Merge pull request #2142 from patriot1burke/master
saml subsystem model changes
This commit is contained in:
commit
db78ea76b8
11 changed files with 201 additions and 132 deletions
|
@ -24,48 +24,48 @@ public class Constants {
|
|||
|
||||
static class Model {
|
||||
static final String SECURE_DEPLOYMENT = "secure-deployment";
|
||||
static final String SERVICE_PROVIDER = "service-provider";
|
||||
static final String SERVICE_PROVIDER = "SP";
|
||||
|
||||
static final String SSL_POLICY = "ssl-policy";
|
||||
static final String NAME_ID_POLICY_FORMAT = "name-id-policy-format";
|
||||
static final String LOGOUT_PAGE = "logout-page";
|
||||
static final String FORCE_AUTHENTICATION = "force-authentication";
|
||||
static final String SSL_POLICY = "sslPolicy";
|
||||
static final String NAME_ID_POLICY_FORMAT = "nameIDPolicyFormat";
|
||||
static final String LOGOUT_PAGE = "logoutPage";
|
||||
static final String FORCE_AUTHENTICATION = "forceAuthentication";
|
||||
static final String IS_PASSIVE = "isPassive";
|
||||
static final String TURN_OFF_CHANGE_SESSSION_ID_ON_LOGIN = "turnOffChangeSessionIdOnLogin";
|
||||
static final String ROLE_ATTRIBUTES = "role-attributes";
|
||||
static final String ROLE_ATTRIBUTES = "RoleIdentifiers";
|
||||
static final String SIGNING = "signing";
|
||||
static final String ENCRYPTION = "encryption";
|
||||
static final String KEY = "key";
|
||||
static final String KEY = "Key";
|
||||
static final String RESOURCE = "resource";
|
||||
static final String PASSWORD = "password";
|
||||
|
||||
static final String PRIVATE_KEY_ALIAS = "private-key-alias";
|
||||
static final String PRIVATE_KEY_PASSWORD = "private-key-password";
|
||||
static final String CERTIFICATE_ALIAS = "certificate-alias";
|
||||
static final String KEY_STORE = "key-store";
|
||||
static final String SIGN_REQUEST = "sign-request";
|
||||
static final String VALIDATE_RESPONSE_SIGNATURE = "validate-response-signature";
|
||||
static final String REQUEST_BINDING = "request-binding";
|
||||
static final String BINDING_URL = "binding-url";
|
||||
static final String VALIDATE_REQUEST_SIGNATURE = "validate-request-signature";
|
||||
static final String SIGN_RESPONSE = "sign-response";
|
||||
static final String RESPONSE_BINDING = "response-binding";
|
||||
static final String POST_BINDING_URL = "post-binding-url";
|
||||
static final String REDIRECT_BINDING_URL = "redirect-binding-url";
|
||||
static final String SINGLE_SIGN_ON = "single-sign-on";
|
||||
static final String SINGLE_LOGOUT = "single-logout";
|
||||
static final String IDENTITY_PROVIDER = "identity-provider";
|
||||
static final String PRINCIPAL_NAME_MAPPING_POLICY = "principal-name-mapping-policy";
|
||||
static final String PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME = "principal-name-mapping-attribute-name";
|
||||
static final String SIGNATURE_ALGORITHM = "signature-algorithm";
|
||||
static final String SIGNATURE_CANONICALIZATION_METHOD = "signature-canonicalization-method";
|
||||
static final String PRIVATE_KEY_PEM = "private-key-pem";
|
||||
static final String PUBLIC_KEY_PEM = "public-key-pem";
|
||||
static final String CERTIFICATE_PEM = "certificate-pem";
|
||||
static final String PRIVATE_KEY_ALIAS = "PrivateKey-alias";
|
||||
static final String PRIVATE_KEY_PASSWORD = "PrivateKey-password";
|
||||
static final String CERTIFICATE_ALIAS = "Certificate-alias";
|
||||
static final String KEY_STORE = "KeyStore";
|
||||
static final String SIGN_REQUEST = "signRequest";
|
||||
static final String VALIDATE_RESPONSE_SIGNATURE = "validateResponseSignature";
|
||||
static final String REQUEST_BINDING = "requestBinding";
|
||||
static final String BINDING_URL = "bindingUrl";
|
||||
static final String VALIDATE_REQUEST_SIGNATURE = "validateRequestSignature";
|
||||
static final String SIGN_RESPONSE = "signResponse";
|
||||
