Commit graph

108 commits

Author SHA1 Message Date
Anders Båtstrand
224c9c5395 KEYCLOAK-4489 Use event reader from AbstractParser, which handles newlines and whitespace. 2017-03-07 19:05:07 +01:00
Anders Båtstrand
89c6cda2ac Two new configuration options for the Saml broker:
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
 * wantAssertionsEncrypted: This will simply require that the assertion is encrypted.

 Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
2017-02-24 15:08:57 +01:00
Hynek Mlnarik
ad0630d04f KEYCLOAK-4329 Fix NPE when not providing KeyInfo element in IdP initiated SSO SAML 2017-01-30 11:40:48 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
Stian Thorgersen
a18a4477e0 Merge pull request #3784 from hmlnarik/KEYCLOAK-4236-Error-importing-SAML-Metadata-with-AttributeProfile-element-
KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata
2017-01-24 10:34:39 +01:00
Hynek Mlnarik
b5212d58ec KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata 2017-01-23 13:46:01 +01:00
Hynek Mlnarik
99fcc51019 KEYCLOAK-4261 Fix response type to SAML AuthnRequest messages 2017-01-19 16:30:06 +01:00
Stian Thorgersen
8a02ef1859 Merge pull request #3715 from hmlnarik/KEYCLOAK-4160
KEYCLOAK-4160
2017-01-09 12:50:38 +01:00
Hynek Mlnarik
0cb5ba0f6e KEYCLOAK-4160 2017-01-06 07:00:47 +01:00
Hynek Mlnarik
2035398ef4 KEYCLOAK-4148 Instantiate XML DocumentBuilder in singleton-like manner 2017-01-05 16:07:50 +01:00
Hynek Mlnarik
ad9210a7a7 KEYCLOAK-4148 Prevent unnecessary deserialization when supported
... and gain another ~ 5-10 %
2017-01-05 10:41:31 +01:00
Hynek Mlnarik
862502f3ed KEYCLOAK-4148 StringUtils property replacer optimization
StringUtils.getSystemPropertyAsString is used in SAML attribute
retrieval and uses StringBuffer and suboptimal regex. This optimization
gains another ~ 3 %.
2017-01-04 15:24:57 +01:00
Hynek Mlnarik
2b57b8371b KEYCLOAK-4148 Instantiate XML DatatypeFactory in singleton-like manner
... to gain another ~ 6 %
2017-01-04 15:24:57 +01:00
Hynek Mlnarik
5150251141 KEYCLOAK-4148 [AbstractParser] instantiate XMLInputFactory in singleton-like manner 2017-01-04 08:06:56 +01:00
Hynek Mlnarik
1eb0cde74f KEYCLOAK-4148 Instantiate XMLInputFactory in singleton-like manner 2017-01-03 15:34:28 +01:00
Hynek Mlnarik
32f8fd4b9f KEYCLOAK-3950 - Tests for SAML Name ID format variants in AuthnRequest 2017-01-03 15:34:28 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Hynek Mlnarik
7d51df4eed KEYCLOAK-3971 Explicitly set encoding for SAML message processing 2016-12-15 14:04:34 +01:00
Hynek Mlnarik
642de06fb5 KEYCLOAK-4040 Support a letter-case variant of md:OrganizationURL 2016-12-13 16:07:11 +01:00
Hynek Mlnarik
24a36e6848 KEYCLOAK-4057 Do not include KeyName for brokered IdPs
Active Directory Federation Services require that the subject name
matches KeyName element when present. While KeyName is beneficial for
Keycloak adapters, it breaks functionality for AD FS as the name
included there is a key ID, not certificate subject expected by AD FS.

This patch contains functionality that excludes KeyName from SAML
messages to identity providers. This behaviour should be made
configurable per client/identity provider and is prepared to do so,
however actual GUI changes are left for a separate patch.
2016-12-09 14:33:40 +01:00
Derek Horton
c149358028 Modified the saml parser to handle boolean attribute value types
[KEYCLOAK-4020]
2016-12-02 14:50:36 -06:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Hynek Mlnarik
17c13043d0 KEYCLOAK-3087 XmlEncryptionUtil cleanup, 3DES removal 2016-11-14 10:26:39 +01:00
Stian Thorgersen
de7006a048 Merge pull request #3473 from hmlnarik/KEYCLOAK-3215
KEYCLOAK-3215 Use RSA-OAEP for key encryption
2016-11-08 10:16:54 +01:00
Hynek Mlnarik
01c42f9359 KEYCLOAK-3215 Use RSA-OAEP for key encryption 2016-11-08 07:44:59 +01:00
Hynek Mlnarik
4f9e35c0a1 KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment) 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
10deac0b06 KEYCLOAK-1881 KeyLocator implementation for SAML descriptor 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
70a8255eae KEYCLOAK-1881 Basic key locator support 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
d5c3bde0af KEYCLOAK-1881 Make SAML descriptor endpoint return all certificates 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
904a5c3ca5 KEYCLOAK-3864 Add support for SAML2 <Extensions> element in protocol messages 2016-11-04 21:53:43 +01:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00
Bill Burke
46b4bb0909 KEYCLOAK-3268 2016-07-27 09:28:48 -04:00
Ton Swieb
fed7339558 KEYCLOAK-3265 Support writing a NameIDType AttributeValue 2016-07-05 14:54:38 +02:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Ton Swieb
af5ac7dd6b KEYCLOAK-3100 Rearrange SingleLogoutService and NameIDFormat 2016-06-15 21:16:34 +02:00
Pedro Igor
a39907de76 [KEYCLOAK-3068] - Setting XInclude to false 2016-06-01 16:43:02 -03:00
Pedro Igor
60f954a497 [KEYCLOAK-2894] - Fixing saml signature validation 2016-05-26 10:48:30 -03:00
Bill Burke
cca91dd175 public/private 2016-04-12 15:19:46 -04:00
Stian Thorgersen
28fe13a800 Next is 2.0.0.CR1 2016-03-10 08:13:00 +01:00
Stian Thorgersen
d722e53108 Next is 1.9.2.Final 2016-03-10 07:28:27 +01:00
Bill Burke
32d15e2027 KEYCLOAK-2510 2016-02-29 20:39:44 -05:00
Bill Burke
c0d0c1f39a fix 2016-02-29 16:48:28 -05:00
Bill Burke
64daa568b9 KEYCLOAK-2536 2016-02-29 16:05:43 -05:00
mposolda
e2558ca827 KEYCLOAK-1928 Fix Saml with IBM JDK 2016-02-29 17:32:33 +01:00
Stian Thorgersen
a1d9753ec2 Next is 1.9.1.Final-SNAPSHOT 2016-02-23 08:48:26 +01:00
Stian Thorgersen
4fd97091ff Version bump to 2.0.0.CR1-SNAPSHOT 2016-02-22 11:36:56 +01:00
Pedro Igor
f7ba306016 [KEYCLOAK-2497] - Prevent inserting malicious SAML assertion 2016-02-17 11:51:58 -02:00
Stian Thorgersen
579ab56a5a Bump version to 1.9.0.Final-SNAPSHOT 2016-02-04 15:55:11 +01:00
Stian Thorgersen
c7a8742a36 KEYCLOAK-1524
Source code headers
2016-02-03 11:20:22 +01:00
George Kankava
92a494359d squid:S1125 - Literal boolean values should not be used in condition expressions 2016-01-29 00:22:47 +04:00
Bill Burke
1b0aa8e55b saml logging 2016-01-25 17:38:29 -05:00
Bill Burke
b625ed13a8 fix embedded keycloak, re-org saml-core 2016-01-21 09:56:28 -05:00