keycloak-uncached
Changes
pom.xml 4(+2 -2)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Constants.java 65(+33 -32)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java 18(+10 -8)
saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderDefinition.java 9(+7 -2)
saml/client-adapter/as7-eap6/subsystem/src/main/resources/org/keycloak/subsystem/saml/as7/LocalDescriptions.properties 106(+54 -52)
saml/client-adapter/as7-eap6/subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd 6(+3 -3)
saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Constants.java 65(+33 -32)
saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemParser.java 18(+10 -8)
saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeyDefinition.java 2(+1 -1)
saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/ServiceProviderDefinition.java 9(+7 -2)
saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/saml/extension/LocalDescriptions.properties 106(+54 -52)
saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd 6(+3 -3)
saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/installation/KeycloakSamlClientInstallation.java 9(+6 -3)
Details
pom.xml 4(+2 -2)
diff --git a/pom.xml b/pom.xml
index 18a2a80..9311292 100755
--- a/pom.xml
+++ b/pom.xml
@@ -150,12 +150,12 @@
<module>broker</module>
<module>social</module>
<module>forms</module>
- <module>examples</module>
- <module>testsuite</module>
<module>timer</module>
<module>export-import</module>
<module>util</module>
<module>wildfly</module>
+ <module>testsuite</module>
+ <module>examples</module>
</modules>
<dependencyManagement>
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Constants.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Constants.java
old mode 100644
new mode 100755
index 07af4f7..ee3e345
--- a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Constants.java
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/Constants.java
@@ -21,49 +21,49 @@ package org.keycloak.subsystem.saml.as7;
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
*/
public class Constants {
-
static class Model {
static final String SECURE_DEPLOYMENT = "secure-deployment";
- static final String SERVICE_PROVIDER = "service-provider";
+ static final String SERVICE_PROVIDER = "SP";
- static final String SSL_POLICY = "ssl-policy";
- static final String NAME_ID_POLICY_FORMAT = "name-id-policy-format";
- static final String LOGOUT_PAGE = "logout-page";
- static final String FORCE_AUTHENTICATION = "force-authentication";
- static final String ROLE_ATTRIBUTES = "role-attributes";
+ static final String SSL_POLICY = "sslPolicy";
+ static final String NAME_ID_POLICY_FORMAT = "nameIDPolicyFormat";
+ static final String LOGOUT_PAGE = "logoutPage";
+ static final String FORCE_AUTHENTICATION = "forceAuthentication";
+ static final String IS_PASSIVE = "isPassive";
+ static final String ROLE_ATTRIBUTES = "RoleIdentifiers";
static final String SIGNING = "signing";
static final String ENCRYPTION = "encryption";
- static final String KEY = "key";
+ static final String KEY = "Key";
static final String RESOURCE = "resource";
static final String PASSWORD = "password";
- static final String PRIVATE_KEY_ALIAS = "private-key-alias";
- static final String PRIVATE_KEY_PASSWORD = "private-key-password";
- static final String CERTIFICATE_ALIAS = "certificate-alias";
- static final String KEY_STORE = "key-store";
- static final String SIGN_REQUEST = "sign-request";
- static final String VALIDATE_RESPONSE_SIGNATURE = "validate-response-signature";
- static final String REQUEST_BINDING = "request-binding";
- static final String BINDING_URL = "binding-url";
- static final String VALIDATE_REQUEST_SIGNATURE = "validate-request-signature";
- static final String SIGN_RESPONSE = "sign-response";
- static final String RESPONSE_BINDING = "response-binding";
- static final String POST_BINDING_URL = "post-binding-url";
- static final String REDIRECT_BINDING_URL = "redirect-binding-url";
- static final String SINGLE_SIGN_ON = "single-sign-on";
- static final String SINGLE_LOGOUT = "single-logout";
- static final String IDENTITY_PROVIDER = "identity-provider";
- static final String PRINCIPAL_NAME_MAPPING_POLICY = "principal-name-mapping-policy";
- static final String PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME = "principal-name-mapping-attribute-name";
- static final String SIGNATURE_ALGORITHM = "signature-algorithm";
- static final String SIGNATURE_CANONICALIZATION_METHOD = "signature-canonicalization-method";
- static final String PRIVATE_KEY_PEM = "private-key-pem";
- static final String PUBLIC_KEY_PEM = "public-key-pem";
- static final String CERTIFICATE_PEM = "certificate-pem";
+ static final String PRIVATE_KEY_ALIAS = "PrivateKey-alias";
+ static final String PRIVATE_KEY_PASSWORD = "PrivateKey-password";
+ static final String CERTIFICATE_ALIAS = "Certificate-alias";
+ static final String KEY_STORE = "KeyStore";
+ static final String SIGN_REQUEST = "signRequest";
+ static final String VALIDATE_RESPONSE_SIGNATURE = "validateResponseSignature";
+ static final String REQUEST_BINDING = "requestBinding";
+ static final String BINDING_URL = "bindingUrl";
+ static final String VALIDATE_REQUEST_SIGNATURE = "validateRequestSignature";
+ static final String SIGN_RESPONSE = "signResponse";
