Commit graph

87 commits

Author SHA1 Message Date
pskopek
a993f6fb75 [KEYCLOAK-4979] make schema location map unmodifiable after initial setup + log message change 2017-11-21 09:28:15 +01:00
Thomas Skjølberg
5f20df00d0 [KEYCLOAK-4979] Move picketlink schema, fix resolver and some related tests 2017-11-21 09:28:15 +01:00
Hynek Mlnařík
290f6ed2ad
Merge pull request #4671 from thomasdarimont/issues/remove-duplicate-check-in-saml11requestwriter
KEYCLOAK-5837 Remove duplicate check in SAML11AuthenticationQueryType
2017-11-13 14:49:11 +01:00
Thomas Darimont
71df504834 KEYCLOAK-5838 Fix comparison in SAMLSloRequestParser and SAMLSloResponseParser
The previous comparison was broken (always returned false)
since it compared the enum value with a string.
Calling `.get()` on the enum value to compare the string this the
given local-part fixes the comparison.

See:
73c82d296e/files/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParser.java (xe3bb353ac67565ed):1
73c82d296e/files/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloResponseParser.java (xdd5c8cb1952defd):1
2017-11-13 13:30:01 +01:00
Thomas Darimont
8cfbb8d0b3 KEYCLOAK-5837 Remove duplicate check in SAML11AuthenticationQueryType
The same check is applied in line 83.
2017-11-13 13:26:15 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Hynek Mlnarik
fe2f65daac KEYCLOAK-5581 Fix SAML identity broker context serialization 2017-11-03 21:09:18 +01:00
pskopek
d478cdfda4 [KEYCLOAK-4374] Support SAML 2.0 AttributeValue of AnyType and nil 2017-09-27 17:12:51 +02:00
Hynek Mlnarik
9098105a64 KEYCLOAK-5254 Fix NPE - NameID format is optional 2017-09-14 14:59:05 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
ab05216730 KEYCLOAK-4775 Added encryption certificate to SAML metadata 2017-07-27 08:18:10 +02:00
Hynek Mlnarik
c7046b6325 KEYCLOAK-4189 Preparation for cross-DC SAML testing 2017-07-25 09:44:36 +02:00
Hynek Mlnarik
d52d685161 KEYCLOAK-4818 Fix undeclared namespace error in context serialization 2017-07-19 15:18:53 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
hmlnarik
b4ad69b841 KEYCLOAK-5115 (#4272) 2017-06-29 15:50:50 +02:00
Stian Thorgersen
4be0e36306 Merge pull request #4208 from ASzc/KEYCLOAK-4758
KEYCLOAK-4758
2017-06-27 11:35:43 +02:00
Stian Thorgersen
6f731dfee9 Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2
Some adjustments for KEYCLOAK-3056 / PR #3893
2017-06-22 08:44:32 +02:00
Alex Szczuczko
5d88c2b8be KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam. 2017-06-05 16:24:38 -06:00
Thomas Skjølberg
241c58dd61 Add unit tests related to signatures, check that a signature is present when want assertion signing. 2017-06-02 15:36:52 +02:00
Hynek Mlnarik
67a05ee227 KEYCLOAK-4790 Fix empty attribute value issue in SAML parser 2017-05-23 15:14:25 +02:00
Stian Thorgersen
f63c60855e Fix compilation error in SAMLParserTest.java 2017-05-08 14:45:45 +02:00
Bill Burke
e1b6ba13cc Merge pull request #3893 from anderius/feature/KEYCLOAK-3056-verify-signature
[WIP] Saml broker: Added wantAssertionsSigned and wantAssertionsEncrypted
2017-05-05 09:04:41 -04:00
Bas van Schaik
ff6dbd6bde Fix lgtm.com alert: cast int to long before multiplication
The integer multiplication has the potential to overflow before the
result is being cast to the 'long' result.

Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/XMLTimeUtil.java#V133
2017-04-28 14:54:47 +01:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Hynek Mlnarik
d7615d6a68 KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter 2017-04-26 11:59:37 +02:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Stian Thorgersen
4dcb8d2c2a Merge pull request #3931 from hmlnarik/KEYCLOAK-4552
KEYCLOAK-4552
2017-03-13 12:31:33 +01:00
Hynek Mlnarik
42954e84d9 KEYCLOAK-4552 2017-03-10 10:59:50 +01:00
Mark Pardijs
c78c0b73d3 KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse
Add OneTimeUse Condition to SAMLResponse when configured in client settings
2017-03-09 13:01:05 +01:00
Anders Båtstrand
224c9c5395 KEYCLOAK-4489 Use event reader from AbstractParser, which handles newlines and whitespace. 2017-03-07 19:05:07 +01:00
Anders Båtstrand
89c6cda2ac Two new configuration options for the Saml broker:
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
 * wantAssertionsEncrypted: This will simply require that the assertion is encrypted.

 Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
2017-02-24 15:08:57 +01:00
Hynek Mlnarik
ad0630d04f KEYCLOAK-4329 Fix NPE when not providing KeyInfo element in IdP initiated SSO SAML 2017-01-30 11:40:48 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
Stian Thorgersen
a18a4477e0 Merge pull request #3784 from hmlnarik/KEYCLOAK-4236-Error-importing-SAML-Metadata-with-AttributeProfile-element-
KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata
2017-01-24 10:34:39 +01:00
Hynek Mlnarik
b5212d58ec KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata 2017-01-23 13:46:01 +01:00
Hynek Mlnarik
99fcc51019 KEYCLOAK-4261 Fix response type to SAML AuthnRequest messages 2017-01-19 16:30:06 +01:00
Stian Thorgersen
8a02ef1859 Merge pull request #3715 from hmlnarik/KEYCLOAK-4160
KEYCLOAK-4160
2017-01-09 12:50:38 +01:00
Hynek Mlnarik
0cb5ba0f6e KEYCLOAK-4160 2017-01-06 07:00:47 +01:00
Hynek Mlnarik
2035398ef4 KEYCLOAK-4148 Instantiate XML DocumentBuilder in singleton-like manner 2017-01-05 16:07:50 +01:00
Hynek Mlnarik
ad9210a7a7 KEYCLOAK-4148 Prevent unnecessary deserialization when supported
... and gain another ~ 5-10 %
2017-01-05 10:41:31 +01:00
Hynek Mlnarik
862502f3ed KEYCLOAK-4148 StringUtils property replacer optimization
StringUtils.getSystemPropertyAsString is used in SAML attribute
retrieval and uses StringBuffer and suboptimal regex. This optimization
gains another ~ 3 %.
2017-01-04 15:24:57 +01:00
Hynek Mlnarik
2b57b8371b KEYCLOAK-4148 Instantiate XML DatatypeFactory in singleton-like manner
... to gain another ~ 6 %
2017-01-04 15:24:57 +01:00
Hynek Mlnarik
5150251141 KEYCLOAK-4148 [AbstractParser] instantiate XMLInputFactory in singleton-like manner 2017-01-04 08:06:56 +01:00
Hynek Mlnarik
1eb0cde74f KEYCLOAK-4148 Instantiate XMLInputFactory in singleton-like manner 2017-01-03 15:34:28 +01:00
Hynek Mlnarik
32f8fd4b9f KEYCLOAK-3950 - Tests for SAML Name ID format variants in AuthnRequest 2017-01-03 15:34:28 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Hynek Mlnarik
7d51df4eed KEYCLOAK-3971 Explicitly set encoding for SAML message processing 2016-12-15 14:04:34 +01:00
Hynek Mlnarik
642de06fb5 KEYCLOAK-4040 Support a letter-case variant of md:OrganizationURL 2016-12-13 16:07:11 +01:00
Hynek Mlnarik
24a36e6848 KEYCLOAK-4057 Do not include KeyName for brokered IdPs
Active Directory Federation Services require that the subject name
matches KeyName element when present. While KeyName is beneficial for
Keycloak adapters, it breaks functionality for AD FS as the name
included there is a key ID, not certificate subject expected by AD FS.

This patch contains functionality that excludes KeyName from SAML
messages to identity providers. This behaviour should be made
configurable per client/identity provider and is prepared to do so,
however actual GUI changes are left for a separate patch.
2016-12-09 14:33:40 +01:00
Derek Horton
c149358028 Modified the saml parser to handle boolean attribute value types
[KEYCLOAK-4020]
2016-12-02 14:50:36 -06:00