static final String RESPONSE_BINDING = "responseBinding";
|
||||
static final String POST_BINDING_URL = "postBindingUrl";
|
||||
static final String REDIRECT_BINDING_URL = "redirectBindingUrl";
|
||||
static final String SINGLE_SIGN_ON = "SingleSignOnService";
|
||||
static final String SINGLE_LOGOUT = "SingleLogoutService";
|
||||
static final String IDENTITY_PROVIDER = "IDP";
|
||||
static final String PRINCIPAL_NAME_MAPPING_POLICY = "PrincipalNameMapping-policy";
|
||||
static final String PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME = "PrincipalNameMapping-attribute-name";
|
||||
static final String SIGNATURE_ALGORITHM = "signatureAlgorithm";
|
||||
static final String SIGNATURE_CANONICALIZATION_METHOD = "signatureCanonicalizationMethod";
|
||||
static final String PRIVATE_KEY_PEM = "PrivateKeyPem";
|
||||
static final String PUBLIC_KEY_PEM = "PublicKeyPem";
|
||||
static final String CERTIFICATE_PEM = "CertificatePem";
|
||||
static final String TYPE = "type";
|
||||
static final String ALIAS = "alias";
|
||||
static final String FILE = "file";
|
||||
static final String SIGNATURES_REQUIRED = "signatures-required";
|
||||
static final String SIGNATURES_REQUIRED = "signaturesRequired";
|
||||
}
|
||||
|
||||
|
||||
|
|
2
adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeyDefinition.java
Normal file → Executable file
2
adapters/saml/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeyDefinition.java
Normal file → Executable file
|
@ -64,7 +64,7 @@ public class KeyDefinition extends SimpleResourceDefinition {
|
|||
static final ObjectTypeAttributeDefinition KEY_STORE =
|
||||
ObjectTypeAttributeDefinition.Builder.of(Constants.Model.KEY_STORE,
|
||||
KeyStoreDefinition.ALL_ATTRIBUTES)
|
||||
.setAllowNull(false)
|
||||
.setAllowNull(true)
|
||||
.build();
|
||||
|
||||
static final SimpleAttributeDefinition[] ATTRIBUTES = {SIGNING, ENCRYPTION};
|
||||
|
|
|
@ -555,14 +555,18 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
|
|||
}
|
||||
|
||||
void writePrincipalNameMapping(XMLExtendedStreamWriter writer, ModelNode model) throws XMLStreamException {
|
||||
writer.writeStartElement(Constants.XML.PRINCIPAL_NAME_MAPPING);
|
||||
ModelNode value = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_POLICY);
|
||||
if (value.isDefined()) {
|
||||
writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY, value.asString());
|
||||
|
||||
ModelNode policy = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_POLICY);
|
||||
ModelNode mappingAttribute = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME);
|
||||
if (!policy.isDefined() && !mappingAttribute.isDefined()) {
|
||||
return;
|
||||
}
|
||||
value = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME);
|
||||
if (value.isDefined()) {
|
||||
writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME, value.asString());
|
||||
writer.writeStartElement(Constants.XML.PRINCIPAL_NAME_MAPPING);
|
||||
if (policy.isDefined()) {
|
||||
writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY, policy.asString());
|
||||
}
|
||||
if (mappingAttribute.isDefined()) {
|
||||
writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME, mappingAttribute.asString());
|
||||
}
|
||||
writer.writeEndElement();
|
||||
}
|
||||
|
|
|
@ -80,7 +80,7 @@ public class ServiceProviderDefinition extends SimpleResourceDefinition {
|
|||
|
||||
static final ListAttributeDefinition ROLE_ATTRIBUTES =
|
||||
new StringListAttributeDefinition.Builder(Constants.Model.ROLE_ATTRIBUTES)
|
||||
.setAllowNull(false)
|
||||
.setAllowNull(true)
|
||||
.build();
|
||||
|
||||
static final SimpleAttributeDefinition[] ATTRIBUTES = {SSL_POLICY, NAME_ID_POLICY_FORMAT, LOGOUT_PAGE, FORCE_AUTHENTICATION, IS_PASSIVE, TURN_OFF_CHANGE_SESSSION_ID_ON_LOGIN};
|
||||
|
|
|
@ -6,60 +6,60 @@ keycloak-saml.subsystem.secure-deployment=A deployment secured by Keycloak.
