keycloak-developers
Changes
distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-saml-core/main/module.xml 1(+1 -0)
distribution/saml-adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml 1(+1 -0)
distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml 1(+1 -0)
examples/saml/pom.xml 2(+0 -2)
examples/saml/post-basic/conf/wildfly/WEB-INF/classes/META-INF/services/io.undertow.servlet.ServletExtension 1(+0 -1)
examples/saml/post-with-encryption/conf/jboss-eap/META-INF/jboss-deployment-structure.xml 10(+0 -10)
examples/saml/post-with-encryption/conf/wildfly/WEB-INF/classes/META-INF/services/io.undertow.servlet.ServletExtension 1(+0 -1)
examples/saml/post-with-encryption/pom.xml 102(+10 -92)
examples/saml/post-with-encryption/src/main/webapp/images/keycloak_default_banner-1180px.png 0(+0 -0)
examples/saml/post-with-signature/conf/wildfly/WEB-INF/classes/META-INF/services/io.undertow.servlet.ServletExtension 1(+0 -1)
examples/saml/post-with-signature/pom.xml 103(+10 -93)
examples/saml/post-with-signature/src/main/webapp/images/keycloak_default_banner-1180px.png 0(+0 -0)
examples/saml/README.md 4(+2 -2)
examples/saml/redirect-basic/conf/wildfly/WEB-INF/classes/META-INF/services/io.undertow.servlet.ServletExtension 1(+0 -1)
examples/saml/redirect-with-signature/conf/jboss-eap/META-INF/jboss-deployment-structure.xml 10(+0 -10)
examples/saml/redirect-with-signature/conf/wildfly/META-INF/jboss-deployment-structure.xml 10(+0 -10)
examples/saml/redirect-with-signature/conf/wildfly/WEB-INF/classes/META-INF/services/io.undertow.servlet.ServletExtension 1(+0 -1)
examples/saml/redirect-with-signature/pom.xml 100(+10 -90)
Details
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-saml-core/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-saml-core/main/module.xml
old mode 100644
new mode 100755
index 8c78469..45b2e52
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-saml-core/main/module.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-saml-core/main/module.xml
@@ -8,6 +8,7 @@
</resources>
<dependencies>
<module name="org.jboss.logging"/>
+ <module name="org.keycloak.keycloak-core"/>
<module name="org.apache.santuario.xmlsec">
<imports>
<exclude path="javax/*"/>
diff --git a/distribution/saml-adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml b/distribution/saml-adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
index 1e59fd1..7f75d0c 100755
--- a/distribution/saml-adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
+++ b/distribution/saml-adapters/wf9-adapter/wf9-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
@@ -8,6 +8,7 @@
</resources>
<dependencies>
<module name="org.jboss.logging"/>
+ <module name="org.keycloak.keycloak-core"/>
<module name="org.apache.santuario.xmlsec">
<imports>
<exclude path="javax/*"/>
diff --git a/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
index 1e59fd1..7f75d0c 100755
--- a/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
+++ b/distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-saml-core/main/module.xml
@@ -8,6 +8,7 @@
</resources>
<dependencies>
<module name="org.jboss.logging"/>
+ <module name="org.keycloak.keycloak-core"/>
<module name="org.apache.santuario.xmlsec">
<imports>
<exclude path="javax/*"/>
examples/saml/pom.xml 2(+0 -2)
diff --git a/examples/saml/pom.xml b/examples/saml/pom.xml
index f324686..3abd290 100755
--- a/examples/saml/pom.xml
+++ b/examples/saml/pom.xml
@@ -25,10 +25,8 @@
</plugins>
</build>
<modules>
- <module>post-basic</module>
<module>post-with-signature</module>
<module>post-with-encryption</module>
- <module>redirect-basic</module>
<module>redirect-with-signature</module>
</modules>
</project>
examples/saml/post-with-encryption/pom.xml 102(+10 -92)
diff --git a/examples/saml/post-with-encryption/pom.xml b/examples/saml/post-with-encryption/pom.xml
index e26e1fb..0c95d95 100755
--- a/examples/saml/post-with-encryption/pom.xml
+++ b/examples/saml/post-with-encryption/pom.xml
