saml adapters docs/dist
This commit is contained in:
parent
3b4b5c11e6
commit
d40237b08d
58 changed files with 3209 additions and 2 deletions
35
distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
Executable file
35
distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,35 @@
|
||||||
|
<assembly>
|
||||||
|
<id>war-dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
<format>tar.gz</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<fileSets>
|
||||||
|
<fileSet>
|
||||||
|
<directory>${project.build.directory}/unpacked</directory>
|
||||||
|
<includes>
|
||||||
|
<include>org/keycloak/keycloak-common/**</include>
|
||||||
|
<include>org/keycloak/keycloak-saml-core/**</include>
|
||||||
|
<include>org/keycloak/keycloak-saml-adapter-core/**</include>
|
||||||
|
<include>org/keycloak/keycloak-adapter-spi/**</include>
|
||||||
|
<include>org/keycloak/keycloak-jboss-adapter-core/**</include>
|
||||||
|
<include>org/bouncycastle/**</include>
|
||||||
|
<include>org/keycloak/keycloak-saml-as7-adapter/**</include>
|
||||||
|
<include>org/keycloak/keycloak-saml-as7-subsystem/**</include>
|
||||||
|
</includes>
|
||||||
|
<excludes>
|
||||||
|
<exclude>**/*.war</exclude>
|
||||||
|
</excludes>
|
||||||
|
<outputDirectory>modules</outputDirectory>
|
||||||
|
</fileSet>
|
||||||
|
</fileSets>
|
||||||
|
<files>
|
||||||
|
<file>
|
||||||
|
<source>../../shared-cli/adapter-install.cli</source>
|
||||||
|
<outputDirectory>bin</outputDirectory>
|
||||||
|
</file>
|
||||||
|
</files>
|
||||||
|
</assembly>
|
79
distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
Executable file
79
distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,79 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-as7-adapter-dist</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>Keycloak SAML AS7 Adapter Distro</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-dependency-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>unpack</id>
|
||||||
|
<phase>prepare-package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>unpack</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<artifactItems>
|
||||||
|
<artifactItem>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||||
|
<type>zip</type>
|
||||||
|
<outputDirectory>${project.build.directory}/unpacked</outputDirectory>
|
||||||
|
</artifactItem>
|
||||||
|
</artifactItems>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
22
distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml
Executable file
22
distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml
Executable file
|
@ -0,0 +1,22 @@
|
||||||
|
<assembly>
|
||||||
|
<id>dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<fileSets>
|
||||||
|
<fileSet>
|
||||||
|
<directory>../../</directory>
|
||||||
|
<includes>
|
||||||
|
<include>License.html</include>
|
||||||
|
</includes>
|
||||||
|
<outputDirectory></outputDirectory>
|
||||||
|
</fileSet>
|
||||||
|
<fileSet>
|
||||||
|
<directory>${project.build.directory}/modules</directory>
|
||||||
|
<outputDirectory></outputDirectory>
|
||||||
|
</fileSet>
|
||||||
|
</fileSets>
|
||||||
|
</assembly>
|
88
distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml
Executable file
88
distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml
Executable file
|
@ -0,0 +1,88 @@
|
||||||
|
<!--
|
||||||
|
~ JBoss, Home of Professional Open Source.
|
||||||
|
~ Copyright 2012, Red Hat, Inc., and individual contributors
|
||||||
|
~ as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
~ distribution for a full listing of individual contributors.
|
||||||
|
~
|
||||||
|
~ This is free software; you can redistribute it and/or modify it
|
||||||
|
~ under the terms of the GNU Lesser General Public License as
|
||||||
|
~ published by the Free Software Foundation; either version 2.1 of
|
||||||
|
~ the License, or (at your option) any later version.
|
||||||
|
~
|
||||||
|
~ This software is distributed in the hope that it will be useful,
|
||||||
|
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
~ Lesser General Public License for more details.
|
||||||
|
~
|
||||||
|
~ You should have received a copy of the GNU Lesser General Public
|
||||||
|
~ License along with this software; if not, write to the Free
|
||||||
|
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<project name="module-repository" basedir="." default="all">
|
||||||
|
|
||||||
|
<import file="lib.xml"/>
|
||||||
|
|
||||||
|
<property name="output.dir" value="target"/>
|
||||||
|
|
||||||
|
<target name="all">
|
||||||
|
<antcall target="modules">
|
||||||
|
<param name="mavenized.modules" value="false"/>
|
||||||
|
<param name="output.dir" value="target"/>
|
||||||
|
</antcall>
|
||||||
|
</target>
|
||||||
|
|
||||||
|
|
||||||
|
<target name="modules">
|
||||||
|
|
||||||
|
<!-- server min dependencies -->
|
||||||
|
|
||||||
|
<module-def name="org.keycloak.keycloak-common">
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-common"/>
|
||||||
|
</module-def>
|
||||||
|
<module-def name="org.keycloak.keycloak-core">
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-core"/>
|
||||||
|
</module-def>
|
||||||
|
|
||||||
|
<module-def name="org.bouncycastle">
|
||||||
|
<maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
|
||||||
|
<maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
|
||||||
|
</module-def>
|
||||||
|
|
||||||
|
<!-- subsystems -->
|
||||||
|
|
||||||
|
<module-def name="org.keycloak.keycloak-adapter-spi">
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-adapter-spi"/>
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-tomcat-adapter-spi"/>
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-as7-adapter-spi"/>
|
||||||
|
</module-def>
|
||||||
|
|
||||||
|
<module-def name="org.keycloak.keycloak-saml-adapter-core">
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-saml-adapter-core"/>
|
||||||
|
</module-def>
|
||||||
|
|
||||||
|
<module-def name="org.keycloak.keycloak-jboss-adapter-core">
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-jboss-adapter-core"/>
|
||||||
|
</module-def>
|
||||||
|
|
||||||
|
<module-def name="org.keycloak.keycloak-saml-as7-adapter">
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-saml-as7-adapter"/>
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-saml-tomcat-core-adapter"/>
|
||||||
|
</module-def>
|
||||||
|
|
||||||
|
<module-def name="org.keycloak.keycloak-saml-as7-subsystem">
|
||||||
|
<maven-resource group="org.keycloak" artifact="keycloak-saml-as7-subsystem"/>
|
||||||
|
</module-def>
|
||||||
|
|
||||||
|
</target>
|
||||||
|
|
||||||
|
<target name="clean-target">
|
||||||
|
<delete dir="${output.dir}"/>
|
||||||
|
</target>
|
||||||
|
|
||||||
|
<target name="clean" depends="clean-target">
|
||||||
|
<delete file="maven-ant-tasks.jar"/>
|
||||||
|
</target>
|
||||||
|
|
||||||
|
</project>
|
282
distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml
Executable file
282
distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml
Executable file
|
@ -0,0 +1,282 @@
|
||||||
|
<!--
|
||||||
|
~ JBoss, Home of Professional Open Source.
|
||||||
|
~ Copyright 2010, Red Hat, Inc., and individual contributors
|
||||||
|
~ as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
~ distribution for a full listing of individual contributors.
|
||||||
|
~
|
||||||
|
~ This is free software; you can redistribute it and/or modify it
|
||||||
|
~ under the terms of the GNU Lesser General Public License as
|
||||||
|
~ published by the Free Software Foundation; either version 2.1 of
|
||||||
|
~ the License, or (at your option) any later version.
|
||||||
|
~
|
||||||
|
~ This software is distributed in the hope that it will be useful,
|
||||||
|
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
~ Lesser General Public License for more details.
|
||||||
|
~
|
||||||
|
~ You should have received a copy of the GNU Lesser General Public
|
||||||
|
~ License along with this software; if not, write to the Free
|
||||||
|
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<project name="module-repository-lib">
|
||||||
|
|
||||||
|
<property name="src.dir" value="src"/>
|
||||||
|
<property name="module.repo.src.dir" value="${src.dir}/main/resources/modules"/>
|
||||||
|
<property name="module.xml" value="module.xml"/>
|
||||||
|
|
||||||
|
<taskdef resource="net/sf/antcontrib/antlib.xml"/>
|
||||||
|
<taskdef name="jandex" classname="org.jboss.jandex.JandexAntTask" />
|
||||||
|
|
||||||
|
<macrodef name="module-def">
|
||||||
|
<attribute name="name"/>
|
||||||
|
<attribute name="slot" default="main"/>
|
||||||
|
<element name="resources" implicit="yes" optional="yes"/>
|
||||||
|
|
||||||
|
<sequential>
|
||||||
|
<echo message="Initializing module -> @{name}"/>
|
||||||
|
<property name="module.repo.output.dir" value="${output.dir}/modules"/>
|
||||||
|
<!-- Figure out the correct module path -->
|
||||||
|
<define-module-dir name="@{name}" slot="@{slot}"/>
|
||||||
|
|
||||||
|
<!-- Make the module output director -->
|
||||||
|
<mkdir dir="${module.repo.output.dir}/${current.module.path}"/>
|
||||||
|
|
||||||
|
<!-- Copy the module.xml and other stuff to the output director -->
|
||||||
|
<copy todir="${module.repo.output.dir}/${current.module.path}" overwrite="true">
|
||||||
|
<fileset dir="${module.repo.src.dir}/${current.module.path}">
|
||||||
|
<include name="**"/>
|
||||||
|
</fileset>
|
||||||
|
</copy>
|
||||||
|
|
||||||
|
<!-- Process the resource -->
|
||||||
|
<resources/>
|
||||||
|
|
||||||
|
<!-- Add keycloak version property to module xml -->
|
||||||
|
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}"
|
||||||
|
token="$${project.version}"
|
||||||
|
value="${project.version}"/>
|
||||||
|
|
||||||
|
<!-- Some final cleanup -->
|
||||||
|
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||||
|
<replacetoken>
|
||||||
|
<![CDATA[
|
||||||
|
<!-- Insert resources here -->]]></replacetoken>
|
||||||
|
<replacevalue>
|
||||||
|
</replacevalue>
|
||||||
|
</replace>
|
||||||
|
|
||||||
|
</sequential>
|
||||||
|
</macrodef>
|
||||||
|
|
||||||
|
<macrodef name="bundle-def">
|
||||||
|
<attribute name="name"/>
|
||||||
|
<attribute name="slot" default="main"/>
|
||||||
|
<element name="resources" implicit="yes" optional="yes"/>
|
||||||
|
|
||||||
|
<sequential>
|
||||||
|
<echo message="Initializing bundle -> @{name}"/>
|
||||||
|
<property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
|
||||||
|
<!-- Figure out the correct bundle path -->
|
||||||
|
<define-bundle-dir name="@{name}" slot="@{slot}" />
|
||||||
|
|
||||||
|
<!-- Make the bundle output director -->
|
||||||
|
<mkdir dir="${bundle.repo.output.dir}/${current.bundle.path}"/>
|
||||||
|
|
||||||
|
<!-- Process the resource -->
|
||||||
|
<resources/>
|
||||||
|
|
||||||
|
</sequential>
|
||||||
|
</macrodef>
|
||||||
|
|
||||||
|
<macrodef name="maven-bundle" >
|
||||||
|
<attribute name="group"/>
|
||||||
|
<attribute name="artifact"/>
|
||||||
|
|
||||||
|
<sequential>
|
||||||
|
<!-- Copy the jar to the bundle dir -->
|
||||||
|
<property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
|
||||||
|
<copy todir="${bundle.repo.output.dir}/${current.bundle.path}" failonerror="true">
|
||||||
|
<fileset file="${@{group}:@{artifact}:jar}"/>
|
||||||
|
<mapper type="flatten" />
|
||||||
|
</copy>
|
||||||
|
</sequential>
|
||||||
|
</macrodef>
|
||||||
|
|
||||||
|
<scriptdef name="define-module-dir" language="javascript" manager="bsf">
|
||||||
|
<attribute name="name"/>
|
||||||
|
<attribute name="slot"/>
|
||||||
|
<![CDATA[
|
||||||
|
name = attributes.get("name");
|
||||||
|
name = name.replace(".", "/");
|
||||||
|
project.setProperty("current.module.path", name + "/" + attributes.get("slot"));
|
||||||
|
]]>
|
||||||
|
</scriptdef>
|
||||||
|
|
||||||
|
<scriptdef name="define-bundle-dir" language="javascript" manager="bsf">
|
||||||
|
<attribute name="name"/>
|
||||||
|
<attribute name="slot"/>
|
||||||
|
<![CDATA[
|
||||||
|
name = attributes.get("name");
|
||||||
|
name = name.replace(".", "/");
