keycloak-aplcache
Details
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/master.xml b/docbook/saml-adapter-docs/reference/en/en-US/master.xml
index 7f14165..89d16e6 100755
--- a/docbook/saml-adapter-docs/reference/en/en-US/master.xml
+++ b/docbook/saml-adapter-docs/reference/en/en-US/master.xml
@@ -11,6 +11,7 @@
<!ENTITY Assertions SYSTEM "modules/assertion-api.xml">
<!ENTITY Logout SYSTEM "modules/logout.xml">
<!ENTITY ErrorHandling SYSTEM "modules/adapter_error_handling.xml">
+ <!ENTITY DEBUGGING SYSTEM "modules/debugging.xml">
]>
<book>
@@ -53,6 +54,7 @@ This one is short
&Logout;
&Assertions;
&ErrorHandling;
+ &DEBUGGING;
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml
index 1d6d11f..152c6b9 100755
--- a/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/adapter_error_handling.xml
@@ -39,4 +39,4 @@ public class SamlAuthenticationError implements AuthenticationError {
}
</programlisting>
</para>
-</chapter>
\ No newline at end of file
+</chapter>
diff --git a/docbook/saml-adapter-docs/reference/en/en-US/modules/debugging.xml b/docbook/saml-adapter-docs/reference/en/en-US/modules/debugging.xml
new file mode 100755
index 0000000..81e252c
--- /dev/null
+++ b/docbook/saml-adapter-docs/reference/en/en-US/modules/debugging.xml
@@ -0,0 +1,8 @@
+<chapter id="debugging">
+ <title>Troubleshooting</title>
+ <para>
+ The best way to troubleshoot some problems is to turn on debugging for saml in both the client adapter and the keycloak server.
+ To do this turn on debugging int the <literal>org.keycloak.saml</literal> package to <literal>debug</literal> in your log4j or other
+ logging framework. Turning this on allows you to see the SAML requests and response documents being sent to and from the server.
+ </para>
+</chapter>
\ No newline at end of file
diff --git a/saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java b/saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java
index fb4fa0a..ea24954 100755
--- a/saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java
+++ b/saml-core/src/main/java/org/keycloak/saml/SAMLRequestParser.java
@@ -1,5 +1,7 @@
package org.keycloak.saml;
+import org.jboss.logging.Logger;
+import org.keycloak.common.util.StreamUtil;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
@@ -9,6 +11,7 @@ import org.keycloak.saml.processing.web.util.PostBindingUtil;
import org.keycloak.saml.processing.web.util.RedirectBindingUtil;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.InputStream;
/**
@@ -17,10 +20,23 @@ import java.io.InputStream;
*/
public class SAMLRequestParser {
private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
+ protected static Logger log = Logger.getLogger(SAMLRequestParser.class);
public static SAMLDocumentHolder parseRequestRedirectBinding(String samlMessage) {
InputStream is;
is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ if (log.isDebugEnabled()) {
+ String message = null;
+ try {
+ message = StreamUtil.readString(is);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ log.debug("SAML Redirect Binding");
+ log.debug(message);
+ is = new ByteArrayInputStream(message.getBytes());
+
+ }
SAML2Request saml2Request = new SAML2Request();
try {
saml2Request.getSAML2ObjectFromStream(is);
@@ -35,6 +51,11 @@ public class SAMLRequestParser {
public static SAMLDocumentHolder parseRequestPostBinding(String samlMessage) {
InputStream is;
byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
+ if (log.isDebugEnabled()) {
+ String str = new String(samlBytes);
+ log.debug("SAML POST Binding");
+ log.debug(str);
+ }
is = new ByteArrayInputStream(samlBytes);
SAML2Request saml2Request = new SAML2Request();
try {
@@ -48,10 +69,15 @@ public class SAMLRequestParser {
public static SAMLDocumentHolder parseResponsePostBinding(String samlMessage) {
byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
+ log.debug("SAML POST Binding");
return parseResponseDocument(samlBytes);
}
public static SAMLDocumentHolder parseResponseDocument(byte[] samlBytes) {
+ if (log.isDebugEnabled()) {
+ String str = new String(samlBytes);
+ log.debug(str);
+ }
InputStream is = new ByteArrayInputStream(samlBytes);
SAML2Response response = new SAML2Response();
try {
