Merge pull request #1096 from patriot1burke/master

broker fixes
2015-03-27 12:35:36 -04:00 · 2015-03-27 12:35:36 -04:00 · e464947abe
commit e464947abe
parent 48050de1a6 878ce0761d
13 changed files with 13 additions and 29 deletions
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java
@ -33,10 +33,8 @@ import org.keycloak.events.EventType;
 import org.keycloak.models.FederatedIdentityModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
-import org.keycloak.representations.AccessTokenResponse;
 import org.keycloak.services.messages.Messages;
 import org.keycloak.services.resources.flows.Flows;
-import org.keycloak.util.JsonSerialization;

 import javax.ws.rs.GET;
 import javax.ws.rs.QueryParam;
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/KeycloakOIDCIdentityProvider.java
@ -1,7 +1,6 @@
 package org.keycloak.broker.oidc;

 import org.keycloak.broker.oidc.util.SimpleHttp;
-import org.keycloak.broker.provider.IdentityProvider;
 import org.keycloak.constants.AdapterConstants;
 import org.keycloak.events.EventBuilder;
 import org.keycloak.jose.jws.JWSInput;
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java
@ -18,24 +18,19 @@
 package org.keycloak.broker.oidc;

 import org.codehaus.jackson.JsonNode;
-import org.jboss.resteasy.logging.Logger;
+import org.jboss.logging.Logger;
 import org.keycloak.broker.oidc.util.SimpleHttp;
 import org.keycloak.broker.provider.AuthenticationRequest;
 import org.keycloak.broker.provider.FederatedIdentity;
 import org.keycloak.broker.provider.IdentityBrokerException;
-import org.keycloak.broker.provider.IdentityProvider;
-import org.keycloak.constants.AdapterConstants;
 import org.keycloak.events.Errors;
 import org.keycloak.events.EventBuilder;
 import org.keycloak.events.EventType;
 import org.keycloak.jose.jws.JWSInput;
-import org.keycloak.jose.jws.crypto.RSAProvider;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.representations.AccessTokenResponse;
 import org.keycloak.representations.IDToken;
-import org.keycloak.representations.adapters.action.AdminAction;
-import org.keycloak.representations.adapters.action.LogoutAction;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.EventsManager;
 import org.keycloak.services.messages.Messages;
@ -44,13 +39,10 @@ import org.keycloak.services.resources.RealmsResource;
 import org.keycloak.services.resources.flows.Flows;
 import org.keycloak.util.JsonSerialization;

-import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
-import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
@ -238,7 +230,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
                    }
                }

-                throw new IdentityBrokerException("Wrong issuer from id_token..");
+                throw new IdentityBrokerException("Wrong issuer from id_token. Got: " + iss + " expected: " + getConfig().getIssuer());
            }
            return idToken;
        } catch (IOException e) {
--- a/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProviderFactory.java
+++ b/broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProviderFactory.java
@ -24,7 +24,6 @@ import org.keycloak.util.JsonSerialization;

 import java.io.IOException;
 import java.io.InputStream;
-import java.util.HashMap;
 import java.util.Map;

 /**
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
@ -1,7 +1,6 @@
 package org.keycloak.broker.saml;

 import org.jboss.logging.Logger;
-import org.jboss.resteasy.spi.HttpRequest;
 import org.keycloak.ClientConnection;
 import org.keycloak.VerificationException;
 import org.keycloak.broker.provider.FederatedIdentity;
@ -13,17 +12,14 @@ import org.keycloak.events.EventBuilder;
 import org.keycloak.events.EventType;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
-import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.protocol.saml.SAML2LogoutResponseBuilder;
 import org.keycloak.protocol.saml.SAMLRequestParser;
 import org.keycloak.protocol.saml.SamlProtocol;
 import org.keycloak.protocol.saml.SamlProtocolUtils;
-import org.keycloak.protocol.saml.SignatureAlgorithm;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.managers.EventsManager;
 import org.keycloak.services.messages.Messages;
-import org.keycloak.services.resources.IdentityBrokerService;
 import org.keycloak.services.resources.flows.Flows;
 import org.picketlink.common.constants.GeneralConstants;
 import org.picketlink.common.constants.JBossSAMLConstants;
@ -94,9 +90,6 @@ public class SAMLEndpoint {
    @Context
    private ClientConnection clientConnection;

-    @Context
-    private HttpRequest request;
-
    @Context
    private HttpHeaders headers;

--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
@ -19,7 +19,6 @@ package org.keycloak.broker.saml;