|
|||
keycloak-saml.secure-deployment=A deployment secured by Keycloak
|
||||
keycloak-saml.secure-deployment.add=Add a deployment to be secured by Keycloak
|
||||
keycloak-saml.secure-deployment.remove=Remove a deployment to be secured by Keycloak
|
||||
keycloak-saml.secure-deployment.service-provider=A security provider configuration for secure deployment
|
||||
keycloak-saml.secure-deployment.SP=A security provider configuration for secure deployment
|
||||
|
||||
keycloak-saml.service-provider=A security provider configuration for secure deployment
|
||||
keycloak-saml.service-provider.add=Add a security provider configuration to deployment secured by Keycloak SAML
|
||||
keycloak-saml.service-provider.remove=Remove a security provider definition from deployment secured by Keycloak SAML
|
||||
keycloak-saml.service-provider.ssl-policy=SSL Policy to use
|
||||
keycloak-saml.service-provider.name-id-policy-format=Name ID policy format URN
|
||||
keycloak-saml.service-provider.logout-page=URI to a logout page
|
||||
keycloak-saml.service-provider.force-authentication=Redirected unauthenticated request to a login page
|
||||
keycloak-saml.service-provider.isPassive=If user isn't logged in just return with an error. Used to check if a user is already logged in or not
|
||||
keycloak-saml.service-provider.turnOffChangeSessionIdOnLogin=The session id is changed by default on a successful login. Change this to true if you want to turn this off
|
||||
keycloak-saml.service-provider.role-attributes=Role identifiers
|
||||
keycloak-saml.service-provider.principal-name-mapping-policy=Principal name mapping policy
|
||||
keycloak-saml.service-provider.principal-name-mapping-attribute-name=Principal name mapping attribute name
|
||||
keycloak-saml.service-provider.key=A key definition
|
||||
keycloak-saml.service-provider.identity-provider=Identity provider definition
|
||||
keycloak-saml.SP=A security provider configuration for secure deployment
|
||||
keycloak-saml.SP.add=Add a security provider configuration to deployment secured by Keycloak SAML
|
||||
keycloak-saml.SP.remove=Remove a security provider definition from deployment secured by Keycloak SAML
|
||||
keycloak-saml.SP.sslPolicy=SSL Policy to use
|
||||
keycloak-saml.SP.nameIDPolicyFormat=Name ID policy format URN
|
||||
keycloak-saml.SP.logoutPage=URI to a logout page
|
||||
keycloak-saml.SP.forceAuthentication=Redirected unauthenticated request to a login page
|
||||
keycloak-saml.SP.isPassive=If user isn't logged in just return with an error. Used to check if a user is already logged in or not
|
||||
keycloak-saml.SP.turnOffChangeSessionIdOnLogin=The session id is changed by default on a successful login. Change this to true if you want to turn this off
|
||||
keycloak-saml.SP.RoleIdentifiers=Role identifiers
|
||||
keycloak-saml.SP.PrincipalNameMapping-policy=Principal name mapping policy
|
||||
keycloak-saml.SP.PrincipalNameMapping-attribute-name=Principal name mapping attribute name
|
||||
keycloak-saml.SP.Key=A key definition
|
||||
keycloak-saml.SP.IDP=Identity provider definition
|
||||
|
||||
keycloak-saml.key=A key configuration for service provider or identity provider
|
||||
keycloak-saml.key.add=Add a key definition
|
||||
keycloak-saml.key.remove=Remove a key definition
|
||||
keycloak-saml.key.signing=Key can be used for signing
|
||||
keycloak-saml.key.encryption=Key can be used for encryption
|
||||
