force post binding switch
This commit is contained in:
Bill Burke
parent
b3fe650e27
commit
f715a026ba
4 changed files with 46 additions and 9 deletions
|
|
@ -363,6 +363,7 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application,
|
||||||
$scope.samlAssertionSignature = false;
|
$scope.samlAssertionSignature = false;
|
||||||
$scope.samlClientSignature = false;
|
$scope.samlClientSignature = false;
|
||||||
$scope.samlEncrypt = false;
|
$scope.samlEncrypt = false;
|
||||||
|
$scope.samlForcePostBinding = false;
|
||||||
if (!$scope.create) {
|
if (!$scope.create) {
|
||||||
if (!application.attributes) {
|
if (!application.attributes) {
|
||||||
application.attributes = {};
|
application.attributes = {};
|
||||||
|
|
@ -442,6 +443,13 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application,
|
||||||
$scope.samlMultiValuedRoles = false;
|
$scope.samlMultiValuedRoles = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if ($scope.application.attributes["saml.force.post.binding"]) {
|
||||||
|
if ($scope.application.attributes["saml.force.post.binding"] == "true") {
|
||||||
|
$scope.samlForcePostBinding = true;
|
||||||
|
} else {
|
||||||
|
$scope.samlForcePostBinding = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$scope.switchChange = function() {
|
$scope.switchChange = function() {
|
||||||
$scope.changed = true;
|
$scope.changed = true;
|
||||||
|
|
@ -534,6 +542,12 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application,
|
||||||
} else {
|
} else {
|
||||||
$scope.application.attributes["saml.multivalued.roles"] = "false";
|
$scope.application.attributes["saml.multivalued.roles"] = "false";
|
||||||
|
|
||||||
|
}
|
||||||
|
if ($scope.samlForcePostBinding == true) {
|
||||||
|
$scope.application.attributes["saml.force.post.binding"] = "true";
|
||||||
|
} else {
|
||||||
|
$scope.application.attributes["saml.force.post.binding"] = "false";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$scope.application.protocol = $scope.protocol;
|
$scope.application.protocol = $scope.protocol;
|
||||||
|
|
|
||||||
|
|
@ -56,6 +56,13 @@
|
||||||
</div>
|
</div>
|
||||||
<span tooltip-placement="right" tooltip="'Confidential' applications require a secret to initiate login protocol. 'Public' clients do not require a secret. 'Bearer-only' applications are web services that never initiate a login." class="fa fa-info-circle"></span>
|
<span tooltip-placement="right" tooltip="'Confidential' applications require a secret to initiate login protocol. 'Public' clients do not require a secret. 'Bearer-only' applications are web services that never initiate a login." class="fa fa-info-circle"></span>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-group clearfix block" data-ng-show="protocol == 'saml'">
|
||||||
|
<label class="col-sm-2 control-label" for="samlServerSignature">Force POST Responses</label>
|
||||||
|
<div class="col-sm-6">
|
||||||
|
<input ng-model="samlAuthnStatement" ng-click="switchChange()" name="samlAuthnStatement" id="samlAuthnStatement" onoffswitch />
|
||||||
|
</div>
|
||||||
|
<span tooltip-placement="right" tooltip="Should a statement specifying the method and timestamp be included in login responses?" class="fa fa-info-circle"></span>
|
||||||
|
</div>
|
||||||
<div class="form-group clearfix block" data-ng-show="protocol == 'saml'">
|
<div class="form-group clearfix block" data-ng-show="protocol == 'saml'">
|
||||||
<label class="col-sm-2 control-label" for="samlServerSignature">Include AuthnStatement</label>
|
<label class="col-sm-2 control-label" for="samlServerSignature">Include AuthnStatement</label>
|
||||||
<div class="col-sm-6">
|
<div class="col-sm-6">
|
||||||
|
|
@ -111,6 +118,13 @@
|
||||||
</div>
|
</div>
|
||||||
<span tooltip-placement="right" tooltip="Will the client sign their saml requests and responses? And should they be validated?" class="fa fa-info-circle"></span>