+ static final String RESPONSE_BINDING = "responseBinding";
+ static final String POST_BINDING_URL = "postBindingUrl";
+ static final String REDIRECT_BINDING_URL = "redirectBindingUrl";
+ static final String SINGLE_SIGN_ON = "SingleSignOnService";
+ static final String SINGLE_LOGOUT = "SingleLogoutService";
+ static final String IDENTITY_PROVIDER = "IDP";
+ static final String PRINCIPAL_NAME_MAPPING_POLICY = "PrincipalNameMapping-policy";
+ static final String PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME = "PrincipalNameMapping-attribute-name";
+ static final String SIGNATURE_ALGORITHM = "signatureAlgorithm";
+ static final String SIGNATURE_CANONICALIZATION_METHOD = "signatureCanonicalizationMethod";
+ static final String PRIVATE_KEY_PEM = "PrivateKeyPem";
+ static final String PUBLIC_KEY_PEM = "PublicKeyPem";
+ static final String CERTIFICATE_PEM = "CertificatePem";
static final String TYPE = "type";
static final String ALIAS = "alias";
static final String FILE = "file";
- static final String SIGNATURES_REQUIRED = "signatures-required";
+ static final String SIGNATURES_REQUIRED = "signaturesRequired";
}
@@ -87,6 +87,7 @@ public class Constants {
static final String KEY_STORE = "KeyStore";
static final String PRIVATE_KEY = "PrivateKey";
static final String CERTIFICATE = "Certificate";
+ static final String IS_PASSIVE = "isPassive";
static final String PRIVATE_KEY_ALIAS = "alias";
static final String PRIVATE_KEY_PASSWORD = "password";
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
index 0b2cef9..cfffb0e 100755
--- a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/KeycloakSubsystemParser.java
@@ -32,9 +32,7 @@ import org.jboss.staxmapper.XMLExtendedStreamWriter;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
-import java.util.Arrays;
import java.util.Collections;
-import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
@@ -555,14 +553,18 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
void writePrincipalNameMapping(XMLExtendedStreamWriter writer, ModelNode model) throws XMLStreamException {
+
+ ModelNode policy = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_POLICY);
+ ModelNode mappingAttribute = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME);
+ if (!policy.isDefined() && !mappingAttribute.isDefined()) {
+ return;
+ }
writer.writeStartElement(Constants.XML.PRINCIPAL_NAME_MAPPING);
- ModelNode value = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_POLICY);
- if (value.isDefined()) {
- writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY, value.asString());
+ if (policy.isDefined()) {
+ writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY, policy.asString());
}
- value = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME);
- if (value.isDefined()) {
- writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME, value.asString());
+ if (mappingAttribute.isDefined()) {
+ writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME, mappingAttribute.asString());
}
writer.writeEndElement();
}
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderDefinition.java b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderDefinition.java
old mode 100644
new mode 100755
index 02ecc8f..42132bb
--- a/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderDefinition.java
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/java/org/keycloak/subsystem/saml/as7/ServiceProviderDefinition.java
@@ -59,6 +59,11 @@ public class ServiceProviderDefinition extends SimpleResourceDefinition {
.setXmlName(Constants.XML.FORCE_AUTHENTICATION)
.build();
+ static final SimpleAttributeDefinition IS_PASSIVE =
+ new SimpleAttributeDefinitionBuilder(Constants.Model.IS_PASSIVE, ModelType.BOOLEAN, true)
+ .setXmlName(Constants.XML.IS_PASSIVE)
+ .build();
+
static final SimpleAttributeDefinition PRINCIPAL_NAME_MAPPING_POLICY =
new SimpleAttributeDefinitionBuilder(Constants.Model.PRINCIPAL_NAME_MAPPING_POLICY, ModelType.STRING, true)
.setXmlName(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY)
@@ -71,10 +76,10 @@ public class ServiceProviderDefinition extends SimpleResourceDefinition {
static final ListAttributeDefinition ROLE_ATTRIBUTES =
new StringListAttributeDefinition.Builder(Constants.Model.ROLE_ATTRIBUTES)
- .setAllowNull(false)
+ .setAllowNull(true)
.build();
- static final SimpleAttributeDefinition[] ATTRIBUTES = {SSL_POLICY, NAME_ID_POLICY_FORMAT, LOGOUT_PAGE, FORCE_AUTHENTICATION};
+ static final SimpleAttributeDefinition[] ATTRIBUTES = {SSL_POLICY, NAME_ID_POLICY_FORMAT, LOGOUT_PAGE, FORCE_AUTHENTICATION, IS_PASSIVE};
static final AttributeDefinition[] ELEMENTS = {PRINCIPAL_NAME_MAPPING_POLICY, PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME, ROLE_ATTRIBUTES};
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/resources/org/keycloak/subsystem/saml/as7/LocalDescriptions.properties b/saml/client-adapter/as7-eap6/subsystem/src/main/resources/org/keycloak/subsystem/saml/as7/LocalDescriptions.properties
index f8a4a11..e55be4c 100755
--- a/saml/client-adapter/as7-eap6/subsystem/src/main/resources/org/keycloak/subsystem/saml/as7/LocalDescriptions.properties
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/resources/org/keycloak/subsystem/saml/as7/LocalDescriptions.properties
@@ -6,58 +6,60 @@ keycloak-saml.subsystem.secure-deployment=A deployment secured by Keycloak.