@@ -2,16 +2,13 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
- <groupId>org.picketlink.quickstarts</groupId>
- <artifactId>picketlink-federation-saml-sp-with-encryption</artifactId>
- <version>2.7.0.Beta2</version>
+ <groupId>org.keycloak.examples</groupId>
+ <artifactId>saml-post-encryption</artifactId>
+ <version>1.6.0.Final-SNAPSHOT</version>
<packaging>war</packaging>
- <name>PicketLink Quickstart: picketlink-federation-saml-sp-with-encryption</name>
- <description>PicketLink Quickstart: PicketLink Service Provider With a Basic Configuration using SAML HTTP POST Binding With Encryption Support</description>
-
- <url>http://www.picketlink.org</url>
+ <name>Keycloak SAML Adapter Example POST Binding and Assertion Encryption</name>
<licenses>
<license>
@@ -21,104 +18,25 @@
</license>
</licenses>
- <properties>
- <!-- PicketLink dependency versions -->
- <version.picketlink.javaee.bom>2.7.0.Beta2</version.picketlink.javaee.bom>
-
- <!-- Default target container. -->
- <target.container>jboss-eap</target.container>
-
- <!-- maven-compiler-plugin -->
- <version.compiler.plugin>3.1</version.compiler.plugin>
- <!-- maven-deploy-plugin -->
- <version.deploy.plugin>2.8.1</version.deploy.plugin>
- <!-- JBoss AS dependency versions -->
- <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
- <!-- maven-war-plugin -->
- <version.war.plugin>2.1.1</version.war.plugin>
- <!-- WildFly dependency versions -->
- <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
-
- <maven.compiler.target>1.6</maven.compiler.target>
- <maven.compiler.source>1.6</maven.compiler.source>
- </properties>
-
<build>
<!-- Set the name of the war, used as the context root when the app is deployed -->
<finalName>${project.artifactId}</finalName>
- <resources>
- <resource>
- <directory>src/main/resources</directory>
- </resource>
- <resource>
- <directory>../post-basic/src/main/resources</directory>
- </resource>
- </resources>
<plugins>
<plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>${version.deploy.plugin}</version>
- <configuration>
- <skip>true</skip>
- </configuration>
- </plugin>
- <plugin>
- <artifactId>maven-war-plugin</artifactId>
- <version>${version.war.plugin}</version>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
<configuration>
- <!-- Java EE 6 doesn't require web.xml, Maven needs to catch up! -->
- <failOnMissingWebXml>false</failOnMissingWebXml>
-
- <!-- We need to get the configuration resources for the provided target container. -->
- <classifier>${target.container}</classifier>
-
- <!-- Instead of duplicating resources for each example application, we just reuse all resources from the
- base application. -->
- <webResources>
- <resource>
- <directory>src/main/webapp</directory>
- </resource>
- <resource>
- <directory>../post-basic/src/main/webapp</directory>
- </resource>
- <resource>
- <directory>${basedir}/conf/${target.container}</directory>
- </resource>
- </webResources>
+ <skip>false</skip>
</configuration>
</plugin>
- <!-- JBoss AS plugin to deploy war -->
<plugin>
- <groupId>org.jboss.as.plugins</groupId>
- <artifactId>jboss-as-maven-plugin</artifactId>
- <version>${version.jboss.maven.plugin}</version>
+ <groupId>org.wildfly.plugins</groupId>
+ <artifactId>wildfly-maven-plugin</artifactId>
<configuration>
- <filename>${project.build.finalName}-${target.container}.${project.packaging}</filename>
+ <skip>false</skip>
</configuration>
</plugin>
</plugins>
</build>
- <profiles>
- <profile>
- <id>wildfly</id>
- <properties>
- <target.container>wildfly</target.container>
- </properties>
- <build>
- <plugins>
- <plugin>
- <groupId>org.wildfly.plugins</groupId>
- <artifactId>wildfly-maven-plugin</artifactId>
- <version>${version.wildfly.maven.plugin}</version>
- <configuration>
- <filename>${project.build.finalName}-${target.container}.${project.packaging}</filename>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
-
</project>
