From d40237b08dda79b85666bba28968313dff3340c5 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Tue, 6 Oct 2015 15:56:44 -0400 Subject: [PATCH] saml adapters docs/dist --- .../as7-adapter-zip/assembly.xml | 35 ++ .../as7-eap6-adapter/as7-adapter-zip/pom.xml | 79 ++++ .../as7-eap6-adapter/as7-modules/assembly.xml | 22 + .../as7-eap6-adapter/as7-modules/build.xml | 88 ++++ .../as7-eap6-adapter/as7-modules/lib.xml | 282 +++++++++++++ .../as7-eap6-adapter/as7-modules/pom.xml | 175 ++++++++ .../modules/org/bouncycastle/main/module.xml | 10 + .../keycloak-adapter-spi/main/module.xml | 20 + .../keycloak/keycloak-common/main/module.xml | 17 + .../main/module.xml | 17 + .../main/module.xml | 17 + .../main/module.xml | 35 ++ .../keycloak-saml-as7-adapter/main/module.xml | 24 ++ .../main/module.xml | 45 ++ .../keycloak-saml-core/main/module.xml | 20 + .../eap6-adapter-zip/assembly.xml | 35 ++ .../as7-eap6-adapter/eap6-adapter-zip/pom.xml | 79 ++++ .../saml-adapters/as7-eap6-adapter/pom.xml | 21 + .../jetty81-adapter-zip/assembly.xml | 26 ++ .../saml-adapters/jetty81-adapter-zip/pom.xml | 51 +++ .../jetty91-adapter-zip/assembly.xml | 39 ++ .../jetty91-adapter-zip/keycloak.mod | 11 + .../saml-adapters/jetty91-adapter-zip/pom.xml | 51 +++ .../jetty92-adapter-zip/assembly.xml | 39 ++ .../jetty92-adapter-zip/keycloak.mod | 11 + .../saml-adapters/jetty92-adapter-zip/pom.xml | 51 +++ distribution/saml-adapters/pom.xml | 8 + .../tomcat6-adapter-zip/assembly.xml | 24 ++ .../saml-adapters/tomcat6-adapter-zip/pom.xml | 51 +++ .../tomcat7-adapter-zip/assembly.xml | 25 ++ .../saml-adapters/tomcat7-adapter-zip/pom.xml | 51 +++ .../tomcat8-adapter-zip/assembly.xml | 25 ++ .../saml-adapters/tomcat8-adapter-zip/pom.xml | 51 +++ .../reference/en/en-US/master.xml | 6 + .../reference/en/en-US/master.xml | 13 + .../en/en-US/modules/adapter-config.xml | 384 ++++++++++++++++++ .../en/en-US/modules/jboss-adapter.xml | 188 +++++++++ .../en/en-US/modules/jetty8-adapter.xml | 49 +++ .../en/en-US/modules/jetty9-adapter.xml | 106 +++++ .../reference/en/en-US/modules/logout.xml | 10 + .../en/en-US/modules/multi-tenancy.xml | 56 +++ .../en/en-US/modules/tomcat-adapter.xml | 92 +++++ pom.xml | 10 + saml/client-adapter/as7-eap6/adapter/pom.xml | 101 +++++ .../saml/jbossweb/SamlAuthenticatorValve.java | 52 +++ saml/client-adapter/as7-eap6/pom.xml | 20 + .../client-adapter/as7-eap6/subsystem/pom.xml | 115 ++++++ ...cloakAdapterConfigDeploymentProcessor.java | 93 +++++ .../saml/as7/KeycloakDependencyProcessor.java | 67 +++ .../as7/KeycloakDependencyProcessorAS7.java | 19 + .../saml/as7/KeycloakSamlExtension.java | 76 ++++ .../saml/as7/KeycloakSubsystemAdd.java | 59 +++ .../saml/as7/KeycloakSubsystemDefinition.java | 47 +++ .../saml/as7/KeycloakSubsystemParser.java | 67 +++ .../org/keycloak/subsystem/saml/as7/Util.java | 42 ++ .../org.jboss.as.controller.Extension | 1 + saml/client-adapter/pom.xml | 1 + .../KeycloakDependencyProcessor.java | 2 - 58 files changed, 3209 insertions(+), 2 deletions(-) create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/bouncycastle/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-core/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-subsystem/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml create mode 100755 distribution/saml-adapters/as7-eap6-adapter/pom.xml create mode 100755 distribution/saml-adapters/jetty81-adapter-zip/assembly.xml create mode 100755 distribution/saml-adapters/jetty81-adapter-zip/pom.xml create mode 100755 distribution/saml-adapters/jetty91-adapter-zip/assembly.xml create mode 100755 distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod create mode 100755 distribution/saml-adapters/jetty91-adapter-zip/pom.xml create mode 100755 distribution/saml-adapters/jetty92-adapter-zip/assembly.xml create mode 100755 distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod create mode 100755 distribution/saml-adapters/jetty92-adapter-zip/pom.xml create mode 100755 distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml create mode 100755 distribution/saml-adapters/tomcat6-adapter-zip/pom.xml create mode 100755 distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml create mode 100755 distribution/saml-adapters/tomcat7-adapter-zip/pom.xml create mode 100755 distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml create mode 100755 distribution/saml-adapters/tomcat8-adapter-zip/pom.xml create mode 100755 docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml create mode 100755 docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml create mode 100755 docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml create mode 100755 docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml create mode 100755 docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml create mode 100755 docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml create mode 100755 docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml create mode 100755 saml/client-adapter/as7-eap6/adapter/pom.xml create mode 100755 saml/client-adapter/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java create mode 100755 saml/client-adapter/as7-eap6/pom.xml create mode 100755 saml/client-adapter/as7-eap6/subsystem/pom.xml create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessorAS7.java create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSamlExtension.java create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemDefinition.java create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Util.java create mode 100755 saml/client-adapter/as7-eap6/subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml new file mode 100755 index 0000000000..40ebdedbea --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml @@ -0,0 +1,35 @@ + + war-dist + + + zip + tar.gz + + false + + + + ${project.build.directory}/unpacked + + org/keycloak/keycloak-common/** + org/keycloak/keycloak-saml-core/** + org/keycloak/keycloak-saml-adapter-core/** + org/keycloak/keycloak-adapter-spi/** + org/keycloak/keycloak-jboss-adapter-core/** + org/bouncycastle/** + org/keycloak/keycloak-saml-as7-adapter/** + org/keycloak/keycloak-saml-as7-subsystem/** + + + **/*.war + + modules + + + + + ../../shared-cli/adapter-install.cli + bin + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml new file mode 100755 index 0000000000..8cee17b18c --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml @@ -0,0 +1,79 @@ + + 4.0.0 + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../../pom.xml + + + keycloak-saml-as7-adapter-dist + pom + Keycloak SAML AS7 Adapter Distro + + + + + org.keycloak + keycloak-saml-as7-adapter + + + org.keycloak + keycloak-saml-as7-modules + zip + + + + + + org.apache.maven.plugins + maven-dependency-plugin + + + unpack + prepare-package + + unpack + + + + + org.keycloak + keycloak-saml-as7-modules + zip + ${project.build.directory}/unpacked + + + + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml new file mode 100755 index 0000000000..4a34435ac4 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml @@ -0,0 +1,22 @@ + + dist + + + zip + + false + + + + ../../ + + License.html + + + + + ${project.build.directory}/modules + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml new file mode 100755 index 0000000000..3cfdae3a36 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml @@ -0,0 +1,88 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml new file mode 100755 index 0000000000..3d9438a4a4 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml @@ -0,0 +1,282 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + "; + project.setProperty("current.maven.root", root); + ]]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + "; + if(path.indexOf('${') != -1) { + throw "Module resource root not found, make sure it is listed in build/pom.xml" + path; + } + if(attributes.get("jandex") == "true" ) { + root = root + "\n\t"; + } + project.setProperty("current.resource.root", root); + ]]> + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml new file mode 100755 index 0000000000..d4fe23e773 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml @@ -0,0 +1,175 @@ + + + + 4.0.0 + + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../../pom.xml + + + keycloak-saml-as7-modules + + Keycloak SAML AS7 / JBoss EAP 6 Modules + pom + + + org.keycloak + keycloak-common + + + org.keycloak + keycloak-adapter-spi + + + org.keycloak + keycloak-as7-adapter-spi + + + org.keycloak + keycloak-saml-core + + + org.keycloak + keycloak-saml-adapter-core + + + org.keycloak + keycloak-jboss-adapter-core + + + org.keycloak + keycloak-saml-as7-adapter + + + org.keycloak + keycloak-saml-as7-subsystem + + + org.keycloak + keycloak-tomcat-adapter-spi + + + org.keycloak + keycloak-jboss-adapter-core + + + org.bouncycastle + bcprov-jdk15on + + + org.bouncycastle + bcpkix-jdk15on + + + + + + + org.apache.maven.plugins + maven-antrun-plugin + false + + + build-dist + + run + + compile + + + + + + + + + + + + org.jboss + jandex + 1.0.3.Final + + + ant-contrib + ant-contrib + 1.0b3 + + + ant + ant + + + + + org.apache.ant + ant-apache-bsf + 1.9.3 + + + org.apache.bsf + bsf-api + 3.1 + + + rhino + js + 1.7R2 + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + org.apache.maven.plugins + maven-resources-plugin + + + copy-resources + + validate + + copy-resources + + + ${project.build.directory}/modules/org/keycloak/keycloak-saml-adapter-subsystem + + + src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem + true + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/bouncycastle/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/bouncycastle/main/module.xml new file mode 100755 index 0000000000..d8fcf474cb --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/bouncycastle/main/module.xml @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml new file mode 100755 index 0000000000..a0ed776e5b --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml new file mode 100755 index 0000000000..b7bcee4e97 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml new file mode 100755 index 0000000000..cf898253ff --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-core/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-core/main/module.xml new file mode 100755 index 0000000000..f9399db215 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-core/main/module.xml @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem/main/module.xml new file mode 100755 index 0000000000..edbea102fe --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem/main/module.xml @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml new file mode 100755 index 0000000000..ebf3ce347d --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-subsystem/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-subsystem/main/module.xml new file mode 100755 index 0000000000..b1100194e8 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-subsystem/main/module.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml new file mode 100755 index 0000000000..6a7cd653cd --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml new file mode 100755 index 0000000000..50f4a85c44 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml @@ -0,0 +1,35 @@ + + war-dist + + + zip + tar.gz + + false + + + + ${project.build.directory}/unpacked + + org/keycloak/keycloak-common/** + org/keycloak/keycloak-saml-core/** + org/keycloak/keycloak-saml-adapter-core/** + org/keycloak/keycloak-adapter-spi/** + org/keycloak/keycloak-jboss-adapter-core/** + org/bouncycastle/** + org/keycloak/keycloak-saml-as7-adapter/** + org/keycloak/keycloak-saml-as7-subsystem/** + + + **/*.war + + modules/system/layers/base + + + + + ../../shared-cli/adapter-install.cli + bin + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml new file mode 100755 index 0000000000..3e004566ec --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml @@ -0,0 +1,79 @@ + + 4.0.0 + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../../pom.xml + + + keycloak-saml-eap6-adapter-dist + pom + Keycloak SAML JBoss EAP 6 Adapter Distro + + + + + org.keycloak + keycloak-as7-adapter + + + org.keycloak + keycloak-as7-modules + zip + + + + + + org.apache.maven.plugins + maven-dependency-plugin + + + unpack + prepare-package + + unpack + + + + + org.keycloak + keycloak-saml-as7-modules + zip + ${project.build.directory}/unpacked + + + + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + + + diff --git a/distribution/saml-adapters/as7-eap6-adapter/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/pom.xml new file mode 100755 index 0000000000..b608eab6a4 --- /dev/null +++ b/distribution/saml-adapters/as7-eap6-adapter/pom.xml @@ -0,0 +1,21 @@ + + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../pom.xml + + Keycloak SAML AS7 / JBoss EAP 6 Adapter Distros + + 4.0.0 + + keycloak-saml-as7-eap6-adapter-dist-pom + pom + + + as7-modules + as7-adapter-zip + eap6-adapter-zip + + diff --git a/distribution/saml-adapters/jetty81-adapter-zip/assembly.xml b/distribution/saml-adapters/jetty81-adapter-zip/assembly.xml new file mode 100755 index 0000000000..d28d51a9ba --- /dev/null +++ b/distribution/saml-adapters/jetty81-adapter-zip/assembly.xml @@ -0,0 +1,26 @@ + + war-dist + + + zip + tar.gz + + false + + + + false + true + true + + org.keycloak:keycloak-saml-jetty81-adapter + + + org.eclipse.jetty:jetty-server + org.eclipse.jetty:jetty-util + org.eclipse.jetty:jetty-security + + lib/keycloak + + + diff --git a/distribution/saml-adapters/jetty81-adapter-zip/pom.xml b/distribution/saml-adapters/jetty81-adapter-zip/pom.xml new file mode 100755 index 0000000000..412a5c851b --- /dev/null +++ b/distribution/saml-adapters/jetty81-adapter-zip/pom.xml @@ -0,0 +1,51 @@ + + 4.0.0 + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../pom.xml + + + keycloak-saml-jetty81-adapter-dist + pom + Keycloak SAML Jetty 8.1.x Adapter Distro + + + + + org.keycloak + keycloak-saml-jetty81-adapter + + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + + + diff --git a/distribution/saml-adapters/jetty91-adapter-zip/assembly.xml b/distribution/saml-adapters/jetty91-adapter-zip/assembly.xml new file mode 100755 index 0000000000..13eb8e0e30 --- /dev/null +++ b/distribution/saml-adapters/jetty91-adapter-zip/assembly.xml @@ -0,0 +1,39 @@ + + war-dist + + + zip + tar.gz + + false + + + + + + keycloak.mod + + modules + + + ${project.build.directory}/modules + + + + + + false + true + true + + org.keycloak:keycloak-saml-jetty91-adapter + + + org.eclipse.jetty:jetty-server + org.eclipse.jetty:jetty-util + org.eclipse.jetty:jetty-security + + lib/keycloak + + + diff --git a/distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod b/distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod new file mode 100755 index 0000000000..10550d86ae --- /dev/null +++ b/distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod @@ -0,0 +1,11 @@ +# +# Keycloak Jetty Adapter +# + +[depend] +server +security + +[lib] +lib/keycloak/*.jar + diff --git a/distribution/saml-adapters/jetty91-adapter-zip/pom.xml b/distribution/saml-adapters/jetty91-adapter-zip/pom.xml new file mode 100755 index 0000000000..2c15be444a --- /dev/null +++ b/distribution/saml-adapters/jetty91-adapter-zip/pom.xml @@ -0,0 +1,51 @@ + + 4.0.0 + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../pom.xml + + + keycloak-saml-jetty91-adapter-dist + pom + Keycloak SAML Jetty 9.1.x Adapter Distro + + + + + org.keycloak + keycloak-saml-jetty91-adapter + + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + + + diff --git a/distribution/saml-adapters/jetty92-adapter-zip/assembly.xml b/distribution/saml-adapters/jetty92-adapter-zip/assembly.xml new file mode 100755 index 0000000000..08a4cba846 --- /dev/null +++ b/distribution/saml-adapters/jetty92-adapter-zip/assembly.xml @@ -0,0 +1,39 @@ + + war-dist + + + zip + tar.gz + + false + + + + + + keycloak.mod + + modules + + + ${project.build.directory}/modules + + + + + + false + true + true + + org.keycloak:keycloak-saml-jetty92-adapter + + + org.eclipse.jetty:jetty-server + org.eclipse.jetty:jetty-util + org.eclipse.jetty:jetty-security + + lib/keycloak + + + diff --git a/distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod b/distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod new file mode 100755 index 0000000000..10550d86ae --- /dev/null +++ b/distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod @@ -0,0 +1,11 @@ +# +# Keycloak Jetty Adapter +# + +[depend] +server +security + +[lib] +lib/keycloak/*.jar + diff --git a/distribution/saml-adapters/jetty92-adapter-zip/pom.xml b/distribution/saml-adapters/jetty92-adapter-zip/pom.xml new file mode 100755 index 0000000000..62881cc11c --- /dev/null +++ b/distribution/saml-adapters/jetty92-adapter-zip/pom.xml @@ -0,0 +1,51 @@ + + 4.0.0 + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../pom.xml + + + keycloak-saml-jetty92-adapter-dist + pom + Keycloak SAML Jetty 9.2.x Adapter Distro + + + + + org.keycloak + keycloak-saml-jetty92-adapter + + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + + + diff --git a/distribution/saml-adapters/pom.xml b/distribution/saml-adapters/pom.xml index 8e08bdf6ad..1a1c4b1db1 100755 --- a/distribution/saml-adapters/pom.xml +++ b/distribution/saml-adapters/pom.xml @@ -16,5 +16,13 @@ wf9-adapter + tomcat6-adapter-zip + tomcat7-adapter-zip + tomcat8-adapter-zip + jetty81-adapter-zip + + jetty92-adapter-zip + as7-eap6-adapter diff --git a/distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml b/distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml new file mode 100755 index 0000000000..ae01a392bf --- /dev/null +++ b/distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml @@ -0,0 +1,24 @@ + + war-dist + + + zip + tar.gz + + false + + + + false + true + true + + org.keycloak:keycloak-saml-tomcat6-adapter + + + org.apache.tomcat:catalina + + + + + diff --git a/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml new file mode 100755 index 0000000000..89609d41c4 --- /dev/null +++ b/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml @@ -0,0 +1,51 @@ + + 4.0.0 + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../pom.xml + + + keycloak-saml-tomcat6-adapter-dist + pom + Keycloak SAML Tomcat 6 Adapter Distro + + + + + org.keycloak + keycloak-saml-tomcat6-adapter + + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + + + diff --git a/distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml b/distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml new file mode 100755 index 0000000000..6c205d17a7 --- /dev/null +++ b/distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml @@ -0,0 +1,25 @@ + + war-dist + + + zip + tar.gz + + false + + + + false + true + true + + org.keycloak:keycloak-saml-tomcat7-adapter + + + org.apache.tomcat:tomcat-servlet-api + org.apache.tomcat:tomcat-catalina + + + + + diff --git a/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml new file mode 100755 index 0000000000..4486d7459a --- /dev/null +++ b/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml @@ -0,0 +1,51 @@ + + 4.0.0 + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../pom.xml + + + keycloak-saml-tomcat7-adapter-dist + pom + Keycloak SAML Tomcat 7 Adapter Distro + + + + + org.keycloak + keycloak-saml-tomcat7-adapter + + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + + + diff --git a/distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml b/distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml new file mode 100755 index 0000000000..76665bc551 --- /dev/null +++ b/distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml @@ -0,0 +1,25 @@ + + war-dist + + + zip + tar.gz + + false + + + + false + true + true + + org.keycloak:keycloak-saml-tomcat8-adapter + + + org.apache.tomcat:tomcat-servlet-api + org.apache.tomcat:tomcat-catalina + + + + + diff --git a/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml new file mode 100755 index 0000000000..13741dd5ca --- /dev/null +++ b/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml @@ -0,0 +1,51 @@ + + 4.0.0 + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../pom.xml + + + keycloak-saml-tomcat8-adapter-dist + pom + Keycloak SAML Tomcat 8 Adapter Distro + + + + + org.keycloak + keycloak-saml-tomcat8-adapter + + + + + + maven-assembly-plugin + + + assemble + package + + single + + + + assembly.xml + + + target + + + target/assembly/work + + false + + + + + + + + diff --git a/docbook/auth-server-docs/reference/en/en-US/master.xml b/docbook/auth-server-docs/reference/en/en-US/master.xml index 7a798f8fcb..39a571abe5 100755 --- a/docbook/auth-server-docs/reference/en/en-US/master.xml +++ b/docbook/auth-server-docs/reference/en/en-US/master.xml @@ -94,6 +94,12 @@ This one is short types are supported and how to configure and install them so that you can use Keycloak to secure your applications. + + These client adapters use an extension of the OpenID Connect protocol (a derivate of OAuth 2.0). + This extension provides support for clustering, backchannel logout, and other non-standard adminstrative functions. + The Keycloak project also provides a separate, standalone, generic, SAML client adapter. But that is describe in a separate + document and has a different download. + &AdapterConfig; &JBossAdapter; &TomcatAdapter; diff --git a/docbook/saml-adapter-docs/reference/en/en-US/master.xml b/docbook/saml-adapter-docs/reference/en/en-US/master.xml index 51040ac463..55ce6608ca 100755 --- a/docbook/saml-adapter-docs/reference/en/en-US/master.xml +++ b/docbook/saml-adapter-docs/reference/en/en-US/master.xml @@ -1,6 +1,12 @@ + + + + + ]> @@ -33,6 +39,13 @@ This one is short + &AdapterConfig; + &JBossAdapter; + &TomcatAdapter; + &Jetty9Adapter; + &Jetty8Adapter; + &Logout; + diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml new file mode 100755 index 0000000000..eeb303114d --- /dev/null +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml @@ -0,0 +1,384 @@ + + General Adapter Config + + Each SAML adapter supported by Keycloak can be configured by a simple XML text file. This is what one might + look like: + + + + + + + + Some of these configuration switches may be adapter specific and some are common across all adapters. + For Java adapters you can use ${...} enclosure as System property replacement. + For example ${jboss.server.config.dir}. Also, you can obtain a template + for this config file from the admin console. Go to the realm and select the application you want a template for. + Go to the Installation tab and this will provide you with a template that includes + the public key of the realm. + + + Here is a description of each item: + + + + + realm + + + Name of the realm representing the users of your distributed applications and services. + This is + REQUIRED. + + + + + resource + + + Username of the application. Each application has a username that is used when the + application connects with the Keycloak server to turn an access code into an access token + (part of the OAuth 2.0 protocol). This is + REQUIRED. + + + + + realm-public-key + + + PEM format of public key. You can obtain this from the administration console. + This is + REQUIRED. + + + + + auth-server-url + + + The base URL of the Keycloak Server. All other Keycloak pages and REST services are derived + from this. It is usually of the form https://host:port/auth + This is + REQUIRED. + + + + + ssl-required + + + Ensures that all communication to and from the Keycloak server from the adapter is over HTTPS. + This is OPTIONAL. The default value is + external + meaning that HTTPS is required by default for external requests. Valid values are 'all', 'external' + and 'none'. + + + + + use-resource-role-mappings + + + If set to true, the adapter will look inside the token for application level role mappings for + the + user. If false, it will look at the realm level for user role mappings. + This