|
||||||
|
project.setProperty("current.bundle.path", name + "/" + attributes.get("slot"));
|
||||||
|
]]>
|
||||||
|
</scriptdef>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Get the version from the parent directory of the jar. If the parent directory is 'target' this
|
||||||
|
means that the jar is contained in AS build so extract the version from the file name
|
||||||
|
-->
|
||||||
|
<scriptdef name="define-maven-artifact" language="javascript" manager="bsf">
|
||||||
|
<attribute name="group"/>
|
||||||
|
<attribute name="artifact"/>
|
||||||
|
<attribute name="classifier"/>
|
||||||
|
<attribute name="element"/>
|
||||||
|
<attribute name="path"/>
|
||||||
|
<![CDATA[
|
||||||
|
importClass(Packages.java.io.File);
|
||||||
|
group = attributes.get("group");
|
||||||
|
artifact = attributes.get("artifact");
|
||||||
|
classifier = attributes.get("classifier");
|
||||||
|
element = attributes.get("element");
|
||||||
|
path = attributes.get("path");
|
||||||
|
if(path.indexOf('${') != -1) {
|
||||||
|
throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
|
||||||
|
}
|
||||||
|
fp = new File(path);
|
||||||
|
version = fp.getParentFile().getName();
|
||||||
|
if (version.equals("target")) {
|
||||||
|
version = fp.getName();
|
||||||
|
version = version.substring(artifact.length() + 1);
|
||||||
|
suffix = ".jar";
|
||||||
|
if (classifier) {
|
||||||
|
suffix = "-" + classifier + suffix;
|
||||||
|
}
|
||||||
|
version = version.replace(suffix, "");
|
||||||
|
}
|
||||||
|
|
||||||
|
root = "<" + element + " name=\"" + group + ":" + artifact + ":" + version;
|
||||||
|
if (classifier) {
|
||||||
|
root = root + ":" + classifier;
|
||||||
|
}
|
||||||
|
root = root + "\"/>";
|
||||||
|
project.setProperty("current.maven.root", root);
|
||||||
|
]]>
|
||||||
|
</scriptdef>
|
||||||
|
|
||||||
|
<macrodef name="maven-resource" >
|
||||||
|
<attribute name="group"/>
|
||||||
|
<attribute name="artifact"/>
|
||||||
|
<attribute name="jandex" default="false" />
|
||||||
|
|
||||||
|
<sequential>
|
||||||
|
<if>
|
||||||
|
<equals arg1="${mavenized.modules}" arg2="true"/>
|
||||||
|
<then>
|
||||||
|
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" path="${@{group}:@{artifact}:jar}"/>
|
||||||
|
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||||
|
<replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
|
||||||
|
</replace>
|
||||||
|
</then>
|
||||||
|
|
||||||
|
<else>
|
||||||
|
<!-- Copy the jar to the module dir -->
|
||||||
|
<copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
|
||||||
|
<fileset file="${@{group}:@{artifact}:jar}"/>
|
||||||
|
<mapper type="flatten" />
|
||||||
|
</copy>
|
||||||
|
|
||||||
|
<basename file="${@{group}:@{artifact}:jar}" property="resourcename.@{group}.@{artifact}"/>
|
||||||
|
<!-- Generate the Jandex Index -->
|
||||||
|
<jandex run="@{jandex}" newJar="true" >
|
||||||
|
<fileset dir="${module.repo.output.dir}/${current.module.path}" />
|
||||||
|
</jandex>
|
||||||
|
<!-- Update the resource entry in module.xml -->
|
||||||
|
<define-resource-root path="${resourcename.@{group}.@{artifact}}" jandex="@{jandex}"/>
|
||||||
|
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||||
|
<replacefilter token="<!-- Insert resources here -->" value="${current.resource.root} <!-- Insert resources here -->"/>
|
||||||
|
</replace>
|
||||||
|
</else>
|
||||||
|
</if>
|
||||||
|
</sequential>
|
||||||
|
</macrodef>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<macrodef name="maven-resource-with-classifier" >
|
||||||
|
<attribute name="group"/>
|
||||||
|
<attribute name="artifact"/>
|
||||||
|
<attribute name="classifier"/>
|
||||||
|
<attribute name="jandex" default="false" />
|
||||||
|
|
||||||
|
<sequential>
|
||||||
|
<if>
|
||||||
|
<equals arg1="${mavenized.modules}" arg2="true"/>
|
||||||
|
<then>
|
||||||
|
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" classifier="@{classifier}" path="${@{group}:@{artifact}:jar:@{classifier}}"/>
|
||||||
|
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||||
|
<replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
|
||||||
|
</replace>
|
||||||
|
</then>
|
||||||
|
<else>
|
||||||
|
<!-- Copy the jar to the module dir -->
|
||||||
|
<copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
|
||||||
|
<fileset file="${@{group}:@{artifact}:jar:@{classifier}}"/>
|
||||||
|
<!-- http://jira.codehaus.org/browse/MANTRUN-159 -->
|
||||||
|
<mapper type="flatten" />
|
||||||
|
</copy>
|
||||||
|
|
||||||
|
<basename file="${@{group}:@{artifact}:jar:@{classifier}}" property="resourcename.@{group}.@{artifact}.@{classifier}"/>
|
||||||
|
|
||||||
|
<!-- Update the resource entry in module.xml -->
|
||||||
|
<define-resource-root path="${resourcename.@{group}.@{artifact}.@{classifier}}"/>
|
||||||
|
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||||
|
<replacefilter token="<!-- Insert resources here -->" value="${current.resource.root} <!-- Insert resources here -->"/>
|
||||||
|
</replace>
|
||||||
|
</else>
|
||||||
|
</if>
|
||||||
|
</sequential>
|
||||||
|
</macrodef>
|
||||||
|
|
||||||
|
<macrodef name="extract-native-jar" >
|
||||||
|
<attribute name="group"/>
|
||||||
|
<attribute name="artifact"/>
|
||||||
|
<sequential>
|
||||||
|
<if>
|
||||||
|
<equals arg1="${mavenized.modules}" arg2="true"/>
|
||||||
|
<then>
|
||||||
|
<define-maven-artifact group="@{group}" artifact="@{artifact}" element="native-artifact" path="${@{group}:@{artifact}:jar}"/>
|
||||||
|
<replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
|
||||||
|
<replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
|
||||||
|
</replace>
|
||||||
|
</then>
|
||||||
|
|
||||||
|
<else>
|
||||||
|
<unzip src="${@{group}:@{artifact}:jar}" dest="${module.repo.output.dir}/${current.module.path}">
|
||||||
|
<patternset>
|
||||||
|
<include name="lib/**"/>
|
||||||
|
</patternset>
|
||||||
|
</unzip>
|
||||||
|
</else>
|
||||||
|
</if>
|
||||||
|
</sequential>
|
||||||
|
</macrodef>
|
||||||
|
|
||||||
|
<scriptdef name="define-resource-root" language="javascript" manager="bsf">
|
||||||
|
<attribute name="path"/>
|
||||||
|
<attribute name="jandex"/>
|
||||||
|
<![CDATA[
|
||||||
|
path = attributes.get("path");
|
||||||
|
root = "<resource-root path=\"" + path + "\"/>";
|
||||||
|
if(path.indexOf('${') != -1) {
|
||||||
|
throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
|
||||||
|
}
|
||||||
|
if(attributes.get("jandex") == "true" ) {
|
||||||
|
root = root + "\n\t<resource-root path=\"" + path.replace(".jar","-jandex.jar") + "\"/>";
|
||||||
|
}
|
||||||
|
project.setProperty("current.resource.root", root);
|
||||||
|
]]>
|
||||||
|
</scriptdef>
|
||||||
|
|
||||||
|
</project>
|
175
distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml
Executable file
175
distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml
Executable file
|
@ -0,0 +1,175 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||||
|
|
||||||
|
<name>Keycloak SAML AS7 / JBoss EAP 6 Modules</name>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-common</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-adapter-spi</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-as7-adapter-spi</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-adapter-core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-jboss-adapter-core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-subsystem</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-tomcat-adapter-spi</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-jboss-adapter-core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle</groupId>
|
||||||
|
<artifactId>bcprov-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle</groupId>
|
||||||
|
<artifactId>bcpkix-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-antrun-plugin</artifactId>
|
||||||
|
<inherited>false</inherited>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>build-dist</id>
|
||||||
|
<goals>
|
||||||
|
<goal>run</goal>
|
||||||
|
</goals>
|
||||||
|
<phase>compile</phase>
|
||||||
|
<configuration>
|
||||||
|
<target>
|
||||||
|
<ant antfile="build.xml" inheritRefs="true">
|
||||||
|
<target name="all"/>
|
||||||
|
</ant>
|
||||||
|
</target>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss</groupId>
|
||||||
|
<artifactId>jandex</artifactId>
|
||||||
|
<version>1.0.3.Final</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>ant-contrib</groupId>
|
||||||
|
<artifactId>ant-contrib</artifactId>
|
||||||
|
<version>1.0b3</version>
|
||||||
|
<exclusions>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>ant</groupId>
|
||||||
|
<artifactId>ant</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
</exclusions>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.ant</groupId>
|
||||||
|
<artifactId>ant-apache-bsf</artifactId>
|
||||||
|
<version>1.9.3</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.bsf</groupId>
|
||||||
|
<artifactId>bsf-api</artifactId>
|
||||||
|
<version>3.1</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>rhino</groupId>
|
||||||
|
<artifactId>js</artifactId>
|
||||||
|
<version>1.7R2</version>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-resources-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>copy-resources</id>
|
||||||
|
<!-- here the phase you need -->
|
||||||
|
<phase>validate</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>copy-resources</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-saml-adapter-subsystem</outputDirectory>
|
||||||
|
<resources>
|
||||||
|
<resource>
|
||||||
|
<directory>src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem</directory>
|
||||||
|
<filtering>true</filtering>
|
||||||
|
</resource>
|
||||||
|
</resources>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
</project>
|
|
@ -0,0 +1,10 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">
|
||||||
|
<resources>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="javax.api"/>
|
||||||
|
</dependencies>
|
||||||
|
</module>
|
|
@ -0,0 +1,20 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-spi">
|
||||||
|
<resources>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="javax.api"/>
|
||||||
|
<module name="org.keycloak.keycloak-common"/>
|
||||||
|
<module name="org.apache.httpcomponents"/>
|
||||||
|
<module name="javax.servlet.api"/>
|
||||||
|
<module name="org.jboss.logging"/>
|
||||||
|
<module name="org.jboss.xnio"/>
|
||||||
|
<module name="io.undertow.core"/>
|
||||||
|
<module name="io.undertow.servlet"/>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</module>
|
|
@ -0,0 +1,17 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-common">
|
||||||
|
<resources>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="org.bouncycastle" />
|
||||||
|
<module name="javax.api"/>
|
||||||
|
<module name="javax.activation.api"/>
|
||||||
|
<module name="sun.jdk" optional="true" />
|
||||||
|
<module name="sun.jdk.jgss" optional="true" />
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</module>
|
|
@ -0,0 +1,17 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-jboss-adapter-core">
|
||||||
|
<resources>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="javax.api"/>
|
||||||
|
<module name="org.jboss.logging"/>
|
||||||
|
<module name="org.picketbox"/>
|
||||||
|
<module name="org.keycloak.keycloak-adapter-spi"/>
|
||||||
|
<module name="org.keycloak.keycloak-common"/>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</module>
|
|
@ -0,0 +1,17 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-adapter-core">
|
||||||
|
<resources>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="javax.api"/>
|
||||||
|
<module name="org.jboss.logging"/>
|
||||||
|
<module name="org.keycloak.keycloak-adapter-spi"/>
|
||||||
|
<module name="org.keycloak.keycloak-saml-core"/>
|
||||||
|
<module name="org.keycloak.keycloak-common"/>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</module>
|
|
@ -0,0 +1,35 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
~ JBoss, Home of Professional Open Source.
