keycloak-memoizeit
Changes
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/bouncycastle/main/module.xml 10(+10 -0)
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml 20(+20 -0)
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml 17(+17 -0)
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml 17(+17 -0)
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-core/main/module.xml 17(+17 -0)
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem/main/module.xml 35(+35 -0)
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml 24(+24 -0)
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-subsystem/main/module.xml 45(+45 -0)
distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml 20(+20 -0)
distribution/saml-adapters/pom.xml 8(+8 -0)
pom.xml 10(+10 -0)
saml/client-adapter/as7-eap6/adapter/pom.xml 101(+101 -0)
saml/client-adapter/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java 52(+52 -0)
saml/client-adapter/as7-eap6/pom.xml 20(+20 -0)
saml/client-adapter/as7-eap6/subsystem/pom.xml 115(+115 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java 93(+93 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java 67(+67 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessorAS7.java 19(+19 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSamlExtension.java 76(+76 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java 59(+59 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemDefinition.java 47(+47 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java 67(+67 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Util.java 42(+42 -0)
saml/client-adapter/as7-eap6/subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension 1(+1 -0)
saml/client-adapter/pom.xml 1(+1 -0)
Details
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
new file mode 100755
index 0000000..40ebded
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/assembly.xml
@@ -0,0 +1,35 @@
+<assembly>
+ <id>war-dist</id>
+
+ <formats>
+ <format>zip</format>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <fileSets>
+ <fileSet>
+ <directory>${project.build.directory}/unpacked</directory>
+ <includes>
+ <include>org/keycloak/keycloak-common/**</include>
+ <include>org/keycloak/keycloak-saml-core/**</include>
+ <include>org/keycloak/keycloak-saml-adapter-core/**</include>
+ <include>org/keycloak/keycloak-adapter-spi/**</include>
+ <include>org/keycloak/keycloak-jboss-adapter-core/**</include>
+ <include>org/bouncycastle/**</include>
+ <include>org/keycloak/keycloak-saml-as7-adapter/**</include>
+ <include>org/keycloak/keycloak-saml-as7-subsystem/**</include>
+ </includes>
+ <excludes>
+ <exclude>**/*.war</exclude>
+ </excludes>
+ <outputDirectory>modules</outputDirectory>
+ </fileSet>
+ </fileSets>
+ <files>
+ <file>
+ <source>../../shared-cli/adapter-install.cli</source>
+ <outputDirectory>bin</outputDirectory>
+ </file>
+ </files>
+</assembly>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
new file mode 100755
index 0000000..8cee17b
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml
@@ -0,0 +1,79 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-as7-adapter-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak SAML AS7 Adapter Distro</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-adapter</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-modules</artifactId>
+ <type>zip</type>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-modules</artifactId>
+ <type>zip</type>
+ <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml
new file mode 100755
index 0000000..4a34435
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/assembly.xml
@@ -0,0 +1,22 @@
+<assembly>
+ <id>dist</id>
+
+ <formats>
+ <format>zip</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <fileSets>
+ <fileSet>
+ <directory>../../</directory>
+ <includes>
+ <include>License.html</include>
+ </includes>
+ <outputDirectory></outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>${project.build.directory}/modules</directory>
+ <outputDirectory></outputDirectory>
+ </fileSet>
+ </fileSets>
+</assembly>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml
new file mode 100755
index 0000000..3cfdae3
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/build.xml
@@ -0,0 +1,88 @@
+<!--
+ ~ JBoss, Home of Professional Open Source.
+ ~ Copyright 2012, Red Hat, Inc., and individual contributors
+ ~ as indicated by the @author tags. See the copyright.txt file in the
+ ~ distribution for a full listing of individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+
+<project name="module-repository" basedir="." default="all">
+
+ <import file="lib.xml"/>
+
+ <property name="output.dir" value="target"/>
+
+ <target name="all">
+ <antcall target="modules">
+ <param name="mavenized.modules" value="false"/>
+ <param name="output.dir" value="target"/>
+ </antcall>
+ </target>
+
+
+ <target name="modules">
+
+ <!-- server min dependencies -->
+
+ <module-def name="org.keycloak.keycloak-common">
+ <maven-resource group="org.keycloak" artifact="keycloak-common"/>
+ </module-def>
+ <module-def name="org.keycloak.keycloak-core">
+ <maven-resource group="org.keycloak" artifact="keycloak-core"/>
+ </module-def>
+
+ <module-def name="org.bouncycastle">
+ <maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
+ <maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
+ </module-def>
+
+ <!-- subsystems -->
+
+ <module-def name="org.keycloak.keycloak-adapter-spi">
+ <maven-resource group="org.keycloak" artifact="keycloak-adapter-spi"/>
+ <maven-resource group="org.keycloak" artifact="keycloak-tomcat-adapter-spi"/>
+ <maven-resource group="org.keycloak" artifact="keycloak-as7-adapter-spi"/>
+ </module-def>
+
+ <module-def name="org.keycloak.keycloak-saml-adapter-core">
+ <maven-resource group="org.keycloak" artifact="keycloak-saml-adapter-core"/>
+ </module-def>
+
+ <module-def name="org.keycloak.keycloak-jboss-adapter-core">
+ <maven-resource group="org.keycloak" artifact="keycloak-jboss-adapter-core"/>
+ </module-def>
+
+ <module-def name="org.keycloak.keycloak-saml-as7-adapter">
+ <maven-resource group="org.keycloak" artifact="keycloak-saml-as7-adapter"/>
+ <maven-resource group="org.keycloak" artifact="keycloak-saml-tomcat-core-adapter"/>
+ </module-def>
+
+ <module-def name="org.keycloak.keycloak-saml-as7-subsystem">
+ <maven-resource group="org.keycloak" artifact="keycloak-saml-as7-subsystem"/>
+ </module-def>
+
+ </target>
+
+ <target name="clean-target">
+ <delete dir="${output.dir}"/>
+ </target>
+
+ <target name="clean" depends="clean-target">
+ <delete file="maven-ant-tasks.jar"/>
+ </target>
+
+</project>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml
new file mode 100755
index 0000000..3d9438a
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/lib.xml
@@ -0,0 +1,282 @@
+<!--
+ ~ JBoss, Home of Professional Open Source.
+ ~ Copyright 2010, Red Hat, Inc., and individual contributors
+ ~ as indicated by the @author tags. See the copyright.txt file in the
+ ~ distribution for a full listing of individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+
+<project name="module-repository-lib">
+
+ <property name="src.dir" value="src"/>
+ <property name="module.repo.src.dir" value="${src.dir}/main/resources/modules"/>
+ <property name="module.xml" value="module.xml"/>
+
+ <taskdef resource="net/sf/antcontrib/antlib.xml"/>
+ <taskdef name="jandex" classname="org.jboss.jandex.JandexAntTask" />
+
+ <macrodef name="module-def">
+ <attribute name="name"/>
+ <attribute name="slot" default="main"/>
+ <element name="resources" implicit="yes" optional="yes"/>
+
+ <sequential>
+ <echo message="Initializing module -> @{name}"/>
+ <property name="module.repo.output.dir" value="${output.dir}/modules"/>
+ <!-- Figure out the correct module path -->
+ <define-module-dir name="@{name}" slot="@{slot}"/>
+
+ <!-- Make the module output director -->
+ <mkdir dir="${module.repo.output.dir}/${current.module.path}"/>
+
+ <!-- Copy the module.xml and other stuff to the output director -->
+ <copy todir="${module.repo.output.dir}/${current.module.path}" overwrite="true">
+ <fileset dir="${module.repo.src.dir}/${current.module.path}">
+ <include name="**"/>
+ </fileset>
+ </copy>
+
+ <!-- Process the resource -->
+ <resources/>
+
+ <!-- Add keycloak version property to module xml -->
+ <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}"
+ token="$${project.version}"
+ value="${project.version}"/>
+
+ <!-- Some final cleanup -->
+ <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+ <replacetoken>
+ <![CDATA[
+ <!-- Insert resources here -->]]></replacetoken>
+ <replacevalue>
+ </replacevalue>
+ </replace>
+
+ </sequential>
+ </macrodef>
+
+ <macrodef name="bundle-def">
+ <attribute name="name"/>
+ <attribute name="slot" default="main"/>
+ <element name="resources" implicit="yes" optional="yes"/>
+
+ <sequential>
+ <echo message="Initializing bundle -> @{name}"/>
+ <property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
+ <!-- Figure out the correct bundle path -->
+ <define-bundle-dir name="@{name}" slot="@{slot}" />
+
+ <!-- Make the bundle output director -->
+ <mkdir dir="${bundle.repo.output.dir}/${current.bundle.path}"/>
+
+ <!-- Process the resource -->
+ <resources/>
+
+ </sequential>
+ </macrodef>
+
+ <macrodef name="maven-bundle" >
+ <attribute name="group"/>
+ <attribute name="artifact"/>
+
+ <sequential>
+ <!-- Copy the jar to the bundle dir -->
+ <property name="bundle.repo.output.dir" value="${output.dir}/bundles/system/layers/base"/>
+ <copy todir="${bundle.repo.output.dir}/${current.bundle.path}" failonerror="true">
+ <fileset file="${@{group}:@{artifact}:jar}"/>
+ <mapper type="flatten" />
+ </copy>
+ </sequential>
+ </macrodef>
+
+ <scriptdef name="define-module-dir" language="javascript" manager="bsf">
+ <attribute name="name"/>
+ <attribute name="slot"/>
+ <![CDATA[
+ name = attributes.get("name");
+ name = name.replace(".", "/");
+ project.setProperty("current.module.path", name + "/" + attributes.get("slot"));
+ ]]>
+ </scriptdef>
+
+ <scriptdef name="define-bundle-dir" language="javascript" manager="bsf">
+ <attribute name="name"/>
+ <attribute name="slot"/>
+ <![CDATA[
+ name = attributes.get("name");
+ name = name.replace(".", "/");
+ project.setProperty("current.bundle.path", name + "/" + attributes.get("slot"));
+ ]]>
+ </scriptdef>
+
+ <!--
+ Get the version from the parent directory of the jar. If the parent directory is 'target' this
+ means that the jar is contained in AS build so extract the version from the file name
+ -->
+ <scriptdef name="define-maven-artifact" language="javascript" manager="bsf">
+ <attribute name="group"/>
+ <attribute name="artifact"/>
+ <attribute name="classifier"/>
+ <attribute name="element"/>
+ <attribute name="path"/>
+ <![CDATA[
+ importClass(Packages.java.io.File);
+ group = attributes.get("group");
+ artifact = attributes.get("artifact");
+ classifier = attributes.get("classifier");
+ element = attributes.get("element");
+ path = attributes.get("path");
+ if(path.indexOf('${') != -1) {
+ throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
+ }
+ fp = new File(path);
+ version = fp.getParentFile().getName();
+ if (version.equals("target")) {
+ version = fp.getName();
+ version = version.substring(artifact.length() + 1);
+ suffix = ".jar";
+ if (classifier) {
+ suffix = "-" + classifier + suffix;
+ }