keycloak-saml.key.private-key-pem=Private key string in pem format
|
||||
keycloak-saml.key.public-key-pem=Public key string in pem format
|
||||
keycloak-saml.key.certificate-pem=Certificate key string in pem format
|
||||
keycloak-saml.key.key-store=Key store definition
|
||||
keycloak-saml.key.key-store.file=Key store filesystem path
|
||||
keycloak-saml.key.key-store.resource=Key store resource URI
|
||||
keycloak-saml.key.key-store.password=Key store password
|
||||
keycloak-saml.key.key-store.type=Key store format
|
||||
keycloak-saml.key.key-store.alias=Key alias
|
||||
keycloak-saml.key.key-store.private-key-alias=Private key alias
|
||||
keycloak-saml.key.key-store.private-key-password=Private key password
|
||||
keycloak-saml.key.key-store.certificate-alias=Certificate alias
|
||||
keycloak-saml.Key=A key configuration for service provider or identity provider
|
||||
keycloak-saml.Key.add=Add a key definition
|
||||
keycloak-saml.Key.remove=Remove a key definition
|
||||
keycloak-saml.Key.signing=Key can be used for signing
|
||||
keycloak-saml.Key.encryption=Key can be used for encryption
|
||||
keycloak-saml.Key.PrivateKeyPem=Private key string in pem format
|
||||
keycloak-saml.Key.PublicKeyPem=Public key string in pem format
|
||||
keycloak-saml.Key.CertificatePem=Certificate key string in pem format
|
||||
keycloak-saml.Key.KeyStore=Key store definition
|
||||
keycloak-saml.Key.KeyStore.file=Key store filesystem path
|
||||
keycloak-saml.Key.KeyStore.resource=Key store resource URI
|
||||
keycloak-saml.Key.KeyStore.password=Key store password
|
||||
keycloak-saml.Key.KeyStore.type=Key store format
|
||||
keycloak-saml.Key.KeyStore.alias=Key alias
|
||||
keycloak-saml.Key.KeyStore.PrivateKey-alias=Private key alias
|
||||
keycloak-saml.Key.KeyStore.PrivateKey-password=Private key password
|
||||
keycloak-saml.Key.KeyStore.Certificate-alias=Certificate alias
|
||||
|
||||
keycloak-saml.identity-provider=An identity provider configuration
|
||||
keycloak-saml.identity-provider.add=Add an identity provider
|
||||
keycloak-saml.identity-provider.remove=Remove an identity provider
|
||||
keycloak-saml.identity-provider.signatures-required=Require signatures for single-sign-on and single-logout
|
||||
keycloak-saml.identity-provider.signature-algorithm=Signature algorithm
|
||||
keycloak-saml.identity-provider.signature-canonicalization-method=Signature canonicalization method
|
||||
keycloak-saml.identity-provider.single-sign-on=Single sign-on configuration
|
||||
keycloak-saml.identity-provider.single-sign-on.sign-request=Sign SSO requests
|
||||
keycloak-saml.identity-provider.single-sign-on.validate-response-signature=Validate an SSO response signature
|
||||
keycloak-saml.identity-provider.single-sign-on.request-binding=HTTP method to use for requests
|
||||
keycloak-saml.identity-provider.single-sign-on.response-binding=HTTP method to use for responses
|
||||
keycloak-saml.identity-provider.single-sign-on.binding-url=SSO endpoint URL
|
||||
keycloak-saml.identity-provider.single-logout=Single logout configuration
|
||||
keycloak-saml.identity-provider.single-logout.validate-request-signature=Validate a single-logout request signature
|
||||
keycloak-saml.identity-provider.single-logout.validate-response-signature=Validate a single-logout response signature
|
||||
keycloak-saml.identity-provider.single-logout.sign-request=Sign single-logout requests
|
||||
keycloak-saml.identity-provider.single-logout.sign-response=Sign single-logout responses
