Search in sources :

Example 6 with ResourceLoader

use of org.keycloak.adapters.saml.config.parsers.ResourceLoader in project keycloak by keycloak.

the class SamlFilter method init.

@Override
public void init(final FilterConfig filterConfig) throws ServletException {
    deploymentContext = (SamlDeploymentContext) filterConfig.getServletContext().getAttribute(SamlDeploymentContext.class.getName());
    if (deploymentContext != null) {
        idMapper = (SessionIdMapper) filterConfig.getServletContext().getAttribute(SessionIdMapper.class.getName());
        return;
    }
    String configResolverClass = filterConfig.getInitParameter("keycloak.config.resolver");
    if (configResolverClass != null) {
        try {
            SamlConfigResolver configResolver = (SamlConfigResolver) getClass().getClassLoader().loadClass(configResolverClass).newInstance();
            deploymentContext = new SamlDeploymentContext(configResolver);
            log.log(Level.INFO, "Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
        } catch (Exception ex) {
            log.log(Level.WARNING, "The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
            deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
        }
    } else {
        String fp = filterConfig.getInitParameter("keycloak.config.file");
        InputStream is = null;
        if (fp != null) {
            try {
                is = new FileInputStream(fp);
            } catch (FileNotFoundException e) {
                throw new RuntimeException(e);
            }
        } else {
            String path = "/WEB-INF/keycloak-saml.xml";
            String pathParam = filterConfig.getInitParameter("keycloak.config.path");
            if (pathParam != null)
                path = pathParam;
            is = filterConfig.getServletContext().getResourceAsStream(path);
        }
        final SamlDeployment deployment;
        if (is == null) {
            log.info("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
            deployment = new DefaultSamlDeployment();
        } else {
            try {
                ResourceLoader loader = new ResourceLoader() {

                    @Override
                    public InputStream getResourceAsStream(String resource) {
                        return filterConfig.getServletContext().getResourceAsStream(resource);
                    }
                };
                deployment = new DeploymentBuilder().build(is, loader);
            } catch (ParsingException e) {
                throw new RuntimeException(e);
            }
        }
        deploymentContext = new SamlDeploymentContext(deployment);
        log.fine("Keycloak is using a per-deployment configuration.");
    }
    idMapper = new InMemorySessionIdMapper();
    filterConfig.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
    filterConfig.getServletContext().setAttribute(SessionIdMapper.class.getName(), idMapper);
}
Also used : SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext) ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) InMemorySessionIdMapper(org.keycloak.adapters.spi.InMemorySessionIdMapper) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) FileNotFoundException(java.io.FileNotFoundException) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) ServletException(javax.servlet.ServletException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) FileInputStream(java.io.FileInputStream) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver) InMemorySessionIdMapper(org.keycloak.adapters.spi.InMemorySessionIdMapper) SessionIdMapper(org.keycloak.adapters.spi.SessionIdMapper) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Example 7 with ResourceLoader

use of org.keycloak.adapters.saml.config.parsers.ResourceLoader in project keycloak by keycloak.

the class SamlServletExtension method handleDeployment.

@Override
@SuppressWarnings("UseSpecificCatch")
public void handleDeployment(DeploymentInfo deploymentInfo, final ServletContext servletContext) {
    if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK-SAML")) {
        log.debug("auth-method is not keycloak saml!");
        return;
    }
    log.debug("SamlServletException initialization");
    // Possible scenarios:
    // 1) The deployment has a keycloak.config.resolver specified and it exists:
    // Outcome: adapter uses the resolver
    // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
    // Outcome: adapter is left unconfigured
    // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
    // Outcome: adapter uses it
    // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
    // Outcome: adapter is left unconfigured
    SamlConfigResolver configResolver;
    String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
    SamlDeploymentContext deploymentContext = null;
    if (configResolverClass != null) {
        try {
            configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
            deploymentContext = new SamlDeploymentContext(configResolver);
            log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
        } catch (Exception ex) {
            log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
            deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
        }
    } else {
        InputStream is = getConfigInputStream(servletContext);
        final SamlDeployment deployment;
        if (is == null) {
            log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
            deployment = new DefaultSamlDeployment();
        } else {
            try {
                ResourceLoader loader = new ResourceLoader() {