diff --git a/examples/saml/post-with-encryption/src/main/webapp/images/keycloak_default_banner-1180px.png b/examples/saml/post-with-encryption/src/main/webapp/images/keycloak_default_banner-1180px.png
new file mode 100755
index 0000000..10ef213
Binary files /dev/null and b/examples/saml/post-with-encryption/src/main/webapp/images/keycloak_default_banner-1180px.png differ
diff --git a/examples/saml/post-with-encryption/src/main/webapp/logout.jsp b/examples/saml/post-with-encryption/src/main/webapp/logout.jsp
new file mode 100755
index 0000000..46124de
--- /dev/null
+++ b/examples/saml/post-with-encryption/src/main/webapp/logout.jsp
@@ -0,0 +1,43 @@
+<!--
+ ~ JBoss, Home of Professional Open Source.
+ ~ Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ ~ as indicated by the @author tags. See the copyright.txt file in the
+ ~ distribution for a full listing of individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+<head>
+<title>Keycloak SAML Client Adapter Example Application</title>
+<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
+<link rel="StyleSheet" href="css/idp.css" type="text/css">
+</head>
+
+<body>
+ <img src="images/keycloak_default_banner-1180px.png"
+ style="margin-top: -10px; margin-left: -10px; opacity: 0.4; filter: alpha(opacity = 40);" />
+ <div class="loginBox"
+ style="margin-bottom: 80px; border: 1px solid #000000; width: 440px; background-color: #F8F8F8; align: center;">
+ <center>
+ <p>
+ <b>Logged out. <a href="<%= request.getContextPath() %>">Login</a> again.</b>
+ </p>
+ </center>
+ </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/examples/saml/post-with-encryption/src/main/webapp/WEB-INF/keycloak-saml.xml b/examples/saml/post-with-encryption/src/main/webapp/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..c3132e2
--- /dev/null
+++ b/examples/saml/post-with-encryption/src/main/webapp/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8080/sales-post-enc/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" encryption="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-enc/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-enc/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleMapping>
+ <Attribute name="Role"/>
+ </RoleMapping>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/saml-demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/saml-demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/saml-demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="saml-demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
examples/saml/post-with-signature/pom.xml 103(+10 -93)
diff --git a/examples/saml/post-with-signature/pom.xml b/examples/saml/post-with-signature/pom.xml
index 064b642..8841ac0 100755
--- a/examples/saml/post-with-signature/pom.xml
+++ b/examples/saml/post-with-signature/pom.xml
@@ -2,16 +2,13 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
- <groupId>org.picketlink.quickstarts</groupId>
- <artifactId>picketlink-federation-saml-sp-post-with-signature</artifactId>
- <version>2.7.0.Beta2</version>
+ <groupId>org.keycloak.examples</groupId>
+ <artifactId>saml-post-signatures</artifactId>
+ <version>1.6.0.Final-SNAPSHOT</version>
<packaging>war</packaging>
- <name>PicketLink Quickstart: picketlink-federation-saml-sp-post-with-signature</name>
- <description>PicketLink Quickstart: PicketLink Service Provider With a Basic Configuration using SAML HTTP POST Binding With Signature Support</description>
-
- <url>http://www.picketlink.org</url>
+ <name>Keycloak SAML Adapter Example POST Binding and Signatures</name>
<licenses>
<license>
@@ -21,104 +18,24 @@
</license>
</licenses>
- <properties>
- <!-- PicketLink dependency versions -->
- <version.picketlink.javaee.bom>2.7.0.Beta2</version.picketlink.javaee.bom>
-
- <!-- Default target container. -->
- <target.container>jboss-eap</target.container>
-
- <!-- maven-compiler-plugin -->
- <version.compiler.plugin>3.1</version.compiler.plugin>
- <!-- maven-deploy-plugin -->
- <version.deploy.plugin>2.8.1</version.deploy.plugin>
