Prosoft Git

keycloak-aplcache

Merge pull request #1626 from dbarentine/master KEYCLOAK-1861

9/22/2015 9:37:46 AM
Bill Burke

Bill Burke

Commit: 2865a3c

Tree: eebcc72

Parents: 522fc74
db20fd9

Changes

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java 1(+1 -0)

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java 12(+12 -0)

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderConfig.java 8(+8 -0)

forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js 7(+7 -0)

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html 12(+12 -0)

Details

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java 1(+1 -0) 

diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
index f6ea2f5..f15a23f 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
@@ -250,6 +250,7 @@ public class SAMLEndpoint {
             builder.relayState(relayState);
             if (config.isWantAuthnRequestsSigned()) {
                 builder.signWith(realm.getPrivateKey(), realm.getPublicKey(), realm.getCertificate())
+                        .signatureAlgorithm(provider.getSignatureAlgorithm())
                         .signDocument();
             }
             try {

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java 12(+12 -0) 

diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
index 4517a94..52959f8 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java
@@ -36,6 +36,7 @@ import org.keycloak.models.UserSessionModel;
 import org.keycloak.protocol.saml.SAML2AuthnRequestBuilder;
 import org.keycloak.protocol.saml.SAML2LogoutRequestBuilder;
 import org.keycloak.protocol.saml.SAML2NameIDPolicyBuilder;
+import org.keycloak.protocol.saml.SignatureAlgorithm;
 import org.keycloak.saml.common.constants.GeneralConstants;
 import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
 import org.keycloak.saml.common.exceptions.ConfigurationException;
@@ -110,6 +111,7 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
                 KeyPair keypair = new KeyPair(publicKey, privateKey);
 
                 authnRequestBuilder.signWith(keypair);
+                authnRequestBuilder.signatureAlgorithm(getSignatureAlgorithm());
                 authnRequestBuilder.signDocument();
             }
 
@@ -196,6 +198,7 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
                 .relayState(userSession.getId());
         if (getConfig().isWantAuthnRequestsSigned()) {
             logoutBuilder.signWith(realm.getPrivateKey(), realm.getPublicKey(), realm.getCertificate())
+                    .signatureAlgorithm(getSignatureAlgorithm())
                     .signDocument();
         }
         return logoutBuilder;
@@ -245,4 +248,13 @@ public class SAMLIdentityProvider extends AbstractIdentityProvider<SAMLIdentityP
                 "</EntityDescriptor>\n";
         return Response.ok(descriptor, MediaType.APPLICATION_XML_TYPE).build();
     }
+
+    public SignatureAlgorithm getSignatureAlgorithm() {
+        String alg = getConfig().getSignatureAlgorithm();
+        if (alg != null) {
+            SignatureAlgorithm algorithm = SignatureAlgorithm.valueOf(alg);
+            if (algorithm != null) return algorithm;
+        }
+        return SignatureAlgorithm.RSA_SHA256;
+    }
 }

broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderConfig.java 8(+8 -0) 

diff --git a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderConfig.java b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderConfig.java
index ad11be3..6ab3963 100755
--- a/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderConfig.java
+++ b/broker/saml/src/main/java/org/keycloak/broker/saml/SAMLIdentityProviderConfig.java
@@ -87,6 +87,14 @@ public class SAMLIdentityProviderConfig extends IdentityProviderModel {
         getConfig().put("wantAuthnRequestsSigned", String.valueOf(wantAuthnRequestsSigned));
     }
 
+    public String getSignatureAlgorithm() {
+        return getConfig().get("signatureAlgorithm");
+    }
+
+    public void setSignatureAlgorithm(String signatureAlgorithm) {
+        getConfig().put("signatureAlgorithm", signatureAlgorithm);
+    }
+
     public String getEncryptionPublicKey() {
         return getConfig().get("encryptionPublicKey");
     }

forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js 7(+7 -0) 

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
index 4027a85..4899790 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js
@@ -693,10 +693,17 @@ module.controller('RealmIdentityProviderCtrl', function($scope, $filter, $upload
 
             }
         ];
+        $scope.signatureAlgorithms = [
+            "RSA_SHA1",
+            "RSA_SHA256",
+            "RSA_SHA512",
+            "DSA_SHA1"
+        ];
         if (instance && instance.alias) {
 
         } else {
             $scope.identityProvider.config.nameIDPolicyFormat = $scope.nameIdFormats[0].format;
+            $scope.identityProvider.config.signatureAlgorithm = $scope.signatureAlgorithms[1];
             $scope.identityProvider.updateProfileFirstLoginMode = "off";
         }
     }

forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html 12(+12 -0) 

diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
index 1723919..5387826 100755
--- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
+++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-identity-provider-saml.html
@@ -135,6 +135,18 @@
                 </div>
                 <kc-tooltip> Indicates whether the identity provider expects signed a AuthnRequest.</kc-tooltip>
             </div>
+            <div class="form-group" data-ng-show="identityProvider.config.wantAuthnRequestsSigned == 'true'">
+                <label class="col-md-2 control-label" for="signatureAlgorithm">Signature Algorithm</label>
+                <div class="col-sm-6">
+                    <div>
+                        <select class="form-control" id="signatureAlgorithm"
+                                ng-model="identityProvider.config.signatureAlgorithm"
+                                ng-options="alg for alg in signatureAlgorithms">
+                        </select>
+                    </div>
+                </div>
+                <kc-tooltip>The signature algorithm to use to sign documents.</kc-tooltip>
+            </div>
             <div class="form-group">
                 <label class="col-md-2 control-label" for="forceAuthn">Force Authentication</label>
                 <div class="col-md-6">

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github