|
||||||
|
~ Copyright 2014, Red Hat, Inc., and individual contributors
|
||||||
|
~ as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
~ distribution for a full listing of individual contributors.
|
||||||
|
~
|
||||||
|
~ This is free software; you can redistribute it and/or modify it
|
||||||
|
~ under the terms of the GNU Lesser General Public License as
|
||||||
|
~ published by the Free Software Foundation; either version 2.1 of
|
||||||
|
~ the License, or (at your option) any later version.
|
||||||
|
~
|
||||||
|
~ This software is distributed in the hope that it will be useful,
|
||||||
|
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
~ Lesser General Public License for more details.
|
||||||
|
~
|
||||||
|
~ You should have received a copy of the GNU Lesser General Public
|
||||||
|
~ License along with this software; if not, write to the Free
|
||||||
|
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-adapter-subsystem">
|
||||||
|
|
||||||
|
<resources>
|
||||||
|
<resource-root path="."/>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<module name="org.keycloak.keycloak-saml-as7-subsystem" export="true" services="export"/>
|
||||||
|
</dependencies>
|
||||||
|
</module>
|
|
@ -0,0 +1,24 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-as7-adapter">
|
||||||
|
<resources>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="javax.api"/>
|
||||||
|
<module name="org.bouncycastle" />
|
||||||
|
<module name="javax.servlet.api"/>
|
||||||
|
<module name="org.jboss.logging"/>
|
||||||
|
<module name="org.jboss.as.security"/>
|
||||||
|
<module name="org.jboss.as.web"/>
|
||||||
|
<module name="org.picketbox"/>
|
||||||
|
<module name="org.keycloak.keycloak-saml-as7-adapter"/>
|
||||||
|
<module name="org.keycloak.keycloak-adapter-spi"/>
|
||||||
|
<module name="org.keycloak.keycloak-saml-core"/>
|
||||||
|
<module name="org.keycloak.keycloak-saml-adapter-core"/>
|
||||||
|
<module name="org.keycloak.keycloak-common"/>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</module>
|
|
@ -0,0 +1,45 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
~ JBoss, Home of Professional Open Source.
|
||||||
|
~ Copyright 2014, Red Hat, Inc., and individual contributors
|
||||||
|
~ as indicated by the @author tags. See the copyright.txt file in the
|
||||||
|
~ distribution for a full listing of individual contributors.
|
||||||
|
~
|
||||||
|
~ This is free software; you can redistribute it and/or modify it
|
||||||
|
~ under the terms of the GNU Lesser General Public License as
|
||||||
|
~ published by the Free Software Foundation; either version 2.1 of
|
||||||
|
~ the License, or (at your option) any later version.
|
||||||
|
~
|
||||||
|
~ This software is distributed in the hope that it will be useful,
|
||||||
|
~ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
~ Lesser General Public License for more details.
|
||||||
|
~
|
||||||
|
~ You should have received a copy of the GNU Lesser General Public
|
||||||
|
~ License along with this software; if not, write to the Free
|
||||||
|
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
|
||||||
|
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-as7-subsystem">
|
||||||
|
|
||||||
|
<resources>
|
||||||
|
<resource-root path="."/>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<module name="javax.api"/>
|
||||||
|
<module name="org.keycloak.keycloak-as7-adapter"/>
|
||||||
|
<module name="org.jboss.staxmapper"/>
|
||||||
|
<module name="org.jboss.as.controller"/>
|
||||||
|
<module name="org.jboss.as.server"/>
|
||||||
|
<module name="org.jboss.as.web"/>
|
||||||
|
<module name="org.jboss.modules"/>
|
||||||
|
<module name="org.jboss.msc"/>
|
||||||
|
<module name="org.jboss.logging"/>
|
||||||
|
<module name="org.jboss.vfs"/>
|
||||||
|
<module name="org.jboss.metadata"/>
|
||||||
|
</dependencies>
|
||||||
|
</module>
|
|
@ -0,0 +1,20 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-core">
|
||||||
|
<resources>
|
||||||
|
<!-- Insert resources here -->
|
||||||
|
</resources>
|
||||||
|
<dependencies>
|
||||||
|
<module name="org.jboss.logging"/>
|
||||||
|
<module name="org.keycloak.keycloak-common"/>
|
||||||
|
<module name="org.apache.santuario.xmlsec">
|
||||||
|
<imports>
|
||||||
|
<exclude path="javax/*"/>
|
||||||
|
</imports>
|
||||||
|
</module>
|
||||||
|
<module name="javax.api"/>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</module>
|
35
distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
Executable file
35
distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,35 @@
|
||||||
|
<assembly>
|
||||||
|
<id>war-dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
<format>tar.gz</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<fileSets>
|
||||||
|
<fileSet>
|
||||||
|
<directory>${project.build.directory}/unpacked</directory>
|
||||||
|
<includes>
|
||||||
|
<include>org/keycloak/keycloak-common/**</include>
|
||||||
|
<include>org/keycloak/keycloak-saml-core/**</include>
|
||||||
|
<include>org/keycloak/keycloak-saml-adapter-core/**</include>
|
||||||
|
<include>org/keycloak/keycloak-adapter-spi/**</include>
|
||||||
|
<include>org/keycloak/keycloak-jboss-adapter-core/**</include>
|
||||||
|
<include>org/bouncycastle/**</include>
|
||||||
|
<include>org/keycloak/keycloak-saml-as7-adapter/**</include>
|
||||||
|
<include>org/keycloak/keycloak-saml-as7-subsystem/**</include>
|
||||||
|
</includes>
|
||||||
|
<excludes>
|
||||||
|
<exclude>**/*.war</exclude>
|
||||||
|
</excludes>
|
||||||
|
<outputDirectory>modules/system/layers/base</outputDirectory>
|
||||||
|
</fileSet>
|
||||||
|
</fileSets>
|
||||||
|
<files>
|
||||||
|
<file>
|
||||||
|
<source>../../shared-cli/adapter-install.cli</source>
|
||||||
|
<outputDirectory>bin</outputDirectory>
|
||||||
|
</file>
|
||||||
|
</files>
|
||||||
|
</assembly>
|
79
distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
Executable file
79
distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,79 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-eap6-adapter-dist</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>Keycloak SAML JBoss EAP 6 Adapter Distro</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-as7-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-as7-modules</artifactId>
|
||||||
|
<type>zip</type>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-dependency-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>unpack</id>
|
||||||
|
<phase>prepare-package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>unpack</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<artifactItems>
|
||||||
|
<artifactItem>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-modules</artifactId>
|
||||||
|
<type>zip</type>
|
||||||
|
<outputDirectory>${project.build.directory}/unpacked</outputDirectory>
|
||||||
|
</artifactItem>
|
||||||
|
</artifactItems>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
21
distribution/saml-adapters/as7-eap6-adapter/pom.xml
Executable file
21
distribution/saml-adapters/as7-eap6-adapter/pom.xml
Executable file
|
@ -0,0 +1,21 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
<name>Keycloak SAML AS7 / JBoss EAP 6 Adapter Distros</name>
|
||||||
|
<description/>
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-as7-eap6-adapter-dist-pom</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
|
||||||
|
<modules>
|
||||||
|
<module>as7-modules</module>
|
||||||
|
<module>as7-adapter-zip</module>
|
||||||
|
<module>eap6-adapter-zip</module>
|
||||||
|
</modules>
|
||||||
|
</project>
|
26
distribution/saml-adapters/jetty81-adapter-zip/assembly.xml
Executable file
26
distribution/saml-adapters/jetty81-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,26 @@
|
||||||
|
<assembly>
|
||||||
|
<id>war-dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
<format>tar.gz</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<dependencySets>
|
||||||
|
<dependencySet>
|
||||||
|
<unpack>false</unpack>
|
||||||
|
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||||
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
|
<includes>
|
||||||
|
<include>org.keycloak:keycloak-saml-jetty81-adapter</include>
|
||||||
|
</includes>
|
||||||
|
<excludes>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-server</exclude>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-util</exclude>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-security</exclude>
|
||||||
|
</excludes>
|
||||||
|
<outputDirectory>lib/keycloak</outputDirectory>
|
||||||
|
</dependencySet>
|
||||||
|
</dependencySets>
|
||||||
|
</assembly>
|
51
distribution/saml-adapters/jetty81-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/jetty81-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-jetty81-adapter-dist</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>Keycloak SAML Jetty 8.1.x Adapter Distro</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-jetty81-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
39
distribution/saml-adapters/jetty91-adapter-zip/assembly.xml
Executable file
39
distribution/saml-adapters/jetty91-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,39 @@
|
||||||
|
<assembly>
|
||||||
|
<id>war-dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
<format>tar.gz</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<fileSets>
|
||||||
|
<fileSet>
|
||||||
|
<directory></directory>
|
||||||
|
<includes>
|
||||||
|
<include>keycloak.mod</include>
|
||||||
|
</includes>
|
||||||
|
<outputDirectory>modules</outputDirectory>
|
||||||
|
</fileSet>
|
||||||
|
<fileSet>
|
||||||
|
<directory>${project.build.directory}/modules</directory>
|
||||||
|
<outputDirectory></outputDirectory>
|
||||||
|
</fileSet>
|
||||||
|
</fileSets>
|
||||||
|
<dependencySets>
|
||||||
|
<dependencySet>
|
||||||
|
<unpack>false</unpack>
|
||||||
|
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||||
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
|
<includes>
|
||||||
|
<include>org.keycloak:keycloak-saml-jetty91-adapter</include>
|
||||||
|
</includes>
|
||||||
|
<excludes>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-server</exclude>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-util</exclude>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-security</exclude>
|
||||||
|
</excludes>
|
||||||
|
<outputDirectory>lib/keycloak</outputDirectory>
|
||||||
|
</dependencySet>
|
||||||
|
</dependencySets>
|
||||||
|
</assembly>
|
11
distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod
Executable file
11
distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
#
|
||||||
|
# Keycloak Jetty Adapter
|
||||||
|
#
|
||||||
|
|
||||||
|
[depend]
|
||||||
|
server
|
||||||
|
security
|
||||||
|
|
||||||
|
[lib]
|
||||||
|
lib/keycloak/*.jar
|
||||||
|
|
51
distribution/saml-adapters/jetty91-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/jetty91-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-jetty91-adapter-dist</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>Keycloak SAML Jetty 9.1.x Adapter Distro</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-jetty91-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
39
distribution/saml-adapters/jetty92-adapter-zip/assembly.xml
Executable file
39
distribution/saml-adapters/jetty92-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,39 @@
|
||||||
|
<assembly>
|
||||||
|
<id>war-dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
<format>tar.gz</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<fileSets>
|
||||||
|
<fileSet>
|
||||||
|
<directory></directory>
|
||||||
|
<includes>
|
||||||
|
<include>keycloak.mod</include>
|
||||||
|
</includes>
|
||||||
|
<outputDirectory>modules</outputDirectory>
|
||||||
|
</fileSet>
|
||||||
|
<fileSet>
|
||||||
|
<directory>${project.build.directory}/modules</directory>