- <!-- JBoss AS dependency versions -->
- <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
- <!-- maven-war-plugin -->
- <version.war.plugin>2.1.1</version.war.plugin>
- <!-- WildFly dependency versions -->
- <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
-
- <maven.compiler.target>1.6</maven.compiler.target>
- <maven.compiler.source>1.6</maven.compiler.source>
- </properties>
-
<build>
<!-- Set the name of the war, used as the context root when the app is deployed -->
<finalName>${project.artifactId}</finalName>
- <resources>
- <resource>
- <directory>src/main/resources</directory>
- </resource>
- <resource>
- <directory>../post-basic/src/main/resources</directory>
- </resource>
- </resources>
<plugins>
<plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>${version.deploy.plugin}</version>
- <configuration>
- <skip>true</skip>
- </configuration>
- </plugin>
- <plugin>
- <artifactId>maven-war-plugin</artifactId>
- <version>${version.war.plugin}</version>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
<configuration>
- <!-- Java EE 6 doesn't require web.xml, Maven needs to catch up! -->
- <failOnMissingWebXml>false</failOnMissingWebXml>
-
- <!-- We need to get the configuration resources for the provided target container. -->
- <classifier>${target.container}</classifier>
-
- <!-- Instead of duplicating resources for each example application, we just reuse all resources from the
- base application. -->
- <webResources>
- <resource>
- <directory>src/main/webapp</directory>
- </resource>
- <resource>
- <directory>../post-basic/src/main/webapp</directory>
- </resource>
- <resource>
- <directory>${basedir}/conf/${target.container}</directory>
- </resource>
- </webResources>
+ <skip>false</skip>
</configuration>
</plugin>
- <!-- JBoss AS plugin to deploy war -->
<plugin>
- <groupId>org.jboss.as.plugins</groupId>
- <artifactId>jboss-as-maven-plugin</artifactId>
- <version>${version.jboss.maven.plugin}</version>
+ <groupId>org.wildfly.plugins</groupId>
+ <artifactId>wildfly-maven-plugin</artifactId>
<configuration>
- <filename>${project.build.finalName}-${target.container}.${project.packaging}</filename>
+ <skip>false</skip>
</configuration>
</plugin>
</plugins>
</build>
-
- <profiles>
- <profile>
- <id>wildfly</id>
- <properties>
- <target.container>wildfly</target.container>
- </properties>
- <build>
- <plugins>
- <plugin>
- <groupId>org.wildfly.plugins</groupId>
- <artifactId>wildfly-maven-plugin</artifactId>
- <version>${version.wildfly.maven.plugin}</version>
- <configuration>
- <filename>${project.build.finalName}-${target.container}.${project.packaging}</filename>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
-
</project>
\ No newline at end of file
diff --git a/examples/saml/post-with-signature/src/main/webapp/images/keycloak_default_banner-1180px.png b/examples/saml/post-with-signature/src/main/webapp/images/keycloak_default_banner-1180px.png
new file mode 100755
index 0000000..10ef213
Binary files /dev/null and b/examples/saml/post-with-signature/src/main/webapp/images/keycloak_default_banner-1180px.png differ
diff --git a/examples/saml/post-with-signature/src/main/webapp/index.jsp b/examples/saml/post-with-signature/src/main/webapp/index.jsp
new file mode 100755
index 0000000..cae2fea
--- /dev/null
+++ b/examples/saml/post-with-signature/src/main/webapp/index.jsp
@@ -0,0 +1,15 @@
+<div align="center">
+<h1>SalesTool</h1>
+<br/>
+Welcome to the Sales Tool, <%=request.getUserPrincipal().getName()%>
+ <br/>
+ <a href="?GLO=true">Click to LogOut</a>
+ <br/>
+ <br/>
+Here is your sales chart:
+<br/>
+<img src="piechart.gif"/>
+
+<br/>
+
+</div>
diff --git a/examples/saml/post-with-signature/src/main/webapp/logout.jsp b/examples/saml/post-with-signature/src/main/webapp/logout.jsp
new file mode 100755
index 0000000..46124de
--- /dev/null
+++ b/examples/saml/post-with-signature/src/main/webapp/logout.jsp
@@ -0,0 +1,43 @@
+<!--
+ ~ JBoss, Home of Professional Open Source.
