Search in sources :

Example 1 with UndertowUserSessionManagement

use of org.keycloak.adapters.undertow.UndertowUserSessionManagement in project keycloak by keycloak.

the class SamlServletExtension method handleDeployment.

@Override
@SuppressWarnings("UseSpecificCatch")
public void handleDeployment(DeploymentInfo deploymentInfo, final ServletContext servletContext) {
    if (!isAuthenticationMechanismPresent(deploymentInfo, "KEYCLOAK-SAML")) {
        log.debug("auth-method is not keycloak saml!");
        return;
    }
    log.debug("SamlServletException initialization");
    // Possible scenarios:
    // 1) The deployment has a keycloak.config.resolver specified and it exists:
    // Outcome: adapter uses the resolver
    // 2) The deployment has a keycloak.config.resolver and isn't valid (doesn't exist, isn't a resolver, ...) :
    // Outcome: adapter is left unconfigured
    // 3) The deployment doesn't have a keycloak.config.resolver , but has a keycloak.json (or equivalent)
    // Outcome: adapter uses it
    // 4) The deployment doesn't have a keycloak.config.resolver nor keycloak.json (or equivalent)
    // Outcome: adapter is left unconfigured
    SamlConfigResolver configResolver;
    String configResolverClass = servletContext.getInitParameter("keycloak.config.resolver");
    SamlDeploymentContext deploymentContext = null;
    if (configResolverClass != null) {
        try {
            configResolver = (SamlConfigResolver) deploymentInfo.getClassLoader().loadClass(configResolverClass).newInstance();
            deploymentContext = new SamlDeploymentContext(configResolver);
            log.infov("Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
        } catch (Exception ex) {
            log.warn("The specified resolver " + configResolverClass + " could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: " + ex.getMessage());
            deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
        }
    } else {
        InputStream is = getConfigInputStream(servletContext);
        final SamlDeployment deployment;
        if (is == null) {
            log.warn("No adapter configuration.  Keycloak is unconfigured and will deny all requests.");
            deployment = new DefaultSamlDeployment();
        } else {
            try {
                ResourceLoader loader = new ResourceLoader() {

                    @Override
                    public InputStream getResourceAsStream(String resource) {
                        return servletContext.getResourceAsStream(resource);
                    }
                };
                deployment = new DeploymentBuilder().build(is, loader);
            } catch (ParsingException e) {
                throw new RuntimeException(e);
            }
        }
        deploymentContext = new SamlDeploymentContext(deployment);
        log.debug("Keycloak is using a per-deployment configuration.");
    }
    servletContext.setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
    UndertowUserSessionManagement userSessionManagement = new UndertowUserSessionManagement();
    final ServletSamlAuthMech mech = createAuthMech(deploymentInfo, deploymentContext, userSessionManagement);
    mech.addTokenStoreUpdaters(deploymentInfo);
    // setup handlers
    deploymentInfo.addAuthenticationMechanism("KEYCLOAK-SAML", new AuthenticationMechanismFactory() {

        @Override
        public AuthenticationMechanism create(String s, FormParserFactory formParserFactory, Map<String, String> stringStringMap) {
            return mech;
        }
    });
    // authentication
    deploymentInfo.setIdentityManager(new IdentityManager() {

        @Override
        public Account verify(Account account) {
            return account;
        }

        @Override
        public Account verify(String id, Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }

        @Override
        public Account verify(Credential credential) {
            throw new IllegalStateException("Should never be called in Keycloak flow");
        }
    });
    ServletSessionConfig cookieConfig = deploymentInfo.getServletSessionConfig();
    if (cookieConfig == null) {
        cookieConfig = new ServletSessionConfig();
    }
    if (cookieConfig.getPath() == null) {
        log.debug("Setting jsession cookie path to: " + deploymentInfo.getContextPath());
        cookieConfig.setPath(deploymentInfo.getContextPath());
        deploymentInfo.setServletSessionConfig(cookieConfig);
    }
    addEndpointConstraint(deploymentInfo);
    ChangeSessionId.turnOffChangeSessionIdOnLogin(deploymentInfo);
}
Also used : SamlDeploymentContext(org.keycloak.adapters.saml.SamlDeploymentContext) ResourceLoader(org.keycloak.adapters.saml.config.parsers.ResourceLoader) Account(io.undertow.security.idm.Account) IdentityManager(io.undertow.security.idm.IdentityManager) Credential(io.undertow.security.idm.Credential) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) AuthenticationMechanism(io.undertow.security.api.AuthenticationMechanism) DefaultSamlDeployment(org.keycloak.adapters.saml.DefaultSamlDeployment) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) ServletSessionConfig(io.undertow.servlet.api.ServletSessionConfig) FileNotFoundException(java.io.FileNotFoundException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) FormParserFactory(io.undertow.server.handlers.form.FormParserFactory) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) UndertowUserSessionManagement(org.keycloak.adapters.undertow.UndertowUserSessionManagement) SamlConfigResolver(org.keycloak.adapters.saml.SamlConfigResolver) AuthenticationMechanismFactory(io.undertow.security.api.AuthenticationMechanismFactory) DeploymentBuilder(org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)

Aggregations

AuthenticationMechanism (io.undertow.security.api.AuthenticationMechanism)1 AuthenticationMechanismFactory (io.undertow.security.api.AuthenticationMechanismFactory)1 Account (io.undertow.security.idm.Account)1 Credential (io.undertow.security.idm.Credential)1 IdentityManager (io.undertow.security.idm.IdentityManager)1 FormParserFactory (io.undertow.server.handlers.form.FormParserFactory)1 ServletSessionConfig (io.undertow.servlet.api.ServletSessionConfig)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 InputStream (java.io.InputStream)1 DefaultSamlDeployment (org.keycloak.adapters.saml.DefaultSamlDeployment)1 SamlConfigResolver (org.keycloak.adapters.saml.SamlConfigResolver)1 SamlDeployment (org.keycloak.adapters.saml.SamlDeployment)1 SamlDeploymentContext (org.keycloak.adapters.saml.SamlDeploymentContext)1 DeploymentBuilder (org.keycloak.adapters.saml.config.parsers.DeploymentBuilder)1 ResourceLoader (org.keycloak.adapters.saml.config.parsers.ResourceLoader)1 UndertowUserSessionManagement (org.keycloak.adapters.undertow.UndertowUserSessionManagement)1 ParsingException (org.keycloak.saml.common.exceptions.ParsingException)1