|
||||||
|
<outputDirectory></outputDirectory>
|
||||||
|
</fileSet>
|
||||||
|
</fileSets>
|
||||||
|
<dependencySets>
|
||||||
|
<dependencySet>
|
||||||
|
<unpack>false</unpack>
|
||||||
|
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||||
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
|
<includes>
|
||||||
|
<include>org.keycloak:keycloak-saml-jetty92-adapter</include>
|
||||||
|
</includes>
|
||||||
|
<excludes>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-server</exclude>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-util</exclude>
|
||||||
|
<exclude>org.eclipse.jetty:jetty-security</exclude>
|
||||||
|
</excludes>
|
||||||
|
<outputDirectory>lib/keycloak</outputDirectory>
|
||||||
|
</dependencySet>
|
||||||
|
</dependencySets>
|
||||||
|
</assembly>
|
11
distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod
Executable file
11
distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
#
|
||||||
|
# Keycloak Jetty Adapter
|
||||||
|
#
|
||||||
|
|
||||||
|
[depend]
|
||||||
|
server
|
||||||
|
security
|
||||||
|
|
||||||
|
[lib]
|
||||||
|
lib/keycloak/*.jar
|
||||||
|
|
51
distribution/saml-adapters/jetty92-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/jetty92-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-jetty92-adapter-dist</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>Keycloak SAML Jetty 9.2.x Adapter Distro</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-jetty92-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
|
@ -16,5 +16,13 @@
|
||||||
|
|
||||||
<modules>
|
<modules>
|
||||||
<module>wf9-adapter</module>
|
<module>wf9-adapter</module>
|
||||||
|
<module>tomcat6-adapter-zip</module>
|
||||||
|
<module>tomcat7-adapter-zip</module>
|
||||||
|
<module>tomcat8-adapter-zip</module>
|
||||||
|
<module>jetty81-adapter-zip</module>
|
||||||
|
<!-- jetty 9.1 doesn't work right now
|
||||||
|
<module>jetty91-adapter-zip</module> -->
|
||||||
|
<module>jetty92-adapter-zip</module>
|
||||||
|
<module>as7-eap6-adapter</module>
|
||||||
</modules>
|
</modules>
|
||||||
</project>
|
</project>
|
||||||
|
|
24
distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml
Executable file
24
distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,24 @@
|
||||||
|
<assembly>
|
||||||
|
<id>war-dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
<format>tar.gz</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<dependencySets>
|
||||||
|
<dependencySet>
|
||||||
|
<unpack>false</unpack>
|
||||||
|
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||||
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
|
<includes>
|
||||||
|
<include>org.keycloak:keycloak-saml-tomcat6-adapter</include>
|
||||||
|
</includes>
|
||||||
|
<excludes>
|
||||||
|
<exclude>org.apache.tomcat:catalina</exclude>
|
||||||
|
</excludes>
|
||||||
|
<outputDirectory></outputDirectory>
|
||||||
|
</dependencySet>
|
||||||
|
</dependencySets>
|
||||||
|
</assembly>
|
51
distribution/saml-adapters/tomcat6-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/tomcat6-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-tomcat6-adapter-dist</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>Keycloak SAML Tomcat 6 Adapter Distro</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-tomcat6-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
25
distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml
Executable file
25
distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,25 @@
|
||||||
|
<assembly>
|
||||||
|
<id>war-dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
<format>tar.gz</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<dependencySets>
|
||||||
|
<dependencySet>
|
||||||
|
<unpack>false</unpack>
|
||||||
|
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||||
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
|
<includes>
|
||||||
|
<include>org.keycloak:keycloak-saml-tomcat7-adapter</include>
|
||||||
|
</includes>
|
||||||
|
<excludes>
|
||||||
|
<exclude>org.apache.tomcat:tomcat-servlet-api</exclude>
|
||||||
|
<exclude>org.apache.tomcat:tomcat-catalina</exclude>
|
||||||
|
</excludes>
|
||||||
|
<outputDirectory></outputDirectory>
|
||||||
|
</dependencySet>
|
||||||
|
</dependencySets>
|
||||||
|
</assembly>
|
51
distribution/saml-adapters/tomcat7-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/tomcat7-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-tomcat7-adapter-dist</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>Keycloak SAML Tomcat 7 Adapter Distro</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-tomcat7-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
25
distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml
Executable file
25
distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml
Executable file
|
@ -0,0 +1,25 @@
|
||||||
|
<assembly>
|
||||||
|
<id>war-dist</id>
|
||||||
|
|
||||||
|
<formats>
|
||||||
|
<format>zip</format>
|
||||||
|
<format>tar.gz</format>
|
||||||
|
</formats>
|
||||||
|
<includeBaseDirectory>false</includeBaseDirectory>
|
||||||
|
|
||||||
|
<dependencySets>
|
||||||
|
<dependencySet>
|
||||||
|
<unpack>false</unpack>
|
||||||
|
<useTransitiveDependencies>true</useTransitiveDependencies>
|
||||||
|
<useTransitiveFiltering>true</useTransitiveFiltering>
|
||||||
|
<includes>
|
||||||
|
<include>org.keycloak:keycloak-saml-tomcat8-adapter</include>
|
||||||
|
</includes>
|
||||||
|
<excludes>
|
||||||
|
<exclude>org.apache.tomcat:tomcat-servlet-api</exclude>
|
||||||
|
<exclude>org.apache.tomcat:tomcat-catalina</exclude>
|
||||||
|
</excludes>
|
||||||
|
<outputDirectory></outputDirectory>
|
||||||
|
</dependencySet>
|
||||||
|
</dependencySets>
|
||||||
|
</assembly>
|
51
distribution/saml-adapters/tomcat8-adapter-zip/pom.xml
Executable file
51
distribution/saml-adapters/tomcat8-adapter-zip/pom.xml
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-tomcat8-adapter-dist</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>Keycloak SAML Tomcat 8 Adapter Distro</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-tomcat8-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-assembly-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>assemble</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>single</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<descriptors>
|
||||||
|
<descriptor>assembly.xml</descriptor>
|
||||||
|
</descriptors>
|
||||||
|
<outputDirectory>
|
||||||
|
target
|
||||||
|
</outputDirectory>
|
||||||
|
<workDirectory>
|
||||||
|
target/assembly/work
|
||||||
|
</workDirectory>
|
||||||
|
<appendAssemblyId>false</appendAssemblyId>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
|
@ -94,6 +94,12 @@ This one is short
|
||||||
types are supported and how to configure and install them so that you can use Keycloak to secure
|
types are supported and how to configure and install them so that you can use Keycloak to secure
|
||||||
your applications.
|
your applications.
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
|
These client adapters use an extension of the OpenID Connect protocol (a derivate of OAuth 2.0).
|
||||||
|
This extension provides support for clustering, backchannel logout, and other non-standard adminstrative functions.
|
||||||
|
The Keycloak project also provides a separate, standalone, generic, SAML client adapter. But that is describe in a separate
|
||||||
|
document and has a different download.
|
||||||
|
</para>
|
||||||
&AdapterConfig;
|
&AdapterConfig;
|
||||||
&JBossAdapter;
|
&JBossAdapter;
|
||||||
&TomcatAdapter;
|
&TomcatAdapter;
|
||||||
|
|
|
@ -1,6 +1,12 @@
|
||||||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
|
||||||
"http://www.docbook.org/xml/4.4/docbookx.dtd"
|
"http://www.docbook.org/xml/4.4/docbookx.dtd"
|
||||||
[
|
[
|
||||||
|
<!ENTITY AdapterConfig SYSTEM "modules/adapter-config.xml">
|
||||||
|
<!ENTITY JBossAdapter SYSTEM "modules/jboss-adapter.xml">
|
||||||
|
<!ENTITY TomcatAdapter SYSTEM "modules/tomcat-adapter.xml">
|
||||||
|
<!ENTITY Jetty9Adapter SYSTEM "modules/jetty9-adapter.xml">
|
||||||
|
<!ENTITY Jetty8Adapter SYSTEM "modules/jetty8-adapter.xml">
|
||||||
|
<!ENTITY Logout SYSTEM "modules/logout.xml">
|
||||||
]>
|
]>
|
||||||
|
|
||||||
<book>
|
<book>
|
||||||
|
@ -33,6 +39,13 @@ This one is short
|
||||||
</programlisting>
|
</programlisting>
|
||||||
</para>
|
</para>
|
||||||
</preface>
|
</preface>
|
||||||
|
&AdapterConfig;
|
||||||
|
&JBossAdapter;
|
||||||
|
&TomcatAdapter;
|
||||||
|
&Jetty9Adapter;
|
||||||
|
&Jetty8Adapter;
|
||||||
|
&Logout;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</book>
|
</book>
|
||||||
|
|
384
docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml
Executable file
384
docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml
Executable file
|
@ -0,0 +1,384 @@
|
||||||
|
<chapter id="adapter-config">
|
||||||
|
<title>General Adapter Config</title>
|
||||||
|
<para>
|
||||||
|
Each SAML adapter supported by Keycloak can be configured by a simple XML text file. This is what one might
|
||||||
|
look like:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting><![CDATA[{
|
||||||
|
"realm" : "demo",
|
||||||
|
"resource" : "customer-portal",
|
||||||
|
"realm-public-key" : "MIGfMA0GCSqGSIb3D...31LwIDAQAB",
|
||||||
|
"auth-server-url" : "https://localhost:8443/auth",
|
||||||
|
"ssl-required" : "external",
|
||||||
|
"use-resource-role-mappings" : false,
|
||||||
|
"enable-cors" : true,
|
||||||
|
"cors-max-age" : 1000,
|
||||||
|
"cors-allowed-methods" : "POST, PUT, DELETE, GET",
|
||||||
|
"bearer-only" : false,
|
||||||
|
"enable-basic-auth" : false,
|
||||||
|
"expose-token" : true,
|
||||||
|
"credentials" : {
|
||||||
|
"secret" : "234234-234234-234234"
|
||||||
|
},
|
||||||
|
|
||||||
|
"connection-pool-size" : 20,
|
||||||
|
"disable-trust-manager": false,
|
||||||
|
"allow-any-hostname" : false,
|
||||||
|
"truststore" : "path/to/truststore.jks",
|
||||||
|
"truststore-password" : "geheim",
|
||||||
|
"client-keystore" : "path/to/client-keystore.jks",
|
||||||
|
"client-keystore-password" : "geheim",
|
||||||
|
"client-key-password" : "geheim"
|
||||||
|
}]]>
|
||||||
|
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Some of these configuration switches may be adapter specific and some are common across all adapters.
|
||||||
|
For Java adapters you can use <literal>${...}</literal> enclosure as System property replacement.
|
||||||
|
For example <literal>${jboss.server.config.dir}</literal>. Also, you can obtain a template
|
||||||
|
for this config file from the admin console. Go to the realm and select the application you want a template for.
|
||||||
|
Go to the <literal>Installation</literal> tab and this will provide you with a template that includes
|
||||||
|
the public key of the realm.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Here is a description of each item:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<variablelist>
|
||||||
|
<varlistentry>
|
||||||
|
<term>realm</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Name of the realm representing the users of your distributed applications and services.
|
||||||
|
This is
|
||||||
|
<emphasis>REQUIRED.</emphasis>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>resource</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Username of the application. Each application has a username that is used when the
|
||||||
|
application connects with the Keycloak server to turn an access code into an access token
|
||||||
|
(part of the OAuth 2.0 protocol). This is
|
||||||
|
<emphasis>REQUIRED.</emphasis>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>realm-public-key</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
PEM format of public key. You can obtain this from the administration console.
