Konstantinos Georgilakis
1fa93db1b4
KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing
2020-09-02 20:43:09 +02:00
Luca Leonardo Scorcia
da6530471b
KEYCLOAK-14742 SAML2NameIDPolicyBuilder: add AllowCreate and SPNameQualifier properties
2020-07-25 10:16:57 +02:00
Lorent Lempereur
e82fe7d9e3
KEYCLOAK-13950 SAML2 Identity Provider - Send Subject in SAML requests
2020-07-24 21:41:57 +02:00
Luca Leonardo Scorcia
46bf139cb4
KEYCLOAK-14741 Minor SAML specs compliance improvements
2020-07-20 21:08:12 +02:00
mwalliczek
dc73397176
KEYCLOAK-14698 Support complex SAML Attribute Values (e.g. XUA++)
2020-07-15 12:41:11 +02:00
Luca Leonardo Scorcia
d6934c64fd
Refactor SAML metadata generation to use the SAMLMetadataWriter class
2020-07-09 09:39:35 +02:00
Luca Leonardo Scorcia
b4127bb7d7
KEYCLOAK-13713 Define a write method for XMLGregorianCalendar attributes
2020-07-03 10:04:51 +02:00
Hiroyuki Wada
f73b51818b
KEYCLOAK-14113 Support for exchanging to SAML 2.0 token
2020-06-19 22:08:42 +02:00
Hynek Mlnarik
7deb89caab
KEYCLOAK-10729 Do not serialize SAML signature
2020-05-25 15:38:17 +02:00
Hynek Mlnarik
32f13016fa
KEYCLOAK-12874 Align Destination field existence check with spec
2020-05-04 09:19:44 +02:00
Dmitry Telegin
b6c5acef25
KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID
2020-02-06 08:53:31 +01:00
rmartinc
d39dfd8688
KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters
2020-02-05 11:30:28 +01:00
Thomas Darimont
fc397e8cd7
KEYCLOAK-12732 Improve SAMLAttribute parsing of unknown attributes
...
We now store all unknown attributes present on a SAMLAttribute element
in the "otherAttributes" map associated with the element.
Previously only the x500:encoding attribute was handled while parsing
attribute elements.
2020-01-31 10:15:11 +01:00
Andrei Arlou
b6a3fba6e3
KEYCLOAK-12568 Remove unused method from org.keycloak.saml.processing.core.saml.v2.factories.JBossSAMLAuthnResponseFactory
2020-01-14 13:21:29 +01:00
vramik
3b1bdb216a
KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem
2020-01-14 13:17:13 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
mhajas
28b01bc34d
KEYCLOAK-12609 Fix integer overflow for SAML XMLTimeUtil add method parameters
2020-01-06 13:53:16 +01:00
Andrei Arlou
23b794aa51
KEYCLOAK-12313 Remove unused method from org.keycloak.saml.common.util.DocumentUtil
2019-12-20 15:03:42 +01:00
Andrei Arlou
6ee6001f39
KEYCLOAK-12203 Remove unused constants from module "saml-core"
2019-11-29 22:47:24 +01:00
Andrei Arlou
5f50c2951a
KEYCLOAK-12202 Remove unnecessary modificators for enums and interfaces in module "saml-core"
2019-11-26 08:46:22 +01:00
Andrei Arlou
ca46c7f718
KEYCLOAK-12201 Use diamond operator for collections in module "saml-core"
2019-11-26 08:13:35 +01:00
Douglas Palmer
a32c8c5190
[KEYCLOAK-11185] Fixed build with JDK 11
2019-11-04 10:56:07 -03:00
Gideon Caranzo
e07fd9ffa3
KEYCLOAK-9936 Added optional hooks for preprocessing SAML authentication
...
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2019-10-29 13:06:59 +01:00
mhajas
57a8fcb669
KEYCLOAK-10776 Add session expiration to Keycloak saml login response
2019-07-24 13:35:07 +02:00
mhajas
bf33cb0cf9
KEYCLOAK-9102 Add tests for Saml RelayState
2019-07-24 12:28:00 +02:00
Steeve Beroard
fc9a0e1766
[KEYCLOAK-8104] Keycloak SAML Adapter does not support clockSkew configuration
...
