KEYCLOAK-14742 SAML2NameIDPolicyBuilder: add AllowCreate and SPNameQualifier properties
This commit is contained in:
parent
0d5b5abb4d
commit
da6530471b
3 changed files with 25 additions and 4 deletions
|
@ -101,7 +101,9 @@ public abstract class AbstractInitiateLogin implements AuthChallenge {
|
||||||
.destination(sso.getRequestBindingUrl())
|
.destination(sso.getRequestBindingUrl())
|
||||||
.issuer(issuerURL)
|
.issuer(issuerURL)
|
||||||
.forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
|
.forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
|
||||||
.nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
|
.nameIdPolicy(SAML2NameIDPolicyBuilder
|
||||||
|
.format(nameIDPolicyFormat)
|
||||||
|
.setAllowCreate(Boolean.TRUE));
|
||||||
if (sso.getResponseBinding() != null) {
|
if (sso.getResponseBinding() != null) {
|
||||||
String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
|
String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
|
||||||
if (sso.getResponseBinding() == SamlDeployment.Binding.POST) {
|
if (sso.getResponseBinding() == SamlDeployment.Binding.POST) {
|
||||||
|
|
|
@ -24,8 +24,9 @@ import java.net.URI;
|
||||||
* @author pedroigor
|
* @author pedroigor
|
||||||
*/
|
*/
|
||||||
public class SAML2NameIDPolicyBuilder {
|
public class SAML2NameIDPolicyBuilder {
|
||||||
|
|
||||||
private final NameIDPolicyType policyType;
|
private final NameIDPolicyType policyType;
|
||||||
|
private Boolean allowCreate;
|
||||||
|
private String spNameQualifier;
|
||||||
|
|
||||||
private SAML2NameIDPolicyBuilder(String format) {
|
private SAML2NameIDPolicyBuilder(String format) {
|
||||||
this.policyType = new NameIDPolicyType();
|
this.policyType = new NameIDPolicyType();
|
||||||
|
@ -36,8 +37,23 @@ public class SAML2NameIDPolicyBuilder {
|
||||||
return new SAML2NameIDPolicyBuilder(format);
|
return new SAML2NameIDPolicyBuilder(format);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public SAML2NameIDPolicyBuilder setAllowCreate(Boolean allowCreate) {
|
||||||
|
this.allowCreate = allowCreate;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
|
public SAML2NameIDPolicyBuilder setSPNameQualifier(String spNameQualifier) {
|
||||||
|
this.spNameQualifier = spNameQualifier;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
public NameIDPolicyType build() {
|
public NameIDPolicyType build() {
|
||||||
this.policyType.setAllowCreate(Boolean.TRUE);
|
if (this.allowCreate != null)
|
||||||
|
this.policyType.setAllowCreate(this.allowCreate);
|
||||||
|
|
||||||
|
if (this.spNameQualifier != null)
|
||||||
|
this.policyType.setSPNameQualifier(this.spNameQualifier);
|
||||||
|
|
||||||
return this.policyType;
|
return this.policyType;
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -104,8 +104,11 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
|
||||||
.issuer(issuerURL)
|
.issuer(issuerURL)
|
||||||
.forceAuthn(getConfig().isForceAuthn())
|
.forceAuthn(getConfig().isForceAuthn())
|
||||||
.protocolBinding(protocolBinding)
|
.protocolBinding(protocolBinding)
|
||||||
.nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat))
|
.nameIdPolicy(SAML2NameIDPolicyBuilder
|
||||||
|
.format(nameIDPolicyFormat)
|
||||||
|
.setAllowCreate(Boolean.TRUE))
|
||||||
.subject(loginHint);
|
.subject(loginHint);
|
||||||
|
|
||||||
JaxrsSAML2BindingBuilder binding = new JaxrsSAML2BindingBuilder(session)
|
JaxrsSAML2BindingBuilder binding = new JaxrsSAML2BindingBuilder(session)
|
||||||
.relayState(request.getState().getEncoded());
|
.relayState(request.getState().getEncoded());
|
||||||
boolean postBinding = getConfig().isPostBindingAuthnRequest();
|
boolean postBinding = getConfig().isPostBindingAuthnRequest();
|
||||||
|
|
Loading…
Reference in a new issue