|
||||||
|
This is
|
||||||
|
<emphasis>REQUIRED.</emphasis>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>auth-server-url</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The base URL of the Keycloak Server. All other Keycloak pages and REST services are derived
|
||||||
|
from this. It is usually of the form <literal>https://host:port/auth</literal>
|
||||||
|
This is
|
||||||
|
<emphasis>REQUIRED.</emphasis>
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>ssl-required</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Ensures that all communication to and from the Keycloak server from the adapter is over HTTPS.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is
|
||||||
|
<emphasis>external</emphasis>
|
||||||
|
meaning that HTTPS is required by default for external requests. Valid values are 'all', 'external'
|
||||||
|
and 'none'.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>use-resource-role-mappings</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If set to true, the adapter will look inside the token for application level role mappings for
|
||||||
|
the
|
||||||
|
user. If false, it will look at the realm level for user role mappings.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>public-client</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If set to true, the adapter will not send credentials for the client to Keycloak.
|
||||||
|
The default value is <emphasis>false</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>enable-cors</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This enables CORS support. It will handle CORS preflight requests. It will also look into
|
||||||
|
the access token to determine valid origins.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>cors-max-age</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If CORS is enabled, this sets the value of the
|
||||||
|
<literal>Access-Control-Max-Age</literal>
|
||||||
|
header.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
|
||||||
|
responses.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>cors-allowed-methods</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If CORS is enabled, this sets the value of the
|
||||||
|
<literal>Access-Control-Allow-Methods</literal>
|
||||||
|
header. This should be a comma-separated string.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
|
||||||
|
responses.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>cors-allowed-headers</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If CORS is enabled, this sets the value of the
|
||||||
|
<literal>Access-Control-Allow-Headers</literal>
|
||||||
|
header. This should be a comma-separated string.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
|
||||||
|
responses.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>bearer-only</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This tells the adapter to only do bearer token authentication. That is, it will not do
|
||||||
|
OAuth 2.0 redirects, but only accept bearer tokens through the
|
||||||
|
<literal>Authorization</literal>
|
||||||
|
header.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>enable-basic-auth</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This tells the adapter to also support basic authentication. If this option is enabled,
|
||||||
|
then <emphasis>secret</emphasis> must also be provided.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>expose-token</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If <literal>true</literal>, an authenticated browser client (via a Javascript HTTP invocation)
|
||||||
|
can obtain the signed access token via the URL <literal>root/k_query_bearer_token</literal>.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>credentials</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Specify the credentials of the application. This is an object notation where the key
|
||||||
|
is the credential type and the value is the value of the credential type. Currently only
|
||||||
|
<literal>password</literal>
|
||||||
|
is supported.
|
||||||
|
This is <emphasis>REQUIRED</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>connection-pool-size</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Adapters will make separate HTTP invocations to the Keycloak Server to turn an access code
|
||||||
|
into an access token. This config option defines how many connections to the Keycloak Server
|
||||||
|
should be pooled.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>20</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>disable-trust-manager</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If the Keycloak Server requires HTTPS and this config option is set to <literal>true</literal>
|
||||||
|
you do not have to specify a truststore. While convenient, this setting is not recommended
|
||||||
|
as you will not be verifying the host name of the Keycloak Server.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>false</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>allow-any-hostname</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If the Keycloak Server requires HTTPS and this config option is set to <literal>true</literal>
|
||||||
|
the Keycloak Server's certificate is validated via the truststore, but host name validation is
|
||||||
|
not done. This is not a recommended. This seting may be useful in test environments
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>false</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>truststore</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
This setting is for Java adapters. The value is the file path to a Java keystore file. If
|
||||||
|
you prefix the path with <literal>classpath:</literal>, then the truststore will be obtained
|
||||||
|
from the deployment's classpath instead.
|
||||||
|
Used for outgoing HTTPS communications to the Keycloak server. Client making HTTPS
|
||||||
|
requests need a way to verify the host of the server they are talking to. This is
|
||||||
|
what the trustore does. The keystore contains one or more trusted
|
||||||
|
host certificates or certificate authorities. You can
|
||||||
|
create this truststore by extracting the public certificate of the Keycloak server's SSL
|
||||||
|
keystore.
|
||||||
|
This is
|
||||||
|
<emphasis>OPTIONAL</emphasis>
|
||||||
|
if
|
||||||
|
<literal>ssl-required</literal>
|
||||||
|
is
|
||||||
|
<literal>none</literal>
|
||||||
|
or
|
||||||
|
<literal>disable-trust-manager</literal>
|
||||||
|
is <literal>true</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>truststore-password</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Password for the truststore keystore.
|
||||||
|
This is
|
||||||
|
<emphasis>REQUIRED</emphasis>
|
||||||
|
if
|
||||||
|
<literal>truststore</literal>
|
||||||
|
is set.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>client-keystore</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<emphasis>Not supported yet, but we will support in future versions.</emphasis>
|
||||||
|
|
||||||
|
This setting is for Java adapters. This is the file path to a Java keystore file.
|
||||||
|
This keystore contains client certificate for two-way SSL when the adapter makes
|
||||||
|
HTTPS requests to the Keycloak server.
|
||||||
|
This is <emphasis>OPTIONAL</emphasis>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>client-keystore-password</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<emphasis>Not supported yet, but we will support in future versions.</emphasis>
|
||||||
|
Password for the client keystore.
|
||||||
|
This is
|
||||||
|
<emphasis>REQUIRED</emphasis>
|
||||||
|
if
|
||||||
|
<literal>client-keystore</literal>
|
||||||
|
is set.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>client-key-password</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
<emphasis>Not supported yet, but we will support in future versions.</emphasis>
|
||||||
|
Password for the client's key.
|
||||||
|
This is
|
||||||
|
<emphasis>REQUIRED</emphasis>
|
||||||
|
if
|
||||||
|
<literal>client-keystore</literal>
|
||||||
|
is set.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>auth-server-url-for-backend-requests</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Alternative location of auth-server-url used just for backend requests. It must be absolute URI. Useful
|
||||||
|
especially in cluster (see <link linkend="relative-uri-optimization">Relative URI Optimization</link>) or if you would like to use <emphasis>https</emphasis> for browser requests
|
||||||
|
but stick with <emphasis>http</emphasis> for backend requests etc.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>always-refresh-token</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If <emphasis>true</emphasis>, Keycloak will refresh token in every request. More info in <link linkend="refresh-token-each-req">Refresh token in each request</link> .
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>register-node-at-startup</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
If <emphasis>true</emphasis>, then adapter will send registration request to Keycloak. It's <emphasis>false</emphasis>
|
||||||
|
by default and useful just in cluster (See <link linkend="registration-app-nodes">Registration of application nodes to Keycloak</link>)
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>register-node-period</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Period for re-registration adapter to Keycloak. Useful in cluster. See <link linkend="registration-app-nodes">Registration of application nodes to Keycloak</link> for details.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>token-store</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
Possible values are <emphasis>session</emphasis> and <emphasis>cookie</emphasis>. Default is <emphasis>session</emphasis>,
|
||||||
|
which means that adapter stores account info in HTTP Session. Alternative <emphasis>cookie</emphasis> means storage of info in cookie.
|
||||||
|
See <link linkend="stateless-token-store">Stateless token store</link> for details.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>principal-attribute</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
OpenID Connection ID Token attribute to populate the UserPrincipal name with. If token attribute is null, defaults to <literal>sub</literal>.
|
||||||
|
Possible values are <literal>sub</literal>, <literal>preferred_username</literal>, <literal>email</literal>, <literal>name</literal>, <literal>nickname</literal>, <literal>given_name</literal>, <literal>family_name</literal>.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
</variablelist>
|
||||||
|
</para>
|
||||||
|
</chapter>
|
188
docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml
Executable file
188
docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml
Executable file
|
@ -0,0 +1,188 @@
|
||||||
|
<chapter id="jboss-adapter">
|
||||||
|
<title>JBoss/Wildfly Adapter</title>
|
||||||
|
<para>
|
||||||
|
To be able to secure WAR apps deployed on JBoss EAP 6.x or Wildfly, you must install and
|
||||||
|
configure the Keycloak SAML Adapter Subsystem. You then provide a keycloak
|
||||||
|
config, <literal>/WEB-INF/keycloak-saml</literal> file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml.
|
||||||
|
Both methods are described in this section.
|
||||||
|
</para>
|
||||||
|
<section id="jboss-adapter-installation">
|
||||||
|
<title>Adapter Installation</title>
|
||||||
|
<para>
|
||||||
|
SAML Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
|
||||||
|
the Keycloak download site. They are also available as a maven artifact.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Install on Wildfly 9:
|
||||||
|
<programlisting>
|
||||||
|
$ cd $WILDFLY_HOME
|
||||||
|
$ unzip keycloak-saml-wf9-adapter-dist.zip
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Install on JBoss EAP 6.x:
|
||||||
|
<programlisting>
|
||||||
|
$ cd $JBOSS_HOME
|
||||||
|
$ unzip keycloak-saml-eap6-adapter-dist.zip
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
This zip file creates new JBoss Modules specific to the Wildfly Keycloak SAML Adapter within your Wildfly distro.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
After adding the Keycloak modules, you must then enable the Keycloak SAML Subsystem within your app server's server configuration:
|
||||||
|
<literal>domain.xml</literal> or <literal>standalone.xml</literal>.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
There is a CLI script that will help you modify your server configuration. Start the server and run the script
|
||||||
|
from the server's bin directory:
|
||||||
|
<programlisting>
|
||||||
|
$ cd $JBOSS_HOME/bin
|
||||||
|
$ jboss-cli.sh -c --file=adapter-install.cli
|
||||||
|
</programlisting>
|
||||||
|
The script will add the extension, subsystem, and optional security-domain as described below.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting><![CDATA[
|
||||||
|
<server xmlns="urn:jboss:domain:1.4">
|
||||||
|
|
||||||
|
<extensions>
|
||||||
|
<extension module="org.keycloak.keycloak-saml-adapter-subsystem"/>
|
||||||
|
...
|
||||||
|
</extensions>
|
||||||
|
|
||||||
|
<profile>
|
||||||
|
<subsystem xmlns="urn:jboss:domain:keycloak-saml:1.6"/>
|
||||||
|
...
|
||||||
|
</profile>
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The keycloak security domain should be used with EJBs and other components when you need the security context created
|
||||||
|
in the secured web tier to be propagated to the EJBs (other EE component) you are invoking. Otherwise
|
||||||
|
this configuration is optional.
|
||||||
|
</para>
|
||||||
|
<programlisting><![CDATA[
|
||||||
|
<server xmlns="urn:jboss:domain:1.4">
|
||||||
|
<subsystem xmlns="urn:jboss:domain:security:1.2">
|
||||||
|
<security-domains>
|
||||||
|
...