+ ~ Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ ~ as indicated by the @author tags. See the copyright.txt file in the
+ ~ distribution for a full listing of individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+
+<html>
+<head>
+<title>Keycloak SAML Client Adapter Example Application</title>
+<link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
+<link rel="StyleSheet" href="css/idp.css" type="text/css">
+</head>
+
+<body>
+ <img src="images/keycloak_default_banner-1180px.png"
+ style="margin-top: -10px; margin-left: -10px; opacity: 0.4; filter: alpha(opacity = 40);" />
+ <div class="loginBox"
+ style="margin-bottom: 80px; border: 1px solid #000000; width: 440px; background-color: #F8F8F8; align: center;">
+ <center>
+ <p>
+ <b>Logged out. <a href="<%= request.getContextPath() %>">Login</a> again.</b>
+ </p>
+ </center>
+ </div>
+</body>
+</html>
\ No newline at end of file
diff --git a/examples/saml/post-with-signature/src/main/webapp/piechart.gif b/examples/saml/post-with-signature/src/main/webapp/piechart.gif
new file mode 100755
index 0000000..57bfe37
Binary files /dev/null and b/examples/saml/post-with-signature/src/main/webapp/piechart.gif differ
diff --git a/examples/saml/post-with-signature/src/main/webapp/WEB-INF/keycloak-saml.xml b/examples/saml/post-with-signature/src/main/webapp/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..875d52c
--- /dev/null
+++ b/examples/saml/post-with-signature/src/main/webapp/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,45 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8080/sales-post-sig/"
+ sslPolicy="EXTERNAL"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ logoutPage="/logout.jsp"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/sales-post-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/sales-post-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleMapping>
+ <Attribute name="Role"/>
+ </RoleMapping>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="POST"
+ bindingUrl="http://localhost:8080/auth/realms/saml-demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="POST"
+ responseBinding="POST"
+ postBindingUrl="http://localhost:8080/auth/realms/saml-demo/protocol/saml"
+ redirectBindingUrl="http://localhost:8080/auth/realms/saml-demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="saml-demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file
diff --git a/examples/saml/post-with-signature/src/main/webapp/WEB-INF/web.xml b/examples/saml/post-with-signature/src/main/webapp/WEB-INF/web.xml
new file mode 100755
index 0000000..8971257
--- /dev/null
+++ b/examples/saml/post-with-signature/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>sales-post-sig</module-name>
+
+ <!-- Define a Security Constraint on this Application -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>SALES Application</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <!-- Define a security constraint that gives unlimted access to freezone -->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>freezone</web-resource-name>
+ <url-pattern>/freezone/*</url-pattern>
+ </web-resource-collection>
+ <web-resource-collection>
+ <web-resource-name>images</web-resource-name>
+ <url-pattern>/images/*</url-pattern>
+ </web-resource-collection>
+ <web-resource-collection>
+ <web-resource-name>css</web-resource-name>
+ <url-pattern>/css/*</url-pattern>
+ </web-resource-collection>
+ </security-constraint>
+
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>KEYCLOAK-SAML</auth-method>
+ <realm-name>Tomcat SALES Application</realm-name>
+ <form-login-config>
+ <form-login-page>/jsp/login.jsp</form-login-page>
+ <form-error-page>/jsp/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <!-- Security roles referenced by this web application -->
+ <security-role>
+ <description>The role that is required to log in to the Manager Application</description>
+ <role-name>manager</role-name>
+ </security-role>
+</web-app>
examples/saml/README.md 4(+2 -2)
diff --git a/examples/saml/README.md b/examples/saml/README.md
old mode 100644
new mode 100755
index a6a65f9..89fdee2
--- a/examples/saml/README.md
+++ b/examples/saml/README.md
@@ -1,8 +1,8 @@
-# Keycloak SAML Quickstarts
+# Keycloak SAML + Picketlink Client Quickstarts
## Introduction
-These quickstarts run on JBoss Enterprise Application Platform 6 or WildFly.