|
||||
keycloak-saml.identity-provider.single-logout.request-binding=HTTP method to use for request
|
||||
keycloak-saml.identity-provider.single-logout.response-binding=HTTP method to use for response
|
||||
keycloak-saml.identity-provider.single-logout.post-binding-url=Endpoint URL for posting
|
||||
keycloak-saml.identity-provider.single-logout.redirect-binding-url=Endpoint URL for redirects
|
||||
keycloak-saml.identity-provider.key=Key definition for identity provider
|
||||
keycloak-saml.IDP=An identity provider configuration
|
||||
keycloak-saml.IDP.add=Add an identity provider
|
||||
keycloak-saml.IDP.remove=Remove an identity provider
|
||||
keycloak-saml.IDP.signaturesRequired=Require signatures for SingleSignOnService and SingleLogoutService
|
||||
keycloak-saml.IDP.signatureAlgorithm=Signature algorithm
|
||||
keycloak-saml.IDP.signatureCanonicalizationMethod=Signature canonicalization method
|
||||
keycloak-saml.IDP.SingleSignOnService=Single sign-on configuration
|
||||
keycloak-saml.IDP.SingleSignOnService.signRequest=Sign SSO requests
|
||||
keycloak-saml.IDP.SingleSignOnService.validateResponseSignature=Validate an SSO response signature
|
||||
keycloak-saml.IDP.SingleSignOnService.requestBinding=HTTP method to use for requests
|
||||
keycloak-saml.IDP.SingleSignOnService.responseBinding=HTTP method to use for responses
|
||||
keycloak-saml.IDP.SingleSignOnService.bindingUrl=SSO endpoint URL
|
||||
keycloak-saml.IDP.SingleLogoutService=Single logout configuration
|
||||
keycloak-saml.IDP.SingleLogoutService.validateRequestSignature=Validate a SingleLogoutService request signature
|
||||
keycloak-saml.IDP.SingleLogoutService.validateResponseSignature=Validate a SingleLogoutService response signature
|
||||
keycloak-saml.IDP.SingleLogoutService.signRequest=Sign SingleLogoutService requests
|
||||
keycloak-saml.IDP.SingleLogoutService.signResponse=Sign SingleLogoutService responses
|
||||
keycloak-saml.IDP.SingleLogoutService.requestBinding=HTTP method to use for request
|
||||
keycloak-saml.IDP.SingleLogoutService.responseBinding=HTTP method to use for response
|
||||
keycloak-saml.IDP.SingleLogoutService.postBindingUrl=Endpoint URL for posting
|
||||
keycloak-saml.IDP.SingleLogoutService.redirectBindingUrl=Endpoint URL for redirects
|
||||
keycloak-saml.IDP.Key=Key definition for identity provider
|
|
@ -61,17 +61,17 @@
|
|||
<xs:documentation>URI to a logout page</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="forceAuthentication" type="xs:boolean" use="required">
|
||||
<xs:attribute name="forceAuthentication" type="xs:boolean" use="optional">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Redirected unauthenticated request to a login page</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="isPassive" type="xs:boolean" use="required">
|
||||
<xs:attribute name="isPassive" type="xs:boolean" use="optional">
|
||||
<xs:annotation>
|
||||
<xs:documentation>If user isn't logged in just return with an error. Used to check if a user is already logged in or not</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="turnOffChangeSessionIdOnLogin" type="xs:boolean" use="required">
|
||||
<xs:attribute name="turnOffChangeSessionIdOnLogin" type="xs:boolean" use="optional">
|
||||
<xs:annotation>
|
||||
<xs:documentation>The session id is changed by default on a successful login. Change this to true if you want to turn this off</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