|
||||||
|
<security-domain name="keycloak">
|
||||||
|
<authentication>
|
||||||
|
<login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule"
|
||||||
|
flag="required"/>
|
||||||
|
</authentication>
|
||||||
|
</security-domain>
|
||||||
|
</security-domains>
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
<para>
|
||||||
|
For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want
|
||||||
|
to annotate it with the @SecurityDomain annotation as follows:
|
||||||
|
</para>
|
||||||
|
<programlisting><![CDATA[
|
||||||
|
import org.jboss.ejb3.annotation.SecurityDomain;
|
||||||
|
import org.jboss.resteasy.annotations.cache.NoCache;
|
||||||
|
|
||||||
|
import javax.annotation.security.RolesAllowed;
|
||||||
|
import javax.ejb.EJB;
|
||||||
|
import javax.ejb.Stateless;
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
@Path("customers")
|
||||||
|
@Stateless
|
||||||
|
@SecurityDomain("keycloak")
|
||||||
|
public class CustomerService {
|
||||||
|
|
||||||
|
@EJB
|
||||||
|
CustomerDB db;
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces("application/json")
|
||||||
|
@NoCache
|
||||||
|
@RolesAllowed("db_user")
|
||||||
|
public List<String> getCustomers() {
|
||||||
|
return db.getCustomers();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
<para>
|
||||||
|
We hope to improve our integration in the future so that you don't have to specify the @SecurityDomain
|
||||||
|
annotation when you want to propagate a keycloak security context to the EJB tier.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
<section>
|
||||||
|
<title>Required Per WAR Configuration</title>
|
||||||
|
<para>
|
||||||
|
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The first thing you must do is create
|
||||||
|
a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
|
||||||
|
of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
|
||||||
|
section.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Next you must set the <literal>auth-method</literal> to <literal>KEYCLOAK-SAML</literal> in <literal>web.xml</literal>. You also
|
||||||
|
have to use standard servlet security to specify role-base constraints on your URLs. Here's an example
|
||||||
|
pulled from one of the examples that comes distributed with Keycloak.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
<![CDATA[
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>customer-portal</module-name>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Admins</web-resource-name>
|
||||||
|
<url-pattern>/admin/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
<user-data-constraint>
|
||||||
|
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
|
||||||
|
</user-data-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Customers</web-resource-name>
|
||||||
|
<url-pattern>/customers/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
<user-data-constraint>
|
||||||
|
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
|
||||||
|
</user-data-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>KEYCLOAK-SAML</auth-method>
|
||||||
|
<realm-name>this is ignored currently</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
</chapter>
|
49
docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml
Executable file
49
docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml
Executable file
|
@ -0,0 +1,49 @@
|
||||||
|
<chapter id="jetty8-adapter">
|
||||||
|
<title>Jetty 8.1.x SAML Adapter</title>
|
||||||
|
<para>
|
||||||
|
Keycloak has a separate SAML adapter for Jetty 8.1.x that you will have to install into your Jetty
|
||||||
|
installation. You then have to provide some extra configuration in each WAR you deploy to
|
||||||
|
Jetty. Let's go over these steps.
|
||||||
|
</para>
|
||||||
|
<section id="jetty8-adapter-installation">
|
||||||
|
<title>Adapter Installation</title>
|
||||||
|
<para>
|
||||||
|
Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
|
||||||
|
the Keycloak download site. They are also available as a maven artifact.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
You must unzip the Jetty 8.1.x distro into Jetty 8.1.x's root directory. Including
|
||||||
|
adapter's jars within your WEB-INF/lib directory will not work!
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
$ cd $JETTY_HOME
|
||||||
|
$ unzip keycloak-saml-jetty81-adapter-dist.zip
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Next, you will have to enable the keycloak option. Edit start.ini and add keycloak to the options
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
<![CDATA[
|
||||||
|
#===========================================================
|
||||||
|
# Start classpath OPTIONS.
|
||||||
|
# These control what classes are on the classpath
|
||||||
|
# for a full listing do
|
||||||
|
# java -jar start.jar --list-options
|
||||||
|
#-----------------------------------------------------------
|
||||||
|
OPTIONS=Server,jsp,jmx,resources,websocket,ext,plus,annotations,keycloak
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Required Per WAR Configuration</title>
|
||||||
|
<para>
|
||||||
|
Enabling Keycloak for your WARs is the same as the Jetty 9.x adapter. See <link linkend="jetty9_per_war">Required Per WAR Configuration</link>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
</chapter>
|
106
docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml
Executable file
106
docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml
Executable file
|
@ -0,0 +1,106 @@
|
||||||
|
<chapter id="jetty9-adapter">
|
||||||
|
<title>Jetty 9.x SAML Adapters</title>
|
||||||
|
<para>
|
||||||
|
Keycloak has a separate SAML adapter for Jetty 9.x. You then have to provide some extra configuration in each WAR you deploy to
|
||||||
|
Jetty. Let's go over these steps.
|
||||||
|
</para>
|
||||||
|
<section id="jetty9-adapter-installation">
|
||||||
|
<title>Adapter Installation</title>
|
||||||
|
<para>
|
||||||
|
Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
|
||||||
|
the Keycloak download site. They are also available as a maven artifact.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
You must unzip the Jetty 9.x distro into Jetty 9.x's root directory. Including
|
||||||
|
adapter's jars within your WEB-INF/lib directory will not work!
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
$ cd $JETTY_HOME
|
||||||
|
$ unzip keycloak-saml-jetty92-adapter-dist.zip
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Next, you will have to enable the keycloak module for your jetty.base.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
$ cd your-base
|
||||||
|
$ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak
|
||||||
|
</programlisting>
|
||||||
|
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section id="jetty9_per_war">
|
||||||
|
<title>Required Per WAR Configuration</title>
|
||||||
|
<para>
|
||||||
|
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The first thing you must do is create a <literal>WEB-INF/jetty-web.xml</literal> file in your WAR package. This is
|
||||||
|
a Jetty specific config file and you must define a Keycloak specific authenticator within it.
|
||||||
|
</para>
|
||||||
|
<programlisting>
|
||||||
|
<![CDATA[
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
||||||
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
||||||
|
<Get name="securityHandler">
|
||||||
|
<Set name="authenticator">
|
||||||
|
<New class="org.keycloak.adapters.saml.jetty.KeycloakSamlAuthenticator">
|
||||||
|
</New>
|
||||||
|
</Set>
|
||||||
|
</Get>
|
||||||
|
</Configure>]]>
|
||||||
|
</programlisting>
|
||||||
|
<para>
|
||||||
|
Next you must create
|
||||||
|
a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
|
||||||
|
of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
|
||||||
|
section.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Finally you must specify both a <literal>login-config</literal> and use standard servlet security to specify
|
||||||
|
role-base constraints on your URLs. Here's an example:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
<![CDATA[
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>customer-portal</module-name>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Customers</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
<user-data-constraint>
|
||||||
|
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
|
||||||
|
</user-data-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>this is ignored currently</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
</chapter>
|
10
docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml
Executable file
10
docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
<chapter>
|
||||||
|
<title>Logout</title>
|
||||||
|
<para>
|
||||||
|
There are multiple ways you can logout from a web application. For Java EE servlet containers, you can call
|
||||||
|
HttpServletRequest.logout().
|
||||||
|
For any other browser application, you can point the browser at any url of your web application that has
|
||||||
|
a security constraing and pass in a query parameter GLO, i.e. <literal>http://myapp?GLO=true</literal>.
|
||||||
|
This will log you out if you have an SSO session with your browser.
|
||||||
|
</para>
|
||||||
|
</chapter>
|
56
docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml
Executable file
56
docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml
Executable file
|
@ -0,0 +1,56 @@
|
||||||
|
<chapter id="multi_tenancy">
|
||||||
|
<title>Multi Tenancy</title>
|
||||||
|
<para>
|
||||||
|
Multi Tenancy, in our context, means that one single target application (WAR) can be secured by a single (or clustered) Keycloak server, authenticating
|
||||||
|
its users against different realms. In practice, this means that one application needs to use different <literal>keycloak.json</literal> files.
|
||||||
|
For this case, there are two possible solutions:
|
||||||
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
The same WAR file deployed under two different names, each with its own Keycloak configuration (probably via the Keycloak Subsystem).
|
||||||
|
This scenario is suitable when the number of realms is known in advance or when there's a dynamic provision of application instances.
|
||||||
|
One example would be a service provider that dynamically creates servers/deployments for their clients, like a PaaS.
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
A WAR file deployed once (possibly in a cluster), that decides which realm to authenticate against based on the request parameters.
|
||||||
|
This scenario is suitable when there are an undefined number of realms. One example would be a SaaS provider that have only one deployment
|
||||||
|
(perhaps in a cluster) serving several companies, differentiating between clients based on the hostname
|
||||||
|
(<literal>client1.acme.com</literal>, <literal>client2.acme.com</literal>) or path (<literal>/app/client1/</literal>,
|
||||||
|
<literal>/app/client2/</literal>) or even via a special HTTP Header.
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
</itemizedlist>
|
||||||
|
|
||||||
|
This chapter of the reference guide focus on this second scenario.
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Keycloak provides an extension point for applications that need to evaluate the realm on a request basis. During the authentication
|
||||||
|
and authorization phase of the incoming request, Keycloak queries the application via this extension point and expects the application
|
||||||
|
to return a complete representation of the realm. With this, Keycloak then proceeds the authentication and authorization process,
|
||||||
|
accepting or refusing the request based on the incoming credentials and on the returned realm.
|
||||||
|
|
||||||
|
For this scenario, an application needs to:
|
||||||
|
|
||||||
|
<itemizedlist>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
Add a context parameter to the <literal>web.xml</literal>, named <literal>keycloak.config.resolver</literal>.
|
||||||
|
The value of this property should be the fully qualified name of the class extending
|
||||||
|
<literal>org.keycloak.adapters.KeycloakConfigResolver</literal>.
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
A concrete implementation of <literal>org.keycloak.adapters.KeycloakConfigResolver</literal>. Keycloak will call the
|
||||||
|
<literal>resolve(org.keycloak.adapters.HttpFacade.Request)</literal> method and expects a complete
|
||||||
|
<literal>org.keycloak.adapters.KeycloakDeployment</literal> in response. Note that Keycloak will call this for every request,
|
||||||
|
so, take the usual performance precautions.
|
||||||
|
</listitem>
|
||||||
|
|
||||||
|
</itemizedlist>
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
An implementation of this feature can be found in the examples.
|
||||||
|
</para>
|
||||||
|
</chapter>
|
92
docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml
Executable file
92
docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml
Executable file
|
@ -0,0 +1,92 @@
|
||||||
|
<chapter id="tomcat-adapter">
|
||||||
|
<title>Tomcat 6, 7 and 8 SAML dapters</title>
|
||||||
|
<para>
|
||||||
|
To be able to secure WAR apps deployed on Tomcat 6, 7 and 8 you must install the Keycloak Tomcat 6, 7 or 8 SAML adapter
|
||||||
|
into your Tomcat installation. You then have to provide some extra configuration in each WAR you deploy to
|
||||||
|
Tomcat. Let's go over these steps.
|
||||||
|
</para>
|
||||||
|
<section id="tomcat-adapter-installation">
|
||||||
|
<title>Adapter Installation</title>
|
||||||
|
<para>
|
||||||
|
Adapters are no longer included with the appliance or war distribution. Each adapter is a separate download on
|
||||||
|
the Keycloak download site. They are also available as a maven artifact.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
You must unzip the adapter distro into Tomcat's <literal>lib/</literal> directory. Including
|
||||||
|
adapter's jars within your WEB-INF/lib directory will not work! The Keycloak SAML adapter is implemented as a Valve
|
||||||
|
and valve code must reside in Tomcat's main lib/ directory.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
$ cd $TOMCAT_HOME/lib
|
||||||
|
$ unzip keycloak-saml-tomcat6-adapter-dist.zip
|
||||||
|
or
|
||||||
|
$ unzip keycloak-saml-tomcat7-adapter-dist.zip
|
||||||
|
or
|
||||||
|
$ unzip keycloak-saml-tomcat8-adapter-dist.zip
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<section>
|
||||||
|
<title>Required Per WAR Configuration</title>
|
||||||
|
<para>
|
||||||
|
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
The first thing you must do is create a <literal>META-INF/context.xml</literal> file in your WAR package. This is
|
||||||
|
a Tomcat specific config file and you must define a Keycloak specific Valve.