+ version = version.replace(suffix, "");
+ }
+
+ root = "<" + element + " name=\"" + group + ":" + artifact + ":" + version;
+ if (classifier) {
+ root = root + ":" + classifier;
+ }
+ root = root + "\"/>";
+ project.setProperty("current.maven.root", root);
+ ]]>
+ </scriptdef>
+
+ <macrodef name="maven-resource" >
+ <attribute name="group"/>
+ <attribute name="artifact"/>
+ <attribute name="jandex" default="false" />
+
+ <sequential>
+ <if>
+ <equals arg1="${mavenized.modules}" arg2="true"/>
+ <then>
+ <define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" path="${@{group}:@{artifact}:jar}"/>
+ <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+ <replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
+ </replace>
+ </then>
+
+ <else>
+ <!-- Copy the jar to the module dir -->
+ <copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
+ <fileset file="${@{group}:@{artifact}:jar}"/>
+ <mapper type="flatten" />
+ </copy>
+
+ <basename file="${@{group}:@{artifact}:jar}" property="resourcename.@{group}.@{artifact}"/>
+ <!-- Generate the Jandex Index -->
+ <jandex run="@{jandex}" newJar="true" >
+ <fileset dir="${module.repo.output.dir}/${current.module.path}" />
+ </jandex>
+ <!-- Update the resource entry in module.xml -->
+ <define-resource-root path="${resourcename.@{group}.@{artifact}}" jandex="@{jandex}"/>
+ <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+ <replacefilter token="<!-- Insert resources here -->" value="${current.resource.root} <!-- Insert resources here -->"/>
+ </replace>
+ </else>
+ </if>
+ </sequential>
+ </macrodef>
+
+
+
+ <macrodef name="maven-resource-with-classifier" >
+ <attribute name="group"/>
+ <attribute name="artifact"/>
+ <attribute name="classifier"/>
+ <attribute name="jandex" default="false" />
+
+ <sequential>
+ <if>
+ <equals arg1="${mavenized.modules}" arg2="true"/>
+ <then>
+ <define-maven-artifact group="@{group}" artifact="@{artifact}" element="artifact" classifier="@{classifier}" path="${@{group}:@{artifact}:jar:@{classifier}}"/>
+ <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+ <replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
+ </replace>
+ </then>
+ <else>
+ <!-- Copy the jar to the module dir -->
+ <copy todir="${module.repo.output.dir}/${current.module.path}" failonerror="true">
+ <fileset file="${@{group}:@{artifact}:jar:@{classifier}}"/>
+ <!-- http://jira.codehaus.org/browse/MANTRUN-159 -->
+ <mapper type="flatten" />
+ </copy>
+
+ <basename file="${@{group}:@{artifact}:jar:@{classifier}}" property="resourcename.@{group}.@{artifact}.@{classifier}"/>
+
+ <!-- Update the resource entry in module.xml -->
+ <define-resource-root path="${resourcename.@{group}.@{artifact}.@{classifier}}"/>
+ <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+ <replacefilter token="<!-- Insert resources here -->" value="${current.resource.root} <!-- Insert resources here -->"/>
+ </replace>
+ </else>
+ </if>
+ </sequential>
+ </macrodef>
+
+ <macrodef name="extract-native-jar" >
+ <attribute name="group"/>
+ <attribute name="artifact"/>
+ <sequential>
+ <if>
+ <equals arg1="${mavenized.modules}" arg2="true"/>
+ <then>
+ <define-maven-artifact group="@{group}" artifact="@{artifact}" element="native-artifact" path="${@{group}:@{artifact}:jar}"/>
+ <replace file="${module.repo.output.dir}/${current.module.path}/${module.xml}">
+ <replacefilter token="<!-- Insert resources here -->" value="${current.maven.root} <!-- Insert resources here -->"/>
+ </replace>
+ </then>
+
+ <else>
+ <unzip src="${@{group}:@{artifact}:jar}" dest="${module.repo.output.dir}/${current.module.path}">
+ <patternset>
+ <include name="lib/**"/>
+ </patternset>
+ </unzip>
+ </else>
+ </if>
+ </sequential>
+ </macrodef>
+
+ <scriptdef name="define-resource-root" language="javascript" manager="bsf">
+ <attribute name="path"/>
+ <attribute name="jandex"/>
+ <![CDATA[
+ path = attributes.get("path");
+ root = "<resource-root path=\"" + path + "\"/>";
+ if(path.indexOf('${') != -1) {
+ throw "Module resource root not found, make sure it is listed in build/pom.xml" + path;
+ }
+ if(attributes.get("jandex") == "true" ) {
+ root = root + "\n\t<resource-root path=\"" + path.replace(".jar","-jandex.jar") + "\"/>";
+ }
+ project.setProperty("current.resource.root", root);
+ ]]>
+ </scriptdef>
+
+</project>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml
new file mode 100755
index 0000000..d4fe23e
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/pom.xml
@@ -0,0 +1,175 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-as7-modules</artifactId>
+
+ <name>Keycloak SAML AS7 / JBoss EAP 6 Modules</name>
+ <packaging>pom</packaging>
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-adapter-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-as7-adapter-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-adapter-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-jboss-adapter-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-adapter</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-subsystem</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-tomcat-adapter-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-jboss-adapter-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <inherited>false</inherited>
+ <executions>
+ <execution>
+ <id>build-dist</id>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ <phase>compile</phase>
+ <configuration>
+ <target>
+ <ant antfile="build.xml" inheritRefs="true">
+ <target name="all"/>
+ </ant>
+ </target>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jandex</artifactId>
+ <version>1.0.3.Final</version>
+ </dependency>
+ <dependency>
+ <groupId>ant-contrib</groupId>
+ <artifactId>ant-contrib</artifactId>
+ <version>1.0b3</version>
+ <exclusions>
+ <exclusion>
+ <groupId>ant</groupId>
+ <artifactId>ant</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ant</groupId>
+ <artifactId>ant-apache-bsf</artifactId>
+ <version>1.9.3</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.bsf</groupId>
+ <artifactId>bsf-api</artifactId>
+ <version>3.1</version>
+ </dependency>
+ <dependency>
+ <groupId>rhino</groupId>
+ <artifactId>js</artifactId>
+ <version>1.7R2</version>
+ </dependency>
+ </dependencies>
+ </plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-resources</id>
+ <!-- here the phase you need -->
+ <phase>validate</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-saml-adapter-subsystem</outputDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem</directory>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/bouncycastle/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/bouncycastle/main/module.xml
new file mode 100755
index 0000000..d8fcf47
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/bouncycastle/main/module.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">
+ <resources>
+ <!-- Insert resources here -->
+ </resources>
+ <dependencies>
+ <module name="javax.api"/>
+ </dependencies>
+</module>
\ No newline at end of file
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml
new file mode 100755
index 0000000..a0ed776
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-adapter-spi/main/module.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-adapter-spi">
+ <resources>
+ <!-- Insert resources here -->
+ </resources>
+ <dependencies>
+ <module name="javax.api"/>
+ <module name="org.keycloak.keycloak-common"/>
+ <module name="org.apache.httpcomponents"/>
+ <module name="javax.servlet.api"/>
+ <module name="org.jboss.logging"/>
+ <module name="org.jboss.xnio"/>
+ <module name="io.undertow.core"/>
+ <module name="io.undertow.servlet"/>
+ </dependencies>
+
+</module>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml
new file mode 100755
index 0000000..b7bcee4
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-common/main/module.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-common">
+ <resources>
+ <!-- Insert resources here -->
+ </resources>
+ <dependencies>
+ <module name="org.bouncycastle" />
+ <module name="javax.api"/>
+ <module name="javax.activation.api"/>
+ <module name="sun.jdk" optional="true" />
+ <module name="sun.jdk.jgss" optional="true" />
+ </dependencies>
+
+</module>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml
new file mode 100755
index 0000000..cf89825
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-jboss-adapter-core/main/module.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-jboss-adapter-core">
+ <resources>
+ <!-- Insert resources here -->
+ </resources>
+ <dependencies>
+ <module name="javax.api"/>
+ <module name="org.jboss.logging"/>
+ <module name="org.picketbox"/>
+ <module name="org.keycloak.keycloak-adapter-spi"/>
+ <module name="org.keycloak.keycloak-common"/>
+ </dependencies>
+
+</module>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-core/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-core/main/module.xml
new file mode 100755
index 0000000..f9399db
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-core/main/module.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-adapter-core">
+ <resources>
+ <!-- Insert resources here -->
+ </resources>
+ <dependencies>
+ <module name="javax.api"/>
+ <module name="org.jboss.logging"/>
+ <module name="org.keycloak.keycloak-adapter-spi"/>
+ <module name="org.keycloak.keycloak-saml-core"/>
+ <module name="org.keycloak.keycloak-common"/>
+ </dependencies>
+
+</module>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem/main/module.xml
new file mode 100755
index 0000000..edbea10
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-adapter-subsystem/main/module.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ JBoss, Home of Professional Open Source.
+ ~ Copyright 2014, Red Hat, Inc., and individual contributors
+ ~ as indicated by the @author tags. See the copyright.txt file in the
+ ~ distribution for a full listing of individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-adapter-subsystem">
+
+ <resources>
+ <resource-root path="."/>
+ <!-- Insert resources here -->
+ </resources>
+
+ <dependencies>
+ <module name="org.keycloak.keycloak-saml-as7-subsystem" export="true" services="export"/>
+ </dependencies>
+</module>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml
new file mode 100755
index 0000000..ebf3ce3
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-adapter/main/module.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-as7-adapter">
+ <resources>
+ <!-- Insert resources here -->
+ </resources>
+ <dependencies>
+ <module name="javax.api"/>
+ <module name="org.bouncycastle" />
+ <module name="javax.servlet.api"/>
+ <module name="org.jboss.logging"/>
+ <module name="org.jboss.as.security"/>
+ <module name="org.jboss.as.web"/>
+ <module name="org.picketbox"/>
+ <module name="org.keycloak.keycloak-saml-as7-adapter"/>
+ <module name="org.keycloak.keycloak-adapter-spi"/>
+ <module name="org.keycloak.keycloak-saml-core"/>
+ <module name="org.keycloak.keycloak-saml-adapter-core"/>
+ <module name="org.keycloak.keycloak-common"/>
+ </dependencies>
+
+</module>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-subsystem/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-subsystem/main/module.xml
new file mode 100755
index 0000000..b110019
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-as7-subsystem/main/module.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ JBoss, Home of Professional Open Source.