|
<span tooltip-placement="right" tooltip="Will the client sign their saml requests and responses? And should they be validated?" class="fa fa-info-circle"></span>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-group clearfix block" data-ng-show="protocol == 'saml'">
|
||||||
|
<label class="col-sm-2 control-label" for="samlForcePostBinding">Force POST Binding</label>
|
||||||
|
<div class="col-sm-6">
|
||||||
|
<input ng-model="samlForcePostBinding" ng-click="switchChange()" name="samlForcePostBinding" id="samlForcePostBinding" onoffswitch />
|
||||||
|
</div>
|
||||||
|
<span tooltip-placement="right" tooltip="Always use POST binding for responses." class="fa fa-info-circle"></span>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-group" data-ng-show="!application.bearerOnly">
|
<div class="form-group" data-ng-show="!application.bearerOnly">
|
||||||
<label class="col-sm-2 control-label" for="newRedirectUri">Redirect URI <span class="required" data-ng-show="create">*</span></label>
|
<label class="col-sm-2 control-label" for="newRedirectUri">Redirect URI <span class="required" data-ng-show="create">*</span></label>
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,14 @@ public class SamlProtocol implements LoginProtocol {
|
||||||
public static final String SAML_BINDING = "saml_binding";
|
public static final String SAML_BINDING = "saml_binding";
|
||||||
public static final String SAML_POST_BINDING = "post";
|
public static final String SAML_POST_BINDING = "post";
|
||||||
public static final String SAML_GET_BINDING = "get";
|
public static final String SAML_GET_BINDING = "get";
|
||||||
|
public static final String SAML_SERVER_SIGNATURE = "saml.server.signature";
|
||||||
|
public static final String SAML_ASSERTION_SIGNATURE = "saml.assertion.signature";
|
||||||
|
public static final String SAML_AUTHNSTATEMENT = "saml.authnstatement";
|
||||||
|
public static final String SAML_MULTIVALUED_ROLES = "saml.multivalued.roles";
|
||||||
|
public static final String SAML_SIGNATURE_ALGORITHM = "saml.signature.algorithm";
|
||||||
|
public static final String SAML_ENCRYPT = "saml.encrypt";
|
||||||
|
public static final String SAML_FORCE_POST_BINDING = "saml.force.post.binding";
|
||||||
|
public static final String REQUEST_ID = "REQUEST_ID";
|
||||||
|
|
||||||
protected KeycloakSession session;
|
protected KeycloakSession session;
|
||||||
|
|
||||||
|
|
@ -98,14 +106,15 @@ public class SamlProtocol implements LoginProtocol {
|
||||||
}
|
}
|
||||||
|
|
||||||
protected boolean isPostBinding(ClientSessionModel clientSession) {
|
protected boolean isPostBinding(ClientSessionModel clientSession) {
|
||||||
return SamlProtocol.SAML_POST_BINDING.equals(clientSession.getNote(SamlProtocol.SAML_BINDING));
|
ClientModel client = clientSession.getClient();
|
||||||
|
return SamlProtocol.SAML_POST_BINDING.equals(clientSession.getNote(SamlProtocol.SAML_BINDING)) || "true".equals(client.getAttribute(SAML_FORCE_POST_BINDING));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Response authenticated(UserSessionModel userSession, ClientSessionCode accessCode) {
|
public Response authenticated(UserSessionModel userSession, ClientSessionCode accessCode) {
|
||||||
ClientSessionModel clientSession = accessCode.getClientSession();
|
ClientSessionModel clientSession = accessCode.getClientSession();
|
||||||
ClientModel client = clientSession.getClient();
|
ClientModel client = clientSession.getClient();
|
||||||
String requestID = clientSession.getNote("REQUEST_ID");
|
String requestID = clientSession.getNote(REQUEST_ID);
|
||||||
String relayState = clientSession.getNote(GeneralConstants.RELAY_STATE);
|
String relayState = clientSession.getNote(GeneralConstants.RELAY_STATE);
|
||||||