|
||||||
|
</para>
|
||||||
|
<programlisting>
|
||||||
|
<![CDATA[
|
||||||
|
<Context path="/your-context-path">
|
||||||
|
<Valve className="org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve"/>
|
||||||
|
</Context>]]>
|
||||||
|
</programlisting>
|
||||||
|
<para>
|
||||||
|
Next you must create
|
||||||
|
a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
|
||||||
|
of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
|
||||||
|
section.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
Finally you must specify both a <literal>login-config</literal> and use standard servlet security to specify
|
||||||
|
role-base constraints on your URLs. Here's an example:
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
<programlisting>
|
||||||
|
<![CDATA[
|
||||||
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
||||||
|
version="3.0">
|
||||||
|
|
||||||
|
<module-name>customer-portal</module-name>
|
||||||
|
|
||||||
|
<security-constraint>
|
||||||
|
<web-resource-collection>
|
||||||
|
<web-resource-name>Customers</web-resource-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</web-resource-collection>
|
||||||
|
<auth-constraint>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</auth-constraint>
|
||||||
|
</security-constraint>
|
||||||
|
|
||||||
|
<login-config>
|
||||||
|
<auth-method>BASIC</auth-method>
|
||||||
|
<realm-name>this is ignored currently</realm-name>
|
||||||
|
</login-config>
|
||||||
|
|
||||||
|
<security-role>
|
||||||
|
<role-name>admin</role-name>
|
||||||
|
</security-role>
|
||||||
|
<security-role>
|
||||||
|
<role-name>user</role-name>
|
||||||
|
</security-role>
|
||||||
|
</web-app>
|
||||||
|
]]>
|
||||||
|
</programlisting>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
</chapter>
|
10
pom.xml
10
pom.xml
|
@ -892,6 +892,16 @@
|
||||||
<artifactId>keycloak-saml-tomcat6-adapter</artifactId>
|
<artifactId>keycloak-saml-tomcat6-adapter</artifactId>
|
||||||
<version>${project.version}</version>
|
<version>${project.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-subsystem</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.keycloak</groupId>
|
<groupId>org.keycloak</groupId>
|
||||||
<artifactId>keycloak-saml-tomcat7-adapter</artifactId>
|
<artifactId>keycloak-saml-tomcat7-adapter</artifactId>
|
||||||
|
|
101
saml/client-adapter/as7-eap6/adapter/pom.xml
Executable file
101
saml/client-adapter/as7-eap6/adapter/pom.xml
Executable file
|
@ -0,0 +1,101 @@
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||||
|
<name>Keycloak SAML AS7 Integration</name>
|
||||||
|
<description/>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-common</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-as7-adapter-spi</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-adapter-spi</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-adapter-core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-adapter-core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle</groupId>
|
||||||
|
<artifactId>bcprov-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.spec.javax.servlet</groupId>
|
||||||
|
<artifactId>jboss-servlet-api_3.0_spec</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.logging</groupId>
|
||||||
|
<artifactId>jboss-logging</artifactId>
|
||||||
|
<version>${jboss.logging.version}</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.web</groupId>
|
||||||
|
<artifactId>jbossweb</artifactId>
|
||||||
|
<version>7.0.17.Final</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.as</groupId>
|
||||||
|
<artifactId>jboss-as-web</artifactId>
|
||||||
|
<version>7.1.2.Final</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-tomcat-adapter-core</artifactId>
|
||||||
|
<exclusions>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>org.apache.tomcat</groupId>
|
||||||
|
<artifactId>tomcat-servlet-api</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>org.apache.tomcat</groupId>
|
||||||
|
<artifactId>tomcat-catalina</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>org.apache.tomcat</groupId>
|
||||||
|
<artifactId>catalina</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
</exclusions>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>junit</groupId>
|
||||||
|
<artifactId>junit</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<source>${maven.compiler.source}</source>
|
||||||
|
<target>${maven.compiler.target}</target>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
</project>
|
|
@ -0,0 +1,52 @@
|
||||||
|
package org.keycloak.adapters.saml.jbossweb;
|
||||||
|
|
||||||
|
import org.apache.catalina.LifecycleException;
|
||||||
|
import org.apache.catalina.connector.Request;
|
||||||
|
import org.apache.catalina.connector.Response;
|
||||||
|
import org.apache.catalina.core.StandardContext;
|
||||||
|
import org.apache.catalina.deploy.LoginConfig;
|
||||||
|
import org.keycloak.adapters.jbossweb.JBossWebPrincipalFactory;
|
||||||
|
import org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve;
|
||||||
|
import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Keycloak authentication valve
|
||||||
|
*
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class SamlAuthenticatorValve extends AbstractSamlAuthenticatorValve {
|
||||||
|
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws java.io.IOException {
|
||||||
|
return authenticateInternal(request, response, config);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException {
|
||||||
|
if (loginConfig == null) return false;
|
||||||
|
LoginConfig config = (LoginConfig)loginConfig;
|
||||||
|
if (config.getErrorPage() == null) return false;
|
||||||
|
forwardToErrorPage(request, (Response)response, config);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void start() throws LifecycleException {
|
||||||
|
StandardContext standardContext = (StandardContext) context;
|
||||||
|
standardContext.addLifecycleListener(this);
|
||||||
|
super.start();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public void logout(Request request) {
|
||||||
|
logoutInternal(request);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected GenericPrincipalFactory createPrincipalFactory() {
|
||||||
|
return new JBossWebPrincipalFactory();
|
||||||
|
}
|
||||||
|
}
|
20
saml/client-adapter/as7-eap6/pom.xml
Executable file
20
saml/client-adapter/as7-eap6/pom.xml
Executable file
|
@ -0,0 +1,20 @@
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
<parent>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
<name>Keycloak SAML EAP Integration</name>
|
||||||
|
<description/>
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-eap-integration-pom</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
|
||||||
|
<modules>
|
||||||
|
<module>adapter</module>
|
||||||
|
<module>subsystem</module>
|
||||||
|
</modules>
|
||||||
|
</project>
|
115
saml/client-adapter/as7-eap6/subsystem/pom.xml
Executable file
115
saml/client-adapter/as7-eap6/subsystem/pom.xml
Executable file
|
@ -0,0 +1,115 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright 2013 JBoss Inc
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-parent</artifactId>
|
||||||
|
<version>1.6.0.Final-SNAPSHOT</version>
|
||||||
|
<relativePath>../../../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<artifactId>keycloak-saml-as7-subsystem</artifactId>
|
||||||
|
<name>Keycloak SAML AS7 Subsystem</name>
|
||||||
|
<description/>
|
||||||
|
<packaging>jar</packaging>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-surefire-plugin</artifactId>
|
||||||
|
<version>2.8.1</version>
|
||||||
|
<configuration>
|
||||||
|
<redirectTestOutputToFile>false</redirectTestOutputToFile>
|
||||||
|
<enableAssertions>true</enableAssertions>
|
||||||
|
<argLine>-Xmx512m</argLine>
|
||||||
|
<systemProperties>
|
||||||
|
<property>
|
||||||
|
<name>jboss.home</name>
|
||||||
|
<value>${jboss.home}</value>
|
||||||
|
</property>
|
||||||
|
</systemProperties>
|
||||||
|
<includes>
|
||||||
|
<include>**/*TestCase.java</include>
|
||||||
|
</includes>
|
||||||
|
<forkMode>once</forkMode>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.keycloak</groupId>
|
||||||
|
<artifactId>keycloak-saml-as7-adapter</artifactId>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.as</groupId>
|
||||||
|
<artifactId>jboss-as-naming</artifactId>
|
||||||
|
<version>${jboss.version}</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.as</groupId>
|
||||||
|
<artifactId>jboss-as-server</artifactId>
|
||||||
|
<version>${jboss.version}</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.as</groupId>
|
||||||
|
<artifactId>jboss-as-ee</artifactId>
|
||||||
|
<version>${jboss.version}</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.as</groupId>
|
||||||
|
<artifactId>jboss-as-web</artifactId>
|
||||||
|
<version>${jboss.version}</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.logging</groupId>
|
||||||
|
<artifactId>jboss-logging</artifactId>
|
||||||
|
<version>3.1.0.GA</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.logging</groupId>
|
||||||
|
<artifactId>jboss-logging-processor</artifactId>
|
||||||
|
<!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
|
||||||
|
projects that depend on this project.-->
|
||||||
|
<scope>provided</scope>
|
||||||
|
<optional>true</optional>
|
||||||
|
<version>1.0.0.Final</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.jboss.msc</groupId>
|
||||||
|
<artifactId>jboss-msc</artifactId>
|
||||||
|
<version>1.0.2.GA</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>junit</groupId>
|
||||||
|
<artifactId>junit</artifactId>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
</project>
|
|
@ -0,0 +1,93 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
import org.jboss.as.server.deployment.DeploymentPhaseContext;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnit;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnitProcessor;
|
||||||
|
import org.jboss.as.web.deployment.WarMetaData;
|
||||||
|
import org.jboss.logging.Logger;
|
||||||
|
import org.jboss.metadata.javaee.spec.ParamValueMetaData;
|
||||||
|
import org.jboss.metadata.web.jboss.JBossWebMetaData;
|
||||||
|
import org.jboss.metadata.web.jboss.ValveMetaData;
|
||||||
|
import org.jboss.metadata.web.spec.LoginConfigMetaData;
|
||||||
|
import org.keycloak.adapters.saml.jbossweb.SamlAuthenticatorValve;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
|
||||||
|
*
|
||||||
|
* @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
|
||||||
|
*/
|
||||||
|
public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitProcessor {
|
||||||
|
protected Logger log = Logger.getLogger(KeycloakAdapterConfigDeploymentProcessor.class);
|
||||||
|
|
||||||
|
// This param name is defined again in Keycloak Undertow Integration class
|
||||||
|
// org.keycloak.adapters.undertow.KeycloakServletExtension. We have this value in
|
||||||
|
// two places to avoid dependency between Keycloak Subsystem and Keyclaok Undertow Integration.
|
||||||
|
public static final String AUTH_DATA_PARAM_NAME = "org.keycloak.saml.adapterConfig";
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
|
DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
String deploymentName = deploymentUnit.getName();
|
||||||
|
|
||||||
|
// if it's not a web-app there's nothing to secure
|
||||||
|
WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
|
||||||
|
if (warMetaData == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
|
||||||
|
if (webMetaData == null) {
|
||||||
|
webMetaData = new JBossWebMetaData();
|
||||||
|
warMetaData.setMergedJBossWebMetaData(webMetaData);
|
||||||
|
}
|
||||||
|
|
||||||
|
// otherwise
|
||||||
|
LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
|
||||||
|
|
||||||
|
boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod());
|
||||||
|
|
||||||
|
if (webRequiresKC) {
|
||||||
|
log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentName);
|
||||||
|
addValve(webMetaData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void addValve(JBossWebMetaData webMetaData) {
|
||||||
|
List<ValveMetaData> valves = webMetaData.getValves();
|
||||||
|
if (valves == null) {
|
||||||
|
valves = new ArrayList<ValveMetaData>(1);
|
||||||
|
webMetaData.setValves(valves);
|
||||||
|
}
|
||||||
|
ValveMetaData valve = new ValveMetaData();
|
||||||
|
valve.setValveClass(SamlAuthenticatorValve.class.getName());
|
||||||
|
valve.setModule("org.keycloak.keycloak-saml-as7-adapter");
|
||||||
|
//log.info("******* adding Keycloak valve to: " + deploymentName);
|
||||||
|
valves.add(valve);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void undeploy(DeploymentUnit du) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,67 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
import org.jboss.as.server.deployment.Attachments;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentPhaseContext;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnit;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
|
||||||
|
import org.jboss.as.server.deployment.DeploymentUnitProcessor;
|
||||||
|
import org.jboss.as.server.deployment.module.ModuleDependency;
|
||||||
|
import org.jboss.as.server.deployment.module.ModuleSpecification;
|
||||||
|
import org.jboss.modules.Module;
|
||||||
|
import org.jboss.modules.ModuleIdentifier;
|
||||||
|
import org.jboss.modules.ModuleLoader;
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
||||||
|
*/
|
||||||
|
public abstract class KeycloakDependencyProcessor implements DeploymentUnitProcessor {
|
||||||
|
|
||||||
|
private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core");
|
||||||
|
private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core");
|
||||||
|
private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common");
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
|
||||||
|
final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
|
||||||
|
|
||||||
|
// Next phase, need to detect if this is a Keycloak deployment. If not, don't add the modules.
