libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #2100 from patriot1burke/master

Browse source 
KEYCLOAK-2389
This commit is contained in:
Bill Burke 2016-01-26 00:42:29 -05:00
commit bdc439b4a4
10 changed files with 67 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docbook/saml-adapter-docs/reference/en/en-US/master.xml
View file

@ -11,6 +11,7 @@
<!ENTITY Assertions SYSTEM "modules/assertion-api.xml">
<!ENTITY Logout SYSTEM "modules/logout.xml">
<!ENTITY ErrorHandling SYSTEM "modules/adapter_error_handling.xml">
<!ENTITY DEBUGGING SYSTEM "modules/debugging.xml">
]>
<book>
@ -53,6 +54,7 @@ This one is short
&Logout;
&Assertions;
&ErrorHandling;
&DEBUGGING;

2
docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml
View file

@ -39,4 +39,4 @@ public class SamlAuthenticationError implements AuthenticationError {
}
</programlisting>
</para>
</chapter>
</chapter>

8
docbook/saml-adapter-docs/reference/en/en-US/modules/debugging.xml Executable file
View file

@ -0,0 +1,8 @@
<chapter id="debugging">
<title>Troubleshooting</title>
<para>
The best way to troubleshoot some problems is to turn on debugging for saml in both the client adapter and the keycloak server.
To do this turn on debugging int the <literal>org.keycloak.saml</literal> package to <literal>debug</literal> in your log4j or other
logging framework. Turning this on allows you to see the SAML requests and response documents being sent to and from the server.
</para>
</chapter>

38
saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java
View file

@ -1,5 +1,7 @@
package org.keycloak.saml;
import org.jboss.logging.Logger;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
@ -9,6 +11,7 @@ import org.keycloak.saml.processing.web.util.PostBindingUtil;
import org.keycloak.saml.processing.web.util.RedirectBindingUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
/**
@ -17,10 +20,23 @@ import java.io.InputStream;
*/
public class SAMLRequestParser {
private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
protected static Logger log = Logger.getLogger(SAMLRequestParser.class);
public static SAMLDocumentHolder parseRequestRedirectBinding(String samlMessage) {
InputStream is;
is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
if (log.isDebugEnabled()) {
String message = null;
try {
message = StreamUtil.readString(is);
} catch (IOException e) {
throw new RuntimeException(e);
}
log.debug("SAML Redirect Binding");
log.debug(message);
is = new ByteArrayInputStream(message.getBytes());
}
SAML2Request saml2Request = new SAML2Request();
try {
saml2Request.getSAML2ObjectFromStream(is);
@ -35,6 +51,11 @@ public class SAMLRequestParser {
public static SAMLDocumentHolder parseRequestPostBinding(String samlMessage) {
InputStream is;
byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
if (log.isDebugEnabled()) {
String str = new String(samlBytes);
log.debug("SAML POST Binding");
log.debug(str);
}
is = new ByteArrayInputStream(samlBytes);
SAML2Request saml2Request = new SAML2Request();
try {
@ -48,10 +69,15 @@ public class SAMLRequestParser {
public static SAMLDocumentHolder parseResponsePostBinding(String samlMessage) {
byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
log.debug("SAML POST Binding");
return parseResponseDocument(samlBytes);
}
public static SAMLDocumentHolder parseResponseDocument(byte[] samlBytes) {
if (log.isDebugEnabled()) {
String str = new String(samlBytes);
log.debug(str);
}
InputStream is = new ByteArrayInputStream(samlBytes);
SAML2Response response = new SAML2Response();
try {
@ -65,6 +91,18 @@ public class SAMLRequestParser {
public static SAMLDocumentHolder parseResponseRedirectBinding(String samlMessage) {
InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
if (log.isDebugEnabled()) {
String message = null;
try {
message = StreamUtil.readString(is);
} catch (IOException e) {
throw new RuntimeException(e);
}
log.debug("SAML Redirect Binding");
log.debug(message);
is = new ByteArrayInputStream(message.getBytes());
}
SAML2Response response = new SAML2Response();
try {
response.getSAML2ObjectFromStream(is);

1
services/pom.xml
View file

@ -61,7 +61,6 @@
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging-annotations</artifactId>
<scope>provided</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>

2
services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
View file

@ -434,7 +434,7 @@ public class SAMLEndpoint {
@Override
protected SAMLDocumentHolder extractResponseDocument(String response) {
return SAMLRequestParser.parseRequestRedirectBinding(response);
return SAMLRequestParser.parseResponseRedirectBinding(response);
}
@Override

2
services/src/main/java/org/keycloak/protocol/saml/SamlService.java
View file

@ -429,7 +429,7 @@ public class SamlService extends AuthorizationEndpointBase {
@Override
protected SAMLDocumentHolder extractResponseDocument(String response) {
return SAMLRequestParser.parseRequestRedirectBinding(response);
return SAMLRequestParser.parseResponseRedirectBinding(response);
}
@Override

17
services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java Normal file → Executable file
View file

@ -69,7 +69,17 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
ProviderManager pm = new ProviderManager(getClass().getClassLoader(), Config.scope().getArray("providers"));
for (Spi spi : ServiceLoader.load(Spi.class, getClass().getClassLoader())) {
ServiceLoader<Spi> load = ServiceLoader.load(Spi.class, getClass().getClassLoader());
loadSPIs(pm, load);
for ( Map<String, ProviderFactory> factories : factoriesMap.values()) {
for (ProviderFactory factory : factories.values()) {
factory.postInit(this);
}
}
}
protected void loadSPIs(ProviderManager pm, ServiceLoader<Spi> load) {
for (Spi spi : load) {
Map<String, ProviderFactory> factories = new HashMap<String, ProviderFactory>();
factoriesMap.put(spi.getProviderClass(), factories);
@ -118,11 +128,6 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
}
}
}
for ( Map<String, ProviderFactory> factories : factoriesMap.values()) {
for (ProviderFactory factory : factories.values()) {
factory.postInit(this);
}
}
}
public KeycloakSession create() {

4
testsuite/integration/pom.xml
View file

@ -92,6 +92,10 @@
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-server-spi</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>

1
testsuite/integration/src/test/resources/log4j.properties
View file

@ -38,6 +38,7 @@ log4j.logger.org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterP
# Enable to view detailed AS REQ and TGS REQ requests to embedded Kerberos server
# log4j.logger.org.apache.directory.server.kerberos=debug
#log4j.logger.org.keycloak.saml=debug
log4j.logger.org.xnio=off
log4j.logger.org.hibernate=off