keycloak-saml.secure-deployment=A deployment secured by Keycloak
keycloak-saml.secure-deployment.add=Add a deployment to be secured by Keycloak
keycloak-saml.secure-deployment.remove=Remove a deployment to be secured by Keycloak
-keycloak-saml.secure-deployment.service-provider=A security provider configuration for secure deployment
+keycloak-saml.secure-deployment.SP=A security provider configuration for secure deployment
-keycloak-saml.service-provider=A security provider configuration for secure deployment
-keycloak-saml.service-provider.add=Add a security provider configuration to deployment secured by Keycloak SAML
-keycloak-saml.service-provider.remove=Remove a security provider definition from deployment secured by Keycloak SAML
-keycloak-saml.service-provider.ssl-policy=SSL Policy to use
-keycloak-saml.service-provider.name-id-policy-format=Name ID policy format URN
-keycloak-saml.service-provider.logout-page=URI to a logout page
-keycloak-saml.service-provider.force-authentication=Redirected unauthenticated request to a login page
-keycloak-saml.service-provider.role-attributes=Role identifiers
-keycloak-saml.service-provider.principal-name-mapping-policy=Principal name mapping policy
-keycloak-saml.service-provider.principal-name-mapping-attribute-name=Principal name mapping attribute name
-keycloak-saml.service-provider.key=A key definition
-keycloak-saml.service-provider.identity-provider=Identity provider definition
+keycloak-saml.SP=A security provider configuration for secure deployment
+keycloak-saml.SP.add=Add a security provider configuration to deployment secured by Keycloak SAML
+keycloak-saml.SP.remove=Remove a security provider definition from deployment secured by Keycloak SAML
+keycloak-saml.SP.sslPolicy=SSL Policy to use
+keycloak-saml.SP.nameIDPolicyFormat=Name ID policy format URN
+keycloak-saml.SP.logoutPage=URI to a logout page
+keycloak-saml.SP.forceAuthentication=Redirected unauthenticated request to a login page
+keycloak-saml.SP.isPassive=If user isn't logged in just return with an error. Used to check if a user is already logged in or not
+keycloak-saml.SP.turnOffChangeSessionIdOnLogin=The session id is changed by default on a successful login. Change this to true if you want to turn this off
+keycloak-saml.SP.RoleIdentifiers=Role identifiers
+keycloak-saml.SP.PrincipalNameMapping-policy=Principal name mapping policy
+keycloak-saml.SP.PrincipalNameMapping-attribute-name=Principal name mapping attribute name
+keycloak-saml.SP.Key=A key definition
+keycloak-saml.SP.IDP=Identity provider definition
-keycloak-saml.key=A key configuration for service provider or identity provider
-keycloak-saml.key.add=Add a key definition
-keycloak-saml.key.remove=Remove a key definition
-keycloak-saml.key.signing=Key can be used for signing
-keycloak-saml.key.encryption=Key can be used for encryption
-keycloak-saml.key.private-key-pem=Private key string in pem format
-keycloak-saml.key.public-key-pem=Public key string in pem format
-keycloak-saml.key.certificate-pem=Certificate key string in pem format
-keycloak-saml.key.key-store=Key store definition
-keycloak-saml.key.key-store.file=Key store filesystem path
-keycloak-saml.key.key-store.resource=Key store resource URI
-keycloak-saml.key.key-store.password=Key store password
-keycloak-saml.key.key-store.type=Key store format
-keycloak-saml.key.key-store.alias=Key alias
-keycloak-saml.key.key-store.private-key-alias=Private key alias
-keycloak-saml.key.key-store.private-key-password=Private key password
-keycloak-saml.key.key-store.certificate-alias=Certificate alias
+keycloak-saml.Key=A key configuration for service provider or identity provider
+keycloak-saml.Key.add=Add a key definition
+keycloak-saml.Key.remove=Remove a key definition
+keycloak-saml.Key.signing=Key can be used for signing
+keycloak-saml.Key.encryption=Key can be used for encryption
+keycloak-saml.Key.PrivateKeyPem=Private key string in pem format
+keycloak-saml.Key.PublicKeyPem=Public key string in pem format
+keycloak-saml.Key.CertificatePem=Certificate key string in pem format
+keycloak-saml.Key.KeyStore=Key store definition
+keycloak-saml.Key.KeyStore.file=Key store filesystem path
+keycloak-saml.Key.KeyStore.resource=Key store resource URI
+keycloak-saml.Key.KeyStore.password=Key store password
+keycloak-saml.Key.KeyStore.type=Key store format
+keycloak-saml.Key.KeyStore.alias=Key alias
+keycloak-saml.Key.KeyStore.PrivateKey-alias=Private key alias
+keycloak-saml.Key.KeyStore.PrivateKey-password=Private key password
+keycloak-saml.Key.KeyStore.Certificate-alias=Certificate alias
-keycloak-saml.identity-provider=An identity provider configuration
-keycloak-saml.identity-provider.add=Add an identity provider
-keycloak-saml.identity-provider.remove=Remove an identity provider
-keycloak-saml.identity-provider.signatures-required=Require signatures for single-sign-on and single-logout
-keycloak-saml.identity-provider.signature-algorithm=Signature algorithm
-keycloak-saml.identity-provider.signature-canonicalization-method=Signature canonicalization method
-keycloak-saml.identity-provider.single-sign-on=Single sign-on configuration
-keycloak-saml.identity-provider.single-sign-on.sign-request=Sign SSO requests
-keycloak-saml.identity-provider.single-sign-on.validate-response-signature=Validate an SSO response signature
-keycloak-saml.identity-provider.single-sign-on.request-binding=HTTP method to use for requests
-keycloak-saml.identity-provider.single-sign-on.response-binding=HTTP method to use for responses
-keycloak-saml.identity-provider.single-sign-on.binding-url=SSO endpoint URL
-keycloak-saml.identity-provider.single-logout=Single logout configuration
-keycloak-saml.identity-provider.single-logout.validate-request-signature=Validate a single-logout request signature
-keycloak-saml.identity-provider.single-logout.validate-response-signature=Validate a single-logout response signature
