KEYCLOAK-14742 SAML2NameIDPolicyBuilder: add AllowCreate and SPNameQualifier properties

This commit is contained in:
Luca Leonardo Scorcia 2020-07-13 16:39:22 -04:00 committed by Hynek Mlnařík
parent 0d5b5abb4d
commit da6530471b
3 changed files with 25 additions and 4 deletions

View file

@ -101,7 +101,9 @@ public abstract class AbstractInitiateLogin implements AuthChallenge {
.destination(sso.getRequestBindingUrl()) .destination(sso.getRequestBindingUrl())
.issuer(issuerURL) .issuer(issuerURL)
.forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive()) .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
.nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat)); .nameIdPolicy(SAML2NameIDPolicyBuilder
.format(nameIDPolicyFormat)
.setAllowCreate(Boolean.TRUE));
if (sso.getResponseBinding() != null) { if (sso.getResponseBinding() != null) {
String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get(); String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
if (sso.getResponseBinding() == SamlDeployment.Binding.POST) { if (sso.getResponseBinding() == SamlDeployment.Binding.POST) {

View file

@ -24,8 +24,9 @@ import java.net.URI;
* @author pedroigor * @author pedroigor
*/ */
public class SAML2NameIDPolicyBuilder { public class SAML2NameIDPolicyBuilder {
private final NameIDPolicyType policyType; private final NameIDPolicyType policyType;
private Boolean allowCreate;
private String spNameQualifier;
private SAML2NameIDPolicyBuilder(String format) { private SAML2NameIDPolicyBuilder(String format) {
this.policyType = new NameIDPolicyType(); this.policyType = new NameIDPolicyType();
@ -36,8 +37,23 @@ public class SAML2NameIDPolicyBuilder {
return new SAML2NameIDPolicyBuilder(format); return new SAML2NameIDPolicyBuilder(format);
} }
public SAML2NameIDPolicyBuilder setAllowCreate(Boolean allowCreate) {
this.allowCreate = allowCreate;
return this;
}
public SAML2NameIDPolicyBuilder setSPNameQualifier(String spNameQualifier) {
this.spNameQualifier = spNameQualifier;
return this;
}
public NameIDPolicyType build() { public NameIDPolicyType build() {
this.policyType.setAllowCreate(Boolean.TRUE); if (this.allowCreate != null)
this.policyType.setAllowCreate(this.allowCreate);
if (this.spNameQualifier != null)
this.policyType.setSPNameQualifier(this.spNameQualifier);
return this.policyType; return this.policyType;
} }
} }

View file

@ -104,8 +104,11 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
.issuer(issuerURL) .issuer(issuerURL)
.forceAuthn(getConfig().isForceAuthn()) .forceAuthn(getConfig().isForceAuthn())
.protocolBinding(protocolBinding) .protocolBinding(protocolBinding)
.nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat)) .nameIdPolicy(SAML2NameIDPolicyBuilder
.format(nameIDPolicyFormat)
.setAllowCreate(Boolean.TRUE))
.subject(loginHint); .subject(loginHint);
JaxrsSAML2BindingBuilder binding = new JaxrsSAML2BindingBuilder(session) JaxrsSAML2BindingBuilder binding = new JaxrsSAML2BindingBuilder(session)
.relayState(request.getState().getEncoded()); .relayState(request.getState().getEncoded());
boolean postBinding = getConfig().isPostBindingAuthnRequest(); boolean postBinding = getConfig().isPostBindingAuthnRequest();