diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
index b46b13f5c35..6eeed647442 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/app.js
@@ -476,8 +476,8 @@ module.config([ '$routeProvider', function($routeProvider) {
},
controller : 'ApplicationClusteringNodeCtrl'
})
- .when('/realms/:realm/applications/:application/certificate', {
- templateUrl : 'partials/application-keys.html',
+ .when('/realms/:realm/applications/:application/saml/keys', {
+ templateUrl : 'partials/application-saml-keys.html',
resolve : {
realm : function(RealmLoader) {
return RealmLoader();
@@ -486,7 +486,31 @@ module.config([ '$routeProvider', function($routeProvider) {
return ApplicationLoader();
}
},
- controller : 'ApplicationCertificateCtrl'
+ controller : 'ApplicationSamlKeyCtrl'
+ })
+ .when('/realms/:realm/applications/:application/saml/:keyType/import/:attribute', {
+ templateUrl : 'partials/application-saml-key-import.html',
+ resolve : {
+ realm : function(RealmLoader) {
+ return RealmLoader();
+ },
+ application : function(ApplicationLoader) {
+ return ApplicationLoader();
+ }
+ },
+ controller : 'ApplicationCertificateImportCtrl'
+ })
+ .when('/realms/:realm/applications/:application/saml/:keyType/export/:attribute', {
+ templateUrl : 'partials/application-saml-key-export.html',
+ resolve : {
+ realm : function(RealmLoader) {
+ return RealmLoader();
+ },
+ application : function(ApplicationLoader) {
+ return ApplicationLoader();
+ }
+ },
+ controller : 'ApplicationCertificateExportCtrl'
})
.when('/realms/:realm/applications/:application/roles', {
templateUrl : 'partials/application-role-list.html',
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/applications.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/applications.js
index e1efcba1470..9e9758a55b7 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/applications.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/applications.js
@@ -43,6 +43,193 @@ module.controller('ApplicationCredentialsCtrl', function($scope, $location, real
});
});
+module.controller('ApplicationSamlKeyCtrl', function($scope, $location, $http, $upload, realm, application,
+ ApplicationCertificate, ApplicationCertificateGenerate,
+ ApplicationCertificateDownload, Notifications) {
+ $scope.realm = realm;
+ $scope.application = application;
+
+ var signingKeyInfo = ApplicationCertificate.get({ realm : realm.realm, application : application.id, attribute: 'saml.signing' },
+ function() {
+ $scope.signingKeyInfo = signingKeyInfo;
+ }
+ );
+
+ $scope.generateSigningKey = function() {
+ var keyInfo = ApplicationCertificateGenerate.generate({ realm : realm.realm, application : application.id, attribute: 'saml.signing' },
+ function() {
+ Notifications.success('Signing key has been regenerated.');
+ $scope.signingKeyInfo = keyInfo;
+ },
+ function() {
+ Notifications.error("Signing key was not regenerated.");
+ }
+ );
+ };
+
+ $scope.importSigningKey = function() {
+ $location.url("/realms/" + realm.realm + "/applications/" + application.id + "/saml/Signing/import/saml.signing");
+ };
+
+ $scope.exportSigningKey = function() {
+ $location.url("/realms/" + realm.realm + "/applications/" + application.id + "/saml/Signing/export/saml.signing");
+ };
+
+ var encryptionKeyInfo = ApplicationCertificate.get({ realm : realm.realm, application : application.id, attribute: 'saml.encryption' },
+ function() {
+ $scope.encryptionKeyInfo = encryptionKeyInfo;
+ }
+ );
+
+ $scope.generateEncryptionKey = function() {
+ var keyInfo = ApplicationCertificateGenerate.generate({ realm : realm.realm, application : application.id, attribute: 'saml.encryption' },
+ function() {
+ Notifications.success('Encryption key has been regenerated.');
+ $scope.encryptionKeyInfo = keyInfo;
+ },
+ function() {
+ Notifications.error("Encryption key was not regenerated.");
+ }
+ );
+ };
+
+ $scope.importEncryptionKey = function() {
+ $location.url("/realms/" + realm.realm + "/applications/" + application.id + "/saml/Encryption/import/saml.encryption");
+ };
+
+ $scope.exportEncryptionKey = function() {
+ $location.url("/realms/" + realm.realm + "/applications/" + application.id + "/saml/Encryption/export/saml.encryption");
+ };
+
+
+ $scope.$watch(function() {
+ return $location.path();
+ }, function() {
+ $scope.path = $location.path().substring(1).split("/");
+ });
+});
+
+module.controller('ApplicationCertificateImportCtrl', function($scope, $location, $http, $upload, realm, application, $routeParams,
+ ApplicationCertificate, ApplicationCertificateGenerate,
+ ApplicationCertificateDownload, Notifications) {
+
+ var keyType = $routeParams.keyType;
+ var attribute = $routeParams.attribute;
+ $scope.realm = realm;
+ $scope.application = application;
+ $scope.keyType = keyType;
+
+ $scope.files = [];
+
+ $scope.onFileSelect = function($files) {
+ $scope.files = $files;
+ };
+
+ $scope.clearFileSelect = function() {
+ $scope.files = null;
+ }
+
+ $scope.keyFormats = [
+ "JKS",
+ "PKCS12"
+ ];
+
+ $scope.uploadKeyFormat = $scope.keyFormats[0];
+
+ $scope.uploadFile = function() {
+ //$files: an array of files selected, each file has name, size, and type.
+ for (var i = 0; i < $scope.files.length; i++) {
+ var $file = $scope.files[i];
+ $scope.upload = $upload.upload({
+ url: authUrl + '/admin/realms/' + realm.realm + '/applications-by-id/' + application.id + '/certificates/' + attribute + '/upload',
+ // method: POST or PUT,
+ // headers: {'headerKey': 'headerValue'}, withCredential: true,
+ data: {keystoreFormat: $scope.uploadKeyFormat,
+ keyAlias: $scope.uploadKeyAlias,
+ keyPassword: $scope.uploadKeyPassword,
+ storePassword: $scope.uploadStorePassword
+ },
+ file: $file
+ /* set file formData name for 'Content-Desposition' header. Default: 'file' */
+ //fileFormDataName: myFile,
+ /* customize how data is added to formData. See #40#issuecomment-28612000 for example */
+ //formDataAppender: function(formData, key, val){}
+ }).progress(function(evt) {
+ console.log('percent: ' + parseInt(100.0 * evt.loaded / evt.total));
+ }).success(function(data, status, headers) {
+ Notifications.success("Keystore uploaded successfully.");
+ $location.url("/realms/" + realm.realm + "/applications/" + application.id + "/saml/keys");
+ })
+ .error(function() {
+ Notifications.error("The key store can not be uploaded. Please verify the file.");
+
+ });
+ //.then(success, error, progress);
+ }
+ };
+
+ $scope.$watch(function() {
+ return $location.path();
+ }, function() {
+ $scope.path = $location.path().substring(1).split("/");
+ });
+});
+
+module.controller('ApplicationCertificateExportCtrl', function($scope, $location, $http, $upload, realm, application, $routeParams,
+ ApplicationCertificate, ApplicationCertificateGenerate,
+ ApplicationCertificateDownload, Notifications) {
+ var keyType = $routeParams.keyType;
+ var attribute = $routeParams.attribute;
+ $scope.realm = realm;
+ $scope.application = application;
+ $scope.keyType = keyType;
+ var jks = {
+ keyAlias: application.name,
+ realmAlias: realm.realm
+ };
+
+ $scope.keyFormats = [
+ "JKS",
+ "PKCS12"
+ ];
+
+ var keyInfo = ApplicationCertificate.get({ realm : realm.realm, application : application.id, attribute: attribute },
+ function() {
+ $scope.keyInfo = keyInfo;
+ }
+ );
+ $scope.jks = jks;
+ $scope.jks.format = $scope.keyFormats[0];
+
+ $scope.download = function() {
+ $http({
+ url: authUrl + '/admin/realms/' + realm.realm + '/applications-by-id/' + application.id + '/certificates/' + attribute + '/download',
+ method: 'POST',
+ responseType: 'arraybuffer',
+ data: $scope.jks,
+ headers: {
+ 'Content-Type': 'application/json',
+ 'Accept': 'application/octet-stream'
+ }
+ }).success(function(data){
+ var blob = new Blob([data], {
+ type: 'application/octet-stream'
+ });
+ var ext = ".jks";
+ if ($scope.jks.format == 'PKCS12') ext = ".p12";
+ saveAs(blob, 'keystore' + ext);
+ }).error(function(){
+ Notifications.error("Error downloading.");
+ });
+ }
+
+ $scope.$watch(function() {
+ return $location.path();
+ }, function() {
+ $scope.path = $location.path().substring(1).split("/");
+ });
+});
+
module.controller('ApplicationCertificateCtrl', function($scope, $location, $http, $upload, realm, application,
ApplicationCertificate, ApplicationCertificateGenerate,
ApplicationCertificateDownload, Notifications) {
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
index ee4d635ccf9..d47e3abbce4 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/services.js
@@ -708,16 +708,18 @@ module.factory('ApplicationTestNodesAvailable', function($resource) {
});
module.factory('ApplicationCertificate', function($resource) {
- return $resource(authUrl + '/admin/realms/:realm/applications-by-id/:application/certificates', {
+ return $resource(authUrl + '/admin/realms/:realm/applications-by-id/:application/certificates/:attribute', {
realm : '@realm',
- application : "@application"
+ application : "@application",
+ attribute: "@attribute"
});
});
module.factory('ApplicationCertificateGenerate', function($resource) {
- return $resource(authUrl + '/admin/realms/:realm/applications-by-id/:application/certificates/generate', {
+ return $resource(authUrl + '/admin/realms/:realm/applications-by-id/:application/certificates/:attribute/generate', {
realm : '@realm',
- application : "@application"
+ application : "@application",
+ attribute: "@attribute"
},
{
generate : {
@@ -727,9 +729,10 @@ module.factory('ApplicationCertificateGenerate', function($resource) {
});
module.factory('ApplicationCertificateDownload', function($resource) {
- return $resource(authUrl + '/admin/realms/:realm/applications-by-id/:application/certificates/download', {
+ return $resource(authUrl + '/admin/realms/:realm/applications-by-id/:application/certificates/:attribute/download', {
realm : '@realm',
- application : "@application"
+ application : "@application",
+ attribute: "@attribute"
},
{
download : {
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-key-export.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-key-export.html
new file mode 100755
index 00000000000..692080a70f5
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-key-export.html
@@ -0,0 +1,62 @@
+
+
+
+
+
+ Applications
+ {{application.name}}
+ SAML Keys
+ SAML {{keyType}} Key Export
+
+
{{application.name}} SAML {{keyType}} Key Export
+
+
+
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-key-import.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-key-import.html
new file mode 100755
index 00000000000..e72583ea8bb
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-key-import.html
@@ -0,0 +1,59 @@
+
+
+
+
+
+ Applications
+ {{application.name}}
+ SAML Keys
+ SAML {{keyType}} Key Import
+
+
{{application.name}} SAML {{keyType}} Key Import
+
+
+
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-keys.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-keys.html
new file mode 100755
index 00000000000..f871bb9c4a2
--- /dev/null
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-saml-keys.html
@@ -0,0 +1,66 @@
+
+
+
+
+
+ Applications
+ {{application.name}}
+ SAML Keys
+
+
{{application.name}} SAML Keys
+
+
+
\ No newline at end of file
diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/templates/kc-navigation-application.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/templates/kc-navigation-application.html
index 8e3a96305a9..02343270d4d 100755
--- a/forms/common-themes/src/main/resources/theme/admin/base/resources/templates/kc-navigation-application.html
+++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/templates/kc-navigation-application.html
@@ -1,7 +1,7 @@
Settings
Credentials
- Application Keys
+ SAML Keys
Roles
Claims
Scope
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
index 8b40abb5678..e2adebe70d8 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
@@ -89,8 +89,8 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
if (json == null) {
return null;
}
- log.info("**** using " + AdapterConstants.AUTH_DATA_PARAM_NAME);
- log.info(json);
+ log.debug("**** using " + AdapterConstants.AUTH_DATA_PARAM_NAME);
+ log.debug(json);
return new ByteArrayInputStream(json.getBytes());
}
@@ -99,7 +99,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
if (is == null) {
String path = context.getServletContext().getInitParameter("keycloak.config.file");
if (path == null) {
- log.info("**** using /WEB-INF/keycloak.json");
+ log.debug("**** using /WEB-INF/keycloak.json");
is = context.getServletContext().getResourceAsStream("/WEB-INF/keycloak.json");
} else {
try {
@@ -161,7 +161,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
- log.info("*** deployment isn't configured return false");
+ log.debug("*** deployment isn't configured return false");
return false;
}
diff --git a/integration/tomcat7/adapter/pom.xml b/integration/tomcat7/adapter/pom.xml
index f60daa3ba44..5f27a92420d 100755
--- a/integration/tomcat7/adapter/pom.xml
+++ b/integration/tomcat7/adapter/pom.xml
@@ -14,6 +14,12 @@
+
+ org.jboss.logging
+ jboss-logging
+ ${jboss.logging.version}
+ provided
+
org.keycloak
keycloak-core
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
index c7ea65eab2c..aae9b29351d 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/AuthenticatedActionsValve.java
@@ -5,6 +5,7 @@ import org.apache.catalina.Valve;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
+import org.jboss.logging.Logger;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.AuthenticatedActionsHandler;
import org.keycloak.adapters.KeycloakDeployment;
@@ -12,7 +13,6 @@ import org.keycloak.adapters.KeycloakDeployment;
import javax.management.ObjectName;
import javax.servlet.ServletException;
import java.io.IOException;
-import java.util.logging.Logger;
/**
* Pre-installed actions that must be authenticated
@@ -22,16 +22,16 @@ import java.util.logging.Logger;
* CORS Origin Check and Response headers
* k_query_bearer_token: Get bearer token from server for Javascripts CORS requests
*
- * @author Davide Ungari
+ * @author Bill Burke
* @version $Revision: 1 $
*/
public class AuthenticatedActionsValve extends ValveBase {
- private static final Logger log = Logger.getLogger(""+AuthenticatedActionsValve.class);
+ private static final Logger log = Logger.getLogger(AuthenticatedActionsValve.class);
protected AdapterDeploymentContext deploymentContext;
- public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container, ObjectName controller) {
+ public AuthenticatedActionsValve(AdapterDeploymentContext deploymentContext, Valve next, Container container) {
this.deploymentContext = deploymentContext;
- if (next == null) throw new RuntimeException("WTF is next null?!");
+ if (next == null) throw new RuntimeException("Next valve is null!!!");
setNext(next);
setContainer(container);
}
@@ -39,7 +39,7 @@ public class AuthenticatedActionsValve extends ValveBase {
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
- log.finer("AuthenticatedActionsValve.invoke" + request.getRequestURI());
+ log.debugv("AuthenticatedActionsValve.invoke {0}", request.getRequestURI());
CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment != null && deployment.isConfigured()) {
@@ -51,6 +51,4 @@ public class AuthenticatedActionsValve extends ValveBase {
}
getNext().invoke(request, response);
}
-
-
-}
\ No newline at end of file
+}
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
index 8516b1ad8b7..4abe5d125ae 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaRequestAuthenticator.java
@@ -4,6 +4,7 @@ import org.apache.catalina.Session;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
+import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.KeycloakDeployment;
@@ -16,17 +17,15 @@ import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;
-import java.util.logging.Level;
-import java.util.logging.Logger;
import javax.servlet.http.HttpSession;
/**
- * @author Davide Ungari
+ * @author Bill Burke
* @version $Revision: 1 $
*/
public class CatalinaRequestAuthenticator extends RequestAuthenticator {
- private static final Logger log = Logger.getLogger(""+CatalinaRequestAuthenticator.class);
+ private static final Logger log = Logger.getLogger(CatalinaRequestAuthenticator.class);
protected KeycloakAuthenticatorValve valve;
protected CatalinaUserSessionManagement userSessionManagement;
protected Request request;
@@ -59,14 +58,14 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
protected void completeOAuthAuthentication(KeycloakPrincipal skp) {
RefreshableKeycloakSecurityContext securityContext = skp.getKeycloakSecurityContext();
request.setAttribute(KeycloakSecurityContext.class.getName(), securityContext);
- Set roles = getRolesFromToken(securityContext);
+ Set roles = getRolesFromToken(securityContext);
GenericPrincipal principal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), skp, roles, securityContext);
Session session = request.getSessionInternal(true);
session.setPrincipal(principal);
session.setAuthType("OAUTH");
session.setNote(KeycloakSecurityContext.class.getName(), securityContext);
String username = securityContext.getToken().getSubject();
- log.finer("userSessionManagement.login: " + username);
+ log.debug("userSessionManage.login: " + username);
userSessionManagement.login(session);
}
@@ -74,8 +73,8 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
protected void completeBearerAuthentication(KeycloakPrincipal principal) {
RefreshableKeycloakSecurityContext securityContext = principal.getKeycloakSecurityContext();
Set roles = getRolesFromToken(securityContext);
- if (log.isLoggable(Level.FINE)) {
- log.fine("Completing bearer authentication. Bearer roles: " + roles);
+ if (log.isDebugEnabled()) {
+ log.debug("Completing bearer authentication. Bearer roles: " + roles);
}
Principal generalPrincipal = new CatalinaSecurityContextHelper().createPrincipal(request.getContext().getRealm(), principal, roles, securityContext);
request.setUserPrincipal(generalPrincipal);
@@ -100,7 +99,7 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
protected boolean isCached() {
if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null)
return false;
- log.finer("remote logged in already");
+ log.debug("remote logged in already");
GenericPrincipal principal = (GenericPrincipal) request.getSessionInternal().getPrincipal();
request.setUserPrincipal(principal);
request.setAuthType("KEYCLOAK");
@@ -119,9 +118,9 @@ public class CatalinaRequestAuthenticator extends RequestAuthenticator {
protected void restoreRequest() {