+ ~ Copyright 2014, Red Hat, Inc., and individual contributors
+ ~ as indicated by the @author tags. See the copyright.txt file in the
+ ~ distribution for a full listing of individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-as7-subsystem">
+
+ <resources>
+ <resource-root path="."/>
+ <!-- Insert resources here -->
+ </resources>
+
+ <dependencies>
+ <module name="javax.api"/>
+ <module name="org.keycloak.keycloak-as7-adapter"/>
+ <module name="org.jboss.staxmapper"/>
+ <module name="org.jboss.as.controller"/>
+ <module name="org.jboss.as.server"/>
+ <module name="org.jboss.as.web"/>
+ <module name="org.jboss.modules"/>
+ <module name="org.jboss.msc"/>
+ <module name="org.jboss.logging"/>
+ <module name="org.jboss.vfs"/>
+ <module name="org.jboss.metadata"/>
+ </dependencies>
+</module>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
new file mode 100755
index 0000000..6a7cd65
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/as7-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-saml-core">
+ <resources>
+ <!-- Insert resources here -->
+ </resources>
+ <dependencies>
+ <module name="org.jboss.logging"/>
+ <module name="org.keycloak.keycloak-common"/>
+ <module name="org.apache.santuario.xmlsec">
+ <imports>
+ <exclude path="javax/*"/>
+ </imports>
+ </module>
+ <module name="javax.api"/>
+ </dependencies>
+
+</module>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
new file mode 100755
index 0000000..50f4a85
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/assembly.xml
@@ -0,0 +1,35 @@
+<assembly>
+ <id>war-dist</id>
+
+ <formats>
+ <format>zip</format>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <fileSets>
+ <fileSet>
+ <directory>${project.build.directory}/unpacked</directory>
+ <includes>
+ <include>org/keycloak/keycloak-common/**</include>
+ <include>org/keycloak/keycloak-saml-core/**</include>
+ <include>org/keycloak/keycloak-saml-adapter-core/**</include>
+ <include>org/keycloak/keycloak-adapter-spi/**</include>
+ <include>org/keycloak/keycloak-jboss-adapter-core/**</include>
+ <include>org/bouncycastle/**</include>
+ <include>org/keycloak/keycloak-saml-as7-adapter/**</include>
+ <include>org/keycloak/keycloak-saml-as7-subsystem/**</include>
+ </includes>
+ <excludes>
+ <exclude>**/*.war</exclude>
+ </excludes>
+ <outputDirectory>modules/system/layers/base</outputDirectory>
+ </fileSet>
+ </fileSets>
+ <files>
+ <file>
+ <source>../../shared-cli/adapter-install.cli</source>
+ <outputDirectory>bin</outputDirectory>
+ </file>
+ </files>
+</assembly>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
new file mode 100755
index 0000000..3e00456
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml
@@ -0,0 +1,79 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-eap6-adapter-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak SAML JBoss EAP 6 Adapter Distro</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-as7-adapter</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-as7-modules</artifactId>
+ <type>zip</type>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack</id>
+ <phase>prepare-package</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-modules</artifactId>
+ <type>zip</type>
+ <outputDirectory>${project.build.directory}/unpacked</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/distribution/saml-adapters/as7-eap6-adapter/pom.xml b/distribution/saml-adapters/as7-eap6-adapter/pom.xml
new file mode 100755
index 0000000..b608eab
--- /dev/null
+++ b/distribution/saml-adapters/as7-eap6-adapter/pom.xml
@@ -0,0 +1,21 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+ <name>Keycloak SAML AS7 / JBoss EAP 6 Adapter Distros</name>
+ <description/>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>keycloak-saml-as7-eap6-adapter-dist-pom</artifactId>
+ <packaging>pom</packaging>
+
+ <modules>
+ <module>as7-modules</module>
+ <module>as7-adapter-zip</module>
+ <module>eap6-adapter-zip</module>
+ </modules>
+</project>
diff --git a/distribution/saml-adapters/jetty81-adapter-zip/assembly.xml b/distribution/saml-adapters/jetty81-adapter-zip/assembly.xml
new file mode 100755
index 0000000..d28d51a
--- /dev/null
+++ b/distribution/saml-adapters/jetty81-adapter-zip/assembly.xml
@@ -0,0 +1,26 @@
+<assembly>
+ <id>war-dist</id>
+
+ <formats>
+ <format>zip</format>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <dependencySets>
+ <dependencySet>
+ <unpack>false</unpack>
+ <useTransitiveDependencies>true</useTransitiveDependencies>
+ <useTransitiveFiltering>true</useTransitiveFiltering>
+ <includes>
+ <include>org.keycloak:keycloak-saml-jetty81-adapter</include>
+ </includes>
+ <excludes>
+ <exclude>org.eclipse.jetty:jetty-server</exclude>
+ <exclude>org.eclipse.jetty:jetty-util</exclude>
+ <exclude>org.eclipse.jetty:jetty-security</exclude>
+ </excludes>
+ <outputDirectory>lib/keycloak</outputDirectory>
+ </dependencySet>
+ </dependencySets>
+</assembly>
diff --git a/distribution/saml-adapters/jetty81-adapter-zip/pom.xml b/distribution/saml-adapters/jetty81-adapter-zip/pom.xml
new file mode 100755
index 0000000..412a5c8
--- /dev/null
+++ b/distribution/saml-adapters/jetty81-adapter-zip/pom.xml
@@ -0,0 +1,51 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-jetty81-adapter-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak SAML Jetty 8.1.x Adapter Distro</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-jetty81-adapter</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/distribution/saml-adapters/jetty91-adapter-zip/assembly.xml b/distribution/saml-adapters/jetty91-adapter-zip/assembly.xml
new file mode 100755
index 0000000..13eb8e0
--- /dev/null
+++ b/distribution/saml-adapters/jetty91-adapter-zip/assembly.xml
@@ -0,0 +1,39 @@
+<assembly>
+ <id>war-dist</id>
+
+ <formats>
+ <format>zip</format>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <fileSets>
+ <fileSet>
+ <directory></directory>
+ <includes>
+ <include>keycloak.mod</include>
+ </includes>
+ <outputDirectory>modules</outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>${project.build.directory}/modules</directory>
+ <outputDirectory></outputDirectory>
+ </fileSet>
+ </fileSets>
+ <dependencySets>
+ <dependencySet>
+ <unpack>false</unpack>
+ <useTransitiveDependencies>true</useTransitiveDependencies>
+ <useTransitiveFiltering>true</useTransitiveFiltering>
+ <includes>
+ <include>org.keycloak:keycloak-saml-jetty91-adapter</include>
+ </includes>
+ <excludes>
+ <exclude>org.eclipse.jetty:jetty-server</exclude>
+ <exclude>org.eclipse.jetty:jetty-util</exclude>
+ <exclude>org.eclipse.jetty:jetty-security</exclude>
+ </excludes>
+ <outputDirectory>lib/keycloak</outputDirectory>
+ </dependencySet>
+ </dependencySets>
+</assembly>
diff --git a/distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod b/distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod
new file mode 100755
index 0000000..10550d8
--- /dev/null
+++ b/distribution/saml-adapters/jetty91-adapter-zip/keycloak.mod
@@ -0,0 +1,11 @@
+#
+# Keycloak Jetty Adapter
+#
+
+[depend]
+server
+security
+
+[lib]
+lib/keycloak/*.jar
+
diff --git a/distribution/saml-adapters/jetty91-adapter-zip/pom.xml b/distribution/saml-adapters/jetty91-adapter-zip/pom.xml
new file mode 100755
index 0000000..2c15be4
--- /dev/null
+++ b/distribution/saml-adapters/jetty91-adapter-zip/pom.xml
@@ -0,0 +1,51 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-jetty91-adapter-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak SAML Jetty 9.1.x Adapter Distro</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-jetty91-adapter</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/distribution/saml-adapters/jetty92-adapter-zip/assembly.xml b/distribution/saml-adapters/jetty92-adapter-zip/assembly.xml
new file mode 100755
index 0000000..08a4cba
--- /dev/null
+++ b/distribution/saml-adapters/jetty92-adapter-zip/assembly.xml
@@ -0,0 +1,39 @@
+<assembly>
+ <id>war-dist</id>
+
+ <formats>
+ <format>zip</format>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <fileSets>
+ <fileSet>
+ <directory></directory>
+ <includes>
+ <include>keycloak.mod</include>
+ </includes>
+ <outputDirectory>modules</outputDirectory>
+ </fileSet>
+ <fileSet>
+ <directory>${project.build.directory}/modules</directory>
+ <outputDirectory></outputDirectory>
+ </fileSet>
+ </fileSets>
+ <dependencySets>
+ <dependencySet>
+ <unpack>false</unpack>
+ <useTransitiveDependencies>true</useTransitiveDependencies>
+ <useTransitiveFiltering>true</useTransitiveFiltering>
+ <includes>
+ <include>org.keycloak:keycloak-saml-jetty92-adapter</include>
+ </includes>
+ <excludes>
+ <exclude>org.eclipse.jetty:jetty-server</exclude>
+ <exclude>org.eclipse.jetty:jetty-util</exclude>
+ <exclude>org.eclipse.jetty:jetty-security</exclude>
+ </excludes>
+ <outputDirectory>lib/keycloak</outputDirectory>
+ </dependencySet>
+ </dependencySets>
+</assembly>
diff --git a/distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod b/distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod
new file mode 100755
index 0000000..10550d8
--- /dev/null
+++ b/distribution/saml-adapters/jetty92-adapter-zip/keycloak.mod
@@ -0,0 +1,11 @@
+#
+# Keycloak Jetty Adapter
+#
+
+[depend]
+server
+security
+
+[lib]
+lib/keycloak/*.jar
+
diff --git a/distribution/saml-adapters/jetty92-adapter-zip/pom.xml b/distribution/saml-adapters/jetty92-adapter-zip/pom.xml
new file mode 100755
index 0000000..62881cc
--- /dev/null
+++ b/distribution/saml-adapters/jetty92-adapter-zip/pom.xml
@@ -0,0 +1,51 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-jetty92-adapter-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak SAML Jetty 9.2.x Adapter Distro</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-jetty92-adapter</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
distribution/saml-adapters/pom.xml 8(+8 -0)
diff --git a/distribution/saml-adapters/pom.xml b/distribution/saml-adapters/pom.xml
index 8e08bdf..1a1c4b1 100755
--- a/distribution/saml-adapters/pom.xml
+++ b/distribution/saml-adapters/pom.xml
@@ -16,5 +16,13 @@
<modules>
<module>wf9-adapter</module>
+ <module>tomcat6-adapter-zip</module>
+ <module>tomcat7-adapter-zip</module>
+ <module>tomcat8-adapter-zip</module>
+ <module>jetty81-adapter-zip</module>
+ <!-- jetty 9.1 doesn't work right now
+ <module>jetty91-adapter-zip</module> -->
+ <module>jetty92-adapter-zip</module>
+ <module>as7-eap6-adapter</module>
</modules>
</project>
diff --git a/distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml b/distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml
new file mode 100755
index 0000000..ae01a39
--- /dev/null
+++ b/distribution/saml-adapters/tomcat6-adapter-zip/assembly.xml
@@ -0,0 +1,24 @@
+<assembly>
+ <id>war-dist</id>
+
+ <formats>
+ <format>zip</format>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <dependencySets>
+ <dependencySet>
+ <unpack>false</unpack>
+ <useTransitiveDependencies>true</useTransitiveDependencies>
+ <useTransitiveFiltering>true</useTransitiveFiltering>