+These quickstarts show using Keycloak Server's SAML support with Picketlink's SAML client adapter. These quickstarts run on JBoss Enterprise Application Platform 6 or WildFly.
We recommend using the Keycloak Appliance Distribution to test the quickstarts as it has already some things pre-set for you.
There is individual README.md file specific for each quickstart in the particular subdirectory with the quickstart. Here are just some general info about the requirements for your OS etc.
examples/saml/redirect-with-signature/pom.xml 100(+10 -90)
diff --git a/examples/saml/redirect-with-signature/pom.xml b/examples/saml/redirect-with-signature/pom.xml
index a17e41d..55f426b 100755
--- a/examples/saml/redirect-with-signature/pom.xml
+++ b/examples/saml/redirect-with-signature/pom.xml
@@ -2,16 +2,14 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
- <groupId>org.picketlink.quickstarts</groupId>
- <artifactId>picketlink-federation-saml-sp-redirect-with-signature</artifactId>
- <version>2.7.0.Beta2</version>
+ <groupId>org.keycloak.examples</groupId>
+ <artifactId>saml-redirect-signatures</artifactId>
+ <version>1.6.0.Final-SNAPSHOT</version>
<packaging>war</packaging>
- <name>PicketLink Quickstart: picketlink-federation-saml-sp-redirect-with-signature</name>
- <description>PicketLink Quickstart: PicketLink Service Provider With a Basic Configuration using SAML HTTP Redirect Binding With Signature Support</description>
+ <name>Keycloak SAML Adapter Example Redirect Binding with Signatures</name>
- <url>http://www.picketlink.org</url>
<licenses>
<license>
@@ -21,104 +19,26 @@
</license>
</licenses>
- <properties>
- <!-- PicketLink dependency versions -->
- <version.picketlink.javaee.bom>2.7.0.Beta2</version.picketlink.javaee.bom>
-
- <!-- Default target container. -->
- <target.container>jboss-eap</target.container>
-
- <!-- maven-compiler-plugin -->
- <version.compiler.plugin>3.1</version.compiler.plugin>
- <!-- maven-deploy-plugin -->
- <version.deploy.plugin>2.8.1</version.deploy.plugin>
- <!-- JBoss AS dependency versions -->
- <version.jboss.maven.plugin>7.4.Final</version.jboss.maven.plugin>
- <!-- maven-war-plugin -->
- <version.war.plugin>2.1.1</version.war.plugin>
- <!-- WildFly dependency versions -->
- <version.wildfly.maven.plugin>1.0.1.Final</version.wildfly.maven.plugin>
-
- <maven.compiler.target>1.6</maven.compiler.target>
- <maven.compiler.source>1.6</maven.compiler.source>
- </properties>
-
<build>
<!-- Set the name of the war, used as the context root when the app is deployed -->
<finalName>${project.artifactId}</finalName>
- <resources>
- <resource>
- <directory>src/main/resources</directory>
- </resource>
- <resource>
- <directory>../redirect-basic/src/main/resources</directory>
- </resource>
- </resources>
<plugins>
<plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-deploy-plugin</artifactId>
- <version>${version.deploy.plugin}</version>
