libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #2238 from patriot1burke/master

Browse source 
KEYCLOAK-2477
This commit is contained in:
Bill Burke 2016-02-18 15:48:08 -05:00
commit ed161d2426
2 changed files with 33 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
services/src/main/java/org/keycloak/protocol/saml/installation/SamlIDPDescriptorClientInstallation.java
View file

@ -47,30 +47,40 @@ public class SamlIDPDescriptorClientInstallation implements ClientInstallationPr
" <IDPSSODescriptor WantAuthnRequestsSigned=\"" + Boolean.toString(samlClient.requiresClientSignature()) + "\"\n" + " <IDPSSODescriptor WantAuthnRequestsSigned=\"" + Boolean.toString(samlClient.requiresClientSignature()) + "\"\n" +
" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n"; " protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n";
if (samlClient.forceNameIDFormat() && samlClient.getNameIDFormat() != null) { if (samlClient.forceNameIDFormat() && samlClient.getNameIDFormat() != null) {
idp += " " + samlClient.getNameIDFormat(); idp += " <NameIDFormat>" + samlClient.getNameIDFormat() + "</NameIDFormat>\n";
} else { } else {
idp += " <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>\n" + idp += " <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>\n" +
" <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n" + " <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>\n" +
" <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>\n" + " <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>\n" +
" <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>\n"; " <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>\n";
} }
String bindUrl = RealmsResource.protocolUrl(UriBuilder.fromUri(serverBaseUri)).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString(); String bindUrl = RealmsResource.protocolUrl(UriBuilder.fromUri(serverBaseUri)).build(realm.getName(), SamlProtocol.LOGIN_PROTOCOL).toString();
idp += "\n" + idp += "\n" +
" <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" + " <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
" Location=\"" + bindUrl + "\" />\n" + " Location=\"" + bindUrl + "\" />\n";
" <SingleLogoutService\n" + if (!samlClient.forcePostBinding()) {
idp += " <SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" +
" Location=\"" + bindUrl + "\" />\n";
}
idp += " <SingleLogoutService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" + " Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
" Location=\"" + bindUrl + "\" />\n" + " Location=\"" + bindUrl + "\" />\n";
" <KeyDescriptor use=\"signing\">\n" + if (!samlClient.forcePostBinding()) {
" <dsig:KeyInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">\n" + idp += " <SingleLogoutService\n" +
" <dsig:X509Data>\n" + " Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" +
" <dsig:X509Certificate>\n" + " Location=\"" + bindUrl + "\" />\n";
" " + realm.getCertificatePem() + "\n" + }
" </dsig:X509Certificate>\n" + idp += " <KeyDescriptor use=\"signing\">\n" +
" </dsig:X509Data>\n" + " <dsig:KeyInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">\n" +
" </dsig:KeyInfo>\n" + " <dsig:X509Data>\n" +
" </KeyDescriptor>\n" + " <dsig:X509Certificate>\n" +
" </IDPSSODescriptor>\n" + " " + realm.getCertificatePem() + "\n" +
" </dsig:X509Certificate>\n" +
" </dsig:X509Data>\n" +
" </dsig:KeyInfo>\n" +
" </KeyDescriptor>\n" +
" </IDPSSODescriptor>\n" +
"</EntityDescriptor>\n"; "</EntityDescriptor>\n";
return idp; return idp;
} }

7
services/src/main/resources/idp-metadata-template.xml
View file

@ -33,8 +33,11 @@
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="${idp.sso.HTTP-Redirect}" /> Location="${idp.sso.HTTP-Redirect}" />
<SingleLogoutService <SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="${idp.sls.HTTP-POST}" /> Location="${idp.sls.HTTP-POST}" />
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="${idp.sso.HTTP-Redirect}" />
<KeyDescriptor use="signing"> <KeyDescriptor use="signing">
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:X509Data> <dsig:X509Data>