Details
diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
index 05db2c2..6ce34fc 100644
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
@@ -121,6 +121,7 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
KeyPair keypair = new KeyPair(publicKey, privateKey);
authnRequestBuilder.signWith(keypair);
+ authnRequestBuilder.signDocument();
}
if (getConfig().isPostBindingAuthnRequest()) {
diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
index 9cbd107..ce5faba 100644
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderFactory.java
@@ -78,6 +78,7 @@ public class SAMLIdentityProviderFactory extends AbstractIdentityProviderFactory
samlIdentityProviderConfig.setSingleSignOnServiceUrl(idpDescriptor.getSingleSignOnService().get(0).getLocation().toString());
samlIdentityProviderConfig.setWantAuthnRequestsSigned(idpDescriptor.isWantAuthnRequestsSigned());
samlIdentityProviderConfig.setValidateSignature(idpDescriptor.isWantAuthnRequestsSigned());
+ samlIdentityProviderConfig.setPostBindingResponse(true);
List<KeyDescriptorType> keyDescriptor = idpDescriptor.getKeyDescriptor();
String defaultPublicKey = null;
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
index 2f12f94..c9dfd55 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/realm.js
@@ -631,14 +631,11 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
if (instance && instance.id) {
$scope.identityProvider = angular.copy(instance);
-
- // fixme: this is a hack to make onofswith work and recognize string representation of boolean values
- $scope.identityProvider.config.validateSignature = $scope.getBoolean($scope.identityProvider.config.validateSignature);
- $scope.identityProvider.config.forceAuthn = $scope.getBoolean($scope.identityProvider.config.forceAuthn);
$scope.newIdentityProvider = false;
} else {
$scope.identityProvider = {};
- $scope.identityProvider.id = providerFactory.id;
+ $scope.identityProvider.config = {};
+ $scope.identityProvider.id = "";
$scope.identityProvider.providerId = providerFactory.id;
$scope.identityProvider.name = providerFactory.name;
$scope.identityProvider.enabled = true;
@@ -762,6 +759,18 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
return value;
}
}
+
+ $scope.initSamlProvider = function() {
+ if (instance && instance.id) {
+ $scope.identityProvider.config.validateSignature = $scope.getBoolean($scope.identityProvider.config.validateSignature);
+ $scope.identityProvider.config.forceAuthn = $scope.getBoolean($scope.identityProvider.config.forceAuthn);
+ $scope.identityProvider.config.postBindingAuthnRequest = $scope.getBoolean($scope.identityProvider.config.postBindingAuthnRequest);
+ $scope.identityProvider.config.postBindingResponse = $scope.getBoolean($scope.identityProvider.config.postBindingResponse);
+ $scope.identityProvider.config.wantAuthnRequestsSigned = $scope.getBoolean($scope.identityProvider.config.wantAuthnRequestsSigned);
+ } else {
+ $scope.identityProvider.config.postBindingResponse = true;
+ }
+ }
});
module.controller('RealmTokenDetailCtrl', function($scope, Realm, realm, $http, $location, $route, Dialog, Notifications, TimeUnit) {
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-saml.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-saml.html
index 5624e54..5a87057 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-saml.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/realm-identity-provider-saml.html
@@ -1,5 +1,5 @@
<div class="bs-sidebar col-sm-3 " data-ng-include data-src="'partials/realm-menu.html'"></div>
- <div id="content-area" class="col-sm-9" role="main">
+ <div id="content-area" class="col-sm-9" role="main" data-ng-init="initSamlProvider()">
<data-kc-navigation data-kc-current="social" data-kc-realm="realm.realm" data-kc-social="realm.social"></data-kc-navigation>
<h2></h2>
<div id="content">
@@ -44,7 +44,7 @@
</div>
<span tooltip-placement="right" tooltip="The Url that must be used to send authentication requests(SAML AuthnRequest)." class="fa fa-info-circle"></span>
</div>
- <div class="form-group clearfix">
+ <div class="form-group clearfix" data-ng-show="!importFile">
<label class="col-sm-2 control-label" for="nameIDPolicyFormat">NameID Policy Format</label>
<div class="col-sm-4">
<input class="form-control" id="nameIDPolicyFormat" type="text" ng-model="identityProvider.config.nameIDPolicyFormat">
@@ -58,28 +58,35 @@
</div>
<span tooltip-placement="right" tooltip="The public key that must be used to check for signatures." class="fa fa-info-circle"></span>
</div>
- <div class="form-group">
+ <div class="form-group" data-ng-show="!importFile">
+ <label class="col-sm-2 control-label" for="wantAuthnRequestsSigned">Want AuthnRequests Signed</label>
+ <div class="col-sm-4">
+ <input ng-model="identityProvider.config.wantAuthnRequestsSigned" id="wantAuthnRequestsSigned" onoffswitch />
+ </div>
+ <span tooltip-placement="right" tooltip=" Indicates whether the identity provider expects signed a AuthnRequest." class="fa fa-info-circle"></span>
+ </div>
+ <div class="form-group" data-ng-show="!importFile">
<label class="col-sm-2 control-label" for="forceAuthn">Force Authentication</label>
<div class="col-sm-4">
<input ng-model="identityProvider.config.forceAuthn" id="forceAuthn" onoffswitch />
</div>
<span tooltip-placement="right" tooltip=" Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context." class="fa fa-info-circle"></span>
</div>
- <div class="form-group">
+ <div class="form-group" data-ng-show="!importFile">
<label class="col-sm-2 control-label" for="validateSignature">Validate Signature</label>
<div class="col-sm-4">
<input ng-model="identityProvider.config.validateSignature" id="validateSignature" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Enable/disable signature validation of SAML responses." class="fa fa-info-circle"></span>
</div>
- <div class="form-group">
+ <div class="form-group" data-ng-show="!importFile">
<label class="col-sm-2 control-label" for="postBindingResponse">HTTP-POST Binding Response</label>
<div class="col-sm-4">
<input ng-model="identityProvider.config.postBindingResponse" id="postBindingResponse" onoffswitch />
</div>
<span tooltip-placement="right" tooltip="Indicates whether the identity provider must respond to the AuthnRequest using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used." class="fa fa-info-circle"></span>
</div>
- <div class="form-group">
+ <div class="form-group" data-ng-show="!importFile">
<label class="col-sm-2 control-label" for="postBindingAuthnRequest">HTTP-POST Binding for AuthnRequest</label>
<div class="col-sm-4">
<input ng-model="identityProvider.config.postBindingAuthnRequest" id="postBindingAuthnRequest" onoffswitch />
