Stian Thorgersen
6f731dfee9
Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2
...
Some adjustments for KEYCLOAK-3056 / PR #3893
2017-06-22 08:44:32 +02:00
Thomas Skjølberg
241c58dd61
Add unit tests related to signatures, check that a signature is present when want assertion signing.
2017-06-02 15:36:52 +02:00
Hynek Mlnarik
67a05ee227
KEYCLOAK-4790 Fix empty attribute value issue in SAML parser
2017-05-23 15:14:25 +02:00
Stian Thorgersen
f63c60855e
Fix compilation error in SAMLParserTest.java
2017-05-08 14:45:45 +02:00
Bill Burke
e1b6ba13cc
Merge pull request #3893 from anderius/feature/KEYCLOAK-3056-verify-signature
...
[WIP] Saml broker: Added wantAssertionsSigned and wantAssertionsEncrypted
2017-05-05 09:04:41 -04:00
Bas van Schaik
ff6dbd6bde
Fix lgtm.com alert: cast int to long before multiplication
...
The integer multiplication has the potential to overflow before the
result is being cast to the 'long' result.
Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/XMLTimeUtil.java#V133
2017-04-28 14:54:47 +01:00
Stian Thorgersen
87dedb56e5
Set version to 3.2.0.CR1-SNAPSHOT
2017-04-27 14:23:03 +02:00
Hynek Mlnarik
d7615d6a68
KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter
2017-04-26 11:59:37 +02:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
Stian Thorgersen
4dcb8d2c2a
Merge pull request #3931 from hmlnarik/KEYCLOAK-4552
...
KEYCLOAK-4552
2017-03-13 12:31:33 +01:00
Hynek Mlnarik
42954e84d9
KEYCLOAK-4552
2017-03-10 10:59:50 +01:00
Mark Pardijs
c78c0b73d3
KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse
...
Add OneTimeUse Condition to SAMLResponse when configured in client settings
2017-03-09 13:01:05 +01:00
Anders Båtstrand
224c9c5395
KEYCLOAK-4489 Use event reader from AbstractParser, which handles newlines and whitespace.
2017-03-07 19:05:07 +01:00
Anders Båtstrand
89c6cda2ac
Two new configuration options for the Saml broker:
...
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
* wantAssertionsEncrypted: This will simply require that the assertion is encrypted.
Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
2017-02-24 15:08:57 +01:00
Hynek Mlnarik
ad0630d04f
KEYCLOAK-4329 Fix NPE when not providing KeyInfo element in IdP initiated SSO SAML
2017-01-30 11:40:48 +01:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
Stian Thorgersen
a18a4477e0
Merge pull request #3784 from hmlnarik/KEYCLOAK-4236-Error-importing-SAML-Metadata-with-AttributeProfile-element-
...
KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata
2017-01-24 10:34:39 +01:00
Hynek Mlnarik
b5212d58ec
KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata
2017-01-23 13:46:01 +01:00
Hynek Mlnarik
99fcc51019
KEYCLOAK-4261 Fix response type to SAML AuthnRequest messages
2017-01-19 16:30:06 +01:00
Stian Thorgersen
8a02ef1859
Merge pull request #3715 from hmlnarik/KEYCLOAK-4160
...
KEYCLOAK-4160
2017-01-09 12:50:38 +01:00
Hynek Mlnarik
0cb5ba0f6e
KEYCLOAK-4160
2017-01-06 07:00:47 +01:00
Hynek Mlnarik
2035398ef4
KEYCLOAK-4148 Instantiate XML DocumentBuilder in singleton-like manner
2017-01-05 16:07:50 +01:00
Hynek Mlnarik
ad9210a7a7
KEYCLOAK-4148 Prevent unnecessary deserialization when supported
...
... and gain another ~ 5-10 %
2017-01-05 10:41:31 +01:00
Hynek Mlnarik
862502f3ed
KEYCLOAK-4148 StringUtils property replacer optimization
...
StringUtils.getSystemPropertyAsString is used in SAML attribute
retrieval and uses StringBuffer and suboptimal regex. This optimization
gains another ~ 3 %.
2017-01-04 15:24:57 +01:00
Hynek Mlnarik
2b57b8371b
KEYCLOAK-4148 Instantiate XML DatatypeFactory in singleton-like manner
...
... to gain another ~ 6 %
2017-01-04 15:24:57 +01:00
Hynek Mlnarik
5150251141
KEYCLOAK-4148 [AbstractParser] instantiate XMLInputFactory in singleton-like manner
2017-01-04 08:06:56 +01:00
Hynek Mlnarik
1eb0cde74f
KEYCLOAK-4148 Instantiate XMLInputFactory in singleton-like manner
2017-01-03 15:34:28 +01:00
Hynek Mlnarik
32f8fd4b9f
KEYCLOAK-3950 - Tests for SAML Name ID format variants in AuthnRequest
2017-01-03 15:34:28 +01:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
Hynek Mlnarik
7d51df4eed
KEYCLOAK-3971 Explicitly set encoding for SAML message processing
2016-12-15 14:04:34 +01:00
Hynek Mlnarik
642de06fb5
KEYCLOAK-4040 Support a letter-case variant of md:OrganizationURL
2016-12-13 16:07:11 +01:00
Hynek Mlnarik
24a36e6848
KEYCLOAK-4057 Do not include KeyName for brokered IdPs
...
Active Directory Federation Services require that the subject name
matches KeyName element when present. While KeyName is beneficial for
Keycloak adapters, it breaks functionality for AD FS as the name
included there is a key ID, not certificate subject expected by AD FS.
This patch contains functionality that excludes KeyName from SAML
messages to identity providers. This behaviour should be made
configurable per client/identity provider and is prepared to do so,
however actual GUI changes are left for a separate patch.
2016-12-09 14:33:40 +01:00
Derek Horton
c149358028
Modified the saml parser to handle boolean attribute value types
...
[KEYCLOAK-4020]
2016-12-02 14:50:36 -06:00
Stian Thorgersen
b771b84f56
Bump to 2.5.0.Final-SNAPSHOT
2016-11-30 15:44:51 +01:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
Hynek Mlnarik
17c13043d0
KEYCLOAK-3087 XmlEncryptionUtil cleanup, 3DES removal
2016-11-14 10:26:39 +01:00
Stian Thorgersen
de7006a048
Merge pull request #3473 from hmlnarik/KEYCLOAK-3215
...
KEYCLOAK-3215 Use RSA-OAEP for key encryption
2016-11-08 10:16:54 +01:00
Hynek Mlnarik
01c42f9359
KEYCLOAK-3215 Use RSA-OAEP for key encryption
2016-11-08 07:44:59 +01:00
Hynek Mlnarik
4f9e35c0a1
KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment)
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
10deac0b06
KEYCLOAK-1881 KeyLocator implementation for SAML descriptor
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
70a8255eae
KEYCLOAK-1881 Basic key locator support
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
d5c3bde0af
KEYCLOAK-1881 Make SAML descriptor endpoint return all certificates
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af
KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
...
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
904a5c3ca5
KEYCLOAK-3864 Add support for SAML2 <Extensions> element in protocol messages
2016-11-04 21:53:43 +01:00
Stian Thorgersen
c615674cbb
Bump version
2016-10-21 07:03:15 +02:00
Bill Burke
8967ca4066
refactor mongo entities, optimize imports
2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d
bump pom version
2016-09-26 11:01:18 -04:00
mposolda
d52e043322
Set version to 2.2.0-SNAPSHOT
2016-08-10 08:57:18 +02:00
Bill Burke
46b4bb0909
KEYCLOAK-3268
2016-07-27 09:28:48 -04:00