From 1b0aa8e55bf16b9df97f26099008413ff85243a4 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Mon, 25 Jan 2016 17:38:29 -0500 Subject: [PATCH 1/2] saml logging --- .../org/keycloak/saml/SAMLRequestParser.java | 38 +++++++++++++++++++ services/pom.xml | 1 - .../keycloak/broker/saml/SAMLEndpoint.java | 2 +- .../keycloak/protocol/saml/SamlService.java | 2 +- .../DefaultKeycloakSessionFactory.java | 17 ++++++--- testsuite/integration/pom.xml | 4 ++ .../src/test/resources/log4j.properties | 1 + 7 files changed, 56 insertions(+), 9 deletions(-) mode change 100644 => 100755 services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java diff --git a/saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java b/saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java index fb4fa0a854..ea24954d0d 100755 --- a/saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java +++ b/saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java @@ -1,5 +1,7 @@ package org.keycloak.saml; +import org.jboss.logging.Logger; +import org.keycloak.common.util.StreamUtil; import org.keycloak.saml.common.PicketLinkLogger; import org.keycloak.saml.common.PicketLinkLoggerFactory; import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request; @@ -9,6 +11,7 @@ import org.keycloak.saml.processing.web.util.PostBindingUtil; import org.keycloak.saml.processing.web.util.RedirectBindingUtil; import java.io.ByteArrayInputStream; +import java.io.IOException; import java.io.InputStream; /** @@ -17,10 +20,23 @@ import java.io.InputStream; */ public class SAMLRequestParser { private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger(); + protected static Logger log = Logger.getLogger(SAMLRequestParser.class); public static SAMLDocumentHolder parseRequestRedirectBinding(String samlMessage) { InputStream is; is = RedirectBindingUtil.base64DeflateDecode(samlMessage); + if (log.isDebugEnabled()) { + String message = null; + try { + message = StreamUtil.readString(is); + } catch (IOException e) { + throw new RuntimeException(e); + } + log.debug("SAML Redirect Binding"); + log.debug(message); + is = new ByteArrayInputStream(message.getBytes()); + + } SAML2Request saml2Request = new SAML2Request(); try { saml2Request.getSAML2ObjectFromStream(is); @@ -35,6 +51,11 @@ public class SAMLRequestParser { public static SAMLDocumentHolder parseRequestPostBinding(String samlMessage) { InputStream is; byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage); + if (log.isDebugEnabled()) { + String str = new String(samlBytes); + log.debug("SAML POST Binding"); + log.debug(str); + } is = new ByteArrayInputStream(samlBytes); SAML2Request saml2Request = new SAML2Request(); try { @@ -48,10 +69,15 @@ public class SAMLRequestParser { public static SAMLDocumentHolder parseResponsePostBinding(String samlMessage) { byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage); + log.debug("SAML POST Binding"); return parseResponseDocument(samlBytes); } public static SAMLDocumentHolder parseResponseDocument(byte[] samlBytes) { + if (log.isDebugEnabled()) { + String str = new String(samlBytes); + log.debug(str); + } InputStream is = new ByteArrayInputStream(samlBytes); SAML2Response response = new SAML2Response(); try { @@ -65,6 +91,18 @@ public class SAMLRequestParser { public static SAMLDocumentHolder parseResponseRedirectBinding(String samlMessage) { InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage); + if (log.isDebugEnabled()) { + String message = null; + try { + message = StreamUtil.readString(is); + } catch (IOException e) { + throw new RuntimeException(e); + } + log.debug("SAML Redirect Binding"); + log.debug(message); + is = new ByteArrayInputStream(message.getBytes()); + + } SAML2Response response = new SAML2Response(); try { response.getSAML2ObjectFromStream(is); diff --git a/services/pom.xml b/services/pom.xml index 64c4221995..87de333205 100755 --- a/services/pom.xml +++ b/services/pom.xml @@ -61,7 +61,6 @@ org.jboss.logging jboss-logging-annotations provided - true org.jboss.logging diff --git a/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java index c754258ecb..c60ac0ccdf 100755 --- a/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java +++ b/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java @@ -434,7 +434,7 @@ public class SAMLEndpoint { @Override protected SAMLDocumentHolder extractResponseDocument(String response) { - return SAMLRequestParser.parseRequestRedirectBinding(response); + return SAMLRequestParser.parseResponseRedirectBinding(response); } @Override diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java index b598576531..0260fc7aba 100755 --- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java +++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java @@ -429,7 +429,7 @@ public class SamlService extends AuthorizationEndpointBase { @Override protected SAMLDocumentHolder