58 lines
2.1 KiB
Text
58 lines
2.1 KiB
Text
[[_saml-general-config]]
|
|
|
|
==== General Adapter Config
|
|
|
|
Each SAML client adapter supported by {{book.project.name}} can be configured by a simple XML text file.
|
|
This is what one might look like:
|
|
|
|
[source,xml]
|
|
----
|
|
<keycloak-saml-adapter>
|
|
<SP entityID="http://localhost:8081/sales-post-sig/"
|
|
sslPolicy="EXTERNAL"
|
|
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
|
logoutPage="/logout.jsp"
|
|
forceAuthentication="false"
|
|
isPassive="false"
|
|
turnOffChangeSessionIdOnLogin="false">
|
|
<Keys>
|
|
<Key signing="true" >
|
|
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
|
<PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
|
|
<Certificate alias="http://localhost:8080/sales-post-sig/"/>
|
|
</KeyStore>
|
|
</Key>
|
|
</Keys>
|
|
<PrincipalNameMapping policy="FROM_NAME_ID"/>
|
|
<RoleMapping>
|
|
<Attribute name="Role"/>
|
|
</RoleMapping>
|
|
<IDP entityID="idp"
|
|
signaturesRequired="true">
|
|
<SingleSignOnService requestBinding="POST"
|
|
bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
|
/>
|
|
|
|
<SingleLogoutService
|
|
requestBinding="POST"
|
|
responseBinding="POST"
|
|
postBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
|
redirectBindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"
|
|
/>
|
|
<Keys>
|
|
<Key signing="true">
|
|
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
|
<Certificate alias="demo"/>
|
|
</KeyStore>
|
|
</Key>
|
|
</Keys>
|
|
</IDP>
|
|
</SP>
|
|
</keycloak-saml-adapter>
|
|
----
|
|
|
|
Some of these configuration switches may be adapter specific and some are common across all adapters.
|
|
For Java adapters you can use `$\{...}` enclosure as System property replacement.
|
|
For example `$\{jboss.server.config.dir}`.
|
|
|
|
|