String redirectUri = clientSession.getRedirectUri();
|
String redirectUri = clientSession.getRedirectUri();
|
||||||
String responseIssuer = getResponseIssuer(realm);
|
String responseIssuer = getResponseIssuer(realm);
|
||||||
|
|
@ -166,23 +175,23 @@ public class SamlProtocol implements LoginProtocol {
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean requiresRealmSignature(ClientModel client) {
|
private boolean requiresRealmSignature(ClientModel client) {
|
||||||
return "true".equals(client.getAttribute("saml.server.signature"));
|
return "true".equals(client.getAttribute(SAML_SERVER_SIGNATURE));
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean requiresAssertionSignature(ClientModel client) {
|
private boolean requiresAssertionSignature(ClientModel client) {
|
||||||
return "true".equals(client.getAttribute("saml.assertion.signature"));
|
return "true".equals(client.getAttribute(SAML_ASSERTION_SIGNATURE));
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean includeAuthnStatement(ClientModel client) {
|
private boolean includeAuthnStatement(ClientModel client) {
|
||||||
return "true".equals(client.getAttribute("saml.authnstatement"));
|
return "true".equals(client.getAttribute(SAML_AUTHNSTATEMENT));
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean multivaluedRoles(ClientModel client) {
|
private boolean multivaluedRoles(ClientModel client) {
|
||||||
return "true".equals(client.getAttribute("saml.multivalued.roles"));
|
return "true".equals(client.getAttribute(SAML_MULTIVALUED_ROLES));
|
||||||
}
|
}
|
||||||
|
|
||||||
public static SignatureAlgorithm getSignatureAlgorithm(ClientModel client) {
|
public static SignatureAlgorithm getSignatureAlgorithm(ClientModel client) {
|
||||||
String alg = client.getAttribute("saml.signature.algorithm");
|
String alg = client.getAttribute(SAML_SIGNATURE_ALGORITHM);
|
||||||
if (alg != null) {
|
if (alg != null) {
|
||||||
SignatureAlgorithm algorithm = SignatureAlgorithm.valueOf(alg);
|
SignatureAlgorithm algorithm = SignatureAlgorithm.valueOf(alg);
|
||||||
if (algorithm != null) return algorithm;
|
if (algorithm != null) return algorithm;
|
||||||
|
|
@ -191,7 +200,7 @@ public class SamlProtocol implements LoginProtocol {
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean requiresEncryption(ClientModel client) {
|
private boolean requiresEncryption(ClientModel client) {
|
||||||
return "true".equals(client.getAttribute("saml.encrypt"));
|
return "true".equals(client.getAttribute(SAML_ENCRYPT));
|
||||||
}
|
}
|
||||||
|
|
||||||
public void initClaims(SALM2LoginResponseBuilder builder, ClientModel model, UserModel user) {
|
public void initClaims(SALM2LoginResponseBuilder builder, ClientModel model, UserModel user) {
|
||||||
|
|
|
||||||
|
|
@ -198,7 +198,7 @@ public class SamlService {
|
||||||
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE);
|
clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE);
|
||||||
clientSession.setNote(SamlProtocol.SAML_BINDING, getBindingType());
|
clientSession.setNote(SamlProtocol.SAML_BINDING, getBindingType());
|
||||||
clientSession.setNote(GeneralConstants.RELAY_STATE, relayState);
|
clientSession.setNote(GeneralConstants.RELAY_STATE, relayState);
|
||||||
clientSession.setNote("REQUEST_ID", requestAbstractType.getID());
|
clientSession.setNote(SamlProtocol.REQUEST_ID, requestAbstractType.getID());
|
||||||
|
|
||||||
Response response = authManager.checkNonFormAuthentication(session, clientSession, realm, uriInfo, request, clientConnection, headers, event);
|
Response response = authManager.checkNonFormAuthentication(session, clientSession, realm, uriInfo, request, clientConnection, headers, event);
|
||||||
if (response != null) return response;
|
if (response != null) return response;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue