KEYCLOAK-2584
This commit is contained in:
Bill Burke
parent
b253fe9532
commit
e497eb0950
1 changed files with 49 additions and 39 deletions
|
|
@ -54,45 +54,8 @@ public abstract class AbstractInitiateLogin implements AuthChallenge {
|
|||
@Override
|
||||
public boolean challenge(HttpFacade httpFacade) {
|
||||
try {
|
||||
String issuerURL = deployment.getEntityID();
|
||||
String nameIDPolicyFormat = deployment.getNameIDPolicyFormat();
|
||||
|
||||
if (nameIDPolicyFormat == null) {
|
||||
nameIDPolicyFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
|
||||
}
|
||||
|
||||
SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder()
|
||||
.destination(deployment.getIDP().getSingleSignOnService().getRequestBindingUrl())
|
||||
.issuer(issuerURL)
|
||||
.forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
|
||||
.nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
|
||||
if (deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
|
||||
String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
|
||||
if (deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
|
||||
protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
|
||||
}
|
||||
authnRequestBuilder.protocolBinding(protocolBinding);
|
||||
|
||||
}
|
||||
if (deployment.getAssertionConsumerServiceUrl() != null) {
|
||||
authnRequestBuilder.assertionConsumerUrl(deployment.getAssertionConsumerServiceUrl());
|
||||
}
|
||||
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
|
||||
|
||||
if (deployment.getIDP().getSingleSignOnService().signRequest()) {
|
||||
|
||||
|
||||
KeyPair keypair = deployment.getSigningKeyPair();
|
||||
if (keypair == null) {
|
||||
throw new RuntimeException("Signing keys not configured");
|
||||
}
|
||||
if (deployment.getSignatureCanonicalizationMethod() != null) {
|
||||
binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
|
||||
}
|
||||
|
||||
binding.signWith(keypair);
|
||||
binding.signDocument();
|
||||
}
|
||||
SAML2AuthnRequestBuilder authnRequestBuilder = buildSaml2AuthnRequestBuilder(deployment);
|
||||
BaseSAML2BindingBuilder binding = createSaml2Binding(deployment);
|
||||
sessionStore.saveRequest();
|
||||
|
||||
sendAuthnRequest(httpFacade, authnRequestBuilder, binding);
|
||||
|
|
@ -103,6 +66,53 @@ public abstract class AbstractInitiateLogin implements AuthChallenge {
|
|||
return true;
|
||||
}
|
||||
|
||||
public static BaseSAML2BindingBuilder createSaml2Binding(SamlDeployment deployment) {
|
||||
BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
|
||||
|
||||
if (deployment.getIDP().getSingleSignOnService().signRequest()) {
|
||||
|
||||
binding.signatureAlgorithm(deployment.getSignatureAlgorithm());
|
||||
KeyPair keypair = deployment.getSigningKeyPair();
|
||||
if (keypair == null) {
|
||||
throw new RuntimeException("Signing keys not configured");
|
||||
}
|
||||
if (deployment.getSignatureCanonicalizationMethod() != null) {
|
||||
binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
|
||||
}
|
||||
|
||||
binding.signWith(keypair);
|
||||
binding.signDocument();
|
||||
}
|
||||
return binding;
|
||||
}
|
||||
|
||||
public static SAML2AuthnRequestBuilder buildSaml2AuthnRequestBuilder(SamlDeployment deployment) {
|
||||
String issuerURL = deployment.getEntityID();
|
||||
String nameIDPolicyFormat = deployment.getNameIDPolicyFormat();
|
||||
|
||||
if (nameIDPolicyFormat == null) {
|
||||
nameIDPolicyFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
|
||||
}
|
||||
|
||||
SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder()
|
||||
.destination(deployment.getIDP().getSingleSignOnService().getRequestBindingUrl())
|
||||
.issuer(issuerURL)
|
||||
.forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
|
||||
.nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
|
||||
if (deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
|
||||
String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
|
||||
if (deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
|
||||
protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
|
||||
}
|
||||
authnRequestBuilder.protocolBinding(protocolBinding);
|
||||
|
||||
}
|
||||
if (deployment.getAssertionConsumerServiceUrl() != null) {
|
||||
authnRequestBuilder.assertionConsumerUrl(deployment.getAssertionConsumerServiceUrl());
|
||||
}
|
||||
return authnRequestBuilder;
|
||||
}
|
||||
|
||||
protected abstract void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) throws ProcessingException, ConfigurationException, IOException;
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue