Example 1 with SamlDeploymentContext
use of org.keycloak.adapters.saml.SamlDeploymentContext in project keycloak by keycloak.
the class AbstractSamlAuthenticator method initializeKeycloak.
@SuppressWarnings("UseSpecificCatch")
public void initializeKeycloak() {
ServletContext theServletContext = null;
ContextHandler.Context currentContext = ContextHandler.getCurrentContext();
if (currentContext != null) {
String contextPath = currentContext.getContextPath();
if ("".equals(contextPath)) {
// This could be the case in osgi environment when deploying apps through pax whiteboard extension.
theServletContext = currentContext;
} else {
theServletContext = currentContext.getContext(contextPath);
}
}
// Jetty 9.1.x servlet context will be null :(
if (configResolver == null && theServletContext != null) {
String configResolverClass = theServletContext.getInitParameter("keycloak.config.resolver");
if (configResolverClass != null) {
try {
configResolver = (SamlConfigResolver) ContextHandler.getCurrentContext().getClassLoader().loadClass(configResolverClass).newInstance();
log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.infov("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
}
}
}
if (configResolver != null) {
// deploymentContext = new AdapterDeploymentContext(configResolver);
} else if (theServletContext != null) {
InputStream configInputStream = getConfigInputStream(theServletContext);
if (configInputStream != null) {
final ServletContext servletContext = theServletContext;
SamlDeployment deployment = null;
try {
deployment = new DeploymentBuilder().build(configInputStream, new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return servletContext.getResourceAsStream(resource);
}
});
} catch (ParsingException e) {
throw new RuntimeException(e);
}
deploymentContext = new SamlDeploymentContext(deployment);
}
}
if (theServletContext != null)
theServletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
}
Also used :
ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader)
SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
ServletException(javax.servlet.ServletException)
FileNotFoundException(java.io.FileNotFoundException)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
IOException(java.io.IOException)
ServerAuthException(org.eclipse.jetty.security.ServerAuthException)
ContextHandler(org.eclipse.jetty.server.handler.ContextHandler)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
ServletContext(javax.servlet.ServletContext)
DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)
Example 2 with SamlDeploymentContext
use of org.keycloak.adapters.saml.SamlDeploymentContext in project keycloak by keycloak.
the class KeycloakConfigurationServletListener method contextInitialized.
@Override
public void contextInitialized(ServletContextEvent sce) {
ServletContext servletContext = sce.getServletContext();
String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
SamlDeploymentContext deploymentContext = (SamlDeploymentContext) servletContext.getAttribute(SamlDeployment.class.getName());
if (deploymentContext == null) {
if (configResolverClass != null) {
try {
SamlConfigResolver configResolver = (SamlConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new SamlDeploymentContext(configResolver);
log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
}
} else {
InputStream is = getConfigInputStream(servletContext);
final SamlDeployment deployment;
if (is == null) {
log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return servletContext.getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}
deploymentContext = new SamlDeploymentContext(deployment);
log.debug("Keycloak is using a per-deployment configuration.");
}
}
addTokenStoreUpdaters(servletContext);
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_ATTRIBUTE_ELYTRON, idMapper);
servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_UPDATER_ATTRIBUTE_ELYTRON, idMapperUpdater);
}
Also used :
SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext)
ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
FileNotFoundException(java.io.FileNotFoundException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
ServletContext(javax.servlet.ServletContext)
SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver)
DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)
Example 3 with SamlDeploymentContext
use of org.keycloak.adapters.saml.SamlDeploymentContext in project keycloak by keycloak.
the class SamlFilter method init.