Co-Authored-By: vramik <vramik@redhat.com>
2019-07-15 13:08:52 +02:00
Hynek Mlnarik
ca4e14fbfa
KEYCLOAK-7852 Use original NameId value in logout requests
2019-07-04 19:30:21 +02:00
vramik
f7c8896181
KEYCLOAK-10401 Fix log debug message in ConditionsValidator
2019-05-30 10:11:01 +02:00
vramik
d64f716a20
KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title
2019-05-20 09:51:04 +02:00
Michael Parker
7bd1f32eb1
KEYCLOAK-9077 Adds support for SAML SessionNotOnOrAfter attribute in response xml serialization
2019-03-05 09:05:41 +01:00
Hynek Mlnarik
d90a5d1367
KEYCLOAK-8594 Fix missing option to Base64 encoder
2018-11-22 21:48:00 +01:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
Hynek Mlnarik
17a1a33987
KEYCLOAK-7740 Support parsing of xs:date type
2018-10-02 19:54:40 +02:00
Hynek Mlnarik
2bf6d75e57
KEYCLOAK-8010 Improve handling of Conditions SAML tag
2018-09-19 14:00:28 +02:00
Hynek Mlnarik
9f839f001f
KEYCLOAK-8218 Do not clear SAML REDIRECT query parameters
2018-09-04 11:16:06 +02:00
Hynek Mlnarik
1f840b1fbc
KEYCLOAK-8109 Fix getDOMElement
2018-08-24 10:03:33 +02:00
Hynek Mlnarik
a8a9631d4f
KEYCLOAK-6832 Unify Destination attribute handling
2018-08-09 10:30:30 +02:00
Hynek Mlnarik
f43519a16e
KEYCLOAK-6708 Fix NPE when email not set for email NameIDFormat
2018-07-27 11:10:35 +02:00
Hynek Mlnarik
6b968796ce
KEYCLOAK-7667 Fix namespace handling when decrypting assertion
2018-06-21 13:09:18 +02:00
Ola Bergefall
c8c76cc03f
KEYCLOAK-7316: Default back to false if isPassive is missing in request.
2018-06-07 08:50:32 +02:00
Your Name
6052b1546d
removed LANG-dependent check #7444
2018-06-06 12:53:58 +02:00
Patric Vormstein
fe98c30077
[KEYCLOAK-6412] - Handle Proxy Restriction Tag incl. Test
2018-03-22 11:15:22 +01:00
mhajas
2a4663c940
KEYCLOAK-6471 Refactor SAML metadata parsers
2018-02-28 14:08:06 +01:00
Hynek Mlnarik
1f20c03afa
KEYCLOAK-6470 Refactor SAML adapter parsers
2018-02-27 09:37:29 +01:00
Hynek Mlnarik
e7cdb8ad54
KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers
2018-02-23 08:16:14 +01:00
Hynek Mlnarik
12a2f23101
KEYCLOAK-6651 Fix JDK7 compilation issue
2018-02-21 09:43:04 +01:00
Hynek Mlnarik
84ea3f8cb1
KEYCLOAK-4315 Remove some dead/duplicate classes
2018-02-13 15:41:36 +01:00
Hynek Mlnarik
c07b60d527
KEYCLOAK-6474 Fix NPE on SAML logout
2018-02-07 08:05:36 +01:00
Hynek Mlnarik
c7cba6d5ad
KEYCLOAK-6109 Skip Scoping element in AuthnRequest
2018-01-18 11:40:13 +01:00
Hynek Mlnarik
958185ec51
KEYCLOAK-4809 Support for SAML AttributeAuthorityDescriptor.Attribute elements
2017-12-13 11:55:40 +01:00
Hynek Mlnarik
e6a64e234b
KEYCLOAK-5644 Skip Advice tag in SAML messages
2017-12-13 11:55:40 +01:00
James Stapleton
92cce7a6d4
[KEYCLOAK-5912] Add better improper SAML assertion error handling
2017-12-05 09:48:48 +01:00
pskopek
a993f6fb75
[KEYCLOAK-4979] make schema location map unmodifiable after initial setup + log message change
2017-11-21 09:28:15 +01:00
Thomas Skjølberg
5f20df00d0
[KEYCLOAK-4979] Move picketlink schema, fix resolver and some related tests
2017-11-21 09:28:15 +01:00
Hynek Mlnařík
290f6ed2ad
Merge pull request #4671 from thomasdarimont/issues/remove-duplicate-check-in-saml11requestwriter
...
