Search in sources :

Example 1 with DeploymentBuilder

use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.

the class AbstractSamlAuthenticator method initializeKeycloak.

@SuppressWarnings("UseSpecificCatch")
public void initializeKeycloak() {
    ServletContext theServletContext = null;
    ContextHandler.Context currentContext = ContextHandler.getCurrentContext();
    if (currentContext != null) {
        String contextPath = currentContext.getContextPath();
        if ("".equals(contextPath)) {
            // This could be the case in osgi environment when deploying apps through pax whiteboard extension.
            theServletContext = currentContext;
        } else {
            theServletContext = currentContext.getContext(contextPath);
        }
    }
    // Jetty 9.1.x servlet context will be null :(
    if (configResolver == null && theServletContext != null) {
        String configResolverClass = theServletContext.getInitParameter("keycloak.config.resolver");
        if (configResolverClass != null) {
            try {
                configResolver = (SamlConfigResolver) ContextHandler.getCurrentContext().getClassLoader().loadClass(configResolverClass).newInstance();
                log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
            } catch (Exception ex) {
                log.infov("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
            }
        }
    }
    if (configResolver != null) {
    // deploymentContext = new AdapterDeploymentContext(configResolver);
    } else if (theServletContext != null) {
        InputStream configInputStream = getConfigInputStream(theServletContext);
        if (configInputStream != null) {
            final ServletContext servletContext = theServletContext;
            SamlDeployment deployment = null;
            try {
                deployment = new DeploymentBuilder().build(configInputStream, new ResourceLoader() {

                    @Override
                    public InputStream getResourceAsStream(String resource) {
                        return servletContext.getResourceAsStream(resource);
                    }
                });
            } catch (ParsingException e) {
                throw new RuntimeException(e);
            }
            deploymentContext = new SamlDeploymentContext(deployment);
        }
    }
    if (theServletContext != null)
        theServletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
}
Also used : ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) ServletException(javax.servlet.ServletException) FileNotFoundException(java.io.FileNotFoundException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) IOException(java.io.IOException) ServerAuthException(org.eclipse.jetty.security.ServerAuthException) ContextHandler(org.eclipse.jetty.server.handler.ContextHandler) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ServletContext(javax.servlet.ServletContext) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Example 2 with DeploymentBuilder

use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.

the class AbstractSamlAuthenticatorValve method keycloakInit.

@SuppressWarnings("UseSpecificCatch")
public void keycloakInit() {
    // Possible scenarios:
    // 1) The deployment has a keycloak.config.resolver specified and it exists:
    // Outcome: adapter uses the resolver
    // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
    // Outcome: adapter is left unconfigured
    // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
    // Outcome: adapter uses it
    // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
    // Outcome: adapter is left unconfigured
    String configResolverClass = context.getServletContext().getInitParameter("keycloak.config.resolver");
    if (configResolverClass != null) {
        try {
            SamlConfigResolver configResolver = (SamlConfigResolver) context.getLoader().getClassLoader().loadClass(configResolverClass).newInstance();
            deploymentContext = new SamlDeploymentContext(configResolver);
            log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
        } catch (Exception ex) {
            log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", configResolverClass, ex.getMessage());
            deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
        }
    } else {
        InputStream is = getConfigInputStream(context);
        final SamlDeployment deployment;
        if (is == null) {
            log.error("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
            deployment = new DefaultSamlDeployment();
        } else {
            try {
                ResourceLoader loader = new ResourceLoader() {

                    @Override
                    public InputStream getResourceAsStream(String resource) {
                        return context.getServletContext().getResourceAsStream(resource);
                    }
                };
                deployment = new DeploymentBuilder().build(is, loader);
            } catch (ParsingException e) {
                throw new RuntimeException(e);
            }
        }
        deploymentContext = new SamlDeploymentContext(deployment);
        log.debug("Keycloak is using a per-deployment configuration.");
    }
    context.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
    addTokenStoreUpdaters();
}
Also used : ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Example 3 with DeploymentBuilder

use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.

the class PropertiesBasedRoleMapperTest method testPropertiesBasedRoleMapper.

@Test
public void testPropertiesBasedRoleMapper() throws Exception {
    InputStream is = getClass().getResourceAsStream("config/parsers/keycloak-saml-with-role-mappings-provider.xml");
    SamlDeployment deployment = new DeploymentBuilder().build(is, new ResourceLoader() {

