Prosoft Git

keycloak-aplcache

Merge pull request #2434 from patriot1burke/1.9.x KEYCLOAK-2584

3/25/2016 1:08:47 AM
Bill Burke

Bill Burke

Commit: 16863f2

Tree: fe7da5f

Parents: 977b61f
805afbb

Changes

adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java 80(+45 -35)

testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml 1(+1 -0)

Details

adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java 80(+45 -35) 

diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java
index b03055b..f8016e0 100755
--- a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java
+++ b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java
@@ -54,53 +54,63 @@ public abstract class AbstractInitiateLogin implements AuthChallenge {
     @Override
     public boolean challenge(HttpFacade httpFacade) {
         try {
-            String issuerURL = deployment.getEntityID();
-            String nameIDPolicyFormat = deployment.getNameIDPolicyFormat();
+            SAML2AuthnRequestBuilder authnRequestBuilder = buildSaml2AuthnRequestBuilder(deployment);
+            BaseSAML2BindingBuilder binding = createSaml2Binding(deployment);
+            sessionStore.saveRequest();
 
-            if (nameIDPolicyFormat == null) {
-                nameIDPolicyFormat =  JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
-            }
+            sendAuthnRequest(httpFacade, authnRequestBuilder, binding);
+            sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_IN);
+        } catch (Exception e) {
+            throw new RuntimeException("Could not create authentication request.", e);
+        }
+        return true;
+    }
+
+    public static BaseSAML2BindingBuilder createSaml2Binding(SamlDeployment deployment) {
+        BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
 
-            SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder()
-                    .destination(deployment.getIDP().getSingleSignOnService().getRequestBindingUrl())
-                    .issuer(issuerURL)
-                    .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
-                    .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
-            if (deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
-                String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
-                if (deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
-                    protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
-                }
-                authnRequestBuilder.protocolBinding(protocolBinding);
+        if (deployment.getIDP().getSingleSignOnService().signRequest()) {
 
+            binding.signatureAlgorithm(deployment.getSignatureAlgorithm());
+            KeyPair keypair = deployment.getSigningKeyPair();
+            if (keypair == null) {
+                throw new RuntimeException("Signing keys not configured");
             }
-            if (deployment.getAssertionConsumerServiceUrl() != null) {
-                authnRequestBuilder.assertionConsumerUrl(deployment.getAssertionConsumerServiceUrl());
+            if (deployment.getSignatureCanonicalizationMethod() != null) {
+                binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
             }
-            BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
 
-            if (deployment.getIDP().getSingleSignOnService().signRequest()) {
+            binding.signWith(keypair);
+            binding.signDocument();
+        }
+        return binding;
+    }
 
+    public static SAML2AuthnRequestBuilder buildSaml2AuthnRequestBuilder(SamlDeployment deployment) {
+        String issuerURL = deployment.getEntityID();
+        String nameIDPolicyFormat = deployment.getNameIDPolicyFormat();
 
-                KeyPair keypair = deployment.getSigningKeyPair();
-                if (keypair == null) {
-                    throw new RuntimeException("Signing keys not configured");
-                }
-                if (deployment.getSignatureCanonicalizationMethod() != null) {
-                    binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
-                }
+        if (nameIDPolicyFormat == null) {
+            nameIDPolicyFormat =  JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
+        }
 
-                binding.signWith(keypair);
-                binding.signDocument();
+        SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder()
+                .destination(deployment.getIDP().getSingleSignOnService().getRequestBindingUrl())
+                .issuer(issuerURL)
+                .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
+                .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
+        if (deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
+            String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
+            if (deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
+                protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
             }
-            sessionStore.saveRequest();
+            authnRequestBuilder.protocolBinding(protocolBinding);
 
-            sendAuthnRequest(httpFacade, authnRequestBuilder, binding);
-            sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_IN);
-        } catch (Exception e) {
-            throw new RuntimeException("Could not create authentication request.", e);
         }
-        return true;
+        if (deployment.getAssertionConsumerServiceUrl() != null) {
+            authnRequestBuilder.assertionConsumerUrl(deployment.getAssertionConsumerServiceUrl());
+        }
+        return authnRequestBuilder;
     }
 
     protected abstract void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) throws ProcessingException, ConfigurationException, IOException;

testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml 1(+1 -0) 

diff --git a/testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml b/testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml
index b01112b..300ccf7 100755
--- a/testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml
+++ b/testsuite/integration/src/test/resources/keycloak-saml/signed-post/WEB-INF/keycloak-saml.xml
@@ -34,6 +34,7 @@
             <Attribute name="Role"/>
         </RoleIdentifiers>
         <IDP entityID="idp"
+             signatureAlgorithm="RSA_SHA256"
              signaturesRequired="true">
         <SingleSignOnService requestBinding="POST"
                              bindingUrl="http://localhost:8081/auth/realms/demo/protocol/saml"

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github