if (request.getSessionInternal().getNote(Constants.FORM_REQUEST_NOTE) != null) {
if (valve.keycloakRestoreRequest(request)) {
- log.finer("restoreRequest");
+ log.debug("restoreRequest");
} else {
- log.finer("Restore of original request failed");
+ log.debug("Restore of original request failed");
throw new RuntimeException("Restore of original request failed");
}
}
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaUserSessionManagement.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaUserSessionManagement.java
index 66258ddf051..8263e94cca3 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaUserSessionManagement.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CatalinaUserSessionManagement.java
@@ -5,20 +5,19 @@ import org.apache.catalina.Session;
import org.apache.catalina.SessionEvent;
import org.apache.catalina.SessionListener;
import org.apache.catalina.realm.GenericPrincipal;
+import org.jboss.logging.Logger;
import java.io.IOException;
import java.util.List;
-import java.util.logging.Logger;
/**
* Manages relationship to users and sessions so that forced admin logout can be implemented
*
- * @author Davide Ungari
+ * @author Bill Burke
* @version $Revision: 1 $
*/
public class CatalinaUserSessionManagement implements SessionListener {
-
- private static final Logger log = Logger.getLogger(""+CatalinaUserSessionManagement.class);
+ private static final Logger log = Logger.getLogger(CatalinaUserSessionManagement.class);
public void login(Session session) {
session.addSessionListener(this);
@@ -32,7 +31,7 @@ public class CatalinaUserSessionManagement implements SessionListener {
}
public void logoutHttpSessions(Manager sessionManager, List sessionIds) {
- log.fine("logoutHttpSessions: " + sessionIds);
+ log.debug("logoutHttpSessions: " + sessionIds);
for (String sessionId : sessionIds) {
logoutSession(sessionManager, sessionId);
@@ -40,14 +39,13 @@ public class CatalinaUserSessionManagement implements SessionListener {
}
protected void logoutSession(Manager manager, String httpSessionId) {
- log.fine("logoutHttpSession: " + httpSessionId);
+ log.debug("logoutHttpSession: " + httpSessionId);
Session session;
try {
session = manager.findSession(httpSessionId);
} catch (IOException ioe) {
- log.warning("IO exception when looking for session " + httpSessionId);
- ioe.printStackTrace();
+ log.warn("IO exception when looking for session " + httpSessionId, ioe);
return;
}
@@ -58,7 +56,7 @@ public class CatalinaUserSessionManagement implements SessionListener {
try {
session.expire();
} catch (Exception e) {
- log.warning("Session not present or already invalidated.");
+ log.warnf("Session not present or already invalidated.");
}
}
@@ -70,7 +68,7 @@ public class CatalinaUserSessionManagement implements SessionListener {
// Look up the single session id associated with this session (if any)
Session session = event.getSession();
- log.fine("Session " + session.getId() + " destroyed");
+ log.debugf("Session %s destroyed", session.getId());
GenericPrincipal principal = (GenericPrincipal) session.getPrincipal();
if (principal == null) return;
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CorsPreflightChecker.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CorsPreflightChecker.java
index 7dc3f406eeb..f4fc3023919 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CorsPreflightChecker.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/CorsPreflightChecker.java
@@ -2,17 +2,17 @@ package org.keycloak.adapters.tomcat7;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
+import org.jboss.logging.Logger;
import org.keycloak.adapters.KeycloakDeployment;
import javax.servlet.http.HttpServletResponse;
-import java.util.logging.Logger;
/**
- * @author Davide Ungari
+ * @author Bill Burke
* @version $Revision: 1 $
*/
public class CorsPreflightChecker {
- private static final Logger log = Logger.getLogger(""+CorsPreflightChecker.class);
+ private static final Logger log = Logger.getLogger(CorsPreflightChecker.class);
protected KeycloakDeployment deployment;
public CorsPreflightChecker(KeycloakDeployment deployment) {
@@ -20,17 +20,17 @@ public class CorsPreflightChecker {
}
public boolean checkCorsPreflight(Request request, Response response) {
- log.finer("checkCorsPreflight " + request.getRequestURI());
+ log.debugv("checkCorsPreflight {0}", request.getRequestURI());
if (!request.getMethod().equalsIgnoreCase("OPTIONS")) {
- log.finer("checkCorsPreflight: not options ");