is OPTIONAL. The default value is false. + + + + + public-client + + + If set to true, the adapter will not send credentials for the client to Keycloak. + The default value is false. + + + + + enable-cors + + + This enables CORS support. It will handle CORS preflight requests. It will also look into + the access token to determine valid origins. + This is OPTIONAL. The default value is false. + + + + + cors-max-age + + + If CORS is enabled, this sets the value of the + Access-Control-Max-Age + header. + This is OPTIONAL. If not set, this header is not returned in CORS + responses. + + + + + cors-allowed-methods + + + If CORS is enabled, this sets the value of the + Access-Control-Allow-Methods + header. This should be a comma-separated string. + This is OPTIONAL. If not set, this header is not returned in CORS + responses. + + + + + cors-allowed-headers + + + If CORS is enabled, this sets the value of the + Access-Control-Allow-Headers + header. This should be a comma-separated string. + This is OPTIONAL. If not set, this header is not returned in CORS + responses. + + + + + bearer-only + + + This tells the adapter to only do bearer token authentication. That is, it will not do + OAuth 2.0 redirects, but only accept bearer tokens through the + Authorization + header. + This is OPTIONAL. The default value is false. + + + + + enable-basic-auth + + + This tells the adapter to also support basic authentication. If this option is enabled, + then secret must also be provided. + This is OPTIONAL. The default value is false. + + + + + expose-token + + + If true, an authenticated browser client (via a Javascript HTTP invocation) + can obtain the signed access token via the URL root/k_query_bearer_token. + This is OPTIONAL. The default value is false. + + + + + credentials + + + Specify the credentials of the application. This is an object notation where the key + is the credential type and the value is the value of the credential type. Currently only + password + is supported. + This is REQUIRED. + + + + + + connection-pool-size + + + Adapters will make separate HTTP invocations to the Keycloak Server to turn an access code + into an access token. This config option defines how many connections to the Keycloak Server + should be pooled. + This is OPTIONAL. The default value is 20. + + + + + disable-trust-manager + + + If the Keycloak Server requires HTTPS and this config option is set to true + you do not have to specify a truststore. While convenient, this setting is not recommended + as you will not be verifying the host name of the Keycloak Server. + This is OPTIONAL. The default value is false. + + + + + allow-any-hostname + + + If the Keycloak Server requires HTTPS and this config option is set to true + the Keycloak Server's certificate is validated via the truststore, but host name validation is + not done. This is not a recommended. This seting may be useful in test environments + This is OPTIONAL. The default value is false. + + + + + + truststore + + + This setting is for Java adapters. The value is the file path to a Java keystore file. If + you prefix the path with classpath:, then the truststore will be obtained + from the deployment's classpath instead. + Used for outgoing HTTPS communications to the Keycloak server. Client making HTTPS + requests need a way to verify the host of the server they are talking to. This is + what the trustore does. The keystore contains one or more trusted + host certificates or certificate authorities. You can + create this truststore by extracting the public certificate of the Keycloak server's SSL + keystore. + This is + OPTIONAL + if + ssl-required + is + none + or + disable-trust-manager + is true. + + + + + truststore-password + + + Password for the truststore keystore. + This is + REQUIRED + if + truststore + is set. + + + + + client-keystore + + + Not supported yet, but we will support in future versions. + + This setting is for Java adapters. This is the file path to a Java keystore file. + This keystore contains client certificate for two-way SSL when the adapter makes + HTTPS requests to the Keycloak server. + This is OPTIONAL. + + + + + client-keystore-password + + + Not supported yet, but we will support in future versions. + Password for the client keystore. + This is + REQUIRED + if + client-keystore + is set. + + + + + client-key-password + + + Not supported yet, but we will support in future versions. + Password for the client's key. + This is + REQUIRED + if + client-keystore + is set. + + + + + auth-server-url-for-backend-requests + + + Alternative location of auth-server-url used just for backend requests. It must be absolute URI. Useful + especially in cluster (see Relative URI Optimization) or if you would like to use https for browser requests + but stick with http for backend requests etc. + + + + + always-refresh-token + + + If true, Keycloak will refresh token in every request. More info in Refresh token in each request . + + + + + register-node-at-startup + + + If true, then adapter will send registration request to Keycloak. It's false + by default and useful just in cluster (See Registration of application nodes to Keycloak) + + + + + register-node-period + + + Period for re-registration adapter to Keycloak. Useful in cluster. See Registration of application nodes to Keycloak for details. + + + + + token-store + + + Possible values are session and cookie. Default is session, + which means that adapter stores account info in HTTP Session. Alternative cookie means storage of info in cookie. + See Stateless token store for details. + + + + + principal-attribute + + + OpenID Connection ID Token attribute to populate the UserPrincipal name with. If token attribute is null, defaults to sub. + Possible values are sub, preferred_username, email, name, nickname, given_name, family_name. + + + + + + diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml new file mode 100755 index 0000000000..fc29402c9d --- /dev/null +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml @@ -0,0 +1,188 @@ + + JBoss/Wildfly Adapter + + To be able to secure WAR apps deployed on JBoss EAP 6.x or Wildfly, you must install and + configure the Keycloak SAML Adapter Subsystem. You then provide a keycloak + config, /WEB-INF/keycloak-saml file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml. + Both methods are described in this section. + +
+ Adapter Installation + + SAML Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on + the Keycloak download site. They are also available as a maven artifact. + + + Install on Wildfly 9: + +$ cd $WILDFLY_HOME +$ unzip keycloak-saml-wf9-adapter-dist.zip + + + + Install on JBoss EAP 6.x: + +$ cd $JBOSS_HOME +$ unzip keycloak-saml-eap6-adapter-dist.zip + + + + This zip file creates new JBoss Modules specific to the Wildfly Keycloak SAML Adapter within your Wildfly distro. + + + After adding the Keycloak modules, you must then enable the Keycloak SAML Subsystem within your app server's server configuration: + domain.xml or standalone.xml. + + + There is a CLI script that will help you modify your server configuration. Start the server and run the script + from the server's bin directory: + +$ cd $JBOSS_HOME/bin +$ jboss-cli.sh -c --file=adapter-install.cli + + The script will add the extension, subsystem, and optional security-domain as described below. + + + + + + + ... + + + + + ... + +]]> + + + + The keycloak security domain should be used with EJBs and other components when you need the security context created + in the secured web tier to be propagated to the EJBs (other EE component) you are invoking. Otherwise + this configuration is optional. + + + + +... + + + + + + +]]> + + + For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want + to annotate it with the @SecurityDomain annotation as follows: + + getCustomers() { + return db.getCustomers(); + } +} +]]> + + + We hope to improve our integration in the future so that you don't have to specify the @SecurityDomain + annotation when you want to propagate a keycloak security context to the EJB tier. + + +