- <configuration>
- <skip>true</skip>
- </configuration>
- </plugin>
- <plugin>
- <artifactId>maven-war-plugin</artifactId>
- <version>${version.war.plugin}</version>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
<configuration>
- <!-- Java EE 6 doesn't require web.xml, Maven needs to catch up! -->
- <failOnMissingWebXml>false</failOnMissingWebXml>
-
- <!-- We need to get the configuration resources for the provided target container. -->
- <classifier>${target.container}</classifier>
-
- <!-- Instead of duplicating resources for each example application, we just reuse all resources from the
- base application. -->
- <webResources>
- <resource>
- <directory>src/main/webapp</directory>
- </resource>
- <resource>
- <directory>../redirect-basic/src/main/webapp</directory>
- </resource>
- <resource>
- <directory>${basedir}/conf/${target.container}</directory>
- </resource>
- </webResources>
+ <skip>false</skip>
</configuration>
</plugin>
- <!-- JBoss AS plugin to deploy war -->
<plugin>
- <groupId>org.jboss.as.plugins</groupId>
- <artifactId>jboss-as-maven-plugin</artifactId>
- <version>${version.jboss.maven.plugin}</version>
+ <groupId>org.wildfly.plugins</groupId>
+ <artifactId>wildfly-maven-plugin</artifactId>
<configuration>
- <filename>${project.build.finalName}-${target.container}.${project.packaging}</filename>
+ <skip>false</skip>
</configuration>
</plugin>
</plugins>
</build>
- <profiles>
- <profile>
- <id>wildfly</id>
- <properties>
- <target.container>wildfly</target.container>
- </properties>
- <build>
- <plugins>
- <plugin>
- <groupId>org.wildfly.plugins</groupId>
- <artifactId>wildfly-maven-plugin</artifactId>
- <version>${version.wildfly.maven.plugin}</version>
- <configuration>
- <filename>${project.build.finalName}-${target.container}.${project.packaging}</filename>
- </configuration>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
</project>
diff --git a/examples/saml/redirect-with-signature/src/main/webapp/css/idp.css b/examples/saml/redirect-with-signature/src/main/webapp/css/idp.css
new file mode 100755
index 0000000..afb49ea
--- /dev/null
+++ b/examples/saml/redirect-with-signature/src/main/webapp/css/idp.css
@@ -0,0 +1,78 @@
+/*
+ ~ JBoss, Home of Professional Open Source.
+ ~ Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ ~ as indicated by the @author tags. See the copyright.txt file in the
+ ~ distribution for a full listing of individual contributors.
+ ~
+ ~ This is free software; you can redistribute it and/or modify it
+ ~ under the terms of the GNU Lesser General Public License as
+ ~ published by the Free Software Foundation; either version 2.1 of
+ ~ the License, or (at your option) any later version.
+ ~
+ ~ This software is distributed in the hope that it will be useful,
+ ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ ~ Lesser General Public License for more details.