|
||||||
|
|
||||||
|
final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
|
||||||
|
final ModuleLoader moduleLoader = Module.getBootModuleLoader();
|
||||||
|
addCommonModules(moduleSpecification, moduleLoader);
|
||||||
|
addPlatformSpecificModules(moduleSpecification, moduleLoader);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
|
||||||
|
// ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
|
||||||
|
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false));
|
||||||
|
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false));
|
||||||
|
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
|
||||||
|
}
|
||||||
|
|
||||||
|
abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void undeploy(DeploymentUnit du) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,19 @@
|
||||||
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
import org.jboss.as.server.deployment.module.ModuleDependency;
|
||||||
|
import org.jboss.as.server.deployment.module.ModuleSpecification;
|
||||||
|
import org.jboss.modules.ModuleIdentifier;
|
||||||
|
import org.jboss.modules.ModuleLoader;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:marko.strukelj@gmail.com">Marko Strukelj</a>
|
||||||
|
*/
|
||||||
|
public class KeycloakDependencyProcessorAS7 extends KeycloakDependencyProcessor {
|
||||||
|
|
||||||
|
private static final ModuleIdentifier KEYCLOAK_AS7_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-as7-adapter");
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
|
||||||
|
// ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
|
||||||
|
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_AS7_ADAPTER, false, false, true, false));
|
||||||
|
}}
|
|
@ -0,0 +1,76 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
import org.jboss.as.controller.Extension;
|
||||||
|
import org.jboss.as.controller.ExtensionContext;
|
||||||
|
import org.jboss.as.controller.PathElement;
|
||||||
|
import org.jboss.as.controller.ResourceDefinition;
|
||||||
|
import org.jboss.as.controller.SubsystemRegistration;
|
||||||
|
import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
|
||||||
|
import org.jboss.as.controller.parsing.ExtensionParsingContext;
|
||||||
|
import org.jboss.as.controller.registry.ManagementResourceRegistration;
|
||||||
|
|
||||||
|
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Main Extension class for the subsystem.
|
||||||
|
*
|
||||||
|
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
||||||
|
*/
|
||||||
|
public class KeycloakSamlExtension implements Extension {
|
||||||
|
|
||||||
|
public static final String SUBSYSTEM_NAME = "keycloak-saml";
|
||||||
|
public static final String NAMESPACE = "urn:jboss:domain:keycloak-saml:1.6";
|
||||||
|
private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser();
|
||||||
|
static final PathElement PATH_SUBSYSTEM = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
|
||||||
|
private static final String RESOURCE_NAME = KeycloakSamlExtension.class.getPackage().getName() + ".LocalDescriptions";
|
||||||
|
private static final int MGMT_API_VERSION_MAJOR = 1;
|
||||||
|
private static final int MGMT_API_VERSION_MINOR = 1;
|
||||||
|
|
||||||
|
static final PathElement SUBSYSTEM_PATH = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
|
||||||
|
private static final ResourceDefinition KEYCLOAK_SUBSYSTEM_RESOURCE = new KeycloakSubsystemDefinition();
|
||||||
|
|
||||||
|
public static StandardResourceDescriptionResolver getResourceDescriptionResolver(final String... keyPrefix) {
|
||||||
|
StringBuilder prefix = new StringBuilder(SUBSYSTEM_NAME);
|
||||||
|
for (String kp : keyPrefix) {
|
||||||
|
prefix.append('.').append(kp);
|
||||||
|
}
|
||||||
|
return new StandardResourceDescriptionResolver(prefix.toString(), RESOURCE_NAME, KeycloakSamlExtension.class.getClassLoader(), true, false);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void initializeParsers(final ExtensionParsingContext context) {
|
||||||
|
context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakSamlExtension.NAMESPACE, PARSER);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void initialize(final ExtensionContext context) {
|
||||||
|
final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, MGMT_API_VERSION_MAJOR, MGMT_API_VERSION_MINOR);
|
||||||
|
|
||||||
|
ManagementResourceRegistration registration = subsystem.registerSubsystemModel(KEYCLOAK_SUBSYSTEM_RESOURCE);
|
||||||
|
|
||||||
|
subsystem.registerXMLElementWriter(PARSER);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,59 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
|
||||||
|
import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
|
||||||
|
import org.jboss.as.controller.OperationContext;
|
||||||
|
import org.jboss.as.controller.OperationFailedException;
|
||||||
|
import org.jboss.as.controller.ServiceVerificationHandler;
|
||||||
|
import org.jboss.as.server.AbstractDeploymentChainStep;
|
||||||
|
import org.jboss.as.server.DeploymentProcessorTarget;
|
||||||
|
import org.jboss.as.server.deployment.Phase;
|
||||||
|
import org.jboss.dmr.ModelNode;
|
||||||
|
import org.jboss.msc.service.ServiceController;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The Keycloak subsystem add update handler.
|
||||||
|
*
|
||||||
|
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
||||||
|
*/
|
||||||
|
class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
|
||||||
|
|
||||||
|
static final KeycloakSubsystemAdd INSTANCE = new KeycloakSubsystemAdd();
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void performBoottime(final OperationContext context, ModelNode operation, final ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) {
|
||||||
|
context.addStep(new AbstractDeploymentChainStep() {
|
||||||
|
@Override
|
||||||
|
protected void execute(DeploymentProcessorTarget processorTarget) {
|
||||||
|
processorTarget.addDeploymentProcessor(Phase.DEPENDENCIES, 0, new KeycloakDependencyProcessorAS7());
|
||||||
|
processorTarget.addDeploymentProcessor(
|
||||||
|
Phase.POST_MODULE, // PHASE
|
||||||
|
Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY
|
||||||
|
new KeycloakAdapterConfigDeploymentProcessor());
|
||||||
|
}
|
||||||
|
}, OperationContext.Stage.RUNTIME);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
|
||||||
|
model.setEmptyObject();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,47 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
|
||||||
|
import org.jboss.as.controller.SimpleResourceDefinition;
|
||||||
|
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
|
||||||
|
import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
|
||||||
|
import org.jboss.as.controller.registry.ManagementResourceRegistration;
|
||||||
|
import org.jboss.as.controller.registry.OperationEntry;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Definition of subsystem=keycloak.
|
||||||
|
*
|
||||||
|
* @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
|
||||||
|
*/
|
||||||
|
public class KeycloakSubsystemDefinition extends SimpleResourceDefinition {
|
||||||
|
protected KeycloakSubsystemDefinition() {
|
||||||
|
super(KeycloakSamlExtension.SUBSYSTEM_PATH,
|
||||||
|
KeycloakSamlExtension.getResourceDescriptionResolver("subsystem"),
|
||||||
|
KeycloakSubsystemAdd.INSTANCE,
|
||||||
|
ReloadRequiredRemoveStepHandler.INSTANCE
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void registerOperations(ManagementResourceRegistration resourceRegistration) {
|
||||||
|
super.registerOperations(resourceRegistration);
|
||||||
|
resourceRegistration.registerOperationHandler(ModelDescriptionConstants.DESCRIBE, GenericSubsystemDescribeHandler.INSTANCE, GenericSubsystemDescribeHandler.INSTANCE, false, OperationEntry.EntryType.PRIVATE);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,67 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
|
||||||
|
* as indicated by the @author tags. All rights reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||||
|
* use this file except in compliance with the License. You may obtain a copy of
|
||||||
|
* the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
* License for the specific language governing permissions and limitations under
|
||||||
|
* the License.
|
||||||
|
*/
|
||||||
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
import org.jboss.as.controller.PathAddress;
|
||||||
|
import org.jboss.as.controller.parsing.ParseUtils;
|
||||||
|
import org.jboss.as.controller.persistence.SubsystemMarshallingContext;
|
||||||
|
import org.jboss.dmr.ModelNode;
|
||||||
|
import org.jboss.staxmapper.XMLElementReader;
|
||||||
|
import org.jboss.staxmapper.XMLElementWriter;
|
||||||
|
import org.jboss.staxmapper.XMLExtendedStreamReader;
|
||||||
|
import org.jboss.staxmapper.XMLExtendedStreamWriter;
|
||||||
|
|
||||||
|
import javax.xml.stream.XMLStreamConstants;
|
||||||
|
import javax.xml.stream.XMLStreamException;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The subsystem parser, which uses stax to read and write to and from xml
|
||||||
|
*/
|
||||||
|
class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<List<ModelNode>>, XMLElementWriter<SubsystemMarshallingContext> {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void readElement(final XMLExtendedStreamReader reader, final List<ModelNode> list) throws XMLStreamException {
|
||||||
|
// Require no attributes
|
||||||
|
ParseUtils.requireNoAttributes(reader);
|
||||||
|
ModelNode addKeycloakSub = org.jboss.as.controller.operations.common.Util.createAddOperation(PathAddress.pathAddress(KeycloakSamlExtension.PATH_SUBSYSTEM));
|
||||||
|
list.add(addKeycloakSub);
|
||||||
|
|
||||||
|
while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// used for debugging
|
||||||
|
private int nextTag(XMLExtendedStreamReader reader) throws XMLStreamException {
|
||||||
|
return reader.nextTag();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@inheritDoc}
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
|
||||||
|
context.startSubsystemElement(KeycloakSamlExtension.NAMESPACE, false);
|
||||||
|
writer.writeEndElement();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,42 @@
|
||||||
|
package org.keycloak.subsystem.saml.as7;
|
||||||
|
|
||||||
|
import org.jboss.as.controller.PathAddress;
|
||||||
|
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
|
||||||
|
import org.jboss.dmr.ModelNode;
|
||||||
|
|
||||||
|
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
|
||||||
|
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||||
|
* @version $Revision: 1 $
|
||||||
|
*/
|
||||||
|
public class Util {
|
||||||
|
public static ModelNode createAddOperation(final PathAddress address) {
|
||||||
|
return createOperation(ModelDescriptionConstants.ADD, address);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static ModelNode createAddOperation() {
|
||||||
|
return createEmptyOperation(ModelDescriptionConstants.ADD, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static ModelNode createRemoveOperation(final PathAddress address) {
|
||||||
|
return createOperation(ModelDescriptionConstants.REMOVE, address);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static ModelNode createOperation(final String operationName, final PathAddress address) {
|
||||||
|
return createEmptyOperation(operationName, address);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static ModelNode createEmptyOperation(String operationName, final PathAddress address) {
|
||||||
|
ModelNode op = new ModelNode();
|
||||||
|
op.get(OP).set(operationName);
|
||||||
|
if (address != null) {
|
||||||
|
op.get(OP_ADDR).set(address.toModelNode());
|
||||||
|
} else {
|
||||||
|
// Just establish the standard structure; caller can fill in address later
|
||||||
|
op.get(OP_ADDR);
|
||||||
|
}
|
||||||
|
return op;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
org.keycloak.subsystem.saml.as7.KeycloakSamlExtension
|
|
@ -19,5 +19,6 @@
|
||||||
<module>tomcat</module>
|
<module>tomcat</module>
|
||||||
<module>jetty</module>
|
<module>jetty</module>
|
||||||
<module>wildfly</module>
|
<module>wildfly</module>
|
||||||
|
<module>as7-eap6</module>
|
||||||
</modules>
|
</modules>
|
||||||
</project>
|
</project>
|
||||||
|
|
|
@ -36,7 +36,6 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
|
||||||
|
|
||||||
private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core");
|
private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core");
|
||||||
private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core");
|
private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core");
|
||||||
private static final ModuleIdentifier KEYCLOAK_CORE = ModuleIdentifier.create("org.keycloak.keycloak-core");
|
|
||||||
private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common");
|
private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common");
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -56,7 +55,6 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
|
||||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false));
|
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false));
|
||||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false));
|
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false));
|
||||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
|
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
|
||||||
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE, false, false, false, false));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
|
abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
|
||||||
|
|
Loading…
Reference in a new issue