@ -88,7 +88,7 @@
|
|||
<xs:documentation>The entity ID for SAML service provider</xs:documentation>
|
||||
</xs:annotation>
|
||||
</xs:attribute>
|
||||
<xs:attribute name="signaturesRequired" type="xs:boolean" use="required">
|
||||
<xs:attribute name="signaturesRequired" type="xs:boolean" use="optional">
|
||||
<xs:annotation>
|
||||
<xs:documentation>Require signatures for single-sign-on and single-logout</xs:documentation>
|
||||
</xs:annotation>
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
<version>1.9.0.CR1-SNAPSHOT</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>saml-post-signatures</artifactId>
|
||||
<artifactId>sales-post-sig</artifactId>
|
||||
|
||||
<packaging>war</packaging>
|
||||
|
||||
|
|
|
@ -25,27 +25,13 @@
|
|||
}
|
||||
],
|
||||
"clients": [
|
||||
{
|
||||
"clientId": "http://localhost:8080/sales-post/",
|
||||
"enabled": true,
|
||||
"fullScopeAllowed": true,
|
||||
"protocol": "saml",
|
||||
"baseUrl": "http://localhost:8080/sales-post/",
|
||||
"adminUrl": "http://localhost:8080/sales-post/",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/sales-post/*"
|
||||
],
|
||||
"attributes": {
|
||||
"saml.authnstatement": "true"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8080/sales-post-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
"baseUrl": "http://localhost:8080/sales-post-sig/",
|
||||
"adminUrl": "http://localhost:8080/sales-post-sig/",
|
||||
"adminUrl": "http://localhost:8080/sales-post-sig/saml",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/sales-post-sig/*"
|
||||
],
|
||||
|
@ -64,7 +50,7 @@
|
|||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
"baseUrl": "http://localhost:8080/sales-post-enc/",
|
||||
"adminUrl": "http://localhost:8080/sales-post-enc/",
|
||||
"adminUrl": "http://localhost:8080/sales-post-enc/saml",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/sales-post-enc/*"
|
||||
],
|
||||
|
@ -80,27 +66,13 @@
|
|||
"saml.encryption.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g=="
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8080/employee/",
|
||||
"enabled": true,
|
||||
"fullScopeAllowed": true,
|
||||
"protocol": "saml",
|
||||
"baseUrl": "http://localhost:8080/employee/",
|
||||
"adminUrl": "http://localhost:8080/employee/",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/employee/*"
|
||||
],
|
||||
"attributes": {
|
||||
"saml.authnstatement": "true"
|
||||
}
|
||||
},
|
||||
{
|
||||
"clientId": "http://localhost:8080/employee-sig/",
|
||||
"enabled": true,
|
||||
"protocol": "saml",
|
||||
"fullScopeAllowed": true,
|
||||
"baseUrl": "http://localhost:8080/employee-sig/",
|
||||
"adminUrl": "http://localhost:8080/employee-sig/",
|
||||
"adminUrl": "http://localhost:8080/employee-sig/saml",
|
||||
"redirectUris": [
|
||||
"http://localhost:8080/employee-sig/*"
|
||||
],
|
||||
|
|
|
@ -26,6 +26,12 @@ public class KeycloakSamlClientInstallation implements ClientInstallationProvide
|
|||
SamlClient samlClient = new SamlClient(client);
|
||||
StringBuffer buffer = new StringBuffer();
|
||||
buffer.append("<keycloak-saml-adapter>\n");
|
||||
baseXml(realm, client, baseUri, samlClient, buffer);
|
||||
buffer.append("</keycloak-saml-adapter>\n");
|
||||
return Response.ok(buffer.toString(), MediaType.TEXT_PLAIN_TYPE).build();
|
||||
}
|
||||
|
||||
public static void baseXml(RealmModel realm, ClientModel client, URI baseUri, SamlClient samlClient, StringBuffer buffer) {