-keycloak-saml.identity-provider.single-logout.sign-request=Sign single-logout requests
-keycloak-saml.identity-provider.single-logout.sign-response=Sign single-logout responses
-keycloak-saml.identity-provider.single-logout.request-binding=HTTP method to use for request
-keycloak-saml.identity-provider.single-logout.response-binding=HTTP method to use for response
-keycloak-saml.identity-provider.single-logout.post-binding-url=Endpoint URL for posting
-keycloak-saml.identity-provider.single-logout.redirect-binding-url=Endpoint URL for redirects
-keycloak-saml.identity-provider.key=Key definition for identity provider
\ No newline at end of file
+keycloak-saml.IDP=An identity provider configuration
+keycloak-saml.IDP.add=Add an identity provider
+keycloak-saml.IDP.remove=Remove an identity provider
+keycloak-saml.IDP.signaturesRequired=Require signatures for SingleSignOnService and SingleLogoutService
+keycloak-saml.IDP.signatureAlgorithm=Signature algorithm
+keycloak-saml.IDP.signatureCanonicalizationMethod=Signature canonicalization method
+keycloak-saml.IDP.SingleSignOnService=Single sign-on configuration
+keycloak-saml.IDP.SingleSignOnService.signRequest=Sign SSO requests
+keycloak-saml.IDP.SingleSignOnService.validateResponseSignature=Validate an SSO response signature
+keycloak-saml.IDP.SingleSignOnService.requestBinding=HTTP method to use for requests
+keycloak-saml.IDP.SingleSignOnService.responseBinding=HTTP method to use for responses
+keycloak-saml.IDP.SingleSignOnService.bindingUrl=SSO endpoint URL
+keycloak-saml.IDP.SingleLogoutService=Single logout configuration
+keycloak-saml.IDP.SingleLogoutService.validateRequestSignature=Validate a SingleLogoutService request signature
+keycloak-saml.IDP.SingleLogoutService.validateResponseSignature=Validate a SingleLogoutService response signature
+keycloak-saml.IDP.SingleLogoutService.signRequest=Sign SingleLogoutService requests
+keycloak-saml.IDP.SingleLogoutService.signResponse=Sign SingleLogoutService responses
+keycloak-saml.IDP.SingleLogoutService.requestBinding=HTTP method to use for request
+keycloak-saml.IDP.SingleLogoutService.responseBinding=HTTP method to use for response
+keycloak-saml.IDP.SingleLogoutService.postBindingUrl=Endpoint URL for posting
+keycloak-saml.IDP.SingleLogoutService.redirectBindingUrl=Endpoint URL for redirects
+keycloak-saml.IDP.Key=Key definition for identity provider
\ No newline at end of file
diff --git a/saml/client-adapter/as7-eap6/subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd b/saml/client-adapter/as7-eap6/subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd
old mode 100644
new mode 100755
index 725104b..0b9a61f
--- a/saml/client-adapter/as7-eap6/subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd
+++ b/saml/client-adapter/as7-eap6/subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd
@@ -51,7 +51,7 @@
<xs:documentation>The ssl policy</xs:documentation>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="nameIDPolicyFormat" type="xs:string" use="required">
+ <xs:attribute name="nameIDPolicyFormat" type="xs:string" use="optional">
<xs:annotation>
<xs:documentation>Name ID policy format URN</xs:documentation>
</xs:annotation>
@@ -61,7 +61,7 @@
<xs:documentation>URI to a logout page</xs:documentation>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="forceAuthentication" type="xs:boolean" use="required">
+ <xs:attribute name="forceAuthentication" type="xs:boolean" use="optional">
<xs:annotation>
<xs:documentation>Redirected unauthenticated request to a login page</xs:documentation>
</xs:annotation>
@@ -78,7 +78,7 @@
<xs:documentation>The entity ID for SAML service provider</xs:documentation>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="signaturesRequired" type="xs:boolean" use="required">
+ <xs:attribute name="signaturesRequired" type="xs:boolean" use="optional">
<xs:annotation>
<xs:documentation>Require signatures for single-sign-on and single-logout</xs:documentation>
</xs:annotation>
diff --git a/saml/client-adapter/core/src/main/resources/schema/keycloak_saml_adapter_1_6.xsd b/saml/client-adapter/core/src/main/resources/schema/keycloak_saml_adapter_1_6.xsd
index d3e55f9..5c1df67 100755
--- a/saml/client-adapter/core/src/main/resources/schema/keycloak_saml_adapter_1_6.xsd
+++ b/saml/client-adapter/core/src/main/resources/schema/keycloak_saml_adapter_1_6.xsd
@@ -86,7 +86,7 @@
<xs:element name="Keys" type="keys-type" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
<xs:attribute name="entityID" type="xs:string" use="required"/>
- <xs:attribute name="signaturesRequired" type="xs:boolean" use="required"/>
+ <xs:attribute name="signaturesRequired" type="xs:boolean" use="optional"/>
<xs:attribute name="signatureAlgorithm" type="xs:string" use="optional"/>
<xs:attribute name="signatureCanonicalizationMethod" type="xs:string" use="optional"/>
<xs:attribute name="encryption" type="xs:boolean" use="optional"/>
diff --git a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Constants.java b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Constants.java
old mode 100644
new mode 100755
index 9b89fb2..e6f38df
--- a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Constants.java
+++ b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/Constants.java
@@ -21,49 +21,49 @@ package org.keycloak.subsystem.adapter.saml.extension;
* @author <a href="mailto:mstrukel@redhat.com">Marko Strukelj</a>
*/
public class Constants {
-
static class Model {
static final String SECURE_DEPLOYMENT = "secure-deployment";
- static final String SERVICE_PROVIDER = "service-provider";
+ static final String SERVICE_PROVIDER = "SP";
- static final String SSL_POLICY = "ssl-policy";
- static final String NAME_ID_POLICY_FORMAT = "name-id-policy-format";
- static final String LOGOUT_PAGE = "logout-page";
- static final String FORCE_AUTHENTICATION = "force-authentication";
- static final String ROLE_ATTRIBUTES = "role-attributes";
+ static final String SSL_POLICY = "sslPolicy";
+ static final String NAME_ID_POLICY_FORMAT = "nameIDPolicyFormat";
+ static final String LOGOUT_PAGE = "logoutPage";
+ static final String FORCE_AUTHENTICATION = "forceAuthentication";
+ static final String IS_PASSIVE = "isPassive";
+ static final String ROLE_ATTRIBUTES = "RoleIdentifiers";
static final String SIGNING = "signing";
static final String ENCRYPTION = "encryption";
- static final String KEY = "key";
+ static final String KEY = "Key";
static final String RESOURCE = "resource";
static final String PASSWORD = "password";
- static final String PRIVATE_KEY_ALIAS = "private-key-alias";
- static final String PRIVATE_KEY_PASSWORD = "private-key-password";
- static final String CERTIFICATE_ALIAS = "certificate-alias";
- static final String KEY_STORE = "key-store";
- static final String SIGN_REQUEST = "sign-request";
- static final String VALIDATE_RESPONSE_SIGNATURE = "validate-response-signature";
- static final String REQUEST_BINDING = "request-binding";
- static final String BINDING_URL = "binding-url";
- static final String VALIDATE_REQUEST_SIGNATURE = "validate-request-signature";
- static final String SIGN_RESPONSE = "sign-response";
- static final String RESPONSE_BINDING = "response-binding";
- static final String POST_BINDING_URL = "post-binding-url";
- static final String REDIRECT_BINDING_URL = "redirect-binding-url";
- static final String SINGLE_SIGN_ON = "single-sign-on";
- static final String SINGLE_LOGOUT = "single-logout";
- static final String IDENTITY_PROVIDER = "identity-provider";
- static final String PRINCIPAL_NAME_MAPPING_POLICY = "principal-name-mapping-policy";
- static final String PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME = "principal-name-mapping-attribute-name";
- static final String SIGNATURE_ALGORITHM = "signature-algorithm";
- static final String SIGNATURE_CANONICALIZATION_METHOD = "signature-canonicalization-method";
- static final String PRIVATE_KEY_PEM = "private-key-pem";
- static final String PUBLIC_KEY_PEM = "public-key-pem";
- static final String CERTIFICATE_PEM = "certificate-pem";
+ static final String PRIVATE_KEY_ALIAS = "PrivateKey-alias";
+ static final String PRIVATE_KEY_PASSWORD = "PrivateKey-password";
+ static final String CERTIFICATE_ALIAS = "Certificate-alias";
+ static final String KEY_STORE = "KeyStore";
+ static final String SIGN_REQUEST = "signRequest";
+ static final String VALIDATE_RESPONSE_SIGNATURE = "validateResponseSignature";
+ static final String REQUEST_BINDING = "requestBinding";
+ static final String BINDING_URL = "bindingUrl";
+ static final String VALIDATE_REQUEST_SIGNATURE = "validateRequestSignature";
+ static final String SIGN_RESPONSE = "signResponse";
+ static final String RESPONSE_BINDING = "responseBinding";
+ static final String POST_BINDING_URL = "postBindingUrl";
+ static final String REDIRECT_BINDING_URL = "redirectBindingUrl";
+ static final String SINGLE_SIGN_ON = "SingleSignOnService";
+ static final String SINGLE_LOGOUT = "SingleLogoutService";
+ static final String IDENTITY_PROVIDER = "IDP";
+ static final String PRINCIPAL_NAME_MAPPING_POLICY = "PrincipalNameMapping-policy";
+ static final String PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME = "PrincipalNameMapping-attribute-name";
+ static final String SIGNATURE_ALGORITHM = "signatureAlgorithm";
+ static final String SIGNATURE_CANONICALIZATION_METHOD = "signatureCanonicalizationMethod";
+ static final String PRIVATE_KEY_PEM = "PrivateKeyPem";
+ static final String PUBLIC_KEY_PEM = "PublicKeyPem";
+ static final String CERTIFICATE_PEM = "CertificatePem";
static final String TYPE = "type";
static final String ALIAS = "alias";
static final String FILE = "file";
- static final String SIGNATURES_REQUIRED = "signatures-required";
+ static final String SIGNATURES_REQUIRED = "signaturesRequired";
}
@@ -87,6 +87,7 @@ public class Constants {
static final String KEY_STORE = "KeyStore";
static final String PRIVATE_KEY = "PrivateKey";
static final String CERTIFICATE = "Certificate";
+ static final String IS_PASSIVE = "isPassive";
static final String PRIVATE_KEY_ALIAS = "alias";
static final String PRIVATE_KEY_PASSWORD = "password";
diff --git a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemParser.java b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemParser.java
index 8b20565..03bd42c 100755
--- a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemParser.java
+++ b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeycloakSubsystemParser.java
@@ -32,9 +32,7 @@ import org.jboss.staxmapper.XMLExtendedStreamWriter;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
-import java.util.Arrays;
import java.util.Collections;
-import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
@@ -555,14 +553,18 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
}
void writePrincipalNameMapping(XMLExtendedStreamWriter writer, ModelNode model) throws XMLStreamException {
+
+ ModelNode policy = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_POLICY);
+ ModelNode mappingAttribute = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME);
+ if (!policy.isDefined() && !mappingAttribute.isDefined()) {
+ return;
+ }
writer.writeStartElement(Constants.XML.PRINCIPAL_NAME_MAPPING);
- ModelNode value = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_POLICY);
- if (value.isDefined()) {
- writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY, value.asString());
+ if (policy.isDefined()) {
+ writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY, policy.asString());
}
- value = model.get(Constants.Model.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME);
- if (value.isDefined()) {
- writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME, value.asString());
+ if (mappingAttribute.isDefined()) {
+ writer.writeAttribute(Constants.XML.PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME, mappingAttribute.asString());
}
writer.writeEndElement();
}
diff --git a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeyDefinition.java b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeyDefinition.java
old mode 100644
new mode 100755
index 7d19994..74871e3
--- a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeyDefinition.java
+++ b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/KeyDefinition.java
@@ -64,7 +64,7 @@ public class KeyDefinition extends SimpleResourceDefinition {
static final ObjectTypeAttributeDefinition KEY_STORE =
ObjectTypeAttributeDefinition.Builder.of(Constants.Model.KEY_STORE,
KeyStoreDefinition.ALL_ATTRIBUTES)
- .setAllowNull(false)
+ .setAllowNull(true)
.build();
static final SimpleAttributeDefinition[] ATTRIBUTES = {SIGNING, ENCRYPTION};
diff --git a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/ServiceProviderDefinition.java b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/ServiceProviderDefinition.java
old mode 100644
new mode 100755
index cb84f12..a4a1d63
--- a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/ServiceProviderDefinition.java
+++ b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/java/org/keycloak/subsystem/adapter/saml/extension/ServiceProviderDefinition.java
@@ -59,6 +59,11 @@ public class ServiceProviderDefinition extends SimpleResourceDefinition {
.setXmlName(Constants.XML.FORCE_AUTHENTICATION)
.build();
+ static final SimpleAttributeDefinition IS_PASSIVE =
+ new SimpleAttributeDefinitionBuilder(Constants.Model.IS_PASSIVE, ModelType.BOOLEAN, true)
+ .setXmlName(Constants.XML.IS_PASSIVE)
+ .build();
+
static final SimpleAttributeDefinition PRINCIPAL_NAME_MAPPING_POLICY =
new SimpleAttributeDefinitionBuilder(Constants.Model.PRINCIPAL_NAME_MAPPING_POLICY, ModelType.STRING, true)
.setXmlName(Constants.XML.PRINCIPAL_NAME_MAPPING_POLICY)
@@ -71,10 +76,10 @@ public class ServiceProviderDefinition extends SimpleResourceDefinition {
static final ListAttributeDefinition ROLE_ATTRIBUTES =
new StringListAttributeDefinition.Builder(Constants.Model.ROLE_ATTRIBUTES)
- .setAllowNull(false)
+ .setAllowNull(true)
.build();
- static final SimpleAttributeDefinition[] ATTRIBUTES = {SSL_POLICY, NAME_ID_POLICY_FORMAT, LOGOUT_PAGE, FORCE_AUTHENTICATION};
+ static final SimpleAttributeDefinition[] ATTRIBUTES = {SSL_POLICY, NAME_ID_POLICY_FORMAT, LOGOUT_PAGE, FORCE_AUTHENTICATION, IS_PASSIVE};
static final AttributeDefinition[] ELEMENTS = {PRINCIPAL_NAME_MAPPING_POLICY, PRINCIPAL_NAME_MAPPING_ATTRIBUTE_NAME, ROLE_ATTRIBUTES};
diff --git a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/saml/extension/LocalDescriptions.properties b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/saml/extension/LocalDescriptions.properties
index f8a4a11..e55be4c 100755
--- a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/saml/extension/LocalDescriptions.properties
+++ b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/org/keycloak/subsystem/adapter/saml/extension/LocalDescriptions.properties
@@ -6,58 +6,60 @@ keycloak-saml.subsystem.secure-deployment=A deployment secured by Keycloak.
keycloak-saml.secure-deployment=A deployment secured by Keycloak
keycloak-saml.secure-deployment.add=Add a deployment to be secured by Keycloak
keycloak-saml.secure-deployment.remove=Remove a deployment to be secured by Keycloak
-keycloak-saml.secure-deployment.service-provider=A security provider configuration for secure deployment
+keycloak-saml.secure-deployment.SP=A security provider configuration for secure deployment
-keycloak-saml.service-provider=A security provider configuration for secure deployment
-keycloak-saml.service-provider.add=Add a security provider configuration to deployment secured by Keycloak SAML
-keycloak-saml.service-provider.remove=Remove a security provider definition from deployment secured by Keycloak SAML
-keycloak-saml.service-provider.ssl-policy=SSL Policy to use
-keycloak-saml.service-provider.name-id-policy-format=Name ID policy format URN
-keycloak-saml.service-provider.logout-page=URI to a logout page
-keycloak-saml.service-provider.force-authentication=Redirected unauthenticated request to a login page
-keycloak-saml.service-provider.role-attributes=Role identifiers
-keycloak-saml.service-provider.principal-name-mapping-policy=Principal name mapping policy
-keycloak-saml.service-provider.principal-name-mapping-attribute-name=Principal name mapping attribute name
-keycloak-saml.service-provider.key=A key definition
-keycloak-saml.service-provider.identity-provider=Identity provider definition
+keycloak-saml.SP=A security provider configuration for secure deployment
+keycloak-saml.SP.add=Add a security provider configuration to deployment secured by Keycloak SAML
+keycloak-saml.SP.remove=Remove a security provider definition from deployment secured by Keycloak SAML
+keycloak-saml.SP.sslPolicy=SSL Policy to use
+keycloak-saml.SP.nameIDPolicyFormat=Name ID policy format URN
+keycloak-saml.SP.logoutPage=URI to a logout page
+keycloak-saml.SP.forceAuthentication=Redirected unauthenticated request to a login page
+keycloak-saml.SP.isPassive=If user isn't logged in just return with an error. Used to check if a user is already logged in or not
+keycloak-saml.SP.turnOffChangeSessionIdOnLogin=The session id is changed by default on a successful login. Change this to true if you want to turn this off
+keycloak-saml.SP.RoleIdentifiers=Role identifiers
+keycloak-saml.SP.PrincipalNameMapping-policy=Principal name mapping policy
+keycloak-saml.SP.PrincipalNameMapping-attribute-name=Principal name mapping attribute name
+keycloak-saml.SP.Key=A key definition
+keycloak-saml.SP.IDP=Identity provider definition
-keycloak-saml.key=A key configuration for service provider or identity provider