+
+ Required Per WAR Configuration + + This section describes how to secure a WAR directly by adding config and editing files within your WAR package. + + + The first thing you must do is create + a keycloak-saml.xml adapter config file within the WEB-INF directory + of your WAR. The format of this config file is describe in the general adapter configuration + section. + + + Next you must set the auth-method to KEYCLOAK-SAML in web.xml. You also + have to use standard servlet security to specify role-base constraints on your URLs. Here's an example + pulled from one of the examples that comes distributed with Keycloak. + + + + + + customer-portal + + + + Admins + /admin/* + + + admin + + + CONFIDENTIAL + + + + + Customers + /customers/* + + + user + + + CONFIDENTIAL + + + + + KEYCLOAK-SAML + this is ignored currently + + + + admin + + + user + + +]]> + + +
+ \ No newline at end of file diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml new file mode 100755 index 0000000000..dbbef0cb0a --- /dev/null +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml @@ -0,0 +1,49 @@ + + Jetty 8.1.x SAML Adapter + + Keycloak has a separate SAML adapter for Jetty 8.1.x that you will have to install into your Jetty + installation. You then have to provide some extra configuration in each WAR you deploy to + Jetty. Let's go over these steps. + +
+ Adapter Installation + + Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on + the Keycloak download site. They are also available as a maven artifact. + + + You must unzip the Jetty 8.1.x distro into Jetty 8.1.x's root directory. Including + adapter's jars within your WEB-INF/lib directory will not work! + + + +$ cd $JETTY_HOME +$ unzip keycloak-saml-jetty81-adapter-dist.zip + + + + Next, you will have to enable the keycloak option. Edit start.ini and add keycloak to the options + + + + + + + +
+ +
+ Required Per WAR Configuration + + Enabling Keycloak for your WARs is the same as the Jetty 9.x adapter. See Required Per WAR Configuration + +
+ \ No newline at end of file diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml new file mode 100755 index 0000000000..44cd972de6 --- /dev/null +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml @@ -0,0 +1,106 @@ + + Jetty 9.x SAML Adapters + + Keycloak has a separate SAML adapter for Jetty 9.x. You then have to provide some extra configuration in each WAR you deploy to + Jetty. Let's go over these steps. + +
+ Adapter Installation + + Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on + the Keycloak download site. They are also available as a maven artifact. + + + You must unzip the Jetty 9.x distro into Jetty 9.x's root directory. Including + adapter's jars within your WEB-INF/lib directory will not work! + + + +$ cd $JETTY_HOME +$ unzip keycloak-saml-jetty92-adapter-dist.zip + + + + Next, you will have to enable the keycloak module for your jetty.base. + + + +$ cd your-base +$ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak + + + +
+ +
+ Required Per WAR Configuration + + This section describes how to secure a WAR directly by adding config and editing files within your WAR package. + + + The first thing you must do is create a WEB-INF/jetty-web.xml file in your WAR package. This is + a Jetty specific config file and you must define a Keycloak specific authenticator within it. + + + + + + + + + + + +]]> + + + Next you must create + a keycloak-saml.xml adapter config file within the WEB-INF directory + of your WAR. The format of this config file is describe in the general adapter configuration + section. + + + Finally you must specify both a login-config and use standard servlet security to specify + role-base constraints on your URLs. Here's an example: + + + + + + customer-portal + + + + Customers + /* + + + user + + + CONFIDENTIAL + + + + + BASIC + this is ignored currently + + + + admin + + + user + + +]]> + + +
+ \ No newline at end of file diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml new file mode 100755 index 0000000000..e258d60fd8 --- /dev/null +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml @@ -0,0 +1,10 @@ + + Logout + + There are multiple ways you can logout from a web application. For Java EE servlet containers, you can call + HttpServletRequest.logout(). + For any other browser application, you can point the browser at any url of your web application that has + a security constraing and pass in a query parameter GLO, i.e. http://myapp?GLO=true. + This will log you out if you have an SSO session with your browser. + + \ No newline at end of file diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml new file mode 100755 index 0000000000..322aadb059 --- /dev/null +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml @@ -0,0 +1,56 @@ + + Multi Tenancy + + Multi Tenancy, in our context, means that one single target application (WAR) can be secured by a single (or clustered) Keycloak server, authenticating + its users against different realms. In practice, this means that one application needs to use different keycloak.json files. + For this case, there are two possible solutions: + + + + The same WAR file deployed under two different names, each with its own Keycloak configuration (probably via the Keycloak Subsystem). + This scenario is suitable when the number of realms is known in advance or when there's a dynamic provision of application instances. + One example would be a service provider that dynamically creates servers/deployments for their clients, like a PaaS. + + + + A WAR file deployed once (possibly in a cluster), that decides which realm to authenticate against based on the request parameters. + This scenario is suitable when there are an undefined number of realms. One example would be a SaaS provider that have only one deployment + (perhaps in a cluster) serving several companies, differentiating between clients based on the hostname + (client1.acme.com, client2.acme.com) or path (/app/client1/, + /app/client2/) or even via a special HTTP Header. + + + + + This chapter of the reference guide focus on this second scenario. + + + + Keycloak provides an extension point for applications that need to evaluate the realm on a request basis. During the authentication + and authorization phase of the incoming request, Keycloak queries the application via this extension point and expects the application + to return a complete representation of the realm. With this, Keycloak then proceeds the authentication and authorization process, + accepting or refusing the request based on the incoming credentials and on the returned realm. + + For this scenario, an application needs to: + + + + + Add a context parameter to the web.xml, named keycloak.config.resolver. + The value of this property should be the fully qualified name of the class extending + org.keycloak.adapters.KeycloakConfigResolver. + + + + A concrete implementation of org.keycloak.adapters.KeycloakConfigResolver. Keycloak will call the + resolve(org.keycloak.adapters.HttpFacade.Request) method and expects a complete + org.keycloak.adapters.KeycloakDeployment in response. Note that Keycloak will call this for every request, + so, take the usual performance precautions. + + + + + + An implementation of this feature can be found in the examples. + + diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml new file mode 100755 index 0000000000..f6db1b038e --- /dev/null +++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml @@ -0,0 +1,92 @@ + + Tomcat 6, 7 and 8 SAML dapters + + To be able to secure WAR apps deployed on Tomcat 6, 7 and 8 you must install the Keycloak Tomcat 6, 7 or 8 SAML adapter + into your Tomcat installation. You then have to provide some extra configuration in each WAR you deploy to + Tomcat. Let's go over these steps. + +
