Example 6 with DeploymentBuilder
use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.
the class SamlFilter method init.
@Override
public void init(final FilterConfig filterConfig) throws ServletException {
deploymentContext = (SamlDeploymentContext) filterConfig.getServletContext().getAttribute(SamlDeploymentContext.class.getName());
if (deploymentContext != null) {
idMapper = (SessionIdMapper) filterConfig.getServletContext().getAttribute(SessionIdMapper.class.getName());
return;
}
String configResolverClass = filterConfig.getInitParameter("keycloak.config.resolver");
if (configResolverClass != null) {
try {
SamlConfigResolver configResolver = (SamlConfigResolver) getClass().getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new SamlDeploymentContext(configResolver);
log.log(Level.INFO, "Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.log(Level.WARNING, "The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
}
} else {
String fp = filterConfig.getInitParameter("keycloak.config.file");
InputStream is = null;
if (fp != null) {
try {
is = new FileInputStream(fp);
} catch (FileNotFoundException e) {
throw new RuntimeException(e);
}
} else {
String path = "/WEB-INF/keycloak-saml.xml";
String pathParam = filterConfig.getInitParameter("keycloak.config.path");
if (pathParam != null)
path = pathParam;
is = filterConfig.getServletContext().getResourceAsStream(path);
}
final SamlDeployment deployment;
if (is == null) {
log.info("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return filterConfig.getServletContext().getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}
deploymentContext = new SamlDeploymentContext(deployment);
log.fine("Keycloak is using a per-deployment configuration.");
}
idMapper = new InMemorySessionIdMapper();
filterConfig.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
filterConfig.getServletContext().setAttribute(SessionIdMapper.class.getName(), idMapper);
}
Also used :
SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext)
ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader)
InMemorySessionIdMapper(org.keycloak.adapters.spi.InMemorySessionIdMapper)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
FileNotFoundException(java.io.FileNotFoundException)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
FileNotFoundException(java.io.FileNotFoundException)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
FileInputStream(java.io.FileInputStream)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver)
InMemorySessionIdMapper(org.keycloak.adapters.spi.InMemorySessionIdMapper)
SessionIdMapper(org.keycloak.adapters.spi.SessionIdMapper)
DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)
Example 7 with DeploymentBuilder
use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.
the class SamlServletExtension method handleDeployment.
@Override
@SuppressWarnings("UseSpecificCatch")
public void handleDeployment(DeploymentInfo deploymentInfo, final ServletContext servletContext) {
if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK-SAML")) {
log.debug("auth-method is not keycloak saml!");
return;
}
log.debug("SamlServletException initialization");
// Possible scenarios:
// 1) The deployment has a keycloak.config.resolver specified and it exists:
// Outcome: adapter uses the resolver
// 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
// Outcome: adapter is left unconfigured
// 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
// Outcome: adapter uses it
// 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
// Outcome: adapter is left unconfigured
SamlConfigResolver configResolver;
String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
SamlDeploymentContext deploymentContext = null;
if (configResolverClass != null) {
try {
configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
deploymentContext = new SamlDeploymentContext(configResolver);
log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
} catch (Exception ex) {
log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
}
} else {
InputStream is = getConfigInputStream(servletContext);
final SamlDeployment deployment;
if (is == null) {
log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
deployment = new DefaultSamlDeployment();
} else {
try {
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String resource) {
return servletContext.getResourceAsStream(resource);
}
};
deployment = new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new RuntimeException(e);
}
}
deploymentContext = new SamlDeploymentContext(deployment);
log.debug("Keycloak is using a per-deployment configuration.");
}
servletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
final ServletSamlAuthMech mech = createAuthMech(deploymentInfo, deploymentContext, userSessionManagement);
mech.addTokenStoreUpdaters(deploymentInfo);
// setup handlers
deploymentInfo.addAuthenticationMechanism("KEYCLOAK-SAML", new AuthenticationMechanismFactory() {
@Override
public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
return mech;
}
});
// authentication
deploymentInfo.setIdentityManager(new IdentityManager() {
@Override
public Account verify(Account account) {
return account;
}
@Override
public Account verify(String id, Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
@Override
public Account verify(Credential credential) {
throw new IllegalStateException("Should never be called in Keycloak flow");
}
});
ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
if (cookieConfig == null) {
cookieConfig = new ServletSessionConfig();
}
if (cookieConfig.getPath() == null) {
log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
cookieConfig.setPath(deploymentInfo.getContextPath());
deploymentInfo.setServletSessionConfig(cookieConfig);
}
addEndpointConstraint(deploymentInfo);
ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
}
Also used :
SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext)
ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader)
Account(io.undertow.security.idm.Account)
IdentityManager(io.undertow.security.idm.IdentityManager)
Credential(io.undertow.security.idm.Credential)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism)
DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment)
SamlDeployment(org.keycloak.adapters.saml.SamlDeployment)
ServletSessionConfig(io.undertow.servlet.api.ServletSessionConfig)
FileNotFoundException(java.io.FileNotFoundException)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
FormParserFactory(io.undertow.server.handlers.form.FormParserFactory)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
UndertowUserSessionManagement(org.keycloak.adapters.undertow.UndertowUserSessionManagement)
SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver)
AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory)
DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)
Example 8 with DeploymentBuilder
use of org.keycloak.adapters.saml.config.parsers.DeploymentBuilder in project keycloak by keycloak.
the class SamlMultiTenantResolver method resolve.
@Override
public SamlDeployment resolve(HttpFacade.Request request) {
String realm = request.getQueryParamValue("realm");
if (realm == null) {
throw new IllegalStateException("Not able to resolve realm from the request path!");
}
InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("/" + realm + "-keycloak-saml.xml");
if (is == null) {
throw new IllegalStateException("Not able to find the file /" + realm + "-keycloak-saml.xml");
}
ResourceLoader loader = new ResourceLoader() {
@Override
public InputStream getResourceAsStream(String path) {
return Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
}
};
try {
return new DeploymentBuilder().build(is, loader);
} catch (ParsingException e) {
throw new IllegalStateException("Cannot load SAML deployment", e);
}
}
Also used :
ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader)
InputStream(java.io.InputStream)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)
Aggregations
InputStream (java.io.InputStream)8
DeploymentBuilder (org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)8
ResourceLoader (org.keycloak.adapters.saml.config.parsers.ResourceLoader)8
ParsingException (org.keycloak.saml.common.exceptions.ParsingException)6
FileInputStream (java.io.FileInputStream)5
FileNotFoundException (java.io.FileNotFoundException)5
ByteArrayInputStream (java.io.ByteArrayInputStream)4
SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)4
SamlDeploymentContext (org.keycloak.adapters.saml.SamlDeploymentContext)4
IOException (java.io.IOException)3
ServletException (javax.servlet.ServletException)3
DefaultSamlDeployment (org.keycloak.adapters.saml.DefaultSamlDeployment)3
SamlConfigResolver (org.keycloak.adapters.saml.SamlConfigResolver)3
ServletContext (javax.servlet.ServletContext)2
AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)1
AuthenticationMechanismFactory (io.undertow.security.api.AuthenticationMechanismFactory)1
Account (io.undertow.security.idm.Account)1
Credential (io.undertow.security.idm.Credential)1
IdentityManager (io.undertow.security.idm.IdentityManager)1
FormParserFactory (io.undertow.server.handlers.form.FormParserFactory)1
