diff --git a/adapters/saml/pom.xml b/adapters/saml/pom.xml
index 6afd2168081..19cc1827837 100755
--- a/adapters/saml/pom.xml
+++ b/adapters/saml/pom.xml
@@ -36,7 +36,6 @@
core-jakarta
undertow
wildfly
- servlet-filter
jakarta-servlet-filter
wildfly-elytron
wildfly-elytron-jakarta
diff --git a/adapters/saml/servlet-filter/pom.xml b/adapters/saml/servlet-filter/pom.xml
deleted file mode 100755
index 5fc02704295..00000000000
--- a/adapters/saml/servlet-filter/pom.xml
+++ /dev/null
@@ -1,82 +0,0 @@
-
-
-
-
-
- keycloak-parent
- org.keycloak
- 999.0.0-SNAPSHOT
- ../../../pom.xml
-
- 4.0.0
-
- keycloak-saml-servlet-filter-adapter
- Keycloak SAML Servlet Filter
-
-
-
-
- org.jboss.logging
- jboss-logging
-
-
- org.keycloak
- keycloak-common
-
-
- org.keycloak
- keycloak-adapter-spi
-
-
- org.keycloak
- keycloak-servlet-adapter-spi
-
-
- org.bouncycastle
- bcprov-jdk18on
-
-
- org.keycloak
- keycloak-saml-core
-
-
- org.keycloak
- keycloak-saml-adapter-api-public
-
-
- org.keycloak
- keycloak-saml-adapter-core
-
-
- org.keycloak
- keycloak-crypto-default
-
-
- org.jboss.spec.javax.servlet
- jboss-servlet-api_3.0_spec
- provided
-
-
- junit
- junit
- test
-
-
-
-
diff --git a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java b/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java
deleted file mode 100755
index 731bdba26a3..00000000000
--- a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/FilterSamlSessionStore.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.adapters.saml.servlet;
-
-import org.jboss.logging.Logger;
-import org.keycloak.adapters.saml.SamlDeployment;
-import org.keycloak.adapters.saml.SamlSession;
-import org.keycloak.adapters.saml.SamlSessionStore;
-import org.keycloak.adapters.saml.SamlUtil;
-import org.keycloak.adapters.servlet.FilterSessionStore;
-import org.keycloak.adapters.spi.HttpFacade;
-import org.keycloak.adapters.spi.KeycloakAccount;
-import org.keycloak.adapters.spi.SessionIdMapper;
-import org.keycloak.common.util.KeycloakUriBuilder;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpSession;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Set;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class FilterSamlSessionStore extends FilterSessionStore implements SamlSessionStore {
- protected static Logger log = Logger.getLogger(SamlSessionStore.class);
- protected final SessionIdMapper idMapper;
- private final SamlDeployment deployment;
-
- public FilterSamlSessionStore(HttpServletRequest request, HttpFacade facade, int maxBuffer, SessionIdMapper idMapper, SamlDeployment deployment) {
- super(request, facade, maxBuffer);
- this.idMapper = idMapper;
- this.deployment = deployment;
- }
-
- @Override
- public void setCurrentAction(CurrentAction action) {
- if (action == CurrentAction.NONE && request.getSession(false) == null) return;
- request.getSession().setAttribute(CURRENT_ACTION, action);
- }
-
- @Override
- public boolean isLoggingIn() {
- HttpSession session = request.getSession(false);
- if (session == null) return false;
- CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION);
- return action == CurrentAction.LOGGING_IN;
- }
-
- @Override
- public boolean isLoggingOut() {
- HttpSession session = request.getSession(false);
- if (session == null) return false;
- CurrentAction action = (CurrentAction)session.getAttribute(CURRENT_ACTION);
- return action == CurrentAction.LOGGING_OUT;
- }
-
- @Override
- public void logoutAccount() {
- HttpSession session = request.getSession(false);
- if (session == null) return;
- if (session != null) {
- if (idMapper != null) idMapper.removeSession(session.getId());
- SamlSession samlSession = (SamlSession)session.getAttribute(SamlSession.class.getName());
- if (samlSession != null) {
- session.removeAttribute(SamlSession.class.getName());
- }
- clearSavedRequest(session);
- }
- }
-
- @Override
- public void logoutByPrincipal(String principal) {
- SamlSession account = getAccount();
- if (account != null && account.getPrincipal().getSamlSubject().equals(principal)) {
- logoutAccount();
- }
- if (idMapper != null) {
- Set sessions = idMapper.getUserSessions(principal);
- if (sessions != null) {
- List ids = new LinkedList();
- ids.addAll(sessions);
- for (String id : ids) {
- idMapper.removeSession(id);
- }
- }
- }
-
- }
-
- @Override
- public void logoutBySsoId(List ssoIds) {
- SamlSession account = getAccount();
- for (String ssoId : ssoIds) {
- if (account != null && account.getSessionIndex().equals(ssoId)) {
- logoutAccount();
- } else if (idMapper != null) {
- String sessionId = idMapper.getSessionFromSSO(ssoId);
- idMapper.removeSession(sessionId);
- }
- }
- }
-
- @Override
- public boolean isLoggedIn() {
- HttpSession session = request.getSession(false);
- if (session == null) {
- log.debug("session was null, returning false");
- return false;
- }
- final SamlSession samlSession = SamlUtil.validateSamlSession(session.getAttribute(SamlSession.class.getName()), deployment);
- if (samlSession == null) {
- log.debug("SamlSession was not in session, returning null");
- return false;
- }
- if (idMapper != null && !idMapper.hasSession(session.getId())) {
- logoutAccount();
- return false;
- }
-
- needRequestRestore = restoreRequest();
- return true;
- }
-
- public HttpServletRequestWrapper getWrap() {
- HttpSession session = request.getSession(true);
- final SamlSession samlSession = (SamlSession)session.getAttribute(SamlSession.class.getName());
- final KeycloakAccount account = samlSession;
- return buildWrapper(session, account);
- }
-
- @Override
- public void saveAccount(SamlSession account) {
- HttpSession session = request.getSession(true);
- session.setAttribute(SamlSession.class.getName(), account);
- if (idMapper != null) idMapper.map(account.getSessionIndex(), account.getPrincipal().getSamlSubject(), session.getId());
- }
-
- @Override
- public SamlSession getAccount() {
- HttpSession session = request.getSession(false);
- if (session == null) return null;
- return (SamlSession)session.getAttribute(SamlSession.class.getName());
- }
-
- @Override
- public String getRedirectUri() {
- HttpSession session = request.getSession(false);
- if (session == null) return null;
- String redirect = (String)session.getAttribute(REDIRECT_URI);
- if (redirect == null) {
- String contextPath = request.getContextPath();
- String baseUri = KeycloakUriBuilder.fromUri(request.getRequestURL().toString()).replacePath(contextPath).build().toString();
- return SamlUtil.getRedirectTo(facade, contextPath, baseUri);
- }
- return redirect;
- }
-
-}
diff --git a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java b/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java
deleted file mode 100755
index 093f203d531..00000000000
--- a/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java
+++ /dev/null
@@ -1,220 +0,0 @@
-/*
- * Copyright 2016 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.adapters.saml.servlet;
-
-import org.keycloak.adapters.saml.DefaultSamlDeployment;
-import org.keycloak.adapters.saml.SamlAuthenticator;
-import org.keycloak.adapters.saml.SamlConfigResolver;
-import org.keycloak.adapters.saml.SamlDeployment;
-import org.keycloak.adapters.saml.SamlDeploymentContext;
-import org.keycloak.adapters.saml.SamlSession;
-import org.keycloak.adapters.saml.SamlSessionStore;
-import org.keycloak.adapters.saml.config.parsers.DeploymentBuilder;
-import org.keycloak.adapters.saml.config.parsers.ResourceLoader;
-import org.keycloak.adapters.saml.profile.SamlAuthenticationHandler;
-import org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler;
-import org.keycloak.adapters.saml.profile.webbrowsersso.SamlEndpoint;
-import org.keycloak.adapters.servlet.ServletHttpFacade;
-import org.keycloak.adapters.spi.AuthChallenge;
-import org.keycloak.adapters.spi.AuthOutcome;
-import org.keycloak.adapters.spi.HttpFacade;
-import org.keycloak.adapters.spi.InMemorySessionIdMapper;
-import org.keycloak.adapters.spi.SessionIdMapper;
-import org.keycloak.saml.common.exceptions.ParsingException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-import java.util.regex.Pattern;
-
-/**
- * @author Bill Burke
- * @version $Revision: 1 $
- */
-public class SamlFilter implements Filter {
- protected SamlDeploymentContext deploymentContext;
- protected SessionIdMapper idMapper;
- private final static Logger log = Logger.getLogger("" + SamlFilter.class);
- private static final Pattern PROTOCOL_PATTERN = Pattern.compile("^[a-zA-Z][a-zA-Z0-9+.-]*:");
-
- @Override
- public void init(final FilterConfig filterConfig) throws ServletException {
- deploymentContext = (SamlDeploymentContext)filterConfig.getServletContext().getAttribute(SamlDeploymentContext.class.getName());
- if (deploymentContext != null) {
- idMapper = (SessionIdMapper)filterConfig.getServletContext().getAttribute(SessionIdMapper.class.getName());
- return;
- }
- String configResolverClass = filterConfig.getInitParameter("keycloak.config.resolver");
- if (configResolverClass != null) {
- try {
- SamlConfigResolver configResolver = (SamlConfigResolver) getClass().getClassLoader().loadClass(configResolverClass).newInstance();
- deploymentContext = new SamlDeploymentContext(configResolver);
- log.log(Level.INFO, "Using {0} to resolve Keycloak configuration on a per-request basis.", configResolverClass);
- } catch (Exception ex) {
- log.log(Level.WARNING, "The specified resolver {0} could NOT be loaded. Keycloak is unconfigured and will deny all requests. Reason: {1}", new Object[] { configResolverClass, ex.getMessage() });
- deploymentContext = new SamlDeploymentContext(new DefaultSamlDeployment());
- }
- } else {
- String fp = filterConfig.getInitParameter("keycloak.config.file");
- InputStream is = null;
- if (fp != null) {
- try {
- is = new FileInputStream(fp);
- } catch (FileNotFoundException e) {
- throw new RuntimeException(e);
- }
- } else {
- String path = "/WEB-INF/keycloak-saml.xml";
- String pathParam = filterConfig.getInitParameter("keycloak.config.path");
- if (pathParam != null)
- path = pathParam;
- is = filterConfig.getServletContext().getResourceAsStream(path);
- }
- final SamlDeployment deployment;
- if (is == null) {
- log.info("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
- deployment = new DefaultSamlDeployment();
- } else {
- try {
- ResourceLoader loader = new ResourceLoader() {
- @Override
- public InputStream getResourceAsStream(String resource) {
- return filterConfig.getServletContext().getResourceAsStream(resource);
- }
- };
- deployment = new DeploymentBuilder().build(is, loader);
- } catch (ParsingException e) {
- throw new RuntimeException(e);
- }
- }
- deploymentContext = new SamlDeploymentContext(deployment);
- log.fine("Keycloak is using a per-deployment configuration.");
- }
- idMapper = new InMemorySessionIdMapper();
- filterConfig.getServletContext().setAttribute(SamlDeploymentContext.class.getName(), deploymentContext);
- filterConfig.getServletContext().setAttribute(SessionIdMapper.class.getName(), idMapper);
-
- }
-
- @Override
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) res;
- ServletHttpFacade facade = new ServletHttpFacade(request, response);
- SamlDeployment deployment = deploymentContext.resolveDeployment(facade);
- if (deployment == null || !deployment.isConfigured()) {
- response.sendError(403);
- log.fine("deployment not configured");
- return;
- }
- FilterSamlSessionStore tokenStore = new FilterSamlSessionStore(request, facade, 100000, idMapper, deployment);
- boolean isEndpoint = request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml");
- SamlAuthenticator authenticator;
- if (isEndpoint) {
- authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
- @Override
- protected void completeAuthentication(SamlSession account) {
-
- }
-
- @Override
- protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
- return new SamlEndpoint(facade, deployment, sessionStore);
- }
- };
-
- } else {
- authenticator = new SamlAuthenticator(facade, deployment, tokenStore) {
- @Override
- protected void completeAuthentication(SamlSession account) {
-
- }
-
- @Override
- protected SamlAuthenticationHandler createBrowserHandler(HttpFacade facade, SamlDeployment deployment, SamlSessionStore sessionStore) {
- return new BrowserHandler(facade, deployment, sessionStore);
- }
- };
- }
- AuthOutcome outcome = authenticator.authenticate();
- if (outcome == AuthOutcome.AUTHENTICATED) {
- log.fine("AUTHENTICATED");
- if (facade.isEnded()) {
- return;
- }
- HttpServletRequestWrapper wrapper = tokenStore.getWrap();
- chain.doFilter(wrapper, res);
- return;
- }
- if (outcome == AuthOutcome.LOGGED_OUT) {
- tokenStore.logoutAccount();
- String logoutPage = deployment.getLogoutPage();
- if (logoutPage != null) {
- if (PROTOCOL_PATTERN.matcher(logoutPage).find()) {
- response.sendRedirect(logoutPage);
- log.log(Level.FINE, "Redirected to logout page {0}", logoutPage);
- } else {
- RequestDispatcher disp = req.getRequestDispatcher(logoutPage);
- disp.forward(req, res);
- }
- return;
- }
- chain.doFilter(req, res);
- return;
- }
-
- AuthChallenge challenge = authenticator.getChallenge();
- if (challenge != null) {
- log.fine("challenge");
- challenge.challenge(facade);
- return;
- }
-
- if (deployment.isIsPassive() && outcome == AuthOutcome.NOT_AUTHENTICATED) {
- log.fine("PASSIVE_NOT_AUTHENTICATED");
- if (facade.isEnded()) {
- return;
- }
- chain.doFilter(req, res);
- return;
- }
-
- if (!facade.isEnded()) {
- response.sendError(403);
- }
-
- }
-
- @Override
- public void destroy() {
-
- }
-}
diff --git a/docs/documentation/securing_apps/topics/overview/getting-started.adoc b/docs/documentation/securing_apps/topics/overview/getting-started.adoc
index 2c5cc14cf2f..3e2a0e5d82d 100644
--- a/docs/documentation/securing_apps/topics/overview/getting-started.adoc
+++ b/docs/documentation/securing_apps/topics/overview/getting-started.adoc
@@ -14,7 +14,6 @@ ifeval::[{project_community}==true]
* {quickstartRepo_link}/tree/latest/jakarta/servlet-authz-client[Wildfly Elytron OIDC]
* {quickstartRepo_link}/tree/latest/spring/rest-authz-resource-server[Spring Boot]
* <<_jboss_adapter, {project_name} Wildfly Adapter>> (Deprecated)
-* <<_servlet_filter_adapter,{project_name} Servlet Filter>> (Deprecated)
endif::[]
===== JavaScript (client-side)
@@ -49,9 +48,6 @@ endif::[]
ifeval::[{project_community}==true]
* <<_saml_jboss_adapter,WildFly>>
endif::[]
-ifeval::[{project_community}==true]
-* <<_java-servlet-filter-adapter,Servlet filter>>
-endif::[]
ifeval::[{project_community}==true]
===== Apache HTTP Server
diff --git a/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc b/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc
index 1dbd8897d65..b61c3700983 100644
--- a/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc
+++ b/docs/documentation/securing_apps/topics/saml/java/java-adapters.adoc
@@ -25,7 +25,6 @@ include::jboss-adapter/securing_wars.adoc[]
ifeval::[{project_community}==true]
endif::[]
-include::servlet-filter-adapter.adoc[]
include::idp-registration.adoc[]
include::logout.adoc[]
include::assertion-api.adoc[]
diff --git a/docs/documentation/securing_apps/topics/saml/java/servlet-filter-adapter.adoc b/docs/documentation/securing_apps/topics/saml/java/servlet-filter-adapter.adoc
deleted file mode 100644
index f78252954ce..00000000000
--- a/docs/documentation/securing_apps/topics/saml/java/servlet-filter-adapter.adoc
+++ /dev/null
@@ -1,71 +0,0 @@
-[[_java-servlet-filter-adapter]]
-==== Java Servlet filter adapter
-
-If you want to use SAML with a Java servlet application that doesn't have an adapter for that servlet platform, you can
-opt to use the servlet filter adapter that {project_name} has.
-This adapter works a little differently than the other adapters.
-You still have to specify a `/WEB-INF/keycloak-saml.xml` file as defined in
-the <<_saml-general-config,General Adapter Config>> section, but
-you do not define security constraints in _web.xml_.
-Instead you define a filter mapping using the {project_name} servlet filter adapter to secure the url patterns you want to secure.
-
-NOTE: Backchannel logout works a bit differently than the standard adapters.
- Instead of invalidating the http session it instead marks the session ID as logged out.
- There's just no way of arbitrarily invalidating an HTTP session based on a session ID.
-
-WARNING: Backchannel logout does not currently work when you have a clustered application that uses the SAML filter.
-
-[source,xml]
-----
-
-
- customer-portal
-
-
- Keycloak Filter
- org.keycloak.adapters.saml.servlet.SamlFilter
-
-
- Keycloak Filter
- /*
-
-
-----
-
-The {project_name} filter has the same configuration parameters available as the other adapters except you must
-define them as filter init params instead of context params.
-
-You can define multiple filter mappings if you have various different secure and unsecure url patterns.
-
-WARNING: You must have a filter mapping that covers `/saml`.
- This mapping covers all server callbacks.
-
-When registering SPs with an IdP, you must register `http[s]://hostname/{context-root}/saml` as your Assert Consumer Service URL and Single Logout Service URL.
-
-To use this filter, include this maven artifact in your WAR poms:
-
-[source,xml,subs="attributes+"]
-----
-
- org.keycloak
- keycloak-saml-servlet-filter-adapter
- {project_versionMvn}
-
-----
-
-In order to use <<_saml_multi_tenancy,Multi Tenancy>> the `keycloak.config.resolver` parameter should be passed as a filter parameter.
-
-[source,xml]
-----
-
- Keycloak Filter
- org.keycloak.adapters.saml.servlet.SamlFilter
-
- keycloak.config.resolver
- example.SamlMultiTenantResolver
-
-
-----
diff --git a/pom.xml b/pom.xml
index d7393e4c975..d996e7cc422 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1084,11 +1084,6 @@
keycloak-js-adapter-jar
${project.version}
-
- org.keycloak
- keycloak-saml-servlet-filter-adapter
- ${project.version}
-
org.keycloak
keycloak-saml-jakarta-servlet-filter-adapter
diff --git a/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml b/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml
index 1e1cfb5b954..95b09c06fae 100644
--- a/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml
+++ b/testsuite/integration-arquillian/servers/app-server/jetty/common/pom.xml
@@ -29,10 +29,6 @@
integration-arquillian-servers-app-server-jetty-common
-
- org.keycloak
- keycloak-saml-servlet-filter-adapter
-
org.keycloak.testsuite
integration-arquillian-servers-app-server-spi
diff --git a/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml b/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml
index 1f708815e3f..99878ebffff 100644
--- a/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml
+++ b/testsuite/integration-arquillian/servers/app-server/undertow/pom.xml
@@ -38,10 +38,6 @@
keycloak-saml-undertow-adapter-jakarta
${project.version}
-
- org.keycloak
- keycloak-saml-servlet-filter-adapter
-
org.keycloak.testsuite
integration-arquillian-servers-app-server-spi
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterJakartaLoginResponseHandlingTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterJakartaLoginResponseHandlingTest.java
deleted file mode 100644
index 3d393964adf..00000000000
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterJakartaLoginResponseHandlingTest.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright 2023 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.testsuite.adapter.servlet;
-
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-import org.keycloak.testsuite.utils.annotation.UseServletFilter;
-import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
-
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP8)
-@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter",
- filterDependency = "org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter")
-public class SAMLFilterJakartaLoginResponseHandlingTest extends SAMLFilterLoginResponseHandlingTest {
-}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterLoginResponseHandlingTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterLoginResponseHandlingTest.java
deleted file mode 100644
index f3450f5ddb2..00000000000
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterLoginResponseHandlingTest.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package org.keycloak.testsuite.adapter.servlet;
-
-import org.junit.Ignore;
-import org.junit.Test;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-import org.keycloak.testsuite.utils.annotation.UseServletFilter;
-import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
-
-/**
- * @author mhajas
- */
-@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
-@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
-@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter",
- filterDependency = "org.keycloak:keycloak-saml-servlet-filter-adapter")
-public class SAMLFilterLoginResponseHandlingTest extends SAMLLoginResponseHandlingTest {
- @Test
- @Override
- @Ignore
- public void testErrorHandlingUnsigned() {
-
- }
-
- @Test
- @Override
- @Ignore
- public void testErrorHandlingSigned() {
-
- }
-}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java
deleted file mode 100644
index b354073f9b3..00000000000
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletAdapterTest.java
+++ /dev/null
@@ -1,130 +0,0 @@
-package org.keycloak.testsuite.adapter.servlet;
-
-import org.junit.After;
-import org.junit.Assume;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-import org.keycloak.testsuite.util.ContainerAssume;
-import org.keycloak.testsuite.utils.annotation.UseServletFilter;
-import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
-
-/**
- * @author mhajas
- */
-@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
-@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
-@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter",
- filterDependency = "org.keycloak:keycloak-saml-servlet-filter-adapter")
-public class SAMLFilterServletAdapterTest extends SAMLServletAdapterTest {
-
- @BeforeClass
- public static void enabled() {
- String appServerJavaHome = System.getProperty("app.server.java.home", "");
- Assume.assumeFalse(appServerJavaHome.contains("1.7") || appServerJavaHome.contains("ibm-java-70"));
-
- // SAMLServletAdapterTest has too many deployments, with so many deployments (with filter dependency in each
- // of them) it is impossible to reload container after TLS is enabled, GC time limit exceeds
- ContainerAssume.assumeNotAppServerSSL();
- }
-
- @Before
- public void checkRoles() {
- badClientSalesPostSigServletPage.checkRoles(true);
- badRealmSalesPostSigServletPage.checkRoles(true);
- employeeAcsServletPage.checkRoles(true);
- employeeSigServletPage.checkRoles(true);
- employeeSigFrontServletPage.checkRoles(true);
- salesMetadataServletPage.checkRoles(true);
- salesPostServletPage.checkRoles(true);
- salesPostEncServletPage.checkRoles(true);
- salesPostEncSignAssertionsOnlyServletPage.checkRoles(true);
- salesPostSigServletPage.checkRoles(true);
- salesPostPassiveServletPage.checkRoles(true);
- salesPostSigPersistentServletPage.checkRoles(true);
- salesPostSigTransientServletPage.checkRoles(true);
- salesPostAssertionAndResponseSigPage.checkRoles(true);
- employeeSigPostNoIdpKeyServletPage.checkRoles(true);
- employeeSigRedirNoIdpKeyServletPage.checkRoles(true);
- employeeSigRedirOptNoIdpKeyServletPage.checkRoles(true);
- employeeRoleMappingPage.setupLoginInfo(testRealmSAMLPostLoginPage, bburkeUser);
-
- //using endpoint instead of query param because we are not able to put query param to IDP initiated login
- employee2ServletPage.navigateTo();
- testRealmLoginPage.form().login(bburkeUser);
- employee2ServletPage.checkRolesEndPoint(true);
- employee2ServletPage.logout();
-
- salesPostSigEmailServletPage.navigateTo();
- testRealmLoginPage.form().login(bburkeUser);
- salesPostSigEmailServletPage.checkRolesEndPoint(true);
- salesPostSigEmailServletPage.logout();
- }
-
- @After
- public void uncheckRoles() {
- badClientSalesPostSigServletPage.checkRoles(false);
- badRealmSalesPostSigServletPage.checkRoles(false);
- employeeAcsServletPage.checkRoles(false);
- employee2ServletPage.checkRoles(false);
- employeeSigServletPage.checkRoles(false);
- employeeSigFrontServletPage.checkRoles(false);
- salesMetadataServletPage.checkRoles(false);
- salesPostServletPage.checkRoles(false);
- salesPostEncServletPage.checkRoles(false);
- salesPostEncSignAssertionsOnlyServletPage.checkRoles(false);
- salesPostSigServletPage.checkRoles(false);
- salesPostPassiveServletPage.checkRoles(false);
- salesPostSigEmailServletPage.checkRoles(false);
- salesPostSigPersistentServletPage.checkRoles(false);
- salesPostSigTransientServletPage.checkRoles(false);
- employeeSigPostNoIdpKeyServletPage.checkRoles(false);
- employeeSigRedirNoIdpKeyServletPage.checkRoles(false);
- employeeSigRedirOptNoIdpKeyServletPage.checkRoles(false);
- employeeRoleMappingPage.clearLoginInfo();
- }
-
- @Test
- @Override
- @Ignore
- public void testSavedPostRequest() {
-
- }
-
- @Test
- @Override
- @Ignore
- public void multiTenant1SamlTest() throws Exception {
-
- }
-
- @Test
- @Override
- @Ignore
- public void multiTenant2SamlTest() throws Exception {
-
- }
-
- /**
- * Tests that the adapter is using the configured role mappings provider to map the roles extracted from the assertion
- * into roles that exist in the application domain. For this test a {@link org.keycloak.adapters.saml.PropertiesBasedRoleMapper}
- * has been setup in the adapter, performing the mappings as specified in the {@code role-mappings.properties} file.
- *
- * @throws Exception if an error occurs while running the test.
- */
- @Test
- @Override
- public void testAdapterRoleMappings() throws Exception {
- try {
- employeeRoleMappingPage.setRolesToCheck("manager,coordinator,team-lead,employee");
- super.testAdapterRoleMappings();
- } finally {
- employeeRoleMappingPage.checkRolesEndPoint(false);
- }
- }
-}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaAdapterTest.java
deleted file mode 100644
index ad08ebb03b7..00000000000
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaAdapterTest.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright 2023 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.testsuite.adapter.servlet;
-
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-import org.keycloak.testsuite.utils.annotation.UseServletFilter;
-import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
-
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP8)
-@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter",
- filterDependency = "org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter")
-public class SAMLFilterServletJakartaAdapterTest extends SAMLFilterServletAdapterTest {
-}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaSessionTimeoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaSessionTimeoutTest.java
deleted file mode 100644
index 9218d140e41..00000000000
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletJakartaSessionTimeoutTest.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright 2023 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.testsuite.adapter.servlet;
-
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-import org.keycloak.testsuite.utils.annotation.UseServletFilter;
-import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
-
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP8)
-@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter",
- filterDependency = "org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter")
-public class SAMLFilterServletJakartaSessionTimeoutTest extends SAMLFilterServletSessionTimeoutTest {
-}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletSessionTimeoutTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletSessionTimeoutTest.java
deleted file mode 100644
index c833003cc5d..00000000000
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLFilterServletSessionTimeoutTest.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package org.keycloak.testsuite.adapter.servlet;
-
-import org.junit.Assume;
-import org.junit.BeforeClass;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
-import org.keycloak.testsuite.utils.annotation.UseServletFilter;
-import org.keycloak.testsuite.utils.arquillian.ContainerConstants;
-
-/**
- * @author mhajas
- */
-@AppServerContainer(ContainerConstants.APP_SERVER_UNDERTOW)
-@AppServerContainer(ContainerConstants.APP_SERVER_WILDFLY)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP6)
-@AppServerContainer(ContainerConstants.APP_SERVER_EAP71)
-@UseServletFilter(filterName = "saml-filter", filterClass = "org.keycloak.adapters.saml.servlet.SamlFilter",
- filterDependency = "org.keycloak:keycloak-saml-servlet-filter-adapter")
-public class SAMLFilterServletSessionTimeoutTest extends SAMLServletSessionTimeoutTest {
-
- @BeforeClass
- public static void enabled() {
- String appServerJavaHome = System.getProperty("app.server.java.home", "");
- Assume.assumeFalse(appServerJavaHome.contains("1.7") || appServerJavaHome.contains("ibm-java-70"));
- }
-}
diff --git a/testsuite/utils/pom.xml b/testsuite/utils/pom.xml
index 37ef77282f2..b0dcc404eee 100755
--- a/testsuite/utils/pom.xml
+++ b/testsuite/utils/pom.xml
@@ -186,10 +186,6 @@
org.keycloak
keycloak-authz-client
-
- org.keycloak
- keycloak-saml-servlet-filter-adapter
-
org.keycloak
keycloak-servlet-filter-adapter