+ Adapter Installation + + Adapters are no longer included with the appliance or war distribution. Each adapter is a separate download on + the Keycloak download site. They are also available as a maven artifact. + + + You must unzip the adapter distro into Tomcat's lib/ directory. Including + adapter's jars within your WEB-INF/lib directory will not work! The Keycloak SAML adapter is implemented as a Valve + and valve code must reside in Tomcat's main lib/ directory. + + + +$ cd $TOMCAT_HOME/lib +$ unzip keycloak-saml-tomcat6-adapter-dist.zip + or +$ unzip keycloak-saml-tomcat7-adapter-dist.zip + or +$ unzip keycloak-saml-tomcat8-adapter-dist.zip + + +
+ +
+ Required Per WAR Configuration + + This section describes how to secure a WAR directly by adding config and editing files within your WAR package. + + + The first thing you must do is create a META-INF/context.xml file in your WAR package. This is + a Tomcat specific config file and you must define a Keycloak specific Valve. + + + + +]]> + + + Next you must create + a keycloak-saml.xml adapter config file within the WEB-INF directory + of your WAR. The format of this config file is describe in the general adapter configuration + section. + + + Finally you must specify both a login-config and use standard servlet security to specify + role-base constraints on your URLs. Here's an example: + + + + + + customer-portal + + + + Customers + /* + + + user + + + + + BASIC + this is ignored currently + + + + admin + + + user + + +]]> + + +
+ \ No newline at end of file diff --git a/pom.xml b/pom.xml index 3ef78c33e2..2eca2287cc 100755 --- a/pom.xml +++ b/pom.xml @@ -892,6 +892,16 @@ keycloak-saml-tomcat6-adapter ${project.version} + + org.keycloak + keycloak-saml-as7-adapter + ${project.version} + + + org.keycloak + keycloak-saml-as7-subsystem + ${project.version} + org.keycloak keycloak-saml-tomcat7-adapter diff --git a/saml/client-adapter/as7-eap6/adapter/pom.xml b/saml/client-adapter/as7-eap6/adapter/pom.xml new file mode 100755 index 0000000000..06833435d6 --- /dev/null +++ b/saml/client-adapter/as7-eap6/adapter/pom.xml @@ -0,0 +1,101 @@ + + + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../../pom.xml + + 4.0.0 + + keycloak-saml-as7-adapter + Keycloak SAML AS7 Integration + + + + + org.keycloak + keycloak-common + + + org.keycloak + keycloak-as7-adapter-spi + + + org.keycloak + keycloak-adapter-spi + + + org.keycloak + keycloak-saml-adapter-core + + + org.keycloak + keycloak-saml-adapter-core + + + org.bouncycastle + bcprov-jdk15on + + + org.jboss.spec.javax.servlet + jboss-servlet-api_3.0_spec + provided + + + org.jboss.logging + jboss-logging + ${jboss.logging.version} + provided + + + org.jboss.web + jbossweb + 7.0.17.Final + provided + + + org.jboss.as + jboss-as-web + 7.1.2.Final + provided + + + org.keycloak + keycloak-saml-tomcat-adapter-core + + + org.apache.tomcat + tomcat-servlet-api + + + org.apache.tomcat + tomcat-catalina + + + org.apache.tomcat + catalina + + + + + junit + junit + test + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + ${maven.compiler.source} + ${maven.compiler.target} + + + + + + diff --git a/saml/client-adapter/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java b/saml/client-adapter/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java new file mode 100755 index 0000000000..624d5a7a1e --- /dev/null +++ b/saml/client-adapter/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java @@ -0,0 +1,52 @@ +package org.keycloak.adapters.saml.jbossweb; + +import org.apache.catalina.LifecycleException; +import org.apache.catalina.connector.Request; +import org.apache.catalina.connector.Response; +import org.apache.catalina.core.StandardContext; +import org.apache.catalina.deploy.LoginConfig; +import org.keycloak.adapters.jbossweb.JBossWebPrincipalFactory; +import org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve; +import org.keycloak.adapters.tomcat.GenericPrincipalFactory; + +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * Keycloak authentication valve + * + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class SamlAuthenticatorValve extends AbstractSamlAuthenticatorValve { + public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws java.io.IOException { + return authenticateInternal(request, response, config); + } + + @Override + protected boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException { + if (loginConfig == null) return false; + LoginConfig config = (LoginConfig)loginConfig; + if (config.getErrorPage() == null) return false; + forwardToErrorPage(request, (Response)response, config); + return true; + } + + + @Override + public void start() throws LifecycleException { + StandardContext standardContext = (StandardContext) context; + standardContext.addLifecycleListener(this); + super.start(); + } + + + public void logout(Request request) { + logoutInternal(request); + } + + @Override + protected GenericPrincipalFactory createPrincipalFactory() { + return new JBossWebPrincipalFactory(); + } +} diff --git a/saml/client-adapter/as7-eap6/pom.xml b/saml/client-adapter/as7-eap6/pom.xml new file mode 100755 index 0000000000..c6bca52f89 --- /dev/null +++ b/saml/client-adapter/as7-eap6/pom.xml @@ -0,0 +1,20 @@ + + + keycloak-parent + org.keycloak + 1.6.0.Final-SNAPSHOT + ../../../pom.xml + + Keycloak SAML EAP Integration + + 4.0.0 + + keycloak-saml-eap-integration-pom + pom + + + adapter + subsystem + + diff --git a/saml/client-adapter/as7-eap6/subsystem/pom.xml b/saml/client-adapter/as7-eap6/subsystem/pom.xml new file mode 100755 index 0000000000..198c360625 --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/pom.xml @@ -0,0 +1,115 @@ + + + + 4.0.0 + + + org.keycloak + keycloak-parent + 1.6.0.Final-SNAPSHOT + ../../../../pom.xml + + + keycloak-saml-as7-subsystem + Keycloak SAML AS7 Subsystem + + jar + + + + + org.apache.maven.plugins + maven-surefire-plugin + 2.8.1 + + false + true + -Xmx512m + + + jboss.home + ${jboss.home} + + + + **/*TestCase.java + + once + + + + + + + + org.keycloak + keycloak-saml-as7-adapter + + + + org.jboss.as + jboss-as-naming + ${jboss.version} + + + + org.jboss.as + jboss-as-server + ${jboss.version} + + + + org.jboss.as + jboss-as-ee + ${jboss.version} + + + + org.jboss.as + jboss-as-web + ${jboss.version} + + + + org.jboss.logging + jboss-logging + 3.1.0.GA + + + + org.jboss.logging + jboss-logging-processor + + provided + true + 1.0.0.Final + + + + org.jboss.msc + jboss-msc + 1.0.2.GA + + + + junit + junit + test + + + diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java new file mode 100755 index 0000000000..31008d4662 --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java @@ -0,0 +1,93 @@ +/* + * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.keycloak.subsystem.saml.as7; + +import org.jboss.as.server.deployment.DeploymentPhaseContext; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.server.deployment.DeploymentUnitProcessingException; +import org.jboss.as.server.deployment.DeploymentUnitProcessor; +import org.jboss.as.web.deployment.WarMetaData; +import org.jboss.logging.Logger; +import org.jboss.metadata.javaee.spec.ParamValueMetaData; +import org.jboss.metadata.web.jboss.JBossWebMetaData; +import org.jboss.metadata.web.jboss.ValveMetaData; +import org.jboss.metadata.web.spec.LoginConfigMetaData; +import org.keycloak.adapters.saml.jbossweb.SamlAuthenticatorValve; + +import java.util.ArrayList; +import java.util.List; + +/** + * Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc. + */ +public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitProcessor { + protected Logger log = Logger.getLogger(KeycloakAdapterConfigDeploymentProcessor.class); + + // This param name is defined again in Keycloak Undertow Integration class + // org.keycloak.adapters.undertow.KeycloakServletExtension. We have this value in + // two places to avoid dependency between Keycloak Subsystem and Keyclaok Undertow Integration. + public static final String AUTH_DATA_PARAM_NAME = "org.keycloak.saml.adapterConfig"; + + + @Override + public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { + DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); + String deploymentName = deploymentUnit.getName(); + + // if it's not a web-app there's nothing to secure + WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY); + if (warMetaData == null) { + return; + } + JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData(); + if (webMetaData == null) { + webMetaData = new JBossWebMetaData(); + warMetaData.setMergedJBossWebMetaData(webMetaData); + } + + // otherwise + LoginConfigMetaData loginConfig = webMetaData.getLoginConfig(); + + boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod()); + + if (webRequiresKC) { + log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentName); + addValve(webMetaData); + } + } + + private void addValve(JBossWebMetaData webMetaData) { + List valves = webMetaData.getValves(); + if (valves == null) { + valves = new ArrayList(1); + webMetaData.setValves(valves); + } + ValveMetaData valve = new ValveMetaData(); + valve.setValveClass(SamlAuthenticatorValve.class.getName()); + valve.setModule("org.keycloak.keycloak-saml-as7-adapter"); + //log.info("******* adding Keycloak valve to: " + deploymentName); + valves.add(valve); + } + + @Override + public void undeploy(DeploymentUnit du) { + + } + +} diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java new file mode 100755 index 0000000000..c214774a3c --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java @@ -0,0 +1,67 @@ +/* + * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package org.keycloak.subsystem.saml.as7; + +import org.jboss.as.server.deployment.Attachments; +import org.jboss.as.server.deployment.DeploymentPhaseContext; +import org.jboss.as.server.deployment.DeploymentUnit; +import org.jboss.as.server.deployment.DeploymentUnitProcessingException; +import org.jboss.as.server.deployment.DeploymentUnitProcessor; +import org.jboss.as.server.deployment.module.ModuleDependency; +import org.jboss.as.server.deployment.module.ModuleSpecification; +import org.jboss.modules.Module; +import org.jboss.modules.ModuleIdentifier; +import org.jboss.modules.ModuleLoader; + +/** + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ +public abstract class KeycloakDependencyProcessor implements DeploymentUnitProcessor { + + private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core"); + private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core"); + private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common"); + + @Override + public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException { + final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit(); + + // Next phase, need to detect if this is a Keycloak deployment. If not, don't add the modules. + + final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION); + final ModuleLoader moduleLoader = Module.getBootModuleLoader(); + addCommonModules(moduleSpecification, moduleLoader); + addPlatformSpecificModules(moduleSpecification, moduleLoader); + } + + private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) { + // ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified) + moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false)); + moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false)); + moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false)); + } + + abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader); + + @Override + public void undeploy(DeploymentUnit du) { + + } + +} diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessorAS7.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessorAS7.java new file mode 100755 index 0000000000..700fc828c6 --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessorAS7.java @@ -0,0 +1,19 @@ +package org.keycloak.subsystem.saml.as7; + +import org.jboss.as.server.deployment.module.ModuleDependency; +import org.jboss.as.server.deployment.module.ModuleSpecification; +import org.jboss.modules.ModuleIdentifier; +import org.jboss.modules.ModuleLoader; + +/** + * @author Marko Strukelj + */ +public class KeycloakDependencyProcessorAS7 extends KeycloakDependencyProcessor { + + private static final ModuleIdentifier KEYCLOAK_AS7_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-as7-adapter"); + + @Override + protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) { + // ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified) + moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_AS7_ADAPTER, false, false, true, false)); + }} diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSamlExtension.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSamlExtension.java new file mode 100755 index 0000000000..c52f2b5f7c --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSamlExtension.java @@ -0,0 +1,76 @@ +/* + * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.keycloak.subsystem.saml.as7; + +import org.jboss.as.controller.Extension; +import org.jboss.as.controller.ExtensionContext; +import org.jboss.as.controller.PathElement; +import org.jboss.as.controller.ResourceDefinition; +import org.jboss.as.controller.SubsystemRegistration; +import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver; +import org.jboss.as.controller.parsing.ExtensionParsingContext; +import org.jboss.as.controller.registry.ManagementResourceRegistration; + +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM; + + +/** + * Main Extension class for the subsystem. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ +public class KeycloakSamlExtension implements Extension { + + public static final String SUBSYSTEM_NAME = "keycloak-saml"; + public static final String NAMESPACE = "urn:jboss:domain:keycloak-saml:1.6"; + private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser(); + static final PathElement PATH_SUBSYSTEM = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME); + private static final String RESOURCE_NAME = KeycloakSamlExtension.class.getPackage().getName() + ".LocalDescriptions"; + private static final int MGMT_API_VERSION_MAJOR = 1; + private static final int MGMT_API_VERSION_MINOR = 1; + + static final PathElement SUBSYSTEM_PATH = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME); + private static final ResourceDefinition KEYCLOAK_SUBSYSTEM_RESOURCE = new KeycloakSubsystemDefinition(); + + public static StandardResourceDescriptionResolver getResourceDescriptionResolver(final String... keyPrefix) { + StringBuilder prefix = new StringBuilder(SUBSYSTEM_NAME); + for (String kp : keyPrefix) { + prefix.append('.').append(kp); + } + return new StandardResourceDescriptionResolver(prefix.toString(), RESOURCE_NAME, KeycloakSamlExtension.class.getClassLoader(), true, false); + } + + /** + * {@inheritDoc} + */ + @Override + public void initializeParsers(final ExtensionParsingContext context) { + context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakSamlExtension.NAMESPACE, PARSER); + } + + /** + * {@inheritDoc} + */ + @Override + public void initialize(final ExtensionContext context) { + final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, MGMT_API_VERSION_MAJOR, MGMT_API_VERSION_MINOR); + + ManagementResourceRegistration registration = subsystem.registerSubsystemModel(KEYCLOAK_SUBSYSTEM_RESOURCE); + + subsystem.registerXMLElementWriter(PARSER); + } +} diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java new file mode 100755 index 0000000000..2a7fd55242 --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java @@ -0,0 +1,59 @@ +/* + * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.keycloak.subsystem.saml.as7; + + +import org.jboss.as.controller.AbstractBoottimeAddStepHandler; +import org.jboss.as.controller.OperationContext; +import org.jboss.as.controller.OperationFailedException; +import org.jboss.as.controller.ServiceVerificationHandler; +import org.jboss.as.server.AbstractDeploymentChainStep; +import org.jboss.as.server.DeploymentProcessorTarget; +import org.jboss.as.server.deployment.Phase; +import org.jboss.dmr.ModelNode; +import org.jboss.msc.service.ServiceController; + +import java.util.List; + +/** + * The Keycloak subsystem add update handler. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ +class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler { + + static final KeycloakSubsystemAdd INSTANCE = new KeycloakSubsystemAdd(); + + @Override + protected void performBoottime(final OperationContext context, ModelNode operation, final ModelNode model, ServiceVerificationHandler verificationHandler, List> newControllers) { + context.addStep(new AbstractDeploymentChainStep() { + @Override + protected void execute(DeploymentProcessorTarget processorTarget) { + processorTarget.addDeploymentProcessor(Phase.DEPENDENCIES, 0, new KeycloakDependencyProcessorAS7()); + processorTarget.addDeploymentProcessor( + Phase.POST_MODULE, // PHASE + Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY + new KeycloakAdapterConfigDeploymentProcessor()); + } + }, OperationContext.Stage.RUNTIME); + } + + @Override + protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException { + model.setEmptyObject(); + } +} diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemDefinition.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemDefinition.java new file mode 100755 index 0000000000..400822e40d --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemDefinition.java @@ -0,0 +1,47 @@ +/* + * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package org.keycloak.subsystem.saml.as7; + +import org.jboss.as.controller.ReloadRequiredRemoveStepHandler; +import org.jboss.as.controller.SimpleResourceDefinition; +import org.jboss.as.controller.descriptions.ModelDescriptionConstants; +import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler; +import org.jboss.as.controller.registry.ManagementResourceRegistration; +import org.jboss.as.controller.registry.OperationEntry; + +/** + * Definition of subsystem=keycloak. + * + * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc. + */ +public class KeycloakSubsystemDefinition extends SimpleResourceDefinition { + protected KeycloakSubsystemDefinition() { + super(KeycloakSamlExtension.SUBSYSTEM_PATH, + KeycloakSamlExtension.getResourceDescriptionResolver("subsystem"), + KeycloakSubsystemAdd.INSTANCE, + ReloadRequiredRemoveStepHandler.INSTANCE + ); + } + + @Override + public void registerOperations(ManagementResourceRegistration resourceRegistration) { + super.registerOperations(resourceRegistration); + resourceRegistration.registerOperationHandler(ModelDescriptionConstants.DESCRIBE, GenericSubsystemDescribeHandler.INSTANCE, GenericSubsystemDescribeHandler.INSTANCE, false, OperationEntry.EntryType.PRIVATE); + } + +} diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java new file mode 100755 index 0000000000..14899e1d7b --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors + * as indicated by the @author tags. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of + * the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ +package org.keycloak.subsystem.saml.as7; + +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.parsing.ParseUtils; +import org.jboss.as.controller.persistence.SubsystemMarshallingContext; +import org.jboss.dmr.ModelNode; +import org.jboss.staxmapper.XMLElementReader; +import org.jboss.staxmapper.XMLElementWriter; +import org.jboss.staxmapper.XMLExtendedStreamReader; +import org.jboss.staxmapper.XMLExtendedStreamWriter; + +import javax.xml.stream.XMLStreamConstants; +import javax.xml.stream.XMLStreamException; +import java.util.List; + +/** + * The subsystem parser, which uses stax to read and write to and from xml + */ +class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader>, XMLElementWriter { + + /** + * {@inheritDoc} + */ + @Override + public void readElement(final XMLExtendedStreamReader reader, final List list) throws XMLStreamException { + // Require no attributes + ParseUtils.requireNoAttributes(reader); + ModelNode addKeycloakSub = org.jboss.as.controller.operations.common.Util.createAddOperation(PathAddress.pathAddress(KeycloakSamlExtension.PATH_SUBSYSTEM)); + list.add(addKeycloakSub); + + while (reader.hasNext() && nextTag(reader) != END_ELEMENT) { + } + } + + // used for debugging + private int nextTag(XMLExtendedStreamReader reader) throws XMLStreamException { + return reader.nextTag(); + } + + + /** + * {@inheritDoc} + */ + @Override + public void writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException { + context.startSubsystemElement(KeycloakSamlExtension.NAMESPACE, false); + writer.writeEndElement(); + } + + +} diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Util.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Util.java new file mode 100755 index 0000000000..e73f338b42 --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Util.java @@ -0,0 +1,42 @@ +package org.keycloak.subsystem.saml.as7; + +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.descriptions.ModelDescriptionConstants; +import org.jboss.dmr.ModelNode; + +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR; + +/** + * @author Bill Burke + * @version $Revision: 1 $ + */ +public class Util { + public static ModelNode createAddOperation(final PathAddress address) { + return createOperation(ModelDescriptionConstants.ADD, address); + } + + public static ModelNode createAddOperation() { + return createEmptyOperation(ModelDescriptionConstants.ADD, null); + } + + public static ModelNode createRemoveOperation(final PathAddress address) { + return createOperation(ModelDescriptionConstants.REMOVE, address); + } + + public static ModelNode createOperation(final String operationName, final PathAddress address) { + return createEmptyOperation(operationName, address); + } + + public static ModelNode createEmptyOperation(String operationName, final PathAddress address) { + ModelNode op = new ModelNode(); + op.get(OP).set(operationName); + if (address != null) { + op.get(OP_ADDR).set(address.toModelNode()); + } else { + // Just establish the standard structure; caller can fill in address later + op.get(OP_ADDR); + } + return op; + } +} diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension b/saml/client-adapter/as7-eap6/subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension new file mode 100755 index 0000000000..2fd653a56d --- /dev/null +++ b/saml/client-adapter/as7-eap6/subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension @@ -0,0 +1 @@ +org.keycloak.subsystem.saml.as7.KeycloakSamlExtension diff --git a/saml/client-adapter/pom.xml b/saml/client-adapter/pom.xml index e101055836..36def452de 100755 --- a/saml/client-adapter/pom.xml +++ b/saml/client-adapter/pom.xml @@ -19,5 +19,6 @@ tomcat jetty wildfly + as7-eap6 diff --git a/saml/client-adapter/wildfly/wildfly9-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java b/saml/client-adapter/wildfly/wildfly9-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java index d0a50eb4ac..2dad307529 100755 --- a/saml/client-adapter/wildfly/wildfly9-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java +++ b/saml/client-adapter/wildfly/wildfly9-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java @@ -36,7 +36,6 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core"); private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core"); - private static final ModuleIdentifier KEYCLOAK_CORE = ModuleIdentifier.create("org.keycloak.keycloak-core"); private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common"); @Override @@ -56,7 +55,6 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false)); moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false)); moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false)); - moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE, false, false, false, false)); } abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);