From f690947cea6e10001d9b76ae0ed6676a1592ab1b Mon Sep 17 00:00:00 2001 From: rmartinc Date: Wed, 19 Jun 2024 13:23:45 +0200 Subject: [PATCH] Remove the SAML undertow adapter Closes #30554 Signed-off-by: rmartinc --- adapters/saml/pom.xml | 1 - adapters/saml/undertow/pom.xml | 91 ------ .../saml/undertow/AbstractSamlAuthMech.java | 175 ------------ .../IdMapperUpdaterSessionListener.java | 103 ------- .../saml/undertow/SamlServletExtension.java | 223 --------------- .../saml/undertow/ServletSamlAuthMech.java | 152 ---------- .../undertow/ServletSamlSessionStore.java | 263 ------------------ .../undertow/UndertowSamlAuthenticator.java | 67 ----- .../saml/undertow/UndertowSamlEndpoint.java | 48 ---- .../io.undertow.servlet.ServletExtension | 18 -- .../adapter-feature-pack/pom.xml | 10 - .../keycloak-adapter-spi/main/module.xml | 1 - .../saml-adapter-galleon-pack/pom.xml | 24 +- .../src/main/resources/license/licenses.xml | 20 -- .../keycloak-adapter-spi/main/module.xml | 1 - .../main/module.xml | 46 --- .../main/module.xml | 1 - .../wildfly-jakarta-modules/build.xml | 5 - .../wildfly-jakarta-modules/pom.xml | 20 -- .../main/module.xml | 46 --- .../main/module.xml | 1 - .../wildfly-adapter/wildfly-modules/build.xml | 5 - .../wildfly-adapter/wildfly-modules/pom.xml | 20 -- .../main/module.xml | 46 --- .../main/module.xml | 1 - pom.xml | 5 - .../servers/adapter-spi/pom.xml | 3 +- .../undertow-adapter-saml-jakarta/.gitignore | 1 - .../undertow-adapter-saml-jakarta/pom.xml | 130 --------- testsuite/utils/pom.xml | 5 - 30 files changed, 2 insertions(+), 1530 deletions(-) delete mode 100755 adapters/saml/undertow/pom.xml delete mode 100755 adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/AbstractSamlAuthMech.java delete mode 100644 adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/IdMapperUpdaterSessionListener.java delete mode 100755 adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/SamlServletExtension.java delete mode 100755 adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlAuthMech.java delete mode 100755 adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java delete mode 100755 adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlAuthenticator.java delete mode 100755 adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlEndpoint.java delete mode 100644 adapters/saml/undertow/src/main/resources/META-INF/services/io.undertow.servlet.ServletExtension delete mode 100755 distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml delete mode 100644 distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/src/main/resources/modules/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml delete mode 100755 distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml delete mode 100644 testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/.gitignore delete mode 100644 testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml diff --git a/adapters/saml/pom.xml b/adapters/saml/pom.xml index b2e4ff88ea..f06a20eea9 100755 --- a/adapters/saml/pom.xml +++ b/adapters/saml/pom.xml @@ -34,7 +34,6 @@ core-public core core-jakarta - undertow wildfly wildfly-elytron wildfly-elytron-jakarta diff --git a/adapters/saml/undertow/pom.xml b/adapters/saml/undertow/pom.xml deleted file mode 100755 index b4d5480a78..0000000000 --- a/adapters/saml/undertow/pom.xml +++ /dev/null @@ -1,91 +0,0 @@ - - - - - - keycloak-parent - org.keycloak - 999.0.0-SNAPSHOT - ../../../pom.xml - - 4.0.0 - - keycloak-saml-undertow-adapter - Keycloak Undertow SAML Adapter - - - - - org.keycloak - keycloak-saml-core - provided - - - org.keycloak - keycloak-adapter-spi - provided - - - org.keycloak - keycloak-common - provided - - - org.keycloak - keycloak-saml-adapter-api-public - provided - - - org.keycloak - keycloak-saml-adapter-core - provided - - - org.keycloak - keycloak-undertow-adapter-spi - provided - - - org.jboss.logging - jboss-logging - provided - - - org.jboss.spec.javax.servlet - jboss-servlet-api_3.0_spec - provided - - - io.undertow - undertow-servlet - provided - - - io.undertow - undertow-core - provided - - - junit - junit - test - - - - diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/AbstractSamlAuthMech.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/AbstractSamlAuthMech.java deleted file mode 100755 index 34197bc504..0000000000 --- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/AbstractSamlAuthMech.java +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.saml.undertow; - -import io.undertow.security.api.AuthenticationMechanism; -import io.undertow.security.api.NotificationReceiver; -import io.undertow.security.api.SecurityContext; -import io.undertow.security.api.SecurityNotification; -import io.undertow.server.HttpServerExchange; -import io.undertow.util.AttachmentKey; -import io.undertow.util.Headers; -import io.undertow.util.StatusCodes; -import org.keycloak.adapters.saml.SamlAuthenticator; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlDeploymentContext; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.spi.AuthChallenge; -import org.keycloak.adapters.spi.AuthOutcome; -import org.keycloak.adapters.spi.HttpFacade; -import org.keycloak.adapters.undertow.UndertowHttpFacade; -import org.keycloak.adapters.undertow.UndertowUserSessionManagement; -import java.util.logging.Level; -import java.util.logging.Logger; -import java.util.regex.Pattern; - -/** - * Abstract base class for a Keycloak-enabled Undertow AuthenticationMechanism. - * - * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc. - */ -public abstract class AbstractSamlAuthMech implements AuthenticationMechanism { - - private static final Logger LOG = Logger.getLogger(AbstractSamlAuthMech.class.getName()); - - public static final AttachmentKey KEYCLOAK_CHALLENGE_ATTACHMENT_KEY = AttachmentKey.create(AuthChallenge.class); - protected SamlDeploymentContext deploymentContext; - protected UndertowUserSessionManagement sessionManagement; - protected String errorPage; - - public AbstractSamlAuthMech(SamlDeploymentContext deploymentContext, UndertowUserSessionManagement sessionManagement, String errorPage) { - this.deploymentContext = deploymentContext; - this.sessionManagement = sessionManagement; - this.errorPage = errorPage; - } - - @Override - public ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext) { - AuthChallenge challenge = exchange.getAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY); - if (challenge != null) { - UndertowHttpFacade facade = createFacade(exchange); - if (challenge.challenge(facade)) { - return new ChallengeResult(true, exchange.getResponseCode()); - } - } - return new ChallengeResult(false); - } - - protected Integer servePage(final HttpServerExchange exchange, final String location) { - sendRedirect(exchange, location); - return StatusCodes.TEMPORARY_REDIRECT; - } - - private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9+.