+ <includes>
+ <include>org.keycloak:keycloak-saml-tomcat6-adapter</include>
+ </includes>
+ <excludes>
+ <exclude>org.apache.tomcat:catalina</exclude>
+ </excludes>
+ <outputDirectory></outputDirectory>
+ </dependencySet>
+ </dependencySets>
+</assembly>
diff --git a/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml
new file mode 100755
index 0000000..89609d4
--- /dev/null
+++ b/distribution/saml-adapters/tomcat6-adapter-zip/pom.xml
@@ -0,0 +1,51 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-tomcat6-adapter-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak SAML Tomcat 6 Adapter Distro</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-tomcat6-adapter</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml b/distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml
new file mode 100755
index 0000000..6c205d1
--- /dev/null
+++ b/distribution/saml-adapters/tomcat7-adapter-zip/assembly.xml
@@ -0,0 +1,25 @@
+<assembly>
+ <id>war-dist</id>
+
+ <formats>
+ <format>zip</format>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <dependencySets>
+ <dependencySet>
+ <unpack>false</unpack>
+ <useTransitiveDependencies>true</useTransitiveDependencies>
+ <useTransitiveFiltering>true</useTransitiveFiltering>
+ <includes>
+ <include>org.keycloak:keycloak-saml-tomcat7-adapter</include>
+ </includes>
+ <excludes>
+ <exclude>org.apache.tomcat:tomcat-servlet-api</exclude>
+ <exclude>org.apache.tomcat:tomcat-catalina</exclude>
+ </excludes>
+ <outputDirectory></outputDirectory>
+ </dependencySet>
+ </dependencySets>
+</assembly>
diff --git a/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml
new file mode 100755
index 0000000..4486d74
--- /dev/null
+++ b/distribution/saml-adapters/tomcat7-adapter-zip/pom.xml
@@ -0,0 +1,51 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-tomcat7-adapter-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak SAML Tomcat 7 Adapter Distro</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-tomcat7-adapter</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml b/distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml
new file mode 100755
index 0000000..76665bc
--- /dev/null
+++ b/distribution/saml-adapters/tomcat8-adapter-zip/assembly.xml
@@ -0,0 +1,25 @@
+<assembly>
+ <id>war-dist</id>
+
+ <formats>
+ <format>zip</format>
+ <format>tar.gz</format>
+ </formats>
+ <includeBaseDirectory>false</includeBaseDirectory>
+
+ <dependencySets>
+ <dependencySet>
+ <unpack>false</unpack>
+ <useTransitiveDependencies>true</useTransitiveDependencies>
+ <useTransitiveFiltering>true</useTransitiveFiltering>
+ <includes>
+ <include>org.keycloak:keycloak-saml-tomcat8-adapter</include>
+ </includes>
+ <excludes>
+ <exclude>org.apache.tomcat:tomcat-servlet-api</exclude>
+ <exclude>org.apache.tomcat:tomcat-catalina</exclude>
+ </excludes>
+ <outputDirectory></outputDirectory>
+ </dependencySet>
+ </dependencySets>
+</assembly>
diff --git a/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml b/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml
new file mode 100755
index 0000000..13741dd
--- /dev/null
+++ b/distribution/saml-adapters/tomcat8-adapter-zip/pom.xml
@@ -0,0 +1,51 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-tomcat8-adapter-dist</artifactId>
+ <packaging>pom</packaging>
+ <name>Keycloak SAML Tomcat 8 Adapter Distro</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-tomcat8-adapter</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>assemble</id>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ <outputDirectory>
+ target
+ </outputDirectory>
+ <workDirectory>
+ target/assembly/work
+ </workDirectory>
+ <appendAssemblyId>false</appendAssemblyId>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/docbook/auth-server-docs/reference/en/en-US/master.xml b/docbook/auth-server-docs/reference/en/en-US/master.xml
index 7a798f8..39a571a 100755
--- a/docbook/auth-server-docs/reference/en/en-US/master.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/master.xml
@@ -94,6 +94,12 @@ This one is short
types are supported and how to configure and install them so that you can use Keycloak to secure
your applications.
</para>
+ <para>
+ These client adapters use an extension of the OpenID Connect protocol (a derivate of OAuth 2.0).
+ This extension provides support for clustering, backchannel logout, and other non-standard adminstrative functions.
+ The Keycloak project also provides a separate, standalone, generic, SAML client adapter. But that is describe in a separate
+ document and has a different download.
+ </para>
&AdapterConfig;
&JBossAdapter;
&TomcatAdapter;
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/master.xml b/docbook/saml-adapter-docs/reference/en/en-US/master.xml
index 51040ac..55ce660 100755
--- a/docbook/saml-adapter-docs/reference/en/en-US/master.xml
+++ b/docbook/saml-adapter-docs/reference/en/en-US/master.xml
@@ -1,6 +1,12 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.docbook.org/xml/4.4/docbookx.dtd"
[
+ <!ENTITY AdapterConfig SYSTEM "modules/adapter-config.xml">
+ <!ENTITY JBossAdapter SYSTEM "modules/jboss-adapter.xml">
+ <!ENTITY TomcatAdapter SYSTEM "modules/tomcat-adapter.xml">
+ <!ENTITY Jetty9Adapter SYSTEM "modules/jetty9-adapter.xml">
+ <!ENTITY Jetty8Adapter SYSTEM "modules/jetty8-adapter.xml">
+ <!ENTITY Logout SYSTEM "modules/logout.xml">
]>
<book>
@@ -33,6 +39,13 @@ This one is short
</programlisting>
</para>
</preface>
+ &AdapterConfig;
+ &JBossAdapter;
+ &TomcatAdapter;
+ &Jetty9Adapter;
+ &Jetty8Adapter;
+ &Logout;
+
</book>
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml
new file mode 100755
index 0000000..eeb3031
--- /dev/null
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter-config.xml
@@ -0,0 +1,384 @@
+<chapter id="adapter-config">
+ <title>General Adapter Config</title>
+ <para>
+ Each SAML adapter supported by Keycloak can be configured by a simple XML text file. This is what one might
+ look like:
+ </para>
+ <para>
+<programlisting><![CDATA[{
+ "realm" : "demo",
+ "resource" : "customer-portal",
+ "realm-public-key" : "MIGfMA0GCSqGSIb3D...31LwIDAQAB",
+ "auth-server-url" : "https://localhost:8443/auth",
+ "ssl-required" : "external",
+ "use-resource-role-mappings" : false,
+ "enable-cors" : true,
+ "cors-max-age" : 1000,
+ "cors-allowed-methods" : "POST, PUT, DELETE, GET",
+ "bearer-only" : false,
+ "enable-basic-auth" : false,
+ "expose-token" : true,
+ "credentials" : {
+ "secret" : "234234-234234-234234"
+ },
+
+ "connection-pool-size" : 20,
+ "disable-trust-manager": false,
+ "allow-any-hostname" : false,
+ "truststore" : "path/to/truststore.jks",
+ "truststore-password" : "geheim",
+ "client-keystore" : "path/to/client-keystore.jks",
+ "client-keystore-password" : "geheim",
+ "client-key-password" : "geheim"
+}]]>
+
+</programlisting>
+ </para>
+ <para>
+ Some of these configuration switches may be adapter specific and some are common across all adapters.
+ For Java adapters you can use <literal>${...}</literal> enclosure as System property replacement.
+ For example <literal>${jboss.server.config.dir}</literal>. Also, you can obtain a template
+ for this config file from the admin console. Go to the realm and select the application you want a template for.
+ Go to the <literal>Installation</literal> tab and this will provide you with a template that includes
+ the public key of the realm.
+ </para>
+ <para>
+ Here is a description of each item:
+ </para>
+ <para>
+ <variablelist>
+ <varlistentry>
+ <term>realm</term>
+ <listitem>
+ <para>
+ Name of the realm representing the users of your distributed applications and services.
+ This is
+ <emphasis>REQUIRED.</emphasis>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>resource</term>
+ <listitem>
+ <para>
+ Username of the application. Each application has a username that is used when the
+ application connects with the Keycloak server to turn an access code into an access token
+ (part of the OAuth 2.0 protocol). This is
+ <emphasis>REQUIRED.</emphasis>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>realm-public-key</term>
+ <listitem>
+ <para>
+ PEM format of public key. You can obtain this from the administration console.
+ This is
+ <emphasis>REQUIRED.</emphasis>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>auth-server-url</term>
+ <listitem>
+ <para>
+ The base URL of the Keycloak Server. All other Keycloak pages and REST services are derived
+ from this. It is usually of the form <literal>https://host:port/auth</literal>
+ This is
+ <emphasis>REQUIRED.</emphasis>
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>ssl-required</term>
+ <listitem>
+ <para>
+ Ensures that all communication to and from the Keycloak server from the adapter is over HTTPS.
+ This is <emphasis>OPTIONAL</emphasis>. The default value is
+ <emphasis>external</emphasis>
+ meaning that HTTPS is required by default for external requests. Valid values are 'all', 'external'
+ and 'none'.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>use-resource-role-mappings</term>
+ <listitem>
+ <para>
+ If set to true, the adapter will look inside the token for application level role mappings for
+ the
+ user. If false, it will look at the realm level for user role mappings.
+ This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>public-client</term>
+ <listitem>
+ <para>
+ If set to true, the adapter will not send credentials for the client to Keycloak.
+ The default value is <emphasis>false</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>enable-cors</term>
+ <listitem>
+ <para>
+ This enables CORS support. It will handle CORS preflight requests. It will also look into
+ the access token to determine valid origins.
+ This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>cors-max-age</term>
+ <listitem>
+ <para>
+ If CORS is enabled, this sets the value of the
+ <literal>Access-Control-Max-Age</literal>
+ header.
+ This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
+ responses.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>cors-allowed-methods</term>
+ <listitem>
+ <para>
+ If CORS is enabled, this sets the value of the
+ <literal>Access-Control-Allow-Methods</literal>
+ header. This should be a comma-separated string.
+ This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
+ responses.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>cors-allowed-headers</term>
+ <listitem>
+ <para>
+ If CORS is enabled, this sets the value of the
+ <literal>Access-Control-Allow-Headers</literal>
+ header. This should be a comma-separated string.
+ This is <emphasis>OPTIONAL</emphasis>. If not set, this header is not returned in CORS
+ responses.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>bearer-only</term>
+ <listitem>
+ <para>
+ This tells the adapter to only do bearer token authentication. That is, it will not do
+ OAuth 2.0 redirects, but only accept bearer tokens through the
+ <literal>Authorization</literal>
+ header.
