).clients();
|
||||
List<ClientRepresentation> foundClients = clients.findByClientId("http://localhost:8081/sales-post/");
|
||||
List<ClientRepresentation> foundClients = clients.findByClientId(SAML_CLIENT_ID_SALES_POST);
|
||||
assertThat(foundClients, hasSize(1));
|
||||
ClientResource clientRes = clients.get(foundClients.get(0).getId());
|
||||
ClientRepresentation client = clientRes.toRepresentation();
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/bad-assertion-sales-post-sig/"
|
||||
<SP entityID="http://localhost:8280/bad-assertion-sales-post-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/bad-client-sales-post-sig/"
|
||||
<SP entityID="http://localhost:8280/bad-client-sales-post-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/bad-client-sales-post-sig/"
|
||||
<SP entityID="http://localhost:8280/bad-client-sales-post-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/bad-realm-sales-post-sig/"
|
||||
<SP entityID="http://localhost:8280/bad-realm-sales-post-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/bad-realm-sales-post-sig/"
|
||||
<SP entityID="http://localhost:8280/bad-realm-sales-post-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/different-cookie-name/"
|
||||
<SP entityID="http://localhost:8280/different-cookie-name/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/ecp-sp/"
|
||||
<SP entityID="http://localhost:8280/ecp-sp/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_8.xsd">
|
||||
<SP entityID="http://localhost:8081/employee-acs/"
|
||||
<SP entityID="http://localhost:8280/employee-acs/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
@ -32,7 +32,7 @@
|
|||
<SingleSignOnService requestBinding="POST"
|
||||
bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
|
||||
responseBinding="POST"
|
||||
assertionConsumerServiceUrl="http://localhost:8081/employee-acs/a/different/endpoint/for/saml"
|
||||
assertionConsumerServiceUrl="http://localhost:8080/employee-acs/a/different/endpoint/for/saml"
|
||||
/>
|
||||
|
||||
<SingleLogoutService
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/employee-sig-front/"
|
||||
<SP entityID="http://localhost:8280/employee-sig-front/"
|
||||
sslPolicy="EXTERNAL"
|
||||
logoutPage="/logout.jsp"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/employee-sig-post-noidpkey/"
|
||||
<SP entityID="http://localhost:8280/employee-sig-post-noidpkey/"
|
||||
sslPolicy="EXTERNAL"
|
||||
logoutPage="/logout.jsp"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/employee-sig-redir-noidpkey/"
|
||||
<SP entityID="http://localhost:8280/employee-sig-redir-noidpkey/"
|
||||
sslPolicy="EXTERNAL"
|
||||
logoutPage="/logout.jsp"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/employee-sig-redir-opt-noidpkey/"
|
||||
<SP entityID="http://localhost:8280/employee-sig-redir-opt-noidpkey/"
|
||||
sslPolicy="EXTERNAL"
|
||||
logoutPage="/logout.jsp"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/employee-sig/"
|
||||
<SP entityID="http://localhost:8280/employee-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
logoutPage="/logout.jsp"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
|
|
|
@ -18,10 +18,10 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/employee/"
|
||||
<SP entityID="http://localhost:8280/employee/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="http://localhost:8081/logout/index.html"
|
||||
logoutPage="http://localhost:8080/logout/index.html"
|
||||
forceAuthentication="false">
|
||||
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
||||
<RoleIdentifiers>
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/employee2/"
|
||||
<SP entityID="http://localhost:8280/employee2/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-enc/"
|
||||
<SP entityID="http://localhost:8280/sales-post-enc/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
@ -39,7 +39,7 @@
|
|||
<SingleSignOnService signRequest="true"
|
||||
validateResponseSignature="true"
|
||||
requestBinding="POST"
|
||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
bindingUrl="http://localhost:8180/auth/realms/demo/protocol/saml"
|
||||
/>
|
||||
|
||||
<SingleLogoutService
|
||||
|
@ -49,8 +49,8 @@
|
|||
signResponse="true"
|
||||
requestBinding="POST"
|
||||
responseBinding="POST"
|
||||
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
postBindingUrl="http://localhost:8180/auth/realms/demo/protocol/saml"
|
||||
redirectBindingUrl="http://localhost:8180/auth/realms/demo/protocol/saml"
|
||||
/>
|
||||
<Keys>
|
||||
<Key signing="true" >
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/input-portal/"
|
||||
<SP entityID="http://localhost:8280/input-portal/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/employee2/"
|
||||
<SP entityID="http://localhost:8280/employee2/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
@ -30,14 +30,14 @@
|
|||
</RoleIdentifiers>
|
||||
<IDP entityID="idp">
|
||||
<SingleSignOnService requestBinding="POST"
|
||||
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
bindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
|
||||
/>
|
||||
|
||||
<SingleLogoutService
|
||||
requestBinding="POST"
|
||||
responseBinding="POST"
|
||||
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
||||
postBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
|
||||
redirectBindingUrl="http://localhost:8080/auth/realms/demo/protocol/saml"
|
||||
/>
|
||||
</IDP>
|
||||
</SP>
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/missing-assertion-sig/"
|
||||