-]*:"); - - static void sendRedirect(final HttpServerExchange exchange, final String location) { - if (location == null) { - LOG.log(Level.WARNING, "Logout page not set."); - exchange.setStatusCode(StatusCodes.NOT_FOUND); - exchange.endExchange(); - return; - } - - if (PROTOCOL_PATTERN.matcher(location).find()) { - exchange.getResponseHeaders().put(Headers.LOCATION, location); - } else { - String loc = exchange.getRequestScheme() + "://" + exchange.getHostAndPort() + location; - exchange.getResponseHeaders().put(Headers.LOCATION, loc); - } - } - - protected void registerNotifications(final SecurityContext securityContext) { - - final NotificationReceiver logoutReceiver = new NotificationReceiver() { - @Override - public void handleNotification(SecurityNotification notification) { - if (notification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) - return; - - HttpServerExchange exchange = notification.getExchange(); - UndertowHttpFacade facade = createFacade(exchange); - SamlDeployment deployment = deploymentContext.resolveDeployment(facade); - SamlSessionStore sessionStore = getTokenStore(exchange, facade, deployment, securityContext); - sessionStore.logoutAccount(); - } - }; - - securityContext.registerNotificationReceiver(logoutReceiver); - } - - /** - * Call this inside your authenticate method. - */ - public AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext) { - UndertowHttpFacade facade = createFacade(exchange); - SamlDeployment deployment = deploymentContext.resolveDeployment(facade); - if (!deployment.isConfigured()) { - return AuthenticationMechanismOutcome.NOT_ATTEMPTED; - } - SamlSessionStore sessionStore = getTokenStore(exchange, facade, deployment, securityContext); - SamlAuthenticator authenticator = null; - if (exchange.getRequestPath().endsWith("/saml")) { - authenticator = new UndertowSamlEndpoint(facade, deploymentContext.resolveDeployment(facade), sessionStore); - } else { - authenticator = new UndertowSamlAuthenticator(securityContext, facade, deploymentContext.resolveDeployment(facade), sessionStore); - - } - - AuthOutcome outcome = authenticator.authenticate(); - if (outcome == AuthOutcome.AUTHENTICATED) { - registerNotifications(securityContext); - return AuthenticationMechanismOutcome.AUTHENTICATED; - } - if (outcome == AuthOutcome.NOT_AUTHENTICATED) { - // we are in passive mode and user is not authenticated, let app server to try another auth mechanism - // See KEYCLOAK-2107, AbstractSamlAuthenticationHandler - return AuthenticationMechanismOutcome.NOT_ATTEMPTED; - } - if (outcome == AuthOutcome.LOGGED_OUT) { - securityContext.logout(); - if (deployment.getLogoutPage() != null) { - redirectLogout(deployment, exchange); - } - return AuthenticationMechanismOutcome.NOT_ATTEMPTED; - } - AuthChallenge challenge = authenticator.getChallenge(); - if (challenge != null) { - exchange.putAttachment(KEYCLOAK_CHALLENGE_ATTACHMENT_KEY, challenge); - if (authenticator instanceof UndertowSamlEndpoint) { - exchange.getSecurityContext().setAuthenticationRequired(); - } - } - - if (outcome == AuthOutcome.FAILED) { - return AuthenticationMechanismOutcome.NOT_AUTHENTICATED; - } - return AuthenticationMechanismOutcome.NOT_ATTEMPTED; - } - - protected void redirectLogout(SamlDeployment deployment, HttpServerExchange exchange) { - String page = deployment.getLogoutPage(); - sendRedirect(exchange, page); - exchange.setStatusCode(StatusCodes.FOUND); - exchange.endExchange(); - } - - protected UndertowHttpFacade createFacade(HttpServerExchange exchange) { - return new UndertowHttpFacade(exchange); - } - - protected abstract SamlSessionStore getTokenStore(HttpServerExchange exchange, HttpFacade facade, SamlDeployment deployment, SecurityContext securityContext); -} \ No newline at end of file diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/IdMapperUpdaterSessionListener.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/IdMapperUpdaterSessionListener.java deleted file mode 100644 index 692413e5aa..0000000000 --- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/IdMapperUpdaterSessionListener.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright 2017 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.saml.undertow; - -import org.keycloak.adapters.saml.SamlSession; -import org.keycloak.adapters.spi.SessionIdMapper; - -import io.undertow.server.HttpServerExchange; -import io.undertow.server.session.Session; -import io.undertow.server.session.SessionListener; -import java.util.Objects; - -/** - * - * @author hmlnarik - */ -public class IdMapperUpdaterSessionListener implements SessionListener { - - private final SessionIdMapper idMapper; - - public IdMapperUpdaterSessionListener(SessionIdMapper idMapper) { - this.idMapper = idMapper; - } - - @Override - public void sessionCreated(Session session, HttpServerExchange exchange) { - Object value = session.getAttribute(SamlSession.class.getName()); - map(session.getId(), value); - } - - @Override - public void sessionDestroyed(Session session, HttpServerExchange exchange, SessionDestroyedReason reason) { - if (reason != SessionDestroyedReason.UNDEPLOY) { - unmap(session.getId(), session.getAttribute(SamlSession.class.getName())); - } - } - - @Override - public void attributeAdded(Session session, String name, Object value) { - if (Objects.equals(name, SamlSession.class.getName())) { - map(session.getId(), value); - } - } - - @Override - public void attributeUpdated(Session session, String name, Object newValue, Object oldValue) { - if (Objects.equals(name, SamlSession.class.getName())) { - unmap(session.getId(), oldValue); - map(session.getId(), newValue); - } - } - - @Override - public void attributeRemoved(Session session, String name, Object oldValue) { - if (Objects.equals(name, SamlSession.class.getName())) { - unmap(session.getId(), oldValue); - } - } - - @Override - public void sessionIdChanged(Session session, String oldSessionId) { - Object value = session.getAttribute(SamlSession.class.getName()); - if (value != null) { - unmap(oldSessionId, value); - map(session.getId(), value); - } - } - - private void map(String sessionId, Object value) { - if (! (value instanceof SamlSession) || sessionId == null) { - return; - } - SamlSession account = (SamlSession) value; - - idMapper.map(account.getSessionIndex(), account.getPrincipal().getSamlSubject(), sessionId); - } - - private void unmap(String sessionId, Object value) { - if (! (value instanceof SamlSession) || sessionId == null) { - return; - } - - SamlSession samlSession = (SamlSession) value; - if (samlSession.getSessionIndex() != null) { - idMapper.removeSession(sessionId); - } - } - -} diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/SamlServletExtension.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/SamlServletExtension.java deleted file mode 100755 index 931ecd7169..0000000000 --- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/SamlServletExtension.java +++ /dev/null @@ -1,223 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.adapters.saml.undertow; - -import io.undertow.security.api.AuthenticationMechanism; -import io.undertow.security.api.AuthenticationMechanismFactory; -import io.undertow.security.idm.Account; -import io.undertow.security.idm.Credential; -import io.undertow.security.idm.IdentityManager; -import io.undertow.server.handlers.form.FormParserFactory; -import io.undertow.servlet.ServletExtension; -import io.undertow.servlet.api.AuthMethodConfig; -import io.undertow.servlet.api.DeploymentInfo; -import io.undertow.servlet.api.LoginConfig; -import io.undertow.servlet.api.SecurityConstraint; -import io.undertow.servlet.api.ServletSessionConfig; -import io.undertow.servlet.api.WebResourceCollection; -import org.jboss.logging.Logger; -import org.keycloak.adapters.saml.AdapterConstants; -import org.keycloak.adapters.saml.DefaultSamlDeployment; -import org.keycloak.adapters.saml.SamlConfigResolver; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlDeploymentContext; -import org.keycloak.adapters.saml.config.parsers.DeploymentBuilder; -import org.keycloak.adapters.saml.config.parsers.ResourceLoader; -import org.keycloak.adapters.undertow.ChangeSessionId; -import org.keycloak.adapters.undertow.UndertowUserSessionManagement; -import org.keycloak.saml.common.exceptions.ParsingException; - -import javax.servlet.ServletContext; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.InputStream; -import java.util.Map; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class SamlServletExtension implements ServletExtension { - - protected static Logger log = Logger.getLogger(SamlServletExtension.class); - - // todo when this DeploymentInfo method of the same name is fixed. - public boolean isAuthenticationMechanismPresent(DeploymentInfo deploymentInfo, final String mechanismName) { - LoginConfig loginConfig = deploymentInfo.getLoginConfig(); - if (loginConfig != null) { - for (AuthMethodConfig method : loginConfig.getAuthMethods()) { - if (method.getName().equalsIgnoreCase(mechanismName)) { - return true; - } - } - } - return false; - } - - private static InputStream getXMLFromServletContext(ServletContext servletContext) { - String json = servletContext.getInitParameter(AdapterConstants.AUTH_DATA_PARAM_NAME); - if (json == null) { - return null; - } - return new ByteArrayInputStream(json.getBytes()); - } - - private static InputStream getConfigInputStream(ServletContext context) { - InputStream is = getXMLFromServletContext(context); - if (is == null) { - String path = context.getInitParameter("keycloak.config.file"); - if (path == null) { - log.debug("using /WEB-INF/keycloak-saml.xml"); - is = context.getResourceAsStream("/WEB-INF/keycloak-saml.xml"); - } else { - try { - is = new FileInputStream(path); - } catch (FileNotFoundException e) { - throw new RuntimeException(e); - } - } - } - return is; - } - - - @Override - @SuppressWarnings("UseSpecificCatch") - public void handleDeployment(DeploymentInfo deploymentInfo, final ServletContext servletContext) { - if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK-SAML")) { - log.debug("auth-method is not keycloak saml!"); - return; - } - log.debug("SamlServletException initialization"); - - // Possible scenarios: - // 1) The deployment has a keycloak.config.resolver specified and it exists: - // Outcome: adapter uses the resolver - // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) : - // Outcome: adapter is left unconfigured - // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent) - // Outcome: adapter uses it - // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent) - // Outcome: adapter is left unconfigured - - SamlConfigResolver configResolver; - String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver"); - SamlDeploymentContext deploymentContext = null; - if (configResolverClass != null) { - try { - configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance(); - deploymentContext = new SamlDeploymentContext(configResolver); - log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass); - } catch (Exception ex) { - log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage()); - deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment()); - } - } else { - InputStream is = getConfigInputStream(servletContext); - final SamlDeployment deployment; - if (is == null) { - log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests."); - deployment = new DefaultSamlDeployment(); - } else { - try { - ResourceLoader loader = new ResourceLoader() { - @Override - public InputStream getResourceAsStream(String resource) { - return servletContext.getResourceAsStream(resource); - } - }; - deployment = new DeploymentBuilder().build(is, loader); - } catch (ParsingException e) { - throw new RuntimeException(e); - } - } - deploymentContext = new SamlDeploymentContext(deployment); - log.debug("Keycloak is using a per-deployment configuration."); - } - - servletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext); - UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement(); - final ServletSamlAuthMech mech = createAuthMech(deploymentInfo, deploymentContext, userSessionManagement); - mech.addTokenStoreUpdaters(deploymentInfo); - - // setup handlers - - deploymentInfo.addAuthenticationMechanism("KEYCLOAK-SAML", new AuthenticationMechanismFactory() { - @Override - public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map stringStringMap) { - return mech; - } - }); // authentication - - deploymentInfo.setIdentityManager(new IdentityManager() { - @Override - public Account verify(Account account) { - return account; - } - - @Override - public Account verify(String id, Credential credential) { - throw new IllegalStateException("Should never be called in Keycloak flow"); - } - - @Override - public Account verify(Credential credential) { - throw new IllegalStateException("Should never be called in Keycloak flow"); - } - }); - - ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig(); - if (cookieConfig == null) { - cookieConfig = new ServletSessionConfig(); - } - if (cookieConfig.getPath() == null) { - log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath()); - cookieConfig.setPath(deploymentInfo.getContextPath()); - deploymentInfo.setServletSessionConfig(cookieConfig); - } - addEndpointConstraint(deploymentInfo); - - ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo); - - } - - /** - * add security constraint to /saml so that the endpoint can be called and auth mechanism pinged. - * @param deploymentInfo - */ - protected void addEndpointConstraint(DeploymentInfo deploymentInfo) { - SecurityConstraint constraint = new SecurityConstraint(); - WebResourceCollection collection = new WebResourceCollection(); - collection.addUrlPattern("/saml"); - constraint.addWebResourceCollection(collection); - deploymentInfo.addSecurityConstraint(constraint); - } - - protected ServletSamlAuthMech createAuthMech(DeploymentInfo deploymentInfo, SamlDeploymentContext deploymentContext, UndertowUserSessionManagement userSessionManagement) { - return new ServletSamlAuthMech(deploymentContext, userSessionManagement, getErrorPage(deploymentInfo)); - } - - protected String getErrorPage(DeploymentInfo deploymentInfo) { - LoginConfig loginConfig = deploymentInfo.getLoginConfig(); - String errorPage = null; - if (loginConfig != null) { - errorPage = loginConfig.getErrorPage(); - } - return errorPage; - } -} diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlAuthMech.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlAuthMech.java deleted file mode 100755 index df1a471b07..0000000000 --- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlAuthMech.java +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.server.HttpServerExchange; -import io.undertow.servlet.handlers.ServletRequestContext; -import io.undertow.util.Headers; - -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlDeploymentContext; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.spi.*; -import org.keycloak.adapters.undertow.ServletHttpFacade; -import org.keycloak.adapters.undertow.UndertowHttpFacade; -import org.keycloak.adapters.undertow.UndertowUserSessionManagement; - -import io.undertow.servlet.api.DeploymentInfo; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import java.io.IOException; -import java.lang.reflect.*; -import java.util.Map; -import org.jboss.logging.Logger; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class ServletSamlAuthMech extends AbstractSamlAuthMech { - - private static final Logger LOG = Logger.getLogger(ServletSamlAuthMech.class); - - protected SessionIdMapper idMapper = new InMemorySessionIdMapper(); - protected SessionIdMapperUpdater idMapperUpdater = SessionIdMapperUpdater.DIRECT; - - public ServletSamlAuthMech(SamlDeploymentContext deploymentContext, UndertowUserSessionManagement sessionManagement, String errorPage) { - super(deploymentContext, sessionManagement, errorPage); - } - - public void addTokenStoreUpdaters(DeploymentInfo deploymentInfo) { - deploymentInfo.addSessionListener(new IdMapperUpdaterSessionListener(idMapper)); // This takes care of HTTP sessions manipulated locally - SessionIdMapperUpdater updater = SessionIdMapperUpdater.EXTERNAL; - - try { - Map initParameters = deploymentInfo.getInitParameters(); - String idMapperSessionUpdaterClasses = initParameters == null - ? null - : initParameters.get("keycloak.sessionIdMapperUpdater.classes"); - if (idMapperSessionUpdaterClasses == null) { - return; - } - - for (String clazz : idMapperSessionUpdaterClasses.split("\\s*,\\s*")) { - if (! clazz.isEmpty()) { - updater = invokeAddTokenStoreUpdaterMethod(clazz, deploymentInfo, updater); - } - } - } finally { - setIdMapperUpdater(updater); - } - } - - private SessionIdMapperUpdater invokeAddTokenStoreUpdaterMethod(String idMapperSessionUpdaterClass, DeploymentInfo deploymentInfo, - SessionIdMapperUpdater previousIdMapperUpdater) { - try { - Class clazz = deploymentInfo.getClassLoader().loadClass(idMapperSessionUpdaterClass); - Method addTokenStoreUpdatersMethod = clazz.getMethod("addTokenStoreUpdaters", DeploymentInfo.class, SessionIdMapper.class, SessionIdMapperUpdater.class); - if (! Modifier.isStatic(addTokenStoreUpdatersMethod.getModifiers()) - || ! Modifier.isPublic(addTokenStoreUpdatersMethod.getModifiers()) - || ! SessionIdMapperUpdater.class.isAssignableFrom(addTokenStoreUpdatersMethod.getReturnType())) { - LOG.errorv("addTokenStoreUpdaters method in class {0} has to be public static. Ignoring class.", idMapperSessionUpdaterClass); - return previousIdMapperUpdater; - } - - LOG.debugv("Initializing sessionIdMapperUpdater class {0}", idMapperSessionUpdaterClass); - return (SessionIdMapperUpdater) addTokenStoreUpdatersMethod.invoke(null, deploymentInfo, idMapper, previousIdMapperUpdater); - } catch (ClassNotFoundException | NoSuchMethodException | SecurityException ex) { - LOG.warnv(ex, "Cannot use sessionIdMapperUpdater class {0}", idMapperSessionUpdaterClass); - return previousIdMapperUpdater; - } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException ex) { - LOG.warnv(ex, "Cannot use {0}.addTokenStoreUpdaters(DeploymentInfo, SessionIdMapper) method", idMapperSessionUpdaterClass); - return previousIdMapperUpdater; - } - } - - @Override - protected SamlSessionStore getTokenStore(HttpServerExchange exchange, HttpFacade facade, SamlDeployment deployment, SecurityContext securityContext) { - return new ServletSamlSessionStore(exchange, sessionManagement, securityContext, idMapper, idMapperUpdater, deployment); - } - - @Override - protected UndertowHttpFacade createFacade(HttpServerExchange exchange) { - return new ServletHttpFacade(exchange); - } - - @Override - protected void redirectLogout(SamlDeployment deployment, HttpServerExchange exchange) { - exchange.getResponseHeaders().add(Headers.CACHE_CONTROL, "no-cache, no-store, must-revalidate"); - exchange.getResponseHeaders().add(Headers.PRAGMA, "no-cache"); - exchange.getResponseHeaders().add(Headers.EXPIRES, "0"); - - super.redirectLogout(deployment, exchange); - } - - @Override - protected Integer servePage(HttpServerExchange exchange, String location) { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - ServletRequest req = servletRequestContext.getServletRequest(); - ServletResponse resp = servletRequestContext.getServletResponse(); - RequestDispatcher disp = req.getRequestDispatcher(location); - //make sure the login page is never cached - exchange.getResponseHeaders().add(Headers.CACHE_CONTROL, "no-cache, no-store, must-revalidate"); - exchange.getResponseHeaders().add(Headers.PRAGMA, "no-cache"); - exchange.getResponseHeaders().add(Headers.EXPIRES, "0"); - - - try { - disp.forward(req, resp); - } catch (ServletException e) { - throw new RuntimeException(e); - } catch (IOException e) { - throw new RuntimeException(e); - } - return null; - } - - public SessionIdMapperUpdater getIdMapperUpdater() { - return idMapperUpdater; - } - - protected void setIdMapperUpdater(SessionIdMapperUpdater idMapperUpdater) { - this.idMapperUpdater = idMapperUpdater; - } -} diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java deleted file mode 100755 index 449a876c77..0000000000 --- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/ServletSamlSessionStore.java +++ /dev/null @@ -1,263 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.security.idm.Account; -import io.undertow.server.HttpServerExchange; -import io.undertow.server.session.SessionManager; -import io.undertow.servlet.handlers.ServletRequestContext; -import io.undertow.servlet.spec.HttpSessionImpl; -import org.jboss.logging.Logger; - -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlSession; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.saml.SamlUtil; -import org.keycloak.adapters.spi.SessionIdMapper; -import org.keycloak.adapters.spi.SessionIdMapperUpdater; -import org.keycloak.adapters.undertow.ChangeSessionId; -import org.keycloak.adapters.undertow.SavedRequest; -import org.keycloak.adapters.undertow.ServletHttpFacade; -import org.keycloak.adapters.undertow.UndertowUserSessionManagement; -import org.keycloak.common.util.KeycloakUriBuilder; -import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.xml.datatype.DatatypeConstants; -import javax.xml.datatype.XMLGregorianCalendar; -import java.security.Principal; -import java.util.LinkedList; -import java.util.List; -import java.util.Set; - -/** - * Session store manipulation methods per single HTTP exchange. - * - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class ServletSamlSessionStore implements SamlSessionStore { - protected static Logger log = Logger.getLogger(SamlSessionStore.class); - public static final String SAML_REDIRECT_URI = "SAML_REDIRECT_URI"; - - private final HttpServerExchange exchange; - private final UndertowUserSessionManagement sessionManagement; - private final SecurityContext securityContext; - private final SessionIdMapper idMapper; - private final SessionIdMapperUpdater idMapperUpdater; - protected final SamlDeployment deployment; - - - public ServletSamlSessionStore(HttpServerExchange exchange, UndertowUserSessionManagement sessionManagement, - SecurityContext securityContext, - SessionIdMapper idMapper, SessionIdMapperUpdater idMapperUpdater, - SamlDeployment deployment) { - this.exchange = exchange; - this.sessionManagement = sessionManagement; - this.securityContext = securityContext; - this.idMapper = idMapper; - this.deployment = deployment; - this.idMapperUpdater = idMapperUpdater; - } - - @Override - public void setCurrentAction(CurrentAction action) { - if (action == CurrentAction.NONE && getRequest().getSession(false) == null) return; - getRequest().getSession().setAttribute(CURRENT_ACTION, action); - } - - @Override - public boolean isLoggingIn() { - HttpSession session = getRequest().getSession(false); - if (session == null) return false; - CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION); - return action == CurrentAction.LOGGING_IN; - } - - @Override - public boolean isLoggingOut() { - HttpSession session = getRequest().getSession(false); - if (session == null) return false; - CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION); - return action == CurrentAction.LOGGING_OUT; - } - - @Override - public void logoutAccount() { - HttpSession session = getSession(false); - if (session != null) { - SamlSession samlSession = (SamlSession)session.getAttribute(SamlSession.class.getName()); - if (samlSession != null) { - if (samlSession.getSessionIndex() != null) { - idMapperUpdater.removeSession(idMapper, session.getId()); - } - session.removeAttribute(SamlSession.class.getName()); - } - session.removeAttribute(SAML_REDIRECT_URI); - } - } - - @Override - public void logoutByPrincipal(String principal) { - Set sessions = idMapper.getUserSessions(principal); - if (sessions != null) { - List ids = new LinkedList<>(); - ids.addAll(sessions); - logoutSessionIds(ids); - for (String id : ids) { - idMapperUpdater.removeSession(idMapper, id); - } - } - - } - - @Override - public void logoutBySsoId(List ssoIds) { - if (ssoIds == null) return; - List sessionIds = new LinkedList<>(); - for (String id : ssoIds) { - String sessionId = idMapper.getSessionFromSSO(id); - if (sessionId != null) { - sessionIds.add(sessionId); - idMapperUpdater.removeSession(idMapper, sessionId); - } - - } - logoutSessionIds(sessionIds); - } - - protected void logoutSessionIds(List sessionIds) { - if (sessionIds == null || sessionIds.isEmpty()) return; - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - SessionManager sessionManager = servletRequestContext.getDeployment().getSessionManager(); - sessionManagement.logoutHttpSessions(sessionManager, sessionIds); - } - - @Override - public boolean isLoggedIn() { - HttpSession session = getSession(false); - if (session == null) { - log.debug("Session was not found"); - return false; - } - - if (! idMapper.hasSession(session.getId()) && ! idMapperUpdater.refreshMapping(idMapper, session.getId())) { - log.debugf("Session %s has expired on some other node", session.getId()); - session.removeAttribute(SamlSession.class.getName()); - return false; - } - - final SamlSession samlSession = SamlUtil.validateSamlSession(session.getAttribute(SamlSession.class.getName()), deployment); - if (samlSession == null) { - return false; - } - - Account undertowAccount = new Account() { - @Override - public Principal getPrincipal() { - return samlSession.getPrincipal(); - } - - @Override - public Set getRoles() { - return samlSession.getRoles(); - } - }; - securityContext.authenticationComplete(undertowAccount, "KEYCLOAK-SAML", false); - restoreRequest(); - return true; - } - - @Override - public void saveAccount(SamlSession account) { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - HttpSession session = getSession(true); - session.setAttribute(SamlSession.class.getName(), account); - sessionManagement.login(servletRequestContext.getDeployment().getSessionManager()); - String sessionId = changeSessionId(session); - idMapperUpdater.map(idMapper, account.getSessionIndex(), account.getPrincipal().getSamlSubject(), sessionId); - } - - protected String changeSessionId(HttpSession session) { - if (!deployment.turnOffChangeSessionIdOnLogin()) return ChangeSessionId.changeSessionId(exchange, false); - else return session.getId(); - } - - @Override - public SamlSession getAccount() { - HttpSession session = getSession(true); - return (SamlSession)session.getAttribute(SamlSession.class.getName()); - } - - @Override - public String getRedirectUri() { - final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true); - String redirect = (String)session.getAttribute(SAML_REDIRECT_URI); - if (redirect == null) { - ServletHttpFacade facade = new ServletHttpFacade(exchange); - HttpServletRequest req = (HttpServletRequest)sc.getServletRequest(); - String contextPath = req.getContextPath(); - String baseUri = KeycloakUriBuilder.fromUri(req.getRequestURL().toString()).replacePath(contextPath).build().toString(); - return SamlUtil.getRedirectTo(facade, contextPath, baseUri); - } - return redirect; - } - - @Override - public void saveRequest() { - SavedRequest.trySaveRequest(exchange); - final ServletRequestContext sc = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - HttpSessionImpl session = sc.getCurrentServletContext().getSession(exchange, true); - KeycloakUriBuilder uriBuilder = KeycloakUriBuilder.fromUri(exchange.getRequestURI()) - .replaceQuery(exchange.getQueryString()); - if (!exchange.isHostIncludedInRequestURI()) uriBuilder.scheme(exchange.getRequestScheme()).host(exchange.getHostAndPort()); - String uri = uriBuilder.buildAsString(); - - session.setAttribute(SAML_REDIRECT_URI, uri); - - } - - @Override - public boolean restoreRequest() { - HttpSession session = getSession(false); - if (session == null) return false; - SavedRequest.tryRestoreRequest(exchange, session); - session.removeAttribute(SAML_REDIRECT_URI); - return false; - } - - protected HttpSession getSession(boolean create) { - HttpServletRequest req = getRequest(); - return req.getSession(create); - } - - private HttpServletResponse getResponse() { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - return (HttpServletResponse)servletRequestContext.getServletResponse(); - - } - - private HttpServletRequest getRequest() { - final ServletRequestContext servletRequestContext = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY); - return (HttpServletRequest) servletRequestContext.getServletRequest(); - } -} diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlAuthenticator.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlAuthenticator.java deleted file mode 100755 index 40fa1d6bad..0000000000 --- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlAuthenticator.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.undertow; - -import io.undertow.security.api.SecurityContext; -import io.undertow.security.idm.Account; -import org.keycloak.adapters.saml.SamlAuthenticator; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlSession; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler; -import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler; -import org.keycloak.adapters.spi.HttpFacade; - -import java.security.Principal; -import java.util.Set; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class UndertowSamlAuthenticator extends SamlAuthenticator { - protected SecurityContext securityContext; - - public UndertowSamlAuthenticator(SecurityContext securityContext, HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) { - super(facade, deployment, sessionStore); - this.securityContext = securityContext; - } - - @Override - protected void completeAuthentication(final SamlSession samlSession) { - Account undertowAccount = new Account() { - @Override - public Principal getPrincipal() { - return samlSession.getPrincipal(); - } - - @Override - public Set getRoles() { - return samlSession.getRoles(); - } - }; - securityContext.authenticationComplete(undertowAccount, "KEYCLOAK-SAML", false); - - } - - @Override - protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) { - return new BrowserHandler(facade, deployment, sessionStore); - } - -} diff --git a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlEndpoint.java b/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlEndpoint.java deleted file mode 100755 index 3f5cc1a649..0000000000 --- a/adapters/saml/undertow/src/main/java/org/keycloak/adapters/saml/undertow/UndertowSamlEndpoint.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.adapters.saml.undertow; - -import org.keycloak.adapters.saml.SamlAuthenticator; -import org.keycloak.adapters.saml.SamlDeployment; -import org.keycloak.adapters.saml.SamlSession; -import org.keycloak.adapters.saml.SamlSessionStore; -import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler; -import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint; -import org.keycloak.adapters.spi.HttpFacade; - -/** - * @author Bill Burke - * @version $Revision: 1 $ - */ -public class UndertowSamlEndpoint extends SamlAuthenticator { - public UndertowSamlEndpoint(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) { - super(facade, deployment, sessionStore); - } - - - - @Override - protected void completeAuthentication(SamlSession samlSession) { - - } - - @Override - protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) { - return new SamlEndpoint(facade, deployment, sessionStore); - } -} diff --git a/adapters/saml/undertow/src/main/resources/META-INF/services/io.undertow.servlet.ServletExtension b/adapters/saml/undertow/src/main/resources/META-INF/services/io.undertow.servlet.ServletExtension deleted file mode 100644 index f385fd0328..0000000000 --- a/adapters/saml/undertow/src/main/resources/META-INF/services/io.undertow.servlet.ServletExtension +++ /dev/null @@ -1,18 +0,0 @@ -# -# Copyright 2018 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -org.keycloak.adapters.saml.undertow.SamlServletExtension diff --git a/distribution/feature-packs/adapter-feature-pack/pom.xml b/distribution/feature-packs/adapter-feature-pack/pom.xml index e36605f059..7308d1b28b 100755 --- a/distribution/feature-packs/adapter-feature-pack/pom.xml +++ b/distribution/feature-packs/adapter-feature-pack/pom.xml @@ -92,16 +92,6 @@ - - org.keycloak - keycloak-undertow-adapter-spi - - - * - * - - - diff --git a/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml b/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml index 36ce0f1831..e47f36ef34 100755 --- a/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml +++ b/distribution/feature-packs/adapter-feature-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml @@ -22,7 +22,6 @@ - diff --git a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/pom.xml b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/pom.xml index 05f1758387..60a58660f1 100644 --- a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/pom.xml +++ b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/pom.xml @@ -134,17 +134,6 @@ provided - - org.keycloak - keycloak-saml-undertow-adapter - - - * - * - - - provided - org.keycloak keycloak-saml-wildfly-elytron-jakarta-adapter @@ -167,17 +156,6 @@ provided - - org.keycloak - keycloak-undertow-adapter-spi - - - * - * - - - provided - ${ee.maven.groupId} wildfly-ee-galleon-pack @@ -296,4 +274,4 @@ - \ No newline at end of file + diff --git a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/license/licenses.xml b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/license/licenses.xml index 1ff56094a1..a3d29b01ce 100644 --- a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/license/licenses.xml +++ b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/license/licenses.xml @@ -11,16 +11,6 @@ - - org.keycloak - keycloak-undertow-adapter-spi - - - Apache License 2.0 - https://raw.githubusercontent.com/keycloak/keycloak/999-SNAPSHOT/LICENSE.txt - - - org.keycloak keycloak-common @@ -101,16 +91,6 @@ - - org.keycloak - keycloak-saml-undertow-adapter - - - Apache License 2.0 - https://raw.githubusercontent.com/keycloak/keycloak/999-SNAPSHOT/LICENSE.txt - - - org.keycloak keycloak-saml-wildfly-elytron-jakarta-adapter diff --git a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml index f995f6b8b9..e5257ae305 100755 --- a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml +++ b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-adapter-spi/main/module.xml @@ -22,7 +22,6 @@ - diff --git a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml deleted file mode 100755 index d89e36e07f..0000000000 --- a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml +++ /dev/null @@ -1,46 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-saml-wildfly-elytron-jakarta-adapter/main/module.xml b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-saml-wildfly-elytron-jakarta-adapter/main/module.xml index a4a47421dc..2aab185f96 100755 --- a/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-saml-wildfly-elytron-jakarta-adapter/main/module.xml +++ b/distribution/galleon-feature-packs/saml-adapter-galleon-pack/src/main/resources/modules/system/add-ons/keycloak/org/keycloak/keycloak-saml-wildfly-elytron-jakarta-adapter/main/module.xml @@ -33,7 +33,6 @@ - diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/build.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/build.xml index 77c7555eae..b98e0ae98e 100755 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/build.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/build.xml @@ -49,7 +49,6 @@ - @@ -72,10 +71,6 @@ - - - - diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/pom.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/pom.xml index 634ddcbee2..75afb5d546 100755 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/pom.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/pom.xml @@ -74,16 +74,6 @@ - - org.keycloak - keycloak-undertow-adapter-spi - - - * - * - - - org.keycloak keycloak-saml-core @@ -124,16 +114,6 @@ - - org.keycloak - keycloak-saml-undertow-adapter - - - * - * - - - org.keycloak keycloak-saml-core-public diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/src/main/resources/modules/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/src/main/resources/modules/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml deleted file mode 100644 index c0427427c8..0000000000 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/src/main/resources/modules/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml +++ /dev/null @@ -1,46 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-elytron-jakarta-adapter/main/module.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-elytron-jakarta-adapter/main/module.xml index f0af445e5a..ab3757b621 100644 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-elytron-jakarta-adapter/main/module.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-jakarta-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-elytron-jakarta-adapter/main/module.xml @@ -33,7 +33,6 @@ - diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/build.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/build.xml index 9153837d0f..910cb7664c 100755 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/build.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/build.xml @@ -49,7 +49,6 @@ - @@ -72,10 +71,6 @@ - - - - diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml index 68cc6b7070..abb008cad1 100755 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/pom.xml @@ -74,16 +74,6 @@ - - org.keycloak - keycloak-undertow-adapter-spi - - - * - * - - - org.keycloak keycloak-saml-core @@ -124,16 +114,6 @@ - - org.keycloak - keycloak-saml-undertow-adapter - - - * - * - - - org.keycloak keycloak-saml-core-public diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml deleted file mode 100755 index d4cefc52e3..0000000000 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-undertow-adapter/main/module.xml +++ /dev/null @@ -1,46 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-elytron-adapter/main/module.xml b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-elytron-adapter/main/module.xml index 093ffa8ee6..4e83c4b1f5 100755 --- a/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-elytron-adapter/main/module.xml +++ b/distribution/saml-adapters/wildfly-adapter/wildfly-modules/src/main/resources/modules/org/keycloak/keycloak-saml-wildfly-elytron-adapter/main/module.xml @@ -34,7 +34,6 @@ - diff --git a/pom.xml b/pom.xml index bb3d9e4bee..6bb198c368 100644 --- a/pom.xml +++ b/pom.xml @@ -1133,11 +1133,6 @@ keycloak-saml-wildfly-jakarta-subsystem ${project.version} - - org.keycloak - keycloak-saml-undertow-adapter - ${project.version} - org.keycloak keycloak-services diff --git a/testsuite/integration-arquillian/servers/adapter-spi/pom.xml b/testsuite/integration-arquillian/servers/adapter-spi/pom.xml index 9d9cf35eec..76a5fb9491 100644 --- a/testsuite/integration-arquillian/servers/adapter-spi/pom.xml +++ b/testsuite/integration-arquillian/servers/adapter-spi/pom.xml @@ -15,7 +15,6 @@ undertow-adapter-spi-jakarta - undertow-adapter-saml-jakarta @@ -34,4 +33,4 @@ - \ No newline at end of file + diff --git a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/.gitignore b/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/.gitignore deleted file mode 100644 index aa8e45f12b..0000000000 --- a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/.gitignore +++ /dev/null @@ -1 +0,0 @@ -src/ \ No newline at end of file diff --git a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml b/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml deleted file mode 100644 index ac693279da..0000000000 --- a/testsuite/integration-arquillian/servers/adapter-spi/undertow-adapter-saml-jakarta/pom.xml +++ /dev/null @@ -1,130 +0,0 @@ - - - - integration-arquillian-servers-adapter-spi - org.keycloak.testsuite - 999.0.0-SNAPSHOT - ../pom.xml - - 4.0.0 - - keycloak-saml-undertow-adapter-jakarta - Undertow SAML Adapter (JakartaEE) - jar - - - ${project.basedir}/../../../../../adapters/saml/undertow - ${project.basedir} - - - - - org.keycloak - keycloak-saml-core - provided - - - org.keycloak - keycloak-adapter-spi - provided - - - org.keycloak - keycloak-common - provided - - - org.keycloak - keycloak-saml-adapter-api-public - provided - - - org.keycloak - keycloak-saml-adapter-core - provided - - - org.keycloak.testsuite - keycloak-undertow-adapter-spi-jakarta - ${project.version} - - - org.jboss.logging - jboss-logging - provided - - - jakarta.servlet - jakarta.servlet-api - provided - - - io.undertow - undertow-servlet - provided - - - io.undertow - undertow-core - provided - - - junit - junit - test - - - - - - - maven-antrun-plugin - 3.1.0 - - - transform - initialize - - run - - - - - - - - - - - - - - - - - - - - - - - - - - org.eclipse.transformer - org.eclipse.transformer.cli - 0.5.0 - - - org.apache.ant - ant - 1.10.14 - - - - - - - \ No newline at end of file diff --git a/testsuite/utils/pom.xml b/testsuite/utils/pom.xml index 4a55f425d7..7beecc1cbd 100755 --- a/testsuite/utils/pom.xml +++ b/testsuite/utils/pom.xml @@ -181,11 +181,6 @@ org.keycloak keycloak-authz-client - - org.keycloak.testsuite - keycloak-saml-undertow-adapter-jakarta - ${project.version} - org.keycloak.testsuite