+ This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>enable-basic-auth</term>
+ <listitem>
+ <para>
+ This tells the adapter to also support basic authentication. If this option is enabled,
+ then <emphasis>secret</emphasis> must also be provided.
+ This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>expose-token</term>
+ <listitem>
+ <para>
+ If <literal>true</literal>, an authenticated browser client (via a Javascript HTTP invocation)
+ can obtain the signed access token via the URL <literal>root/k_query_bearer_token</literal>.
+ This is <emphasis>OPTIONAL</emphasis>. The default value is <emphasis>false</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>credentials</term>
+ <listitem>
+ <para>
+ Specify the credentials of the application. This is an object notation where the key
+ is the credential type and the value is the value of the credential type. Currently only
+ <literal>password</literal>
+ is supported.
+ This is <emphasis>REQUIRED</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>connection-pool-size</term>
+ <listitem>
+ <para>
+ Adapters will make separate HTTP invocations to the Keycloak Server to turn an access code
+ into an access token. This config option defines how many connections to the Keycloak Server
+ should be pooled.
+ This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>20</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>disable-trust-manager</term>
+ <listitem>
+ <para>
+ If the Keycloak Server requires HTTPS and this config option is set to <literal>true</literal>
+ you do not have to specify a truststore. While convenient, this setting is not recommended
+ as you will not be verifying the host name of the Keycloak Server.
+ This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>false</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>allow-any-hostname</term>
+ <listitem>
+ <para>
+ If the Keycloak Server requires HTTPS and this config option is set to <literal>true</literal>
+ the Keycloak Server's certificate is validated via the truststore, but host name validation is
+ not done. This is not a recommended. This seting may be useful in test environments
+ This is <emphasis>OPTIONAL</emphasis>. The default value is <literal>false</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>truststore</term>
+ <listitem>
+ <para>
+ This setting is for Java adapters. The value is the file path to a Java keystore file. If
+ you prefix the path with <literal>classpath:</literal>, then the truststore will be obtained
+ from the deployment's classpath instead.
+ Used for outgoing HTTPS communications to the Keycloak server. Client making HTTPS
+ requests need a way to verify the host of the server they are talking to. This is
+ what the trustore does. The keystore contains one or more trusted
+ host certificates or certificate authorities. You can
+ create this truststore by extracting the public certificate of the Keycloak server's SSL
+ keystore.
+ This is
+ <emphasis>OPTIONAL</emphasis>
+ if
+ <literal>ssl-required</literal>
+ is
+ <literal>none</literal>
+ or
+ <literal>disable-trust-manager</literal>
+ is <literal>true</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>truststore-password</term>
+ <listitem>
+ <para>
+ Password for the truststore keystore.
+ This is
+ <emphasis>REQUIRED</emphasis>
+ if
+ <literal>truststore</literal>
+ is set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>client-keystore</term>
+ <listitem>
+ <para>
+ <emphasis>Not supported yet, but we will support in future versions.</emphasis>
+
+ This setting is for Java adapters. This is the file path to a Java keystore file.
+ This keystore contains client certificate for two-way SSL when the adapter makes
+ HTTPS requests to the Keycloak server.
+ This is <emphasis>OPTIONAL</emphasis>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>client-keystore-password</term>
+ <listitem>
+ <para>
+ <emphasis>Not supported yet, but we will support in future versions.</emphasis>
+ Password for the client keystore.
+ This is
+ <emphasis>REQUIRED</emphasis>
+ if
+ <literal>client-keystore</literal>
+ is set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>client-key-password</term>
+ <listitem>
+ <para>
+ <emphasis>Not supported yet, but we will support in future versions.</emphasis>
+ Password for the client's key.
+ This is
+ <emphasis>REQUIRED</emphasis>
+ if
+ <literal>client-keystore</literal>
+ is set.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>auth-server-url-for-backend-requests</term>
+ <listitem>
+ <para>
+ Alternative location of auth-server-url used just for backend requests. It must be absolute URI. Useful
+ especially in cluster (see <link linkend="relative-uri-optimization">Relative URI Optimization</link>) or if you would like to use <emphasis>https</emphasis> for browser requests
+ but stick with <emphasis>http</emphasis> for backend requests etc.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>always-refresh-token</term>
+ <listitem>
+ <para>
+ If <emphasis>true</emphasis>, Keycloak will refresh token in every request. More info in <link linkend="refresh-token-each-req">Refresh token in each request</link> .
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>register-node-at-startup</term>
+ <listitem>
+ <para>
+ If <emphasis>true</emphasis>, then adapter will send registration request to Keycloak. It's <emphasis>false</emphasis>
+ by default and useful just in cluster (See <link linkend="registration-app-nodes">Registration of application nodes to Keycloak</link>)
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>register-node-period</term>
+ <listitem>
+ <para>
+ Period for re-registration adapter to Keycloak. Useful in cluster. See <link linkend="registration-app-nodes">Registration of application nodes to Keycloak</link> for details.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>token-store</term>
+ <listitem>
+ <para>
+ Possible values are <emphasis>session</emphasis> and <emphasis>cookie</emphasis>. Default is <emphasis>session</emphasis>,
+ which means that adapter stores account info in HTTP Session. Alternative <emphasis>cookie</emphasis> means storage of info in cookie.
+ See <link linkend="stateless-token-store">Stateless token store</link> for details.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>principal-attribute</term>
+ <listitem>
+ <para>
+ OpenID Connection ID Token attribute to populate the UserPrincipal name with. If token attribute is null, defaults to <literal>sub</literal>.
+ Possible values are <literal>sub</literal>, <literal>preferred_username</literal>, <literal>email</literal>, <literal>name</literal>, <literal>nickname</literal>, <literal>given_name</literal>, <literal>family_name</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+</chapter>
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml
new file mode 100755
index 0000000..fc29402
--- /dev/null
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/jboss-adapter.xml
@@ -0,0 +1,188 @@
+<chapter id="jboss-adapter">
+ <title>JBoss/Wildfly Adapter</title>
+ <para>
+ To be able to secure WAR apps deployed on JBoss EAP 6.x or Wildfly, you must install and
+ configure the Keycloak SAML Adapter Subsystem. You then provide a keycloak
+ config, <literal>/WEB-INF/keycloak-saml</literal> file in your WAR and change the auth-method to KEYCLOAK-SAML within web.xml.
+ Both methods are described in this section.
+ </para>
+ <section id="jboss-adapter-installation">
+ <title>Adapter Installation</title>
+ <para>
+ SAML Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
+ the Keycloak download site. They are also available as a maven artifact.
+ </para>
+ <para>
+ Install on Wildfly 9:
+<programlisting>
+$ cd $WILDFLY_HOME
+$ unzip keycloak-saml-wf9-adapter-dist.zip
+</programlisting>
+ </para>
+ <para>
+ Install on JBoss EAP 6.x:
+<programlisting>
+$ cd $JBOSS_HOME
+$ unzip keycloak-saml-eap6-adapter-dist.zip
+</programlisting>
+ </para>
+ <para>
+ This zip file creates new JBoss Modules specific to the Wildfly Keycloak SAML Adapter within your Wildfly distro.
+ </para>
+ <para>
+ After adding the Keycloak modules, you must then enable the Keycloak SAML Subsystem within your app server's server configuration:
+ <literal>domain.xml</literal> or <literal>standalone.xml</literal>.
+ </para>
+ <para>
+ There is a CLI script that will help you modify your server configuration. Start the server and run the script
+ from the server's bin directory:
+<programlisting>
+$ cd $JBOSS_HOME/bin
+$ jboss-cli.sh -c --file=adapter-install.cli
+</programlisting>
+ The script will add the extension, subsystem, and optional security-domain as described below.
+ </para>
+ <para>
+<programlisting><![CDATA[
+<server xmlns="urn:jboss:domain:1.4">
+
+ <extensions>
+ <extension module="org.keycloak.keycloak-saml-adapter-subsystem"/>
+ ...
+ </extensions>
+
+ <profile>
+ <subsystem xmlns="urn:jboss:domain:keycloak-saml:1.6"/>
+ ...
+ </profile>
+]]>
+</programlisting>
+ </para>
+ <para>
+ The keycloak security domain should be used with EJBs and other components when you need the security context created
+ in the secured web tier to be propagated to the EJBs (other EE component) you are invoking. Otherwise
+ this configuration is optional.
+ </para>
+<programlisting><![CDATA[
+<server xmlns="urn:jboss:domain:1.4">
+ <subsystem xmlns="urn:jboss:domain:security:1.2">
+ <security-domains>
+...
+ <security-domain name="keycloak">
+ <authentication>
+ <login-module code="org.keycloak.adapters.jboss.KeycloakLoginModule"
+ flag="required"/>
+ </authentication>
+ </security-domain>
+ </security-domains>
+]]>
+</programlisting>
+ <para>
+ For example, if you have a JAX-RS service that is an EJB within your WEB-INF/classes directory, you'll want
+ to annotate it with the @SecurityDomain annotation as follows:
+ </para>
+<programlisting><![CDATA[
+import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.resteasy.annotations.cache.NoCache;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.EJB;
+import javax.ejb.Stateless;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import java.util.ArrayList;
+import java.util.List;
+
+@Path("customers")
+@Stateless
+@SecurityDomain("keycloak")
+public class CustomerService {
+
+ @EJB
+ CustomerDB db;
+
+ @GET
+ @Produces("application/json")
+ @NoCache
+ @RolesAllowed("db_user")
+ public List<String> getCustomers() {
+ return db.getCustomers();
+ }
+}
+]]>
+</programlisting>
+ <para>
+ We hope to improve our integration in the future so that you don't have to specify the @SecurityDomain
+ annotation when you want to propagate a keycloak security context to the EJB tier.
+ </para>
+
+ </section>
+ <section>
+ <title>Required Per WAR Configuration</title>
+ <para>
+ This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
+ </para>
+ <para>
+ The first thing you must do is create
+ a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
+ of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
+ section.
+ </para>
+ <para>
+ Next you must set the <literal>auth-method</literal> to <literal>KEYCLOAK-SAML</literal> in <literal>web.xml</literal>. You also
+ have to use standard servlet security to specify role-base constraints on your URLs. Here's an example
+ pulled from one of the examples that comes distributed with Keycloak.
+ </para>
+ <para>
+<programlisting>
+<![CDATA[
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>customer-portal</module-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Admins</web-resource-name>
+ <url-pattern>/admin/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>admin</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Customers</web-resource-name>
+ <url-pattern>/customers/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>KEYCLOAK-SAML</auth-method>
+ <realm-name>this is ignored currently</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
+]]>
+</programlisting>
+ </para>
+ </section>
+</chapter>
\ No newline at end of file
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml
new file mode 100755
index 0000000..dbbef0c
--- /dev/null
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty8-adapter.xml
@@ -0,0 +1,49 @@
+<chapter id="jetty8-adapter">
+ <title>Jetty 8.1.x SAML Adapter</title>
+ <para>
+ Keycloak has a separate SAML adapter for Jetty 8.1.x that you will have to install into your Jetty
+ installation. You then have to provide some extra configuration in each WAR you deploy to
+ Jetty. Let's go over these steps.