<SP entityID="http://localhost:8280/missing-assertion-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-metadata/"
|
||||
<SP entityID="http://localhost:8280/sales-metadata/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-assertion-and-response-sig/"
|
||||
<SP entityID="http://localhost:8280/sales-post-assertion-and-response-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_9.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post/"
|
||||
<SP entityID="http://localhost:8280/sales-post/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-enc-sign-assertions-only/"
|
||||
<SP entityID="http://localhost:8280/sales-post-enc-sign-assertions-only/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-enc/"
|
||||
<SP entityID="http://localhost:8280/sales-post-enc/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-passive/"
|
||||
<SP entityID="http://localhost:8280/sales-post-passive/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-sig-email/"
|
||||
<SP entityID="http://localhost:8280/sales-post-sig-email/"
|
||||
sslPolicy="EXTERNAL"
|
||||
logoutPage="/logout.jsp"
|
||||
forceAuthentication="false">
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-sig-persistent/"
|
||||
<SP entityID="http://localhost:8280/sales-post-sig-persistent/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-sig-transient/"
|
||||
<SP entityID="http://localhost:8280/sales-post-sig-transient/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post-sig/"
|
||||
<SP entityID="http://localhost:8280/sales-post-sig/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post/"
|
||||
<SP entityID="http://localhost:8280/sales-post/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
|
||||
<SP entityID="http://localhost:8081/sales-post2/"
|
||||
<SP entityID="http://localhost:8280/sales-post2/"
|
||||
sslPolicy="EXTERNAL"
|
||||
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
||||
logoutPage="/logout.jsp"
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
<EntitiesDescriptor Name="urn:mace:shibboleth:testshib:two"
|
||||
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
>
|
||||
<EntityDescriptor entityID="http://localhost:8081/sales-metadata/">
|
||||
<EntityDescriptor entityID="http://localhost:8280/sales-metadata/">
|
||||
<SPSSODescriptor AuthnRequestsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
|
||||
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient
|
||||
|
|
|
@ -32,8 +32,8 @@
|
|||
},
|
||||
"realmRoles": ["manager", "user"],
|
||||
"applicationRoles": {
|
||||
"http://localhost:8081/employee/": [ "employee" ],
|
||||
"http://localhost:8081/employee2/": [ "employee" ]
|
||||
"http://localhost:8280/employee/": [ "employee" ],
|
||||
"http://localhost:8280/employee2/": [ "employee" ]
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -49,8 +49,8 @@
|
|||
},
|
||||
"realmRoles": ["manager", "user"],
|
||||
"applicationRoles": {
|
||||
"http://localhost:8081/employee/": [ "employee" ],
|
||||
"http://localhost:8081/employee2/": [ "employee" ]
|
||||
"http://localhost:8280/employee/": [ "employee" ],
|
||||
"http://localhost:8280/employee2/": [ "employee" ]
|
||||
}
|
||||
},
|
||||
{
|
||||
|
@ -102,7 +102,7 @@
|
|||
],
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "http://localhost:8081/missing-assertion-sig/",
|
||||
"clientId": "http://localhost:8280/missing-assertion-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -124,7 +124,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/bad-assertion-sales-post-sig/",
|
||||
"clientId": "http://localhost:8280/bad-assertion-sales-post-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -141,7 +141,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/input-portal/",
|
||||
"clientId": "http://localhost:8280/input-portal/",
|
||||
"enabled": true,
|
||||
"fullScopeAllowed": true,
|
||||
"protocol": "saml",
|
||||
|
@ -158,7 +158,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post-assertion-and-response-sig/",
|
||||
"clientId": "http://localhost:8280/sales-post-assertion-and-response-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -180,7 +180,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post2/",
|
||||
"clientId": "http://localhost:8280/sales-post2/",
|
||||
"enabled": true,
|
||||
"fullScopeAllowed": true,
|
||||
"protocol": "saml",
|
||||
|
@ -197,7 +197,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/different-cookie-name/",
|
||||
"clientId": "http://localhost:8280/different-cookie-name/",
|
||||
"enabled": true,
|
||||
"fullScopeAllowed": true,
|
||||
"protocol": "saml",
|
||||
|
@ -212,7 +212,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post/",
|
||||
"clientId": "http://localhost:8280/sales-post/",
|
||||
"enabled": true,
|
||||
"fullScopeAllowed": true,
|
||||
"protocol": "saml",
|
||||
|
@ -228,7 +228,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post-passive/",
|
||||
"clientId": "http://localhost:8280/sales-post-passive/",
|
||||
"enabled": true,
|
||||
"fullScopeAllowed": true,
|
||||
"protocol": "saml",
|
||||
|
@ -242,7 +242,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post-sig/",
|
||||
"clientId": "http://localhost:8280/sales-post-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -259,7 +259,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post-sig-transient/",
|
||||
"clientId": "http://localhost:8280/sales-post-sig-transient/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -277,7 +277,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post-sig-persistent/",
|
||||