+ ~
+ ~ You should have received a copy of the GNU Lesser General Public
+ ~ License along with this software; if not, write to the Free
+ ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+body {
+ background: url(images/rh_bg.png) repeat-x scroll 0 0 #F3F3F3;
+ color: #555555;
+ font: 12px/1.4 "Lucida Sans Unicode", "Lucida Grande", sans-serif;
+}
+
+.loginBox {
+ position:absolute;
+ top: 50%;
+ left: 50%;
+ width:30em;
+ height:3em;
+ margin-top: -9em; /*set to a negative number 1/2 of your height*/
+ margin-left: -15em; /*set to a negative number 1/2 of your width*/
+ border: 1px solid #ccc;
+ background-color: #f3f3f3;
+}
+
+.wrapper {
+ margin-left: auto;
+ margin-right: auto;
+ width: 50em;
+ text-align: left;
+}
+
+a {
+ text-decoration: none;
+ color: #5e8a9a;
+}
+
+h1 {
+ padding-top: 20px;
+ color: #7b1e1e;
+}
+
+a:hover {
+ text-decoration: underline;
+ color: #8ec6d9;
+}
+
+.content {
+ margin-left: 230px;
+}
+
+.dualbrand {
+ padding-top: 20px;
+}
+
+.as7 {
+ float: left;
+ margin-left: 10px;
+}
+
+.note {
+ font-size: 8pt;
+ color: #aaaaaa;
+}
\ No newline at end of file
diff --git a/examples/saml/redirect-with-signature/src/main/webapp/favicon.ico b/examples/saml/redirect-with-signature/src/main/webapp/favicon.ico
new file mode 100755
index 0000000..c31d0fa
Binary files /dev/null and b/examples/saml/redirect-with-signature/src/main/webapp/favicon.ico differ
diff --git a/examples/saml/redirect-with-signature/src/main/webapp/images/bkg.gif b/examples/saml/redirect-with-signature/src/main/webapp/images/bkg.gif
new file mode 100755
index 0000000..523877c
Binary files /dev/null and b/examples/saml/redirect-with-signature/src/main/webapp/images/bkg.gif differ
diff --git a/examples/saml/redirect-with-signature/src/main/webapp/images/keycloak_default_banner-1180px.png b/examples/saml/redirect-with-signature/src/main/webapp/images/keycloak_default_banner-1180px.png
new file mode 100755
index 0000000..10ef213
Binary files /dev/null and b/examples/saml/redirect-with-signature/src/main/webapp/images/keycloak_default_banner-1180px.png differ
diff --git a/examples/saml/redirect-with-signature/src/main/webapp/images/rh_bg.png b/examples/saml/redirect-with-signature/src/main/webapp/images/rh_bg.png
new file mode 100755
index 0000000..b0e6a00
Binary files /dev/null and b/examples/saml/redirect-with-signature/src/main/webapp/images/rh_bg.png differ
diff --git a/examples/saml/redirect-with-signature/src/main/webapp/WEB-INF/keycloak-saml.xml b/examples/saml/redirect-with-signature/src/main/webapp/WEB-INF/keycloak-saml.xml
new file mode 100755
index 0000000..b658234
--- /dev/null
+++ b/examples/saml/redirect-with-signature/src/main/webapp/WEB-INF/keycloak-saml.xml
@@ -0,0 +1,44 @@
+<keycloak-saml-adapter>
+ <SP entityID="http://localhost:8080/employee-sig/"
+ sslPolicy="EXTERNAL"
+ logoutPage="/logout.jsp"
+ nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+ forceAuthentication="false">
+ <Keys>
+ <Key signing="true" >
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <PrivateKey alias="http://localhost:8080/employee-sig/" password="test123"/>
+ <Certificate alias="http://localhost:8080/employee-sig/"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ <PrincipalNameMapping policy="FROM_NAME_ID"/>
+ <RoleMapping>
+ <Attribute name="Role"/>
+ </RoleMapping>
+ <IDP entityID="idp">
+ <SingleSignOnService signRequest="true"
+ validateResponseSignature="true"
+ requestBinding="REDIRECT"
+ bindingUrl="http://localhost:8080/auth/realms/saml-demo/protocol/saml"
+ />
+
+ <SingleLogoutService
+ validateRequestSignature="true"
+ validateResponseSignature="true"
+ signRequest="true"
+ signResponse="true"
+ requestBinding="REDIRECT"
+ responseBinding="REDIRECT"
+ redirectBindingUrl="http://localhost:8080/auth/realms/saml-demo/protocol/saml"
+ />
+ <Keys>
+ <Key signing="true">
+ <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
+ <Certificate alias="saml-demo"/>
+ </KeyStore>
+ </Key>
+ </Keys>
+ </IDP>
+ </SP>
+</keycloak-saml-adapter>
\ No newline at end of file