+ log.debug("checkCorsPreflight: not options ");
return false;
}
if (request.getHeader("Origin") == null) {
- log.finer("checkCorsPreflight: no origin header");
+ log.debug("checkCorsPreflight: no origin header");
return false;
}
- log.finer("Preflight request returning");
+ log.debug("Preflight request returning");
response.setStatus(HttpServletResponse.SC_OK);
String origin = request.getHeader("Origin");
response.setHeader("Access-Control-Allow-Origin", origin);
diff --git a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
index 94447a1a59d..ddfbae26b73 100755
--- a/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
+++ b/integration/tomcat7/adapter/src/main/java/org/keycloak/adapters/tomcat7/KeycloakAuthenticatorValve.java
@@ -12,6 +12,7 @@ import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.deploy.LoginConfig;
+import org.jboss.logging.Logger;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterConstants;
import org.keycloak.adapters.AdapterDeploymentContext;
@@ -23,7 +24,6 @@ import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.NodesRegistrationManagement;
import org.keycloak.adapters.PreAuthActionsHandler;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
-import org.keycloak.adapters.ServerRequest;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
@@ -33,20 +33,19 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.util.logging.Logger;
/**
* Web deployment whose security is managed by a remote OAuth Skeleton Key authentication server
*
* Redirects browser to remote authentication server if not logged in. Also allows OAuth Bearer Token requests
* that contain a Skeleton Key bearer tokens.
- *
- * @author Davide Ungari
+ *
+ * @author Bill Burke
* @version $Revision: 1 $
*/
public class KeycloakAuthenticatorValve extends FormAuthenticator implements LifecycleListener {
- private final static Logger log = Logger.getLogger(""+KeycloakAuthenticatorValve.class);
- protected CatalinaUserSessionManagement userSessionManagement = new CatalinaUserSessionManagement();
+ private static final Logger log = Logger.getLogger(KeycloakAuthenticatorValve.class);
+ protected CatalinaUserSessionManagement userSessionManagement = new CatalinaUserSessionManagement();
protected AdapterDeploymentContext deploymentContext;
protected NodesRegistrationManagement nodesRegistrationManagement;
@@ -56,33 +55,15 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
try {
startDeployment();
} catch (LifecycleException e) {
- log.severe("Error starting deployment. " + e.getMessage());
+ log.error("Error starting deployment. " + e.getMessage());
}
} else if (Lifecycle.AFTER_START_EVENT.equals(event.getType())) {
- initInternal();
+ initInternal();
} else if (event.getType() == Lifecycle.BEFORE_STOP_EVENT) {
beforeStop();
}
}
-
- @Override
- public void logout(Request request) throws ServletException {
- KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
- if (ksc != null) {
- request.removeAttribute(KeycloakSecurityContext.class.getName());
- Session session = request.getSessionInternal(false);
- if (session != null) {
- session.removeNote(KeycloakSecurityContext.class.getName());
- try {
- CatalinaHttpFacade facade = new CatalinaHttpFacade(request, null);
- ServerRequest.invokeLogout(deploymentContext.resolveDeployment(facade), ksc.getToken().getSessionState());
- } catch (Exception e) {
- log.severe("failed to invoke remote logout. " + e.getMessage());
- }
- }
- }
- super.logout(request);
- }
+
public void startDeployment() throws LifecycleException {
super.start();
@@ -91,28 +72,24 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
cache = false;
}
- public void initInternal() {
- InputStream configInputStream = getConfigInputStream(context);
- KeycloakDeployment kd = null;
- if (configInputStream == null) {
- log.warning("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
- kd = new KeycloakDeployment();
- } else {
- kd = KeycloakDeploymentBuilder.build(configInputStream);
+ @Override
+ public void logout(Request request) throws ServletException {
+ KeycloakSecurityContext ksc = (KeycloakSecurityContext)request.getAttribute(KeycloakSecurityContext.class.getName());
+ if (ksc != null) {
+ request.removeAttribute(KeycloakSecurityContext.class.getName());
+ Session session = request.getSessionInternal(false);
+ if (session != null) {
+ session.removeNote(KeycloakSecurityContext.class.getName());
+ if (ksc instanceof RefreshableKeycloakSecurityContext) {