libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-2443

Browse source
This commit is contained in:
Bill Burke 2016-02-03 17:31:50 -05:00
parent a899d86ac0
commit c4c99d5f81
6 changed files with 26 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/KeycloakOIDCFilter.java
View file

@ -102,6 +102,8 @@ public class KeycloakOIDCFilter implements Filter {
@Override @Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
log.fine("Keycloak OIDC Filter");
//System.err.println("Keycloak OIDC Filter: " + ((HttpServletRequest)req).getRequestURL().toString());
HttpServletRequest request = (HttpServletRequest) req; HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res; HttpServletResponse response = (HttpServletResponse) res;
OIDCServletHttpFacade facade = new OIDCServletHttpFacade(request, response); OIDCServletHttpFacade facade = new OIDCServletHttpFacade(request, response);
@ -122,7 +124,10 @@ public class KeycloakOIDCFilter implements Filter {
@Override @Override
public void logoutHttpSessions(List<String> ids) { public void logoutHttpSessions(List<String> ids) {
log.fine("**************** logoutHttpSessions");
//System.err.println("**************** logoutHttpSessions");
for (String id : ids) { for (String id : ids) {
log.finest("removed idMapper: " + id);
idMapper.removeSession(id); idMapper.removeSession(id);
} }
@ -130,6 +135,7 @@ public class KeycloakOIDCFilter implements Filter {
}, deploymentContext, facade); }, deploymentContext, facade);
if (preActions.handleRequest()) { if (preActions.handleRequest()) {
//System.err.println("**************** preActions.handleRequest happened!");
return; return;
} }

2
adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java
View file

@ -112,6 +112,8 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte
} }
if (idMapper != null && !idMapper.hasSession(httpSession.getId())) { if (idMapper != null && !idMapper.hasSession(httpSession.getId())) {
log.fine("idMapper does not have session: " + httpSession.getId());
//System.err.println("idMapper does not have session: " + httpSession.getId());
cleanSession(httpSession); cleanSession(httpSession);
return false; return false;
} }

11
docbook/auth-server-docs/reference/en/en-US/modules/servlet-filter-adapter.xml
View file

@ -46,11 +46,20 @@
</filter> </filter>
<filter-mapping> <filter-mapping>
<filter-name>Keycloak Filter</filter-name> <filter-name>Keycloak Filter</filter-name>
<url-pattern>/*</url-pattern> <url-pattern>/keycloak/*</url-pattern>
<url-pattern>/protected/*</url-pattern>
</filter-mapping> </filter-mapping>
</web-app> </web-app>
]]> ]]>
</programlisting> </programlisting>
<para>
If you notice above, there are two url-patterns. <literal>/protected/*</literal> are just the files we want protected.
<literal>/keycloak/*</literal> url-pattern will handle callback from the keycloak server.
Note that you should configure your client in the Keycloak Admin Console
with an Admin URL that points to a secured section covered by the filter's url-pattern.
The Admin URL will make callbacks to the Admin URL to do things like backchannel logout. So, the Admin URL in this example should
be <literal>http[s]://hostname/{context-root}/keycloak</literal>. There is an example of this in the distribution.
</para>
<para> <para>
The Keycloak filter has the same configuration parameters available as the other adapters except you must define The Keycloak filter has the same configuration parameters available as the other adapters except you must define
them as filter init params instead of context params. them as filter init params instead of context params.

6
docbook/saml-adapter-docs/reference/en/en-US/modules/servlet-filter-adapter.xml
View file

@ -64,9 +64,13 @@
</para> </para>
<warning> <warning>
<para> <para>
You must have a filter mapping for <literal>/saml</literal> You must have a filter mapping that covers <literal>/saml</literal>. This mapping covers all server callbacks.
</para> </para>
</warning> </warning>
<para>
When registering SPs with an IDP, you must register <literal>http[s]://hostname/{context-root}/saml</literal> as
your Assert Consumer Service URL and Single Logout Service URL.
</para>
<para> <para>
To use this filter, include this maven artifact in your WAR poms To use this filter, include this maven artifact in your WAR poms
</para> </para>

3
examples/demo-template/customer-app-filter/src/main/webapp/WEB-INF/web.xml
View file

@ -29,7 +29,8 @@
</filter> </filter>
<filter-mapping> <filter-mapping>
<filter-name>Keycloak Filter</filter-name> <filter-name>Keycloak Filter</filter-name>
<url-pattern>/customers/*</url-pattern> <url-pattern>/keycloak/*</url-pattern> <!-- this is so keycloak server can send events like backchannel logout -->
<url-pattern>/customers/*</url-pattern> <!-- this secures things -->
</filter-mapping> </filter-mapping>
</web-app> </web-app>

2
examples/demo-template/testrealm.json
View file

@ -123,7 +123,7 @@
{ {
"clientId": "customer-portal-filter", "clientId": "customer-portal-filter",
"enabled": true, "enabled": true,
"adminUrl": "/customer-portal-filter", "adminUrl": "/customer-portal-filter/keycloak",
"baseUrl": "/customer-portal-filter", "baseUrl": "/customer-portal-filter",
"redirectUris": [ "redirectUris": [
"/customer-portal-filter/*" "/customer-portal-filter/*"