|
||||
buffer.append(" <SP entityID=\"").append(client.getClientId()).append("\"\n");
|
||||
buffer.append(" sslPolicy=\"").append(realm.getSslRequired().name()).append("\"\n");
|
||||
buffer.append(" logoutPage=\"SPECIFY YOUR LOGOUT PAGE!\">\n");
|
||||
|
@ -99,8 +105,6 @@ public class KeycloakSamlClientInstallation implements ClientInstallationProvide
|
|||
}
|
||||
buffer.append(" </IDP>\n");
|
||||
buffer.append(" </SP>\n");
|
||||
buffer.append("</keycloak-saml-adapter>\n");
|
||||
return Response.ok(buffer.toString(), MediaType.TEXT_PLAIN_TYPE).build();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -0,0 +1,88 @@
|
|||
package org.keycloak.protocol.saml.installation;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.models.ClientModel;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.models.RealmModel;
|
||||
import org.keycloak.protocol.ClientInstallationProvider;
|
||||
import org.keycloak.protocol.saml.SamlClient;
|
||||
import org.keycloak.protocol.saml.SamlProtocol;
|
||||
import org.keycloak.services.resources.RealmsResource;
|
||||
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriBuilder;
|
||||
import java.net.URI;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
|
||||
* @version $Revision: 1 $
|
||||
*/
|
||||
public class KeycloakSamlSubsystemInstallation implements ClientInstallationProvider {
|
||||
|
||||
@Override
|
||||
public Response generateInstallation(KeycloakSession session, RealmModel realm, ClientModel client, URI baseUri) {
|
||||
SamlClient samlClient = new SamlClient(client);
|
||||
StringBuffer buffer = new StringBuffer();
|
||||
buffer.append("<secure-deployment name=\"YOUR-WAR.war\">\n");
|
||||
KeycloakSamlClientInstallation.baseXml(realm, client, baseUri, samlClient, buffer);
|
||||
buffer.append("</secure-deployment>\n");
|
||||
return Response.ok(buffer.toString(), MediaType.TEXT_PLAIN_TYPE).build();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getProtocol() {
|
||||
return SamlProtocol.LOGIN_PROTOCOL;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getDisplayType() {
|
||||
return "Keycloak SAML Wildfly/JBoss Subsystem";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getHelpText() {
|
||||
return "Keycloak SAML adapter Wildfly/JBoss subsystem xml. Put this <subsystem xmlns=\"urn:jboss:domain:keycloak-saml:1.1\"> element of your standalone.xml file.";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getFilename() {
|
||||
return "keycloak-saml-subsystem.xml";
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getMediaType() {
|
||||
return MediaType.APPLICATION_XML;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isDownloadOnly() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public ClientInstallationProvider create(KeycloakSession session) {
|
||||
return this;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postInit(KeycloakSessionFactory factory) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "keycloak-saml-subsystem";
|
||||
}
|
||||
}
|
|
@ -4,4 +4,5 @@ org.keycloak.protocol.saml.installation.KeycloakSamlClientInstallation
|
|||
org.keycloak.protocol.saml.installation.SamlSPDescriptorClientInstallation
|
||||
org.keycloak.protocol.saml.installation.SamlIDPDescriptorClientInstallation
|
||||
org.keycloak.protocol.saml.installation.ModAuthMellonClientInstallation
|
||||
org.keycloak.protocol.saml.installation.KeycloakSamlSubsystemInstallation
|
||||
|
||||
|
|
Loading…
Reference in a new issue