@@ -65,6 +91,18 @@ public class SAMLRequestParser {
public static SAMLDocumentHolder parseResponseRedirectBinding(String samlMessage) {
InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ if (log.isDebugEnabled()) {
+ String message = null;
+ try {
+ message = StreamUtil.readString(is);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ log.debug("SAML Redirect Binding");
+ log.debug(message);
+ is = new ByteArrayInputStream(message.getBytes());
+
+ }
SAML2Response response = new SAML2Response();
try {
response.getSAML2ObjectFromStream(is);
services/pom.xml 1(+0 -1)
diff --git a/services/pom.xml b/services/pom.xml
index 64c4221..87de333 100755
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -61,7 +61,6 @@
<groupId>org.jboss.logging</groupId>
<artifactId>jboss-logging-annotations</artifactId>
<scope>provided</scope>
- <optional>true</optional>
</dependency>
<dependency>
<groupId>org.jboss.logging</groupId>
diff --git a/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java b/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
index c754258..c60ac0c 100755
--- a/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
+++ b/services/src/main/java/org/keycloak/broker/saml/SAMLEndpoint.java
@@ -434,7 +434,7 @@ public class SAMLEndpoint {
@Override
protected SAMLDocumentHolder extractResponseDocument(String response) {
- return SAMLRequestParser.parseRequestRedirectBinding(response);
+ return SAMLRequestParser.parseResponseRedirectBinding(response);
}
@Override
diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
index b598576..0260fc7 100755
--- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -429,7 +429,7 @@ public class SamlService extends AuthorizationEndpointBase {
@Override
protected SAMLDocumentHolder extractResponseDocument(String response) {
- return SAMLRequestParser.parseRequestRedirectBinding(response);
+ return SAMLRequestParser.parseResponseRedirectBinding(response);
}
@Override
diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
old mode 100644
new mode 100755
index 1d7616f..7715a59
--- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
+++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
@@ -69,7 +69,17 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
ProviderManager pm = new ProviderManager(getClass().getClassLoader(), Config.scope().getArray("providers"));
- for (Spi spi : ServiceLoader.load(Spi.class, getClass().getClassLoader())) {
+ ServiceLoader<Spi> load = ServiceLoader.load(Spi.class, getClass().getClassLoader());
+ loadSPIs(pm, load);
+ for ( Map<String, ProviderFactory> factories : factoriesMap.values()) {
+ for (ProviderFactory factory : factories.values()) {
+ factory.postInit(this);
+ }
+ }
+ }
+
+ protected void loadSPIs(ProviderManager pm, ServiceLoader<Spi> load) {
+ for (Spi spi : load) {
Map<String, ProviderFactory> factories = new HashMap<String, ProviderFactory>();
factoriesMap.put(spi.getProviderClass(), factories);
@@ -118,11 +128,6 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory {
}
}
}
- for ( Map<String, ProviderFactory> factories : factoriesMap.values()) {
- for (ProviderFactory factory : factories.values()) {
- factory.postInit(this);
- }
- }
}
public KeycloakSession create() {
testsuite/integration/pom.xml 4(+4 -0)
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index 4db1a91..20f0387 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -94,6 +94,10 @@
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
+ <artifactId>keycloak-server-spi</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
</dependency>
<dependency>
diff --git a/testsuite/integration/src/test/resources/log4j.properties b/testsuite/integration/src/test/resources/log4j.properties
index 3a6fe1d..502dd7c 100755
--- a/testsuite/integration/src/test/resources/log4j.properties
+++ b/testsuite/integration/src/test/resources/log4j.properties
@@ -38,6 +38,7 @@ log4j.logger.org.keycloak.connections.jpa.updater.liquibase.LiquibaseJpaUpdaterP
# Enable to view detailed AS REQ and TGS REQ requests to embedded Kerberos server
# log4j.logger.org.apache.directory.server.kerberos=debug
+#log4j.logger.org.keycloak.saml=debug
log4j.logger.org.xnio=off
log4j.logger.org.hibernate=off