KEYCLOAK-5837 Remove duplicate check in SAML11AuthenticationQueryType
2017-11-13 14:49:11 +01:00
Thomas Darimont
71df504834
KEYCLOAK-5838 Fix comparison in SAMLSloRequestParser and SAMLSloResponseParser
...
The previous comparison was broken (always returned false)
since it compared the enum value with a string.
Calling `.get()` on the enum value to compare the string this the
given local-part fixes the comparison.
See:
73c82d296e/files/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParser.java (xe3bb353ac67565ed)
:1
73c82d296e/files/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloResponseParser.java (xdd5c8cb1952defd)
:1
2017-11-13 13:30:01 +01:00
Thomas Darimont
8cfbb8d0b3
KEYCLOAK-5837 Remove duplicate check in SAML11AuthenticationQueryType
...
The same check is applied in line 83.
2017-11-13 13:26:15 +01:00
Hynek Mlnarik
fe2f65daac
KEYCLOAK-5581 Fix SAML identity broker context serialization
2017-11-03 21:09:18 +01:00
pskopek
d478cdfda4
[KEYCLOAK-4374] Support SAML 2.0 AttributeValue of AnyType and nil
2017-09-27 17:12:51 +02:00
Hynek Mlnarik
9098105a64
KEYCLOAK-5254 Fix NPE - NameID format is optional
2017-09-14 14:59:05 +02:00
Hynek Mlnarik
ab05216730
KEYCLOAK-4775 Added encryption certificate to SAML metadata
2017-07-27 08:18:10 +02:00
Hynek Mlnarik
c7046b6325
KEYCLOAK-4189 Preparation for cross-DC SAML testing
2017-07-25 09:44:36 +02:00
Hynek Mlnarik
d52d685161
KEYCLOAK-4818 Fix undeclared namespace error in context serialization
2017-07-19 15:18:53 +02:00
hmlnarik
b4ad69b841
KEYCLOAK-5115 ( #4272 )
2017-06-29 15:50:50 +02:00
Stian Thorgersen
4be0e36306
Merge pull request #4208 from ASzc/KEYCLOAK-4758
...
KEYCLOAK-4758
2017-06-27 11:35:43 +02:00
Stian Thorgersen
6f731dfee9
Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2
...
Some adjustments for KEYCLOAK-3056 / PR #3893
2017-06-22 08:44:32 +02:00
Alex Szczuczko
5d88c2b8be
KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam.
2017-06-05 16:24:38 -06:00
Thomas Skjølberg
241c58dd61
Add unit tests related to signatures, check that a signature is present when want assertion signing.
2017-06-02 15:36:52 +02:00
Hynek Mlnarik
67a05ee227
KEYCLOAK-4790 Fix empty attribute value issue in SAML parser
2017-05-23 15:14:25 +02:00
Stian Thorgersen
f63c60855e
Fix compilation error in SAMLParserTest.java
2017-05-08 14:45:45 +02:00
Bill Burke
e1b6ba13cc
Merge pull request #3893 from anderius/feature/KEYCLOAK-3056-verify-signature
...
[WIP] Saml broker: Added wantAssertionsSigned and wantAssertionsEncrypted
2017-05-05 09:04:41 -04:00
Bas van Schaik
ff6dbd6bde
Fix lgtm.com alert: cast int to long before multiplication
...
The integer multiplication has the potential to overflow before the
result is being cast to the 'long' result.
Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/XMLTimeUtil.java#V133
2017-04-28 14:54:47 +01:00
Hynek Mlnarik
d7615d6a68
KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter
2017-04-26 11:59:37 +02:00
Stian Thorgersen
4dcb8d2c2a
Merge pull request #3931 from hmlnarik/KEYCLOAK-4552
...
KEYCLOAK-4552
2017-03-13 12:31:33 +01:00
Hynek Mlnarik
42954e84d9
KEYCLOAK-4552
2017-03-10 10:59:50 +01:00
Mark Pardijs
c78c0b73d3
KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse
...
Add OneTimeUse Condition to SAMLResponse when configured in client settings
2017-03-09 13:01:05 +01:00
Anders Båtstrand
224c9c5395
KEYCLOAK-4489 Use event reader from AbstractParser, which handles newlines and whitespace.
2017-03-07 19:05:07 +01:00
Anders Båtstrand
89c6cda2ac
Two new configuration options for the Saml broker:
...
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
* wantAssertionsEncrypted: This will simply require that the assertion is encrypted.
Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
2017-02-24 15:08:57 +01:00
Hynek Mlnarik
ad0630d04f
KEYCLOAK-4329 Fix NPE when not providing KeyInfo element in IdP initiated SSO SAML
2017-01-30 11:40:48 +01:00
Stian Thorgersen
a18a4477e0
Merge pull request #3784 from hmlnarik/KEYCLOAK-4236-Error-importing-SAML-Metadata-with-AttributeProfile-element-
...
KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata
2017-01-24 10:34:39 +01:00
Hynek Mlnarik
b5212d58ec
KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata
2017-01-23 13:46:01 +01:00
Hynek Mlnarik
99fcc51019
KEYCLOAK-4261 Fix response type to SAML AuthnRequest messages
2017-01-19 16:30:06 +01:00
Stian Thorgersen
8a02ef1859
Merge pull request #3715 from hmlnarik/KEYCLOAK-4160
...
KEYCLOAK-4160
2017-01-09 12:50:38 +01:00
Hynek Mlnarik
0cb5ba0f6e
KEYCLOAK-4160
2017-01-06 07:00:47 +01:00
Hynek Mlnarik
2035398ef4
KEYCLOAK-4148 Instantiate XML DocumentBuilder in singleton-like manner
2017-01-05 16:07:50 +01:00
Hynek Mlnarik
ad9210a7a7
KEYCLOAK-4148 Prevent unnecessary deserialization when supported
...
... and gain another ~ 5-10 %
2017-01-05 10:41:31 +01:00
Hynek Mlnarik
862502f3ed
KEYCLOAK-4148 StringUtils property replacer optimization
...
StringUtils.getSystemPropertyAsString is used in SAML attribute
retrieval and uses StringBuffer and suboptimal regex. This optimization
gains another ~ 3 %.
2017-01-04 15:24:57 +01:00
Hynek Mlnarik
2b57b8371b
KEYCLOAK-4148 Instantiate XML DatatypeFactory in singleton-like manner
...
... to gain another ~ 6 %
2017-01-04 15:24:57 +01:00
Hynek Mlnarik
5150251141
KEYCLOAK-4148 [AbstractParser] instantiate XMLInputFactory in singleton-like manner
2017-01-04 08:06:56 +01:00
Hynek Mlnarik
1eb0cde74f
KEYCLOAK-4148 Instantiate XMLInputFactory in singleton-like manner
2017-01-03 15:34:28 +01:00
Hynek Mlnarik
32f8fd4b9f
KEYCLOAK-3950 - Tests for SAML Name ID format variants in AuthnRequest
2017-01-03 15:34:28 +01:00
Hynek Mlnarik
7d51df4eed
KEYCLOAK-3971 Explicitly set encoding for SAML message processing
2016-12-15 14:04:34 +01:00
Hynek Mlnarik
642de06fb5
KEYCLOAK-4040 Support a letter-case variant of md:OrganizationURL
2016-12-13 16:07:11 +01:00
Hynek Mlnarik
24a36e6848
KEYCLOAK-4057 Do not include KeyName for brokered IdPs
...
Active Directory Federation Services require that the subject name
matches KeyName element when present. While KeyName is beneficial for
Keycloak adapters, it breaks functionality for AD FS as the name
included there is a key ID, not certificate subject expected by AD FS.
This patch contains functionality that excludes KeyName from SAML
messages to identity providers. This behaviour should be made
configurable per client/identity provider and is prepared to do so,
however actual GUI changes are left for a separate patch.
2016-12-09 14:33:40 +01:00
Derek Horton
c149358028
Modified the saml parser to handle boolean attribute value types
...
[KEYCLOAK-4020]
2016-12-02 14:50:36 -06:00
Hynek Mlnarik
17c13043d0
KEYCLOAK-3087 XmlEncryptionUtil cleanup, 3DES removal
2016-11-14 10:26:39 +01:00
Stian Thorgersen
de7006a048
Merge pull request #3473 from hmlnarik/KEYCLOAK-3215
...
KEYCLOAK-3215 Use RSA-OAEP for key encryption
2016-11-08 10:16:54 +01:00
Hynek Mlnarik
01c42f9359
KEYCLOAK-3215 Use RSA-OAEP for key encryption
2016-11-08 07:44:59 +01:00
Hynek Mlnarik
4f9e35c0a1
KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment)
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00