keycloak-aplcache
Changes
adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java 2(+1 -1)
adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/KeycloakOIDCFilter.java 6(+6 -0)
Details
diff --git a/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java b/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
index 4ed35a6..c38c6bd 100755
--- a/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
+++ b/adapters/oidc/as7-eap6/as7-subsystem/src/main/java/org/keycloak/subsystem/as7/KeycloakSubsystemParser.java
@@ -243,7 +243,7 @@ class KeycloakSubsystemParser implements XMLStreamConstants, XMLElementReader<Li
String credName = credential.getName();
String credValue = credential.getValue().get(CredentialDefinition.VALUE.getName()).asString();
- if (credName.contains("")) {
+ if (credName.indexOf('.') > -1) {
String[] parts = credName.split("\\.");
String provider = parts[0];
String propKey = parts[1];
diff --git a/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/KeycloakOIDCFilter.java b/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/KeycloakOIDCFilter.java
index ddd7552..dab7501 100755
--- a/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/KeycloakOIDCFilter.java
+++ b/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/KeycloakOIDCFilter.java
@@ -102,6 +102,8 @@ public class KeycloakOIDCFilter implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+ log.fine("Keycloak OIDC Filter");
+ //System.err.println("Keycloak OIDC Filter: " + ((HttpServletRequest)req).getRequestURL().toString());
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
OIDCServletHttpFacade facade = new OIDCServletHttpFacade(request, response);
@@ -122,7 +124,10 @@ public class KeycloakOIDCFilter implements Filter {
@Override
public void logoutHttpSessions(List<String> ids) {
+ log.fine("**************** logoutHttpSessions");
+ //System.err.println("**************** logoutHttpSessions");
for (String id : ids) {
+ log.finest("removed idMapper: " + id);
idMapper.removeSession(id);
}
@@ -130,6 +135,7 @@ public class KeycloakOIDCFilter implements Filter {
}, deploymentContext, facade);
if (preActions.handleRequest()) {
+ //System.err.println("**************** preActions.handleRequest happened!");
return;
}
diff --git a/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java b/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java
index 086ef50..8a3010d 100755
--- a/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java
+++ b/adapters/oidc/servlet-filter/src/main/java/org/keycloak/adapters/servlet/OIDCFilterSessionStore.java
@@ -112,6 +112,8 @@ public class OIDCFilterSessionStore extends FilterSessionStore implements Adapte
}
if (idMapper != null && !idMapper.hasSession(httpSession.getId())) {
+ log.fine("idMapper does not have session: " + httpSession.getId());
+ //System.err.println("idMapper does not have session: " + httpSession.getId());
cleanSession(httpSession);
return false;
}
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/servlet-filter-adapter.xml b/docbook/auth-server-docs/reference/en/en-US/modules/servlet-filter-adapter.xml
index 91425d4..45ed993 100755
--- a/docbook/auth-server-docs/reference/en/en-US/modules/servlet-filter-adapter.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/modules/servlet-filter-adapter.xml
@@ -46,12 +46,21 @@
</filter>
<filter-mapping>
<filter-name>Keycloak Filter</filter-name>
- <url-pattern>/*</url-pattern>
+ <url-pattern>/keycloak/*</url-pattern>
+ <url-pattern>/protected/*</url-pattern>
</filter-mapping>
</web-app>
]]>
</programlisting>
<para>
+ If you notice above, there are two url-patterns. <literal>/protected/*</literal> are just the files we want protected.
+ <literal>/keycloak/*</literal> url-pattern will handle callback from the keycloak server.
+ Note that you should configure your client in the Keycloak Admin Console
+ with an Admin URL that points to a secured section covered by the filter's url-pattern.
+ The Admin URL will make callbacks to the Admin URL to do things like backchannel logout. So, the Admin URL in this example should
+ be <literal>http[s]://hostname/{context-root}/keycloak</literal>. There is an example of this in the distribution.
+ </para>
+ <para>
The Keycloak filter has the same configuration parameters available as the other adapters except you must define
them as filter init params instead of context params.
</para>
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/servlet-filter-adapter.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/servlet-filter-adapter.xml
index 68b7daa..ff6d377 100755
--- a/docbook/saml-adapter-docs/reference/en/en-US/modules/servlet-filter-adapter.xml
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/servlet-filter-adapter.xml
@@ -64,10 +64,14 @@
</para>
<warning>
<para>
- You must have a filter mapping for <literal>/saml</literal>
+ You must have a filter mapping that covers <literal>/saml</literal>. This mapping covers all server callbacks.
</para>
</warning>
<para>
+ When registering SPs with an IDP, you must register <literal>http[s]://hostname/{context-root}/saml</literal> as
+ your Assert Consumer Service URL and Single Logout Service URL.
+ </para>
+ <para>
To use this filter, include this maven artifact in your WAR poms
</para>
<programlisting><![CDATA[
diff --git a/examples/demo-template/customer-app-filter/src/main/webapp/WEB-INF/web.xml b/examples/demo-template/customer-app-filter/src/main/webapp/WEB-INF/web.xml
index d724aa2..b5098ac 100755
--- a/examples/demo-template/customer-app-filter/src/main/webapp/WEB-INF/web.xml
+++ b/examples/demo-template/customer-app-filter/src/main/webapp/WEB-INF/web.xml
@@ -29,7 +29,8 @@
</filter>
<filter-mapping>
<filter-name>Keycloak Filter</filter-name>
- <url-pattern>/customers/*</url-pattern>
+ <url-pattern>/keycloak/*</url-pattern> <!-- this is so keycloak server can send events like backchannel logout -->
+ <url-pattern>/customers/*</url-pattern> <!-- this secures things -->
</filter-mapping>
</web-app>
diff --git a/examples/demo-template/testrealm.json b/examples/demo-template/testrealm.json
index e1d07ba..20cd615 100755
--- a/examples/demo-template/testrealm.json
+++ b/examples/demo-template/testrealm.json
@@ -123,7 +123,7 @@
{
"clientId": "customer-portal-filter",
"enabled": true,
- "adminUrl": "/customer-portal-filter",
+ "adminUrl": "/customer-portal-filter/keycloak",
"baseUrl": "/customer-portal-filter",
"redirectUris": [
"/customer-portal-filter/*"