 import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
 import org.keycloak.models.IdentityProviderModel;
-import org.picketlink.common.constants.JBossSAMLConstants;
 import org.picketlink.common.constants.JBossSAMLURIConstants;
 import org.picketlink.common.exceptions.ParsingException;
 import org.picketlink.common.util.DocumentUtil;
--- a/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml
+++ b/connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.2.0.Beta1.xml
@ -110,6 +110,8 @@
        </addColumn>
        <addColumn tableName="USER_SESSION">
            <column name="USER_SESSION_STATE" type="INT" />
+            <column name="BROKER_SESSION_ID" type="VARCHAR(255)" />
+            <column name="BROKER_USER_ID" type="VARCHAR(255)" />
        </addColumn>
        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_PCM" tableName="PROTOCOL_MAPPER"/>
        <addPrimaryKey columnNames="INTERNAL_ID" constraintName="CONSTRAINT_2B" tableName="IDENTITY_PROVIDER"/>
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-broker-saml/main/module.xml
@ -11,10 +11,10 @@
        <module name="org.keycloak.keycloak-events-api"/>
        <module name="org.keycloak.keycloak-broker-core"/>
        <module name="org.keycloak.keycloak-saml-protocol"/>
+        <module name="org.keycloak.keycloak-services"/>
        <module name="org.picketlink.common"/>
        <module name="org.picketlink.federation"/>
        <module name="org.jboss.logging"/>
        <module name="javax.ws.rs.api"/>
-        <module name="org.jboss.resteasy.resteasy-jaxrs"/>
    </dependencies>
 </module>
--- a/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
+++ b/distribution/modules/src/main/resources/modules/org/keycloak/keycloak-saml-protocol/main/module.xml
@ -15,6 +15,7 @@
        <module name="org.keycloak.keycloak-login-api"/>
        <module name="org.keycloak.keycloak-services"/>
        <module name="org.keycloak.keycloak-forms-common-freemarker"/>
+        <module name="org.apache.httpcomponents" />
        <module name="org.jboss.logging"/>
        <module name="org.picketlink.common"/>
        <module name="org.picketlink.federation"/>
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
@ -710,7 +710,7 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
    } else {
        $scope.identityProvider = {};
        $scope.identityProvider.config = {};
-        $scope.identityProvider.alias = providerFactory.name;
+        $scope.identityProvider.alias = providerFactory.id;
        $scope.identityProvider.providerId = providerFactory.id;
        $scope.identityProvider.enabled = true;
        $scope.identityProvider.updateProfileFirstLogin = false;
@ -774,7 +774,7 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
        for (var i = 0; i < $scope.files.length; i++) {
            var $file = $scope.files[i];
            $scope.upload = $upload.upload({
-                url: authUrl + '/admin/realms/' + realm.realm + '/identity-provider/import',
+                url: authUrl + '/admin/realms/' + realm.realm + '/identity-provider/import-config',
                // method: POST or PUT,
                // headers: {'headerKey': 'headerValue'}, withCredential: true,
                data: input,
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-oidc.html
@ -124,7 +124,7 @@
                        <span tooltip-placement="right" tooltip="Specifies whether the Authorization Server prompts the End-User for reauthentication and consent." class="fa fa-info-circle"></span>
                    </div>
                </fieldset>
-                <fieldset>
+                <fieldset data-ng-show="newIdentityProvider">
                    <legend uncollapsed><span class="text">Import External IDP Config</span> <span tooltip-placement="right" tooltip="Allows you to load external IDP metadata from a config file or to download it from a URL." class="fa fa-info-circle"></span></legend>
                    <div class="form-group" data-ng-show="newIdentityProvider">
                        <label class="col-sm-2 control-label" for="fromUrl">Import From Url</label>
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
@ -117,12 +117,12 @@
                        <span tooltip-placement="right" tooltip="Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used." class="fa fa-info-circle"></span>
                    </div>
                 </fieldset>
-                <fieldset>
+                <fieldset data-ng-show="newIdentityProvider">
                    <legend uncollapsed><span class="text">Import External IDP Config</span> <span tooltip-placement="right" tooltip="Allows you to load external IDP metadata from a config file or to download it from a URL." class="fa fa-info-circle"></span></legend>
                    <div class="form-group" data-ng-show="newIdentityProvider">
                        <label class="col-sm-2 control-label" for="fromUrl">Import From Url</label>
                        <div class="col-sm-4">
-                            <input class="form-control" id="fromUrl" type="text" ng-model="fromUrl">
+                            <input class="form-control" id="fromUrl" type="text" ng-model="fromUrl.data">
                        </div>
                        <span tooltip-placement="right" tooltip="Import metadata from a remote IDP SAML entity descriptor." class="fa fa-info-circle"></span>
                        <div class="col-sm-4" data-ng-show="importUrl">
--- a/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/OIDCWellKnownProvider.java
@ -4,6 +4,7 @@ import org.keycloak.OAuth2Constants;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation;
 import org.keycloak.services.resources.RealmsResource;
+import org.keycloak.services.resources.flows.Urls;
 import org.keycloak.wellknown.WellKnownProvider;

 import javax.ws.rs.core.UriBuilder;
@ -33,7 +34,7 @@ public class OIDCWellKnownProvider implements WellKnownProvider {
        UriBuilder uriBuilder = RealmsResource.protocolUrl(uriInfo);

        OIDCConfigurationRepresentation config = new OIDCConfigurationRepresentation();
-        config.setIssuer(realm.getName());
+        config.setIssuer(Urls.realmIssuer(uriInfo.getBaseUri(), realm.getName()));
        config.setAuthorizationEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "auth").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
        config.setTokenEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "token").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());
        config.setUserinfoEndpoint(uriBuilder.clone().path(OIDCLoginProtocolService.class, "issueUserInfo").build(realm.getName(), OIDCLoginProtocol.LOGIN_PROTOCOL).toString());