extractResponseDocument(String response) { - return SAMLRequestParser.parseRequestRedirectBinding(response); + return SAMLRequestParser.parseResponseRedirectBinding(response); } @Override diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java old mode 100644 new mode 100755 index 1d7616f37a..7715a59440 --- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java +++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java @@ -69,7 +69,17 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory { ProviderManager pm = new ProviderManager(getClass().getClassLoader(), Config.scope().getArray("providers")); - for (Spi spi : ServiceLoader.load(Spi.class, getClass().getClassLoader())) { + ServiceLoader load = ServiceLoader.load(Spi.class, getClass().getClassLoader()); + loadSPIs(pm, load); + for ( Map factories : factoriesMap.values()) { + for (ProviderFactory factory : factories.values()) { + factory.postInit(this); + } + } + } + + protected void loadSPIs(ProviderManager pm, ServiceLoader load) { + for (Spi spi : load) { Map factories = new HashMap(); factoriesMap.put(spi.getProviderClass(), factories); @@ -118,11 +128,6 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory { } } } - for ( Map factories : factoriesMap.values()) { - for (ProviderFactory factory : factories.values()) { - factory.postInit(this); - } - } } public KeycloakSession create() { diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml index 4db1a91382..20f0387621 100755 --- a/testsuite/integration/pom.xml +++ b/testsuite/integration/pom.xml @@ -92,6 +92,10 @@ org.apache.httpcomponents httpclient + + org.keycloak + keycloak-server-spi + org.keycloak keycloak-ldap-federation diff --git a/testsuite/integration/src/test/resources/log4j.properties b/testsuite/integration/src/test/resources/log4j.properties index 3a6fe1d809..2c2eb300b4 100755 --- a/testsuite/integration/src/test/resources/log4j.properties +++ b/testsuite/integration/src/test/resources/log4j.properties @@ -38,6 +38,7 @@ log4j.logger.org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterP # Enable to view detailed AS REQ and TGS REQ requests to embedded Kerberos server # log4j.logger.org.apache.directory.server.kerberos=debug +log4j.logger.org.keycloak.saml=debug log4j.logger.org.xnio=off log4j.logger.org.hibernate=off From daec8977e47669a1c045b476ee6b25344f1bb1bc Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Mon, 25 Jan 2016 19:34:57 -0500 Subject: [PATCH 2/2] KEYCLOAK-2389 --- docbook/saml-adapter-docs/reference/en/en-US/master.xml | 2 ++ .../reference/en/en-US/modules/adapter_error_handling.xml | 2 +- .../reference/en/en-US/modules/debugging.xml | 8 ++++++++ testsuite/integration/src/test/resources/log4j.properties | 2 +- 4 files changed, 12 insertions(+), 2 deletions(-) create mode 100755 docbook/saml-adapter-docs/reference/en/en-US/modules/debugging.xml diff --git a/docbook/saml-adapter-docs/reference/en/en-US/master.xml b/docbook/saml-adapter-docs/reference/en/en-US/master.xml index 7f14165ab7..89d16e61a4 100755 --- a/docbook/saml-adapter-docs/reference/en/en-US/master.xml +++ b/docbook/saml-adapter-docs/reference/en/en-US/master.xml @@ -11,6 +11,7 @@ + ]> @@ -53,6 +54,7 @@ This one is short &Logout; &Assertions; &ErrorHandling; + &DEBUGGING; diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml index 1d6d11f080..152c6b9012 100755 --- a/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml @@ -39,4 +39,4 @@ public class SamlAuthenticationError implements AuthenticationError { } - \ No newline at end of file + diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/debugging.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/debugging.xml new file mode 100755 index 0000000000..81e252cc1e --- /dev/null +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/debugging.xml @@ -0,0 +1,8 @@ + + Troubleshooting + + The best way to troubleshoot some problems is to turn on debugging for saml in both the client adapter and the keycloak server. + To do this turn on debugging int the org.keycloak.saml package to debug in your log4j or other + logging framework. Turning this on allows you to see the SAML requests and response documents being sent to and from the server. + + \ No newline at end of file diff --git a/testsuite/integration/src/test/resources/log4j.properties b/testsuite/integration/src/test/resources/log4j.properties index 2c2eb300b4..502dd7cd08 100755 --- a/testsuite/integration/src/test/resources/log4j.properties +++ b/testsuite/integration/src/test/resources/log4j.properties @@ -38,7 +38,7 @@ log4j.logger.org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterP # Enable to view detailed AS REQ and TGS REQ requests to embedded Kerberos server # log4j.logger.org.apache.directory.server.kerberos=debug -log4j.logger.org.keycloak.saml=debug +#log4j.logger.org.keycloak.saml=debug log4j.logger.org.xnio=off log4j.logger.org.hibernate=off