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
deploymentContext = (SamlDeploymentContext) filterConfig.getServletContext().getAttribute(SamlDeploymentContext.class.getName());
if (deploymentContext != null) {
idMapper = (SessionIdMapper) filterConfig.getServletContext().getAttribute(SessionIdMapper.class.getName());
return;
}
String configResolverClass = filterConfig.getInitParameter("keycloak.config.resolver");
if (configResolverClass != null) {
try {
SamlConfigResolver configResolver = (SamlConfigResolver) getClass().getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new SamlDeploymentContext(configResolver);
log.log(Level.INFO, "Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.log(Level.WARNING, "The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
}
} else {
String fp = filterConfig.getInitParameter("keycloak.config.file");
InputStream is = null;
if (fp != null) {
try {
is = new FileInputStream(fp);
} catch (FileNotFoundException e) {
throw new RuntimeException(e);
}
} else {
String path = "/WEB-INF/keycloak-saml.xml";
String pathParam = filterConfig.getInitParameter("keycloak.config.path");
if (pathParam != null)
path = pathParam;
is = filterConfig.getServletContext().getResourceAsStream(path);
}
final SamlDeployment deployment;
if (is == null) {
log.info("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return filterConfig.getServletContext().getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}
deploymentContext = new SamlDeploymentContext(deployment);
log.fine("Keycloak is using a per-deployment configuration.");
}
idMapper = new InMemorySessionIdMapper();
filterConfig.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
filterConfig.getServletContext().setAttribute(SessionIdMapper.class.getName(), idMapper);
}
Also used :
SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext)
ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader)
InMemorySessionIdMapper(org.keycloak.adapters.spi.InMemorySessionIdMapper)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
FileNotFoundException(java.io.FileNotFoundException)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
FileInputStream(java.io.FileInputStream)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver)
InMemorySessionIdMapper(org.keycloak.adapters.spi.InMemorySessionIdMapper)
SessionIdMapper(org.keycloak.adapters.spi.SessionIdMapper)
DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)
Example 4 with SamlDeploymentContext
use of org.keycloak.adapters.saml.SamlDeploymentContext in project keycloak by keycloak.
the class SamlServletExtension method handleDeployment.
@Override
@SuppressWarnings("UseSpecificCatch")
public void handleDeployment(DeploymentInfo deploymentInfo, final ServletContext servletContext) {
if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK-SAML")) {
log.debug("auth-method is not keycloak saml!");
return;
}
log.debug("SamlServletException initialization");
// Possible scenarios:
// 1) The deployment has a keycloak.config.resolver specified and it exists:
// Outcome: adapter uses the resolver
// 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
// Outcome: adapter is left unconfigured
// 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
// Outcome: adapter uses it
// 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
// Outcome: adapter is left unconfigured
SamlConfigResolver configResolver;
String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
SamlDeploymentContext deploymentContext = null;
if (configResolverClass != null) {
try {
configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new SamlDeploymentContext(configResolver);
log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
}
} else {
InputStream is = getConfigInputStream(servletContext);
final SamlDeployment deployment;
if (is == null) {
log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return servletContext.getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}
deploymentContext = new SamlDeploymentContext(deployment);
log.debug("Keycloak is using a per-deployment configuration.");
}
servletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
final ServletSamlAuthMech mech = createAuthMech(deploymentInfo, deploymentContext, userSessionManagement);
mech.addTokenStoreUpdaters(deploymentInfo);
// setup handlers
deploymentInfo.addAuthenticationMechanism("KEYCLOAK-SAML", new AuthenticationMechanismFactory() {
@Override
public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
return mech;
}
});
// authentication
deploymentInfo.setIdentityManager(new IdentityManager() {
@Override
public Account verify(Account account) {
return account;
}
@Override
public Account verify(String id, Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
@Override
public Account verify(Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
});
ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
if (cookieConfig == null) {
cookieConfig = new ServletSessionConfig();
}
if (cookieConfig.getPath() == null) {
log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
cookieConfig.setPath(deploymentInfo.getContextPath());
deploymentInfo.setServletSessionConfig(cookieConfig);
}
addEndpointConstraint(deploymentInfo);
ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
}
Also used :
SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext)
ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader)
Account(io.undertow.security.idm.Account)
IdentityManager(io.undertow.security.idm.IdentityManager)
Credential(io.undertow.security.idm.Credential)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
ServletSessionConfig(io.undertow.servlet.api.ServletSessionConfig)
FileNotFoundException(java.io.FileNotFoundException)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
FormParserFactory(io.undertow.server.handlers.form.FormParserFactory)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
UndertowUserSessionManagement(org.keycloak.adapters.undertow.UndertowUserSessionManagement)
SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver)
AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory)
DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)
Example 5 with SamlDeploymentContext
use of org.keycloak.adapters.saml.SamlDeploymentContext in project keycloak by keycloak.
the class KeycloakHttpServerAuthenticationMechanism method evaluateRequest.
