use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.
the class AbstractSamlAuthenticator method initializeKeycloak.
@SuppressWarnings("UseSpecificCatch")
public void initializeKeycloak() {
ServletContext theServletContext = null;
ContextHandler.Context currentContext = ContextHandler.getCurrentContext();
if (currentContext != null) {
String contextPath = currentContext.getContextPath();
if ("".equals(contextPath)) {
// This could be the case in osgi environment when deploying apps through pax whiteboard extension.
theServletContext = currentContext;
} else {
theServletContext = currentContext.getContext(contextPath);
}
}
// Jetty 9.1.x servlet context will be null :(
if (configResolver == null && theServletContext != null) {
String configResolverClass = theServletContext.getInitParameter("keycloak.config.resolver");
if (configResolverClass != null) {
try {
configResolver = (SamlConfigResolver) ContextHandler.getCurrentContext().getClassLoader().loadClass(configResolverClass).newInstance();
log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.infov("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
}
}
}
if (configResolver != null) {
// deploymentContext = new AdapterDeploymentContext(configResolver);
} else if (theServletContext != null) {
InputStream configInputStream = getConfigInputStream(theServletContext);
if (configInputStream != null) {
final ServletContext servletContext = theServletContext;
SamlDeployment deployment = null;
try {
deployment = new DeploymentBuilder().build(configInputStream, new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return servletContext.getResourceAsStream(resource);
}
});
} catch (ParsingException e) {
throw new RuntimeException(e);
}
deploymentContext = new SamlDeploymentContext(deployment);
}
}
if (theServletContext != null)
theServletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
}
use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.
the class AbstractSamlAuthenticatorValve method keycloakInit.
@SuppressWarnings("UseSpecificCatch")
public void keycloakInit() {
// Possible scenarios:
// 1) The deployment has a keycloak.config.resolver specified and it exists:
// Outcome: adapter uses the resolver
// 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
// Outcome: adapter is left unconfigured
// 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
// Outcome: adapter uses it
// 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
// Outcome: adapter is left unconfigured
String configResolverClass = context.getServletContext().getInitParameter("keycloak.config.resolver");
if (configResolverClass != null) {
try {
SamlConfigResolver configResolver = (SamlConfigResolver) context.getLoader().getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new SamlDeploymentContext(configResolver);
log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", configResolverClass, ex.getMessage());
deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
}
} else {
InputStream is = getConfigInputStream(context);
final SamlDeployment deployment;
if (is == null) {
log.error("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return context.getServletContext().getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}
deploymentContext = new SamlDeploymentContext(deployment);
log.debug("Keycloak is using a per-deployment configuration.");
}
context.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
addTokenStoreUpdaters();
}
use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.
the class PropertiesBasedRoleMapperTest method testPropertiesBasedRoleMapper.
@Test
public void testPropertiesBasedRoleMapper() throws Exception {
InputStream is = getClass().getResourceAsStream("config/parsers/keycloak-saml-with-role-mappings-provider.xml");
SamlDeployment deployment = new DeploymentBuilder().build(is, new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return this.getClass().getClassLoader().getResourceAsStream(resource);
}
});
// retrieve the configured role mappings provider - in this case we know it is the properties-based implementation.
RoleMappingsProvider provider = deployment.getRoleMappingsProvider();
// if provider was properly configured we should be able to see the mappings as specified in the properties file.
final Set<String> samlRoles = new HashSet<>(Arrays.asList(new String[] { "samlRoleA", "samlRoleB", "samlRoleC" }));
final Set<String> mappedRoles = provider.map("kc-user", samlRoles);
// we expect samlRoleB to be removed, samlRoleA to be mapped into two roles (jeeRoleX, jeeRoleY) and also the principal should
// be granted an extra role (jeeRoleZ).
assertNotNull(mappedRoles);
assertEquals(4, mappedRoles.size());
Set<String> expectedRoles = new HashSet<>(Arrays.asList(new String[] { "samlRoleC", "jeeRoleX", "jeeRoleY", "jeeRoleZ" }));
assertEquals(expectedRoles, mappedRoles);
}
use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.
the class SamlUtils method getSamlDeploymentForClient.
public static SamlDeployment getSamlDeploymentForClient(String client) throws ParsingException {
InputStream is = SamlUtils.class.getResourceAsStream("/adapter-test/keycloak-saml/" + client + "/WEB-INF/keycloak-saml.xml");
// InputStream -> Document
Document doc = IOUtil.loadXML(is);
// Modify saml deployment the same way as before deploying to real app server
DeploymentArchiveProcessorUtils.modifySAMLDocument(doc);
// Document -> InputStream
InputStream isProcessed = IOUtil.documentToInputStream(doc);
// InputStream -> SamlDeployment
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return getClass().getResourceAsStream("/adapter-test/keycloak-saml/" + client + resource);
}
};
return new DeploymentBuilder().build(isProcessed, loader);
}
use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.
the class KeycloakConfigurationServletListener method contextInitialized.
@Override
public void contextInitialized(ServletContextEvent sce) {
ServletContext servletContext = sce.getServletContext();
String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
SamlDeploymentContext deploymentContext = (SamlDeploymentContext) servletContext.getAttribute(SamlDeployment.class.getName());
if (deploymentContext == null) {
if (configResolverClass != null) {
try {
SamlConfigResolver configResolver = (SamlConfigResolver) servletContext.getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new SamlDeploymentContext(configResolver);
log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.errorv("The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
}
} else {
InputStream is = getConfigInputStream(servletContext);
final SamlDeployment deployment;
if (is == null) {
log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return servletContext.getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}
deploymentContext = new SamlDeploymentContext(deployment);
log.debug("Keycloak is using a per-deployment configuration.");
}
}
addTokenStoreUpdaters(servletContext);
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE, deploymentContext);
servletContext.setAttribute(ADAPTER_DEPLOYMENT_CONTEXT_ATTRIBUTE_ELYTRON, deploymentContext);
servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_ATTRIBUTE_ELYTRON, idMapper);
servletContext.setAttribute(ADAPTER_SESSION_ID_MAPPER_UPDATER_ATTRIBUTE_ELYTRON, idMapperUpdater);
}
Aggregations