Search in sources :

Example 1 with SamlConfigResolver

use of org.keycloak.adapters.saml.SamlConfigResolver in project keycloak by keycloak.

the class KeycloakConfigurationServletListener method contextInitialized.

@Override
public void contextInitialized(ServletContextEvent sce) {
    ServletContext servletContext = sce.getServletContext();
    String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
    SamlDeploymentContext deploymentContext = (SamlDeploymentContext) servletContext.getAttribute(SamlDeployment.class.getName());
    if (deploymentContext == null) {
        if (configResolverClass != null) {
            try {
                SamlConfigResolver configResolver = (SamlConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
                deploymentContext = new SamlDeploymentContext(configResolver);
                log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
            } catch (Exception ex) {
                log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
                deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
            }
        } else {
            InputStream is = getConfigInputStream(servletContext);
            final SamlDeployment deployment;
            if (is == null) {
                log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
                deployment = new DefaultSamlDeployment();
            } else {
                try {
                    ResourceLoader loader = new ResourceLoader() {

                        @Override
                        public InputStream getResourceAsStream(String resource) {
                            return servletContext.getResourceAsStream(resource);
                        }
                    };
                    deployment = new DeploymentBuilder().build(is, loader);
                } catch (ParsingException e) {
                    throw new RuntimeException(e);
                }
            }
            deploymentContext = new SamlDeploymentContext(deployment);
            log.debug("Keycloak is using a per-deployment configuration.");
        }
    }
    addTokenStoreUpdaters(servletContext);
    servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
    servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
    servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_ATTRIBUTE_ELYTRON, idMapper);
    servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_UPDATER_ATTRIBUTE_ELYTRON, idMapperUpdater);
}
Also used : SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext) ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) FileNotFoundException(java.io.FileNotFoundException) InvocationTargetException(java.lang.reflect.InvocationTargetException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ServletContext(javax.servlet.ServletContext) SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Example 2 with SamlConfigResolver

use of org.keycloak.adapters.saml.SamlConfigResolver in project keycloak by keycloak.

the class SamlServletExtension method handleDeployment.

@Override
@SuppressWarnings("UseSpecificCatch")
public void handleDeployment(DeploymentInfo deploymentInfo, final ServletContext servletContext) {
    if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK-SAML")) {
        log.debug("auth-method is not keycloak saml!");
        return;
    }
    log.debug("SamlServletException initialization");
    // Possible scenarios:
    // 1) The deployment has a keycloak.config.resolver specified and it exists:
    // Outcome: adapter uses the resolver
    // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
    // Outcome: adapter is left unconfigured
    // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
    // Outcome: adapter uses it
    // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
    // Outcome: adapter is left unconfigured
    SamlConfigResolver configResolver;
    String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
    SamlDeploymentContext deploymentContext = null;
    if (configResolverClass != null) {
        try {
            configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
            deploymentContext = new SamlDeploymentContext(configResolver);
            log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
        } catch (Exception ex) {
            log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
            deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
        }
    } else {
        InputStream is = getConfigInputStream(servletContext);
        final SamlDeployment deployment;
        if (is == null) {
            log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
            deployment = new DefaultSamlDeployment();
        } else {
            try {
                ResourceLoader loader = new ResourceLoader() {

                    @Override
                    public InputStream getResourceAsStream(String resource) {
                        return servletContext.getResourceAsStream(resource);
                    }
                };
                deployment = new DeploymentBuilder().build(is, loader);
            } catch (ParsingException e) {
                throw new RuntimeException(e);
            }
        }
        deploymentContext = new SamlDeploymentContext(deployment);
        log.debug("Keycloak is using a per-deployment configuration.");
    }
    servletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
    UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
    final ServletSamlAuthMech mech = createAuthMech(deploymentInfo, deploymentContext, userSessionManagement);
    mech.addTokenStoreUpdaters(deploymentInfo);
    // setup handlers
    deploymentInfo.addAuthenticationMechanism("KEYCLOAK-SAML", new AuthenticationMechanismFactory() {

        @Override
        public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
            return mech;
        }
    });
    // authentication
    deploymentInfo.setIdentityManager(new IdentityManager() {

        @Override
        public Account verify(Account account) {
            return account;
        }

        @Override
        public Account verify(String id, Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }

        @Override
        public Account verify(Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }
    });
    ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
    if (cookieConfig == null) {
        cookieConfig = new ServletSessionConfig();
    }
    if (cookieConfig.getPath() == null) {
        log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
        cookieConfig.setPath(deploymentInfo.getContextPath());
        deploymentInfo.setServletSessionConfig(cookieConfig);
    }
    addEndpointConstraint(deploymentInfo);
    ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
}
Also used : SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext) ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) Account(io.undertow.security.idm.Account) IdentityManager(io.undertow.security.idm.IdentityManager) Credential(io.undertow.security.idm.Credential) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) ServletSessionConfig(io.undertow.servlet.api.ServletSessionConfig) FileNotFoundException(java.io.FileNotFoundException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) FormParserFactory(io.undertow.server.handlers.form.FormParserFactory) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) UndertowUserSessionManagement(org.keycloak.adapters.undertow.UndertowUserSessionManagement) SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver) AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Example 3 with SamlConfigResolver

use of org.keycloak.adapters.saml.SamlConfigResolver in project keycloak by keycloak.

the class SamlFilter method init.

@Override
public void init(final FilterConfig filterConfig) throws ServletException {
    deploymentContext = (SamlDeploymentContext) filterConfig.getServletContext().getAttribute(SamlDeploymentContext.class.getName());
    if (deploymentContext != null) {
        idMapper = (SessionIdMapper) filterConfig.getServletContext().getAttribute(SessionIdMapper.class.getName());
        return;
    }
    String configResolverClass = filterConfig.getInitParameter("keycloak.config.resolver");
    if (configResolverClass != null) {
        try {
            SamlConfigResolver configResolver = (SamlConfigResolver) getClass().getClassLoader().loadClass(configResolverClass).newInstance();
            deploymentContext = new SamlDeploymentContext(configResolver);
            log.log(Level.INFO, "Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
        } catch (Exception ex) {
            log.log(Level.WARNING, "The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
            deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
        }
    } else {
        String fp = filterConfig.getInitParameter("keycloak.config.file");
        InputStream is = null;
        if (fp != null) {
            try {
                is = new FileInputStream(fp);
            } catch (FileNotFoundException e) {
                throw new RuntimeException(e);
            }
        } else {
            String path = "/WEB-INF/keycloak-saml.xml";
            String pathParam = filterConfig.getInitParameter("keycloak.config.path");
            if (pathParam != null)
                path = pathParam;
            is = filterConfig.getServletContext().getResourceAsStream(path);
        }
        final SamlDeployment deployment;
        if (is == null) {
            log.info("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
            deployment = new DefaultSamlDeployment();
        } else {
            try {
                ResourceLoader loader = new ResourceLoader() {

                    @Override
                    public InputStream getResourceAsStream(String resource) {
                        return filterConfig.getServletContext().getResourceAsStream(resource);
                    }
                };
                deployment = new DeploymentBuilder().build(is, loader);
            } catch (ParsingException e) {
                throw new RuntimeException(e);
            }
        }
        deploymentContext = new SamlDeploymentContext(deployment);
        log.fine("Keycloak is using a per-deployment configuration.");
    }
    idMapper = new InMemorySessionIdMapper();
    filterConfig.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
    filterConfig.getServletContext().setAttribute(SessionIdMapper.class.getName(), idMapper);
}
Also used : SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext) ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) InMemorySessionIdMapper(org.keycloak.adapters.spi.InMemorySessionIdMapper) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) FileNotFoundException(java.io.FileNotFoundException) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) FileInputStream(java.io.FileInputStream) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver) InMemorySessionIdMapper(org.keycloak.adapters.spi.InMemorySessionIdMapper) SessionIdMapper(org.keycloak.adapters.spi.SessionIdMapper) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Aggregations

FileInputStream (java.io.FileInputStream)3 FileNotFoundException (java.io.FileNotFoundException)3 InputStream (java.io.InputStream)3 DefaultSamlDeployment (org.keycloak.adapters.saml.DefaultSamlDeployment)3 SamlConfigResolver (org.keycloak.adapters.saml.SamlConfigResolver)3 SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)3 SamlDeploymentContext (org.keycloak.adapters.saml.SamlDeploymentContext)3 DeploymentBuilder (org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)3 ResourceLoader (org.keycloak.adapters.saml.config.parsers.ResourceLoader)3 ParsingException (org.keycloak.saml.common.exceptions.ParsingException)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)1 AuthenticationMechanismFactory (io.undertow.security.api.AuthenticationMechanismFactory)1 Account (io.undertow.security.idm.Account)1 Credential (io.undertow.security.idm.Credential)1 IdentityManager (io.undertow.security.idm.IdentityManager)1 FormParserFactory (io.undertow.server.handlers.form.FormParserFactory)1 ServletSessionConfig (io.undertow.servlet.api.ServletSessionConfig)1 IOException (java.io.IOException)1 InvocationTargetException (java.lang.reflect.InvocationTargetException)1