                    @Override
                    public InputStream getResourceAsStream(String resource) {
                        return servletContext.getResourceAsStream(resource);
                    }
                };
                deployment = new DeploymentBuilder().build(is, loader);
            } catch (ParsingException e) {
                throw new RuntimeException(e);
            }
        }
        deploymentContext = new SamlDeploymentContext(deployment);
        log.debug("Keycloak is using a per-deployment configuration.");
    }
    servletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
    UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
    final ServletSamlAuthMech mech = createAuthMech(deploymentInfo, deploymentContext, userSessionManagement);
    mech.addTokenStoreUpdaters(deploymentInfo);
    // setup handlers
    deploymentInfo.addAuthenticationMechanism("KEYCLOAK-SAML", new AuthenticationMechanismFactory() {

        @Override
        public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
            return mech;
        }
    });
    // authentication
    deploymentInfo.setIdentityManager(new IdentityManager() {

        @Override
        public Account verify(Account account) {
            return account;
        }

        @Override
        public Account verify(String id, Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }

        @Override
        public Account verify(Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }
    });
    ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
    if (cookieConfig == null) {
        cookieConfig = new ServletSessionConfig();
    }
    if (cookieConfig.getPath() == null) {
        log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
        cookieConfig.setPath(deploymentInfo.getContextPath());
        deploymentInfo.setServletSessionConfig(cookieConfig);
    }
    addEndpointConstraint(deploymentInfo);
    ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
}
Also used : SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext) ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) Account(io.undertow.security.idm.Account) IdentityManager(io.undertow.security.idm.IdentityManager) Credential(io.undertow.security.idm.Credential) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) ServletSessionConfig(io.undertow.servlet.api.ServletSessionConfig) FileNotFoundException(java.io.FileNotFoundException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) FormParserFactory(io.undertow.server.handlers.form.FormParserFactory) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) UndertowUserSessionManagement(org.keycloak.adapters.undertow.UndertowUserSessionManagement) SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver) AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Example 8 with ResourceLoader

use of org.keycloak.adapters.saml.config.parsers.ResourceLoader in project keycloak by keycloak.

the class SamlMultiTenantResolver method resolve.

@Override
public SamlDeployment resolve(HttpFacade.Request request) {
    String realm = request.getQueryParamValue("realm");
    if (realm == null) {
        throw new IllegalStateException("Not able to resolve realm from the request path!");
    }
    InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("/" + realm + "-keycloak-saml.xml");
    if (is == null) {
        throw new IllegalStateException("Not able to find the file /" + realm + "-keycloak-saml.xml");
    }
    ResourceLoader loader = new ResourceLoader() {

        @Override
        public InputStream getResourceAsStream(String path) {
            return Thread.currentThread().getContextClassLoader().getResourceAsStream(path);
        }
    };
    try {
        return new DeploymentBuilder().build(is, loader);
    } catch (ParsingException e) {
        throw new IllegalStateException("Cannot load SAML deployment", e);
    }
}
Also used : ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) InputStream(java.io.InputStream) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Aggregations

InputStream (java.io.InputStream)8 DeploymentBuilder (org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)8 ResourceLoader (org.keycloak.adapters.saml.config.parsers.ResourceLoader)8 ParsingException (org.keycloak.saml.common.exceptions.ParsingException)6 FileInputStream (java.io.FileInputStream)5 FileNotFoundException (java.io.FileNotFoundException)5 ByteArrayInputStream (java.io.ByteArrayInputStream)4 SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)4 SamlDeploymentContext (org.keycloak.adapters.saml.SamlDeploymentContext)4 IOException (java.io.IOException)3 ServletException (javax.servlet.ServletException)3 DefaultSamlDeployment (org.keycloak.adapters.saml.DefaultSamlDeployment)3 SamlConfigResolver (org.keycloak.adapters.saml.SamlConfigResolver)3 ServletContext (javax.servlet.ServletContext)2 AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)1 AuthenticationMechanismFactory (io.undertow.security.api.AuthenticationMechanismFactory)1 Account (io.undertow.security.idm.Account)1 Credential (io.undertow.security.idm.Credential)1 IdentityManager (io.undertow.security.idm.IdentityManager)1 FormParserFactory (io.undertow.server.handlers.form.FormParserFactory)1