"clientId": "http://localhost:8280/sales-post-sig-persistent/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -294,7 +294,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post-sig-email/",
|
||||
"clientId": "http://localhost:8280/sales-post-sig-email/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -315,7 +315,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/bad-realm-sales-post-sig/",
|
||||
"clientId": "http://localhost:8280/bad-realm-sales-post-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -332,7 +332,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/bad-client-sales-post-sig/",
|
||||
"clientId": "http://localhost:8280/bad-client-sales-post-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -349,7 +349,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post-enc/",
|
||||
"clientId": "http://localhost:8280/sales-post-enc/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -368,7 +368,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/sales-post-enc-sign-assertions-only/",
|
||||
"clientId": "http://localhost:8280/sales-post-enc-sign-assertions-only/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -387,7 +387,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/employee-sig/",
|
||||
"clientId": "http://localhost:8280/employee-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -405,7 +405,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/employee-sig-redir-noidpkey/",
|
||||
"clientId": "http://localhost:8280/employee-sig-redir-noidpkey/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -423,7 +423,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/employee-sig-redir-opt-noidpkey/",
|
||||
"clientId": "http://localhost:8280/employee-sig-redir-opt-noidpkey/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -442,7 +442,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/employee-sig-post-noidpkey/",
|
||||
"clientId": "http://localhost:8280/employee-sig-post-noidpkey/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -460,7 +460,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/employee/",
|
||||
"clientId": "http://localhost:8280/employee/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -510,7 +510,7 @@
|
|||
]
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/employee-acs/",
|
||||
"clientId": "http://localhost:8280/employee-acs/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -560,7 +560,7 @@
|
|||
]
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/employee2/",
|
||||
"clientId": "http://localhost:8280/employee2/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -611,7 +611,7 @@
|
|||
]
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/employee-sig-front/",
|
||||
"clientId": "http://localhost:8280/employee-sig-front/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -629,7 +629,7 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8081/ecp-sp/",
|
||||
"clientId": "http://localhost:8280/ecp-sp/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
|
@ -683,13 +683,13 @@
|
|||
}
|
||||
],
|
||||
"application" : {
|
||||
"http://localhost:8081/employee/" : [
|
||||
"http://localhost:8280/employee/" : [
|
||||
{
|
||||
"name": "employee",
|
||||
"description": "Have Employee privileges"
|
||||
}
|
||||
],
|
||||
"http://localhost:8081/employee2/" : [
|
||||
"http://localhost:8280/employee2/" : [
|
||||
{
|
||||
"name": "employee",
|
||||
"description": "Have Employee privileges"
|
||||
|
|
|
@ -208,20 +208,20 @@ public class DeploymentArchiveProcessorUtils {
|
|||
if (AUTH_SERVER_SSL_REQUIRED) {
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.https.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "http", "https");
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8081", System.getProperty("app.server.https.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8080", System.getProperty("app.server.https.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "http", "https");
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.https.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "http", "https");
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.https.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "http", "https");
|
||||
IOUtil.modifyDocElementAttribute(doc, "SP", "logoutPage", "8081", System.getProperty("app.server.https.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SP", "logoutPage", "8080", System.getProperty("app.server.https.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SP", "logoutPage", "http", "https");
|
||||
} else {
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleSignOnService", "bindingUrl", "8080", System.getProperty("auth.server.http.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8081", System.getProperty("app.server.http.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleSignOnService", "assertionConsumerServiceUrl", "8080", System.getProperty("app.server.http.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleLogoutService", "postBindingUrl", "8080", System.getProperty("auth.server.http.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SingleLogoutService", "redirectBindingUrl", "8080", System.getProperty("auth.server.http.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SP", "logoutPage", "8081", System.getProperty("app.server.http.port"));
|
||||
IOUtil.modifyDocElementAttribute(doc, "SP", "logoutPage", "8080", System.getProperty("app.server.http.port"));
|
||||
}
|
||||
|
||||
archive.add(new StringAsset(IOUtil.documentToString(doc)), adapterConfigPath);
|
||||
|
|
Loading…
Reference in a new issue