@Override
public void evaluateRequest(HttpServerRequest request) throws HttpAuthenticationException {
LOGGER.debugf("Evaluating request for path [%s]", request.getRequestURI());
SamlDeploymentContext deploymentContext = getDeploymentContext(request);
if (deploymentContext == null) {
LOGGER.debugf("Ignoring request for path [%s] from mechanism [%s]. No deployment context found.", request.getRequestURI(), getMechanismName());
request.noAuthenticationInProgress();
return;
}
ElytronHttpFacade httpFacade = new ElytronHttpFacade(request, getSessionIdMapper(request), getSessionIdMapperUpdater(request), deploymentContext, callbackHandler);
SamlDeployment deployment = httpFacade.getDeployment();
if (!deployment.isConfigured()) {
request.noAuthenticationInProgress();
return;
}
if (deployment.getLogoutPage() != null && httpFacade.getRequest().getRelativePath().contains(deployment.getLogoutPage())) {
LOGGER.debugf("Ignoring request for [%s] and logout page [%s].", request.getRequestURI(), deployment.getLogoutPage());
httpFacade.authenticationCompleteAnonymous();
return;
}
SamlAuthenticator authenticator;
if (httpFacade.getRequest().getRelativePath().endsWith("/saml")) {
authenticator = new ElytronSamlEndpoint(httpFacade, deployment);
} else {
authenticator = new ElytronSamlAuthenticator(httpFacade, deployment, callbackHandler);
}
AuthOutcome outcome = authenticator.authenticate();
if (outcome == AuthOutcome.AUTHENTICATED) {
httpFacade.authenticationComplete();
return;
}
if (outcome == AuthOutcome.NOT_AUTHENTICATED) {
httpFacade.noAuthenticationInProgress(null);
return;
}
if (outcome == AuthOutcome.LOGGED_OUT) {
if (deployment.getLogoutPage() != null) {
redirectLogout(deployment, httpFacade);
}
httpFacade.authenticationInProgress();
return;
}
AuthChallenge challenge = authenticator.getChallenge();
if (challenge != null) {
httpFacade.noAuthenticationInProgress(challenge);
return;
}
if (outcome == AuthOutcome.FAILED) {
httpFacade.authenticationFailed();
return;
}
httpFacade.authenticationInProgress();
}
Also used :
SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext)
AuthChallenge(org.keycloak.adapters.spi.AuthChallenge)
SamlAuthenticator(org.keycloak.adapters.saml.SamlAuthenticator)
AuthOutcome(org.keycloak.adapters.spi.AuthOutcome)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
Aggregations
SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)5
SamlDeploymentContext (org.keycloak.adapters.saml.SamlDeploymentContext)5
FileInputStream (java.io.FileInputStream)4
FileNotFoundException (java.io.FileNotFoundException)4
InputStream (java.io.InputStream)4
DeploymentBuilder (org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)4
ResourceLoader (org.keycloak.adapters.saml.config.parsers.ResourceLoader)4
ParsingException (org.keycloak.saml.common.exceptions.ParsingException)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
DefaultSamlDeployment (org.keycloak.adapters.saml.DefaultSamlDeployment)3
SamlConfigResolver (org.keycloak.adapters.saml.SamlConfigResolver)3
IOException (java.io.IOException)2
ServletContext (javax.servlet.ServletContext)2
ServletException (javax.servlet.ServletException)2
AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)1
AuthenticationMechanismFactory (io.undertow.security.api.AuthenticationMechanismFactory)1
Account (io.undertow.security.idm.Account)1
Credential (io.undertow.security.idm.Credential)1
IdentityManager (io.undertow.security.idm.IdentityManager)1
FormParserFactory (io.undertow.server.handlers.form.FormParserFactory)1