-keycloak-saml.key.add=Add a key definition
-keycloak-saml.key.remove=Remove a key definition
-keycloak-saml.key.signing=Key can be used for signing
-keycloak-saml.key.encryption=Key can be used for encryption
-keycloak-saml.key.private-key-pem=Private key string in pem format
-keycloak-saml.key.public-key-pem=Public key string in pem format
-keycloak-saml.key.certificate-pem=Certificate key string in pem format
-keycloak-saml.key.key-store=Key store definition
-keycloak-saml.key.key-store.file=Key store filesystem path
-keycloak-saml.key.key-store.resource=Key store resource URI
-keycloak-saml.key.key-store.password=Key store password
-keycloak-saml.key.key-store.type=Key store format
-keycloak-saml.key.key-store.alias=Key alias
-keycloak-saml.key.key-store.private-key-alias=Private key alias
-keycloak-saml.key.key-store.private-key-password=Private key password
-keycloak-saml.key.key-store.certificate-alias=Certificate alias
+keycloak-saml.Key=A key configuration for service provider or identity provider
+keycloak-saml.Key.add=Add a key definition
+keycloak-saml.Key.remove=Remove a key definition
+keycloak-saml.Key.signing=Key can be used for signing
+keycloak-saml.Key.encryption=Key can be used for encryption
+keycloak-saml.Key.PrivateKeyPem=Private key string in pem format
+keycloak-saml.Key.PublicKeyPem=Public key string in pem format
+keycloak-saml.Key.CertificatePem=Certificate key string in pem format
+keycloak-saml.Key.KeyStore=Key store definition
+keycloak-saml.Key.KeyStore.file=Key store filesystem path
+keycloak-saml.Key.KeyStore.resource=Key store resource URI
+keycloak-saml.Key.KeyStore.password=Key store password
+keycloak-saml.Key.KeyStore.type=Key store format
+keycloak-saml.Key.KeyStore.alias=Key alias
+keycloak-saml.Key.KeyStore.PrivateKey-alias=Private key alias
+keycloak-saml.Key.KeyStore.PrivateKey-password=Private key password
+keycloak-saml.Key.KeyStore.Certificate-alias=Certificate alias
-keycloak-saml.identity-provider=An identity provider configuration
-keycloak-saml.identity-provider.add=Add an identity provider
-keycloak-saml.identity-provider.remove=Remove an identity provider
-keycloak-saml.identity-provider.signatures-required=Require signatures for single-sign-on and single-logout
-keycloak-saml.identity-provider.signature-algorithm=Signature algorithm
-keycloak-saml.identity-provider.signature-canonicalization-method=Signature canonicalization method
-keycloak-saml.identity-provider.single-sign-on=Single sign-on configuration
-keycloak-saml.identity-provider.single-sign-on.sign-request=Sign SSO requests
-keycloak-saml.identity-provider.single-sign-on.validate-response-signature=Validate an SSO response signature
-keycloak-saml.identity-provider.single-sign-on.request-binding=HTTP method to use for requests
-keycloak-saml.identity-provider.single-sign-on.response-binding=HTTP method to use for responses
-keycloak-saml.identity-provider.single-sign-on.binding-url=SSO endpoint URL
-keycloak-saml.identity-provider.single-logout=Single logout configuration
-keycloak-saml.identity-provider.single-logout.validate-request-signature=Validate a single-logout request signature
-keycloak-saml.identity-provider.single-logout.validate-response-signature=Validate a single-logout response signature
-keycloak-saml.identity-provider.single-logout.sign-request=Sign single-logout requests
-keycloak-saml.identity-provider.single-logout.sign-response=Sign single-logout responses
-keycloak-saml.identity-provider.single-logout.request-binding=HTTP method to use for request
-keycloak-saml.identity-provider.single-logout.response-binding=HTTP method to use for response
-keycloak-saml.identity-provider.single-logout.post-binding-url=Endpoint URL for posting
-keycloak-saml.identity-provider.single-logout.redirect-binding-url=Endpoint URL for redirects
-keycloak-saml.identity-provider.key=Key definition for identity provider
\ No newline at end of file
+keycloak-saml.IDP=An identity provider configuration
+keycloak-saml.IDP.add=Add an identity provider
+keycloak-saml.IDP.remove=Remove an identity provider
+keycloak-saml.IDP.signaturesRequired=Require signatures for SingleSignOnService and SingleLogoutService
+keycloak-saml.IDP.signatureAlgorithm=Signature algorithm
+keycloak-saml.IDP.signatureCanonicalizationMethod=Signature canonicalization method
+keycloak-saml.IDP.SingleSignOnService=Single sign-on configuration
+keycloak-saml.IDP.SingleSignOnService.signRequest=Sign SSO requests
+keycloak-saml.IDP.SingleSignOnService.validateResponseSignature=Validate an SSO response signature
+keycloak-saml.IDP.SingleSignOnService.requestBinding=HTTP method to use for requests
+keycloak-saml.IDP.SingleSignOnService.responseBinding=HTTP method to use for responses
+keycloak-saml.IDP.SingleSignOnService.bindingUrl=SSO endpoint URL
+keycloak-saml.IDP.SingleLogoutService=Single logout configuration
+keycloak-saml.IDP.SingleLogoutService.validateRequestSignature=Validate a SingleLogoutService request signature
+keycloak-saml.IDP.SingleLogoutService.validateResponseSignature=Validate a SingleLogoutService response signature
+keycloak-saml.IDP.SingleLogoutService.signRequest=Sign SingleLogoutService requests
+keycloak-saml.IDP.SingleLogoutService.signResponse=Sign SingleLogoutService responses
+keycloak-saml.IDP.SingleLogoutService.requestBinding=HTTP method to use for request
+keycloak-saml.IDP.SingleLogoutService.responseBinding=HTTP method to use for response
+keycloak-saml.IDP.SingleLogoutService.postBindingUrl=Endpoint URL for posting
+keycloak-saml.IDP.SingleLogoutService.redirectBindingUrl=Endpoint URL for redirects
+keycloak-saml.IDP.Key=Key definition for identity provider
\ No newline at end of file
diff --git a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd
index 725104b..0b9a61f 100755
--- a/saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd
+++ b/saml/client-adapter/wildfly/wildfly-subsystem/src/main/resources/schema/wildfly-keycloak-saml_1_1.xsd
@@ -51,7 +51,7 @@
<xs:documentation>The ssl policy</xs:documentation>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="nameIDPolicyFormat" type="xs:string" use="required">
+ <xs:attribute name="nameIDPolicyFormat" type="xs:string" use="optional">
<xs:annotation>
<xs:documentation>Name ID policy format URN</xs:documentation>
</xs:annotation>
@@ -61,7 +61,7 @@
<xs:documentation>URI to a logout page</xs:documentation>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="forceAuthentication" type="xs:boolean" use="required">
+ <xs:attribute name="forceAuthentication" type="xs:boolean" use="optional">
<xs:annotation>
<xs:documentation>Redirected unauthenticated request to a login page</xs:documentation>
</xs:annotation>
@@ -78,7 +78,7 @@
<xs:documentation>The entity ID for SAML service provider</xs:documentation>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="signaturesRequired" type="xs:boolean" use="required">
+ <xs:attribute name="signaturesRequired" type="xs:boolean" use="optional">
<xs:annotation>
<xs:documentation>Require signatures for single-sign-on and single-logout</xs:documentation>
</xs:annotation>
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/installation/KeycloakSamlClientInstallation.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/installation/KeycloakSamlClientInstallation.java
index d3abddf..eb75937 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/installation/KeycloakSamlClientInstallation.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/installation/KeycloakSamlClientInstallation.java
@@ -14,7 +14,6 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.net.URI;
-import java.util.Map;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -27,6 +26,12 @@ public class KeycloakSamlClientInstallation implements ClientInstallationProvide
SamlClient samlClient = new SamlClient(client);
StringBuffer buffer = new StringBuffer();
buffer.append("<keycloak-saml-adapter>\n");
+ baseXml(realm, client, baseUri, samlClient, buffer);
+ buffer.append("</keycloak-saml-adapter>\n");
+ return Response.ok(buffer.toString(), MediaType.TEXT_PLAIN_TYPE).build();
+ }
+
+ public static void baseXml(RealmModel realm, ClientModel client, URI baseUri, SamlClient samlClient, StringBuffer buffer) {
buffer.append(" <SP entityID=\"").append(client.getClientId()).append("\"\n");
buffer.append(" sslPolicy=\"").append(realm.getSslRequired().name()).append("\"\n");
buffer.append(" logoutPage=\"SPECIFY YOUR LOGOUT PAGE!\">\n");
@@ -100,8 +105,6 @@ public class KeycloakSamlClientInstallation implements ClientInstallationProvide
}
buffer.append(" </IDP>\n");
buffer.append(" </SP>\n");
- buffer.append("</keycloak-saml-adapter>\n");
- return Response.ok(buffer.toString(), MediaType.TEXT_PLAIN_TYPE).build();
}
@Override
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/installation/KeycloakSamlSubsystemInstallation.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/installation/KeycloakSamlSubsystemInstallation.java
new file mode 100755
index 0000000..b539d80
--- /dev/null
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/installation/KeycloakSamlSubsystemInstallation.java
@@ -0,0 +1,86 @@
+package org.keycloak.protocol.saml.installation;
+
+import org.keycloak.Config;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.models.RealmModel;
+import org.keycloak.protocol.ClientInstallationProvider;
+import org.keycloak.protocol.saml.SamlClient;
+import org.keycloak.protocol.saml.SamlProtocol;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.net.URI;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class KeycloakSamlSubsystemInstallation implements ClientInstallationProvider {
+
+ @Override
+ public Response generateInstallation(KeycloakSession session, RealmModel realm, ClientModel client, URI baseUri) {
+ SamlClient samlClient = new SamlClient(client);
+ StringBuffer buffer = new StringBuffer();
+ buffer.append("<secure-deployment name=\"YOUR-WAR.war\">\n");
+ KeycloakSamlClientInstallation.baseXml(realm, client, baseUri, samlClient, buffer);
+ buffer.append("</secure-deployment>\n");
+ return Response.ok(buffer.toString(), MediaType.TEXT_PLAIN_TYPE).build();
+ }
+
+ @Override
+ public String getProtocol() {
+ return SamlProtocol.LOGIN_PROTOCOL;
+ }
+
+ @Override
+ public String getDisplayType() {
+ return "Keycloak SAML Wildfly/JBoss Subsystem";
+ }
+
+ @Override
+ public String getHelpText() {
+ return "Keycloak SAML adapter Wildfly/JBoss subsystem xml. Put this <subsystem xmlns=\"urn:jboss:domain:keycloak-saml:1.1\"> element of your standalone.xml file.";
+ }
+
+ @Override
+ public String getFilename() {
+ return "keycloak-saml-subsystem.xml";
+ }
+
+ @Override
+ public String getMediaType() {
+ return MediaType.APPLICATION_XML;
+ }
+
+ @Override
+ public boolean isDownloadOnly() {
+ return false;
+ }
+
+ @Override
+ public void close() {
+
+ }
+
+ @Override
+ public ClientInstallationProvider create(KeycloakSession session) {
+ return this;
+ }
+
+ @Override
+ public void init(Config.Scope config) {
+
+ }
+
+ @Override
+ public void postInit(KeycloakSessionFactory factory) {
+
+ }
+
+ @Override
+ public String getId() {
+ return "keycloak-saml-subsystem";
+ }
+}
diff --git a/saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ClientInstallationProvider b/saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ClientInstallationProvider
index f8e9df5..6a839ba 100755
--- a/saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ClientInstallationProvider
+++ b/saml/saml-protocol/src/main/resources/META-INF/services/org.keycloak.protocol.ClientInstallationProvider
@@ -1 +1,2 @@
org.keycloak.protocol.saml.installation.KeycloakSamlClientInstallation
+org.keycloak.protocol.saml.installation.KeycloakSamlSubsystemInstallation