+ </para>
+ <section id="jetty8-adapter-installation">
+ <title>Adapter Installation</title>
+ <para>
+ Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
+ the Keycloak download site. They are also available as a maven artifact.
+ </para>
+ <para>
+ You must unzip the Jetty 8.1.x distro into Jetty 8.1.x's root directory. Including
+ adapter's jars within your WEB-INF/lib directory will not work!
+ </para>
+ <para>
+<programlisting>
+$ cd $JETTY_HOME
+$ unzip keycloak-saml-jetty81-adapter-dist.zip
+</programlisting>
+ </para>
+ <para>
+ Next, you will have to enable the keycloak option. Edit start.ini and add keycloak to the options
+ </para>
+ <para>
+<programlisting>
+<![CDATA[
+#===========================================================
+# Start classpath OPTIONS.
+# These control what classes are on the classpath
+# for a full listing do
+# java -jar start.jar --list-options
+#-----------------------------------------------------------
+OPTIONS=Server,jsp,jmx,resources,websocket,ext,plus,annotations,keycloak
+]]>
+</programlisting>
+
+ </para>
+ </section>
+
+ <section>
+ <title>Required Per WAR Configuration</title>
+ <para>
+ Enabling Keycloak for your WARs is the same as the Jetty 9.x adapter. See <link linkend="jetty9_per_war">Required Per WAR Configuration</link>
+ </para>
+ </section>
+</chapter>
\ No newline at end of file
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml
new file mode 100755
index 0000000..44cd972
--- /dev/null
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/jetty9-adapter.xml
@@ -0,0 +1,106 @@
+<chapter id="jetty9-adapter">
+ <title>Jetty 9.x SAML Adapters</title>
+ <para>
+ Keycloak has a separate SAML adapter for Jetty 9.x. You then have to provide some extra configuration in each WAR you deploy to
+ Jetty. Let's go over these steps.
+ </para>
+ <section id="jetty9-adapter-installation">
+ <title>Adapter Installation</title>
+ <para>
+ Adapters are no longer included with the appliance or war distribution.Each adapter is a separate download on
+ the Keycloak download site. They are also available as a maven artifact.
+ </para>
+ <para>
+ You must unzip the Jetty 9.x distro into Jetty 9.x's root directory. Including
+ adapter's jars within your WEB-INF/lib directory will not work!
+ </para>
+ <para>
+<programlisting>
+$ cd $JETTY_HOME
+$ unzip keycloak-saml-jetty92-adapter-dist.zip
+</programlisting>
+ </para>
+ <para>
+ Next, you will have to enable the keycloak module for your jetty.base.
+ </para>
+ <para>
+<programlisting>
+$ cd your-base
+$ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak
+</programlisting>
+
+ </para>
+ </section>
+
+ <section id="jetty9_per_war">
+ <title>Required Per WAR Configuration</title>
+ <para>
+ This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
+ </para>
+ <para>
+ The first thing you must do is create a <literal>WEB-INF/jetty-web.xml</literal> file in your WAR package. This is
+ a Jetty specific config file and you must define a Keycloak specific authenticator within it.
+ </para>
+ <programlisting>
+<![CDATA[
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure class="org.eclipse.jetty.webapp.WebAppContext">
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.keycloak.adapters.saml.jetty.KeycloakSamlAuthenticator">
+ </New>
+ </Set>
+ </Get>
+</Configure>]]>
+ </programlisting>
+ <para>
+ Next you must create
+ a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
+ of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
+ section.
+ </para>
+ <para>
+ Finally you must specify both a <literal>login-config</literal> and use standard servlet security to specify
+ role-base constraints on your URLs. Here's an example:
+ </para>
+ <para>
+<programlisting>
+<![CDATA[
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>customer-portal</module-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Customers</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>this is ignored currently</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
+]]>
+</programlisting>
+ </para>
+ </section>
+</chapter>
\ No newline at end of file
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml
new file mode 100755
index 0000000..e258d60
--- /dev/null
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/logout.xml
@@ -0,0 +1,10 @@
+<chapter>
+ <title>Logout</title>
+ <para>
+ There are multiple ways you can logout from a web application. For Java EE servlet containers, you can call
+ HttpServletRequest.logout().
+ For any other browser application, you can point the browser at any url of your web application that has
+ a security constraing and pass in a query parameter GLO, i.e. <literal>http://myapp?GLO=true</literal>.
+ This will log you out if you have an SSO session with your browser.
+ </para>
+</chapter>
\ No newline at end of file
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml
new file mode 100755
index 0000000..322aadb
--- /dev/null
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/multi-tenancy.xml
@@ -0,0 +1,56 @@
+<chapter id="multi_tenancy">
+ <title>Multi Tenancy</title>
+ <para>
+ Multi Tenancy, in our context, means that one single target application (WAR) can be secured by a single (or clustered) Keycloak server, authenticating
+ its users against different realms. In practice, this means that one application needs to use different <literal>keycloak.json</literal> files.
+ For this case, there are two possible solutions:
+ <itemizedlist>
+
+ <listitem>
+ The same WAR file deployed under two different names, each with its own Keycloak configuration (probably via the Keycloak Subsystem).
+ This scenario is suitable when the number of realms is known in advance or when there's a dynamic provision of application instances.
+ One example would be a service provider that dynamically creates servers/deployments for their clients, like a PaaS.
+ </listitem>
+
+ <listitem>
+ A WAR file deployed once (possibly in a cluster), that decides which realm to authenticate against based on the request parameters.
+ This scenario is suitable when there are an undefined number of realms. One example would be a SaaS provider that have only one deployment
+ (perhaps in a cluster) serving several companies, differentiating between clients based on the hostname
+ (<literal>client1.acme.com</literal>, <literal>client2.acme.com</literal>) or path (<literal>/app/client1/</literal>,
+ <literal>/app/client2/</literal>) or even via a special HTTP Header.
+ </listitem>
+
+ </itemizedlist>
+
+ This chapter of the reference guide focus on this second scenario.
+ </para>
+
+ <para>
+ Keycloak provides an extension point for applications that need to evaluate the realm on a request basis. During the authentication
+ and authorization phase of the incoming request, Keycloak queries the application via this extension point and expects the application
+ to return a complete representation of the realm. With this, Keycloak then proceeds the authentication and authorization process,
+ accepting or refusing the request based on the incoming credentials and on the returned realm.
+
+ For this scenario, an application needs to:
+
+ <itemizedlist>
+
+ <listitem>
+ Add a context parameter to the <literal>web.xml</literal>, named <literal>keycloak.config.resolver</literal>.
+ The value of this property should be the fully qualified name of the class extending
+ <literal>org.keycloak.adapters.KeycloakConfigResolver</literal>.
+ </listitem>
+
+ <listitem>
+ A concrete implementation of <literal>org.keycloak.adapters.KeycloakConfigResolver</literal>. Keycloak will call the
+ <literal>resolve(org.keycloak.adapters.HttpFacade.Request)</literal> method and expects a complete
+ <literal>org.keycloak.adapters.KeycloakDeployment</literal> in response. Note that Keycloak will call this for every request,
+ so, take the usual performance precautions.
+ </listitem>
+
+ </itemizedlist>
+ </para>
+ <para>
+ An implementation of this feature can be found in the examples.
+ </para>
+</chapter>
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml
new file mode 100755
index 0000000..f6db1b0
--- /dev/null
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/tomcat-adapter.xml
@@ -0,0 +1,92 @@
+<chapter id="tomcat-adapter">
+ <title>Tomcat 6, 7 and 8 SAML dapters</title>
+ <para>
+ To be able to secure WAR apps deployed on Tomcat 6, 7 and 8 you must install the Keycloak Tomcat 6, 7 or 8 SAML adapter
+ into your Tomcat installation. You then have to provide some extra configuration in each WAR you deploy to
+ Tomcat. Let's go over these steps.
+ </para>
+ <section id="tomcat-adapter-installation">
+ <title>Adapter Installation</title>
+ <para>
+ Adapters are no longer included with the appliance or war distribution. Each adapter is a separate download on
+ the Keycloak download site. They are also available as a maven artifact.
+ </para>
+ <para>
+ You must unzip the adapter distro into Tomcat's <literal>lib/</literal> directory. Including
+ adapter's jars within your WEB-INF/lib directory will not work! The Keycloak SAML adapter is implemented as a Valve
+ and valve code must reside in Tomcat's main lib/ directory.
+ </para>
+ <para>
+<programlisting>
+$ cd $TOMCAT_HOME/lib
+$ unzip keycloak-saml-tomcat6-adapter-dist.zip
+ or
+$ unzip keycloak-saml-tomcat7-adapter-dist.zip
+ or
+$ unzip keycloak-saml-tomcat8-adapter-dist.zip
+</programlisting>
+ </para>
+ </section>
+
+ <section>
+ <title>Required Per WAR Configuration</title>
+ <para>
+ This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
+ </para>
+ <para>
+ The first thing you must do is create a <literal>META-INF/context.xml</literal> file in your WAR package. This is
+ a Tomcat specific config file and you must define a Keycloak specific Valve.
+ </para>
+ <programlisting>
+<![CDATA[
+<Context path="/your-context-path">
+ <Valve className="org.keycloak.adapters.saml.tomcat.SamlAuthenticatorValve"/>
+</Context>]]>
+ </programlisting>
+ <para>
+ Next you must create
+ a <literal>keycloak-saml.xml</literal> adapter config file within the <literal>WEB-INF</literal> directory
+ of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
+ section.
+ </para>
+ <para>
+ Finally you must specify both a <literal>login-config</literal> and use standard servlet security to specify
+ role-base constraints on your URLs. Here's an example:
+ </para>
+ <para>
+<programlisting>
+<![CDATA[
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>customer-portal</module-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Customers</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>this is ignored currently</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
+]]>
+</programlisting>
+ </para>
+ </section>
+</chapter>
\ No newline at end of file
pom.xml 10(+10 -0)
diff --git a/pom.xml b/pom.xml
index 3ef78c3..2eca228 100755
--- a/pom.xml
+++ b/pom.xml
@@ -894,6 +894,16 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-adapter</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-subsystem</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-saml-tomcat7-adapter</artifactId>
<version>${project.version}</version>
</dependency>
saml/client-adapter/as7-eap6/adapter/pom.xml 101(+101 -0)
diff --git a/saml/client-adapter/as7-eap6/adapter/pom.xml b/saml/client-adapter/as7-eap6/adapter/pom.xml
new file mode 100755
index 0000000..0683343
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/adapter/pom.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>keycloak-saml-as7-adapter</artifactId>
+ <name>Keycloak SAML AS7 Integration</name>
+ <description/>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-common</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-as7-adapter-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-adapter-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-adapter-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-adapter-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.spec.javax.servlet</groupId>
+ <artifactId>jboss-servlet-api_3.0_spec</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging</artifactId>
+ <version>${jboss.logging.version}</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.web</groupId>
+ <artifactId>jbossweb</artifactId>
+ <version>7.0.17.Final</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.as</groupId>
+ <artifactId>jboss-as-web</artifactId>
+ <version>7.1.2.Final</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-tomcat-adapter-core</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat-servlet-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat-catalina</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>catalina</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>${maven.compiler.source}</source>
+ <target>${maven.compiler.target}</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/saml/client-adapter/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java b/saml/client-adapter/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java
new file mode 100755
index 0000000..624d5a7
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/adapter/src/main/java/org/keycloak/adapters/saml/jbossweb/SamlAuthenticatorValve.java
@@ -0,0 +1,52 @@
+package org.keycloak.adapters.saml.jbossweb;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.core.StandardContext;
+import org.apache.catalina.deploy.LoginConfig;
+import org.keycloak.adapters.jbossweb.JBossWebPrincipalFactory;
+import org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve;
+import org.keycloak.adapters.tomcat.GenericPrincipalFactory;
+
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Keycloak authentication valve
+ *
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class SamlAuthenticatorValve extends AbstractSamlAuthenticatorValve {
+ public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws java.io.IOException {
+ return authenticateInternal(request, response, config);
+ }
+
+ @Override
+ protected boolean forwardToErrorPageInternal(Request request, HttpServletResponse response, Object loginConfig) throws IOException {
+ if (loginConfig == null) return false;
+ LoginConfig config = (LoginConfig)loginConfig;
+ if (config.getErrorPage() == null) return false;
+ forwardToErrorPage(request, (Response)response, config);
+ return true;
+ }
+
+
+ @Override
+ public void start() throws LifecycleException {
+ StandardContext standardContext = (StandardContext) context;
+ standardContext.addLifecycleListener(this);
+ super.start();
+ }
+
+
+ public void logout(Request request) {
+ logoutInternal(request);
+ }
+
+ @Override
+ protected GenericPrincipalFactory createPrincipalFactory() {
+ return new JBossWebPrincipalFactory();
+ }
+}
saml/client-adapter/as7-eap6/pom.xml 20(+20 -0)
diff --git a/saml/client-adapter/as7-eap6/pom.xml b/saml/client-adapter/as7-eap6/pom.xml
new file mode 100755
index 0000000..c6bca52
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/pom.xml
@@ -0,0 +1,20 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>keycloak-parent</artifactId>
+ <groupId>org.keycloak</groupId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+ <name>Keycloak SAML EAP Integration</name>
+ <description/>
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>keycloak-saml-eap-integration-pom</artifactId>
+ <packaging>pom</packaging>
+
+ <modules>
+ <module>adapter</module>
+ <module>subsystem</module>
+ </modules>
+</project>
saml/client-adapter/as7-eap6/subsystem/pom.xml 115(+115 -0)
diff --git a/saml/client-adapter/as7-eap6/subsystem/pom.xml b/saml/client-adapter/as7-eap6/subsystem/pom.xml
new file mode 100755
index 0000000..198c360
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/pom.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+~ Copyright 2013 JBoss Inc
+~
+~ Licensed under the Apache License, Version 2.0 (the "License");
+~ you may not use this file except in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing, software
+~ distributed under the License is distributed on an "AS IS" BASIS,
+~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+~ See the License for the specific language governing permissions and
+~ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-parent</artifactId>
+ <version>1.6.0.Final-SNAPSHOT</version>
+ <relativePath>../../../../pom.xml</relativePath>
+ </parent>
+
+ <artifactId>keycloak-saml-as7-subsystem</artifactId>
+ <name>Keycloak SAML AS7 Subsystem</name>
+ <description/>
+ <packaging>jar</packaging>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.8.1</version>
+ <configuration>
+ <redirectTestOutputToFile>false</redirectTestOutputToFile>
+ <enableAssertions>true</enableAssertions>
+ <argLine>-Xmx512m</argLine>
+ <systemProperties>
+ <property>
+ <name>jboss.home</name>
+ <value>${jboss.home}</value>
+ </property>
+ </systemProperties>
+ <includes>
+ <include>**/*TestCase.java</include>
+ </includes>
+ <forkMode>once</forkMode>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.keycloak</groupId>
+ <artifactId>keycloak-saml-as7-adapter</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.as</groupId>
+ <artifactId>jboss-as-naming</artifactId>
+ <version>${jboss.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.as</groupId>
+ <artifactId>jboss-as-server</artifactId>
+ <version>${jboss.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.as</groupId>
+ <artifactId>jboss-as-ee</artifactId>
+ <version>${jboss.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.as</groupId>
+ <artifactId>jboss-as-web</artifactId>
+ <version>${jboss.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging</artifactId>
+ <version>3.1.0.GA</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging-processor</artifactId>
+ <!-- This is a compile-time dependency of this project, but is not needed at compile or runtime by other
+projects that depend on this project.-->
+ <scope>provided</scope>
+ <optional>true</optional>
+ <version>1.0.0.Final</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.msc</groupId>
+ <artifactId>jboss-msc</artifactId>
+ <version>1.0.2.GA</version>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java
new file mode 100755
index 0000000..31008d4
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakAdapterConfigDeploymentProcessor.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.saml.as7;
+
+import org.jboss.as.server.deployment.DeploymentPhaseContext;
+import org.jboss.as.server.deployment.DeploymentUnit;
+import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
+import org.jboss.as.server.deployment.DeploymentUnitProcessor;
+import org.jboss.as.web.deployment.WarMetaData;
+import org.jboss.logging.Logger;
+import org.jboss.metadata.javaee.spec.ParamValueMetaData;
+import org.jboss.metadata.web.jboss.JBossWebMetaData;
+import org.jboss.metadata.web.jboss.ValveMetaData;
+import org.jboss.metadata.web.spec.LoginConfigMetaData;
+import org.keycloak.adapters.saml.jbossweb.SamlAuthenticatorValve;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Pass authentication data (keycloak.json) as a servlet context param so it can be read by the KeycloakServletExtension.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2014 Red Hat Inc.
+ */
+public class KeycloakAdapterConfigDeploymentProcessor implements DeploymentUnitProcessor {
+ protected Logger log = Logger.getLogger(KeycloakAdapterConfigDeploymentProcessor.class);
+
+ // This param name is defined again in Keycloak Undertow Integration class
+ // org.keycloak.adapters.undertow.KeycloakServletExtension. We have this value in
+ // two places to avoid dependency between Keycloak Subsystem and Keyclaok Undertow Integration.
+ public static final String AUTH_DATA_PARAM_NAME = "org.keycloak.saml.adapterConfig";
+
+
+ @Override
+ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
+ DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
+ String deploymentName = deploymentUnit.getName();
+
+ // if it's not a web-app there's nothing to secure
+ WarMetaData warMetaData = deploymentUnit.getAttachment(WarMetaData.ATTACHMENT_KEY);
+ if (warMetaData == null) {
+ return;
+ }
+ JBossWebMetaData webMetaData = warMetaData.getMergedJBossWebMetaData();
+ if (webMetaData == null) {
+ webMetaData = new JBossWebMetaData();
+ warMetaData.setMergedJBossWebMetaData(webMetaData);
+ }
+
+ // otherwise
+ LoginConfigMetaData loginConfig = webMetaData.getLoginConfig();
+
+ boolean webRequiresKC = loginConfig != null && "KEYCLOAK-SAML".equalsIgnoreCase(loginConfig.getAuthMethod());
+
+ if (webRequiresKC) {
+ log.debug("Setting up KEYCLOAK-SAML auth method for WAR: " + deploymentName);
+ addValve(webMetaData);
+ }
+ }
+
+ private void addValve(JBossWebMetaData webMetaData) {
+ List<ValveMetaData> valves = webMetaData.getValves();
+ if (valves == null) {
+ valves = new ArrayList<ValveMetaData>(1);
+ webMetaData.setValves(valves);
+ }
+ ValveMetaData valve = new ValveMetaData();
+ valve.setValveClass(SamlAuthenticatorValve.class.getName());
+ valve.setModule("org.keycloak.keycloak-saml-as7-adapter");
+ //log.info("******* adding Keycloak valve to: " + deploymentName);
+ valves.add(valve);
+ }
+
+ @Override
+ public void undeploy(DeploymentUnit du) {
+
+ }
+
+}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java
new file mode 100755
index 0000000..c214774
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessor.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.keycloak.subsystem.saml.as7;
+
+import org.jboss.as.server.deployment.Attachments;
+import org.jboss.as.server.deployment.DeploymentPhaseContext;
+import org.jboss.as.server.deployment.DeploymentUnit;
+import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
+import org.jboss.as.server.deployment.DeploymentUnitProcessor;
+import org.jboss.as.server.deployment.module.ModuleDependency;
+import org.jboss.as.server.deployment.module.ModuleSpecification;
+import org.jboss.modules.Module;
+import org.jboss.modules.ModuleIdentifier;
+import org.jboss.modules.ModuleLoader;
+
+/**
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+public abstract class KeycloakDependencyProcessor implements DeploymentUnitProcessor {
+
+ private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core");
+ private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core");
+ private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common");
+
+ @Override
+ public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
+ final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
+
+ // Next phase, need to detect if this is a Keycloak deployment. If not, don't add the modules.
+
+ final ModuleSpecification moduleSpecification = deploymentUnit.getAttachment(Attachments.MODULE_SPECIFICATION);
+ final ModuleLoader moduleLoader = Module.getBootModuleLoader();
+ addCommonModules(moduleSpecification, moduleLoader);
+ addPlatformSpecificModules(moduleSpecification, moduleLoader);
+ }
+
+ private void addCommonModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
+ // ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
+ moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false));
+ moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false));
+ moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
+ }
+
+ abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);
+
+ @Override
+ public void undeploy(DeploymentUnit du) {
+
+ }
+
+}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessorAS7.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessorAS7.java
new file mode 100755
index 0000000..700fc82
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakDependencyProcessorAS7.java
@@ -0,0 +1,19 @@
+package org.keycloak.subsystem.saml.as7;
+
+import org.jboss.as.server.deployment.module.ModuleDependency;
+import org.jboss.as.server.deployment.module.ModuleSpecification;
+import org.jboss.modules.ModuleIdentifier;
+import org.jboss.modules.ModuleLoader;
+
+/**
+ * @author <a href="mailto:marko.strukelj@gmail.com">Marko Strukelj</a>
+ */
+public class KeycloakDependencyProcessorAS7 extends KeycloakDependencyProcessor {
+
+ private static final ModuleIdentifier KEYCLOAK_AS7_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-as7-adapter");
+
+ @Override
+ protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader) {
+ // ModuleDependency(ModuleLoader moduleLoader, ModuleIdentifier identifier, boolean optional, boolean export, boolean importServices, boolean userSpecified)
+ moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_AS7_ADAPTER, false, false, true, false));
+ }}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSamlExtension.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSamlExtension.java
new file mode 100755
index 0000000..c52f2b5
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSamlExtension.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.saml.as7;
+
+import org.jboss.as.controller.Extension;
+import org.jboss.as.controller.ExtensionContext;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.controller.ResourceDefinition;
+import org.jboss.as.controller.SubsystemRegistration;
+import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
+import org.jboss.as.controller.parsing.ExtensionParsingContext;
+import org.jboss.as.controller.registry.ManagementResourceRegistration;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
+
+
+/**
+ * Main Extension class for the subsystem.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+public class KeycloakSamlExtension implements Extension {
+
+ public static final String SUBSYSTEM_NAME = "keycloak-saml";
+ public static final String NAMESPACE = "urn:jboss:domain:keycloak-saml:1.6";
+ private static final KeycloakSubsystemParser PARSER = new KeycloakSubsystemParser();
+ static final PathElement PATH_SUBSYSTEM = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
+ private static final String RESOURCE_NAME = KeycloakSamlExtension.class.getPackage().getName() + ".LocalDescriptions";
+ private static final int MGMT_API_VERSION_MAJOR = 1;
+ private static final int MGMT_API_VERSION_MINOR = 1;
+
+ static final PathElement SUBSYSTEM_PATH = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
+ private static final ResourceDefinition KEYCLOAK_SUBSYSTEM_RESOURCE = new KeycloakSubsystemDefinition();
+
+ public static StandardResourceDescriptionResolver getResourceDescriptionResolver(final String... keyPrefix) {
+ StringBuilder prefix = new StringBuilder(SUBSYSTEM_NAME);
+ for (String kp : keyPrefix) {
+ prefix.append('.').append(kp);
+ }
+ return new StandardResourceDescriptionResolver(prefix.toString(), RESOURCE_NAME, KeycloakSamlExtension.class.getClassLoader(), true, false);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void initializeParsers(final ExtensionParsingContext context) {
+ context.setSubsystemXmlMapping(SUBSYSTEM_NAME, KeycloakSamlExtension.NAMESPACE, PARSER);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void initialize(final ExtensionContext context) {
+ final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, MGMT_API_VERSION_MAJOR, MGMT_API_VERSION_MINOR);
+
+ ManagementResourceRegistration registration = subsystem.registerSubsystemModel(KEYCLOAK_SUBSYSTEM_RESOURCE);
+
+ subsystem.registerXMLElementWriter(PARSER);
+ }
+}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java
new file mode 100755
index 0000000..2a7fd55
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemAdd.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2013 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.saml.as7;
+
+
+import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
+import org.jboss.as.controller.OperationContext;
+import org.jboss.as.controller.OperationFailedException;
+import org.jboss.as.controller.ServiceVerificationHandler;
+import org.jboss.as.server.AbstractDeploymentChainStep;
+import org.jboss.as.server.DeploymentProcessorTarget;
+import org.jboss.as.server.deployment.Phase;
+import org.jboss.dmr.ModelNode;
+import org.jboss.msc.service.ServiceController;
+
+import java.util.List;
+
+/**
+ * The Keycloak subsystem add update handler.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+class KeycloakSubsystemAdd extends AbstractBoottimeAddStepHandler {
+
+ static final KeycloakSubsystemAdd INSTANCE = new KeycloakSubsystemAdd();
+
+ @Override
+ protected void performBoottime(final OperationContext context, ModelNode operation, final ModelNode model, ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers) {
+ context.addStep(new AbstractDeploymentChainStep() {
+ @Override
+ protected void execute(DeploymentProcessorTarget processorTarget) {
+ processorTarget.addDeploymentProcessor(Phase.DEPENDENCIES, 0, new KeycloakDependencyProcessorAS7());
+ processorTarget.addDeploymentProcessor(
+ Phase.POST_MODULE, // PHASE
+ Phase.POST_MODULE_VALIDATOR_FACTORY - 1, // PRIORITY
+ new KeycloakAdapterConfigDeploymentProcessor());
+ }
+ }, OperationContext.Stage.RUNTIME);
+ }
+
+ @Override
+ protected void populateModel(ModelNode operation, ModelNode model) throws OperationFailedException {
+ model.setEmptyObject();
+ }
+}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemDefinition.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemDefinition.java
new file mode 100755
index 0000000..400822e
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemDefinition.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.keycloak.subsystem.saml.as7;
+
+import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
+import org.jboss.as.controller.SimpleResourceDefinition;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
+import org.jboss.as.controller.operations.common.GenericSubsystemDescribeHandler;
+import org.jboss.as.controller.registry.ManagementResourceRegistration;
+import org.jboss.as.controller.registry.OperationEntry;
+
+/**
+ * Definition of subsystem=keycloak.
+ *
+ * @author Stan Silvert ssilvert@redhat.com (C) 2013 Red Hat Inc.
+ */
+public class KeycloakSubsystemDefinition extends SimpleResourceDefinition {
+ protected KeycloakSubsystemDefinition() {
+ super(KeycloakSamlExtension.SUBSYSTEM_PATH,
+ KeycloakSamlExtension.getResourceDescriptionResolver("subsystem"),
+ KeycloakSubsystemAdd.INSTANCE,
+ ReloadRequiredRemoveStepHandler.INSTANCE
+ );
+ }
+
+ @Override
+ public void registerOperations(ManagementResourceRegistration resourceRegistration) {
+ super.registerOperations(resourceRegistration);
+ resourceRegistration.registerOperationHandler(ModelDescriptionConstants.DESCRIBE, GenericSubsystemDescribeHandler.INSTANCE, GenericSubsystemDescribeHandler.INSTANCE, false, OperationEntry.EntryType.PRIVATE);
+ }
+
+}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
new file mode 100755
index 0000000..14899e1
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @author tags. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.keycloak.subsystem.saml.as7;
+
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.parsing.ParseUtils;
+import org.jboss.as.controller.persistence.SubsystemMarshallingContext;
+import org.jboss.dmr.ModelNode;
+import org.jboss.staxmapper.XMLElementReader;
+import org.jboss.staxmapper.XMLElementWriter;
+import org.jboss.staxmapper.XMLExtendedStreamReader;
+import org.jboss.staxmapper.XMLExtendedStreamWriter;
+
+import javax.xml.stream.XMLStreamConstants;
+import javax.xml.stream.XMLStreamException;
+import java.util.List;
+
+/**
+ * The subsystem parser, which uses stax to read and write to and from xml
+ */
+class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<List<ModelNode>>, XMLElementWriter<SubsystemMarshallingContext> {
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void readElement(final XMLExtendedStreamReader reader, final List<ModelNode> list) throws XMLStreamException {
+ // Require no attributes
+ ParseUtils.requireNoAttributes(reader);
+ ModelNode addKeycloakSub = org.jboss.as.controller.operations.common.Util.createAddOperation(PathAddress.pathAddress(KeycloakSamlExtension.PATH_SUBSYSTEM));
+ list.add(addKeycloakSub);
+
+ while (reader.hasNext() && nextTag(reader) != END_ELEMENT) {
+ }
+ }
+
+ // used for debugging
+ private int nextTag(XMLExtendedStreamReader reader) throws XMLStreamException {
+ return reader.nextTag();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
+ context.startSubsystemElement(KeycloakSamlExtension.NAMESPACE, false);
+ writer.writeEndElement();
+ }
+
+
+}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Util.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Util.java
new file mode 100755
index 0000000..e73f338
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Util.java
@@ -0,0 +1,42 @@
+package org.keycloak.subsystem.saml.as7;
+
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
+import org.jboss.dmr.ModelNode;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class Util {
+ public static ModelNode createAddOperation(final PathAddress address) {
+ return createOperation(ModelDescriptionConstants.ADD, address);
+ }
+
+ public static ModelNode createAddOperation() {
+ return createEmptyOperation(ModelDescriptionConstants.ADD, null);
+ }
+
+ public static ModelNode createRemoveOperation(final PathAddress address) {
+ return createOperation(ModelDescriptionConstants.REMOVE, address);
+ }
+
+ public static ModelNode createOperation(final String operationName, final PathAddress address) {
+ return createEmptyOperation(operationName, address);
+ }
+
+ public static ModelNode createEmptyOperation(String operationName, final PathAddress address) {
+ ModelNode op = new ModelNode();
+ op.get(OP).set(operationName);
+ if (address != null) {
+ op.get(OP_ADDR).set(address.toModelNode());
+ } else {
+ // Just establish the standard structure; caller can fill in address later
+ op.get(OP_ADDR);
+ }
+ return op;
+ }
+}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension b/saml/client-adapter/as7-eap6/subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension
new file mode 100755
index 0000000..2fd653a
--- /dev/null
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/resources/META-INF/services/org.jboss.as.controller.Extension
@@ -0,0 +1 @@
+org.keycloak.subsystem.saml.as7.KeycloakSamlExtension
saml/client-adapter/pom.xml 1(+1 -0)
diff --git a/saml/client-adapter/pom.xml b/saml/client-adapter/pom.xml
index e101055..36def45 100755
--- a/saml/client-adapter/pom.xml
+++ b/saml/client-adapter/pom.xml
@@ -19,5 +19,6 @@
<module>tomcat</module>
<module>jetty</module>
<module>wildfly</module>
+ <module>as7-eap6</module>
</modules>
</project>
diff --git a/saml/client-adapter/wildfly/wildfly9-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java b/saml/client-adapter/wildfly/wildfly9-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java
index d0a50eb..2dad307 100755
--- a/saml/client-adapter/wildfly/wildfly9-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java
+++ b/saml/client-adapter/wildfly/wildfly9-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakDependencyProcessor.java
@@ -36,7 +36,6 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
private static final ModuleIdentifier KEYCLOAK_JBOSS_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-jboss-adapter-core");
private static final ModuleIdentifier KEYCLOAK_CORE_ADAPTER = ModuleIdentifier.create("org.keycloak.keycloak-saml-adapter-core");
- private static final ModuleIdentifier KEYCLOAK_CORE = ModuleIdentifier.create("org.keycloak.keycloak-core");
private static final ModuleIdentifier KEYCLOAK_COMMON = ModuleIdentifier.create("org.keycloak.keycloak-common");
@Override
@@ -56,7 +55,6 @@ public abstract class KeycloakDependencyProcessor implements DeploymentUnitProce
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JBOSS_CORE_ADAPTER, false, false, false, false));
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE_ADAPTER, false, false, false, false));
moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_COMMON, false, false, false, false));
- moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_CORE, false, false, false, false));
}
abstract protected void addPlatformSpecificModules(ModuleSpecification moduleSpecification, ModuleLoader moduleLoader);