        @Override
        public InputStream getResourceAsStream(String resource) {
            return this.getClass().getClassLoader().getResourceAsStream(resource);
        }
    });
    // retrieve the configured role mappings provider - in this case we know it is the properties-based implementation.
    RoleMappingsProvider provider = deployment.getRoleMappingsProvider();
    // if provider was properly configured we should be able to see the mappings as specified in the properties file.
    final Set<String> samlRoles = new HashSet<>(Arrays.asList(new String[] { "samlRoleA", "samlRoleB", "samlRoleC" }));
    final Set<String> mappedRoles = provider.map("kc-user", samlRoles);
    // we expect samlRoleB to be removed, samlRoleA to be mapped into two roles (jeeRoleX, jeeRoleY) and also the principal should
    // be granted an extra role (jeeRoleZ).
    assertNotNull(mappedRoles);
    assertEquals(4, mappedRoles.size());
    Set<String> expectedRoles = new HashSet<>(Arrays.asList(new String[] { "samlRoleC", "jeeRoleX", "jeeRoleY", "jeeRoleZ" }));
    assertEquals(expectedRoles, mappedRoles);
}
Also used : ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) InputStream(java.io.InputStream) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 4 with DeploymentBuilder

use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.

the class SamlUtils method getSamlDeploymentForClient.

public static SamlDeployment getSamlDeploymentForClient(String client) throws ParsingException {
    InputStream is = SamlUtils.class.getResourceAsStream("/adapter-test/keycloak-saml/" + client + "/WEB-INF/keycloak-saml.xml");
    // InputStream -> Document
    Document doc = IOUtil.loadXML(is);
    // Modify saml deployment the same way as before deploying to real app server
    DeploymentArchiveProcessorUtils.modifySAMLDocument(doc);
    // Document -> InputStream
    InputStream isProcessed = IOUtil.documentToInputStream(doc);
    // InputStream -> SamlDeployment
    ResourceLoader loader = new ResourceLoader() {

        @Override
        public InputStream getResourceAsStream(String resource) {
            return getClass().getResourceAsStream("/adapter-test/keycloak-saml/" + client + resource);
        }
    };
    return new DeploymentBuilder().build(isProcessed, loader);
}
Also used : ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) StringInputStream(org.apache.tools.ant.filters.StringInputStream) InputStream(java.io.InputStream) Document(org.w3c.dom.Document) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Example 5 with DeploymentBuilder

use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.

the class KeycloakConfigurationServletListener method contextInitialized.

@Override
public void contextInitialized(ServletContextEvent sce) {
    ServletContext servletContext = sce.getServletContext();
    String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
    SamlDeploymentContext deploymentContext = (SamlDeploymentContext) servletContext.getAttribute(SamlDeployment.class.getName());
    if (deploymentContext == null) {
        if (configResolverClass != null) {
            try {
                SamlConfigResolver configResolver = (SamlConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
                deploymentContext = new SamlDeploymentContext(configResolver);
                log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
            } catch (Exception ex) {
                log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
                deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
            }
        } else {
            InputStream is = getConfigInputStream(servletContext);
            final SamlDeployment deployment;
            if (is == null) {
                log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
                deployment = new DefaultSamlDeployment();
            } else {
                try {
                    ResourceLoader loader = new ResourceLoader() {

                        @Override
                        public InputStream getResourceAsStream(String resource) {
                            return servletContext.getResourceAsStream(resource);
                        }
                    };
                    deployment = new DeploymentBuilder().build(is, loader);
                } catch (ParsingException e) {
                    throw new RuntimeException(e);
                }
            }
            deploymentContext = new SamlDeploymentContext(deployment);
            log.debug("Keycloak is using a per-deployment configuration.");
        }
    }
    addTokenStoreUpdaters(servletContext);
    servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
    servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
    servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_ATTRIBUTE_ELYTRON, idMapper);
    servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_UPDATER_ATTRIBUTE_ELYTRON, idMapperUpdater);
}
Also used : SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext) ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) FileNotFoundException(java.io.FileNotFoundException) InvocationTargetException(java.lang.reflect.InvocationTargetException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ServletContext(javax.servlet.ServletContext) SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Aggregations

InputStream (java.io.InputStream)8 DeploymentBuilder (org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)8 ResourceLoader (org.keycloak.adapters.saml.config.parsers.ResourceLoader)8 ParsingException (org.keycloak.saml.common.exceptions.ParsingException)6 FileInputStream (java.io.FileInputStream)5 FileNotFoundException (java.io.FileNotFoundException)5 ByteArrayInputStream (java.io.ByteArrayInputStream)4 SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)4 SamlDeploymentContext (org.keycloak.adapters.saml.SamlDeploymentContext)4 IOException (java.io.IOException)3 ServletException (javax.servlet.ServletException)3 DefaultSamlDeployment (org.keycloak.adapters.saml.DefaultSamlDeployment)3 SamlConfigResolver (org.keycloak.adapters.saml.SamlConfigResolver)3 ServletContext (javax.servlet.ServletContext)2 AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)1 AuthenticationMechanismFactory (io.undertow.security.api.AuthenticationMechanismFactory)1 Account (io.undertow.security.idm.Account)1 Credential (io.undertow.security.idm.Credential)1 IdentityManager (io.undertow.security.idm.IdentityManager)1 FormParserFactory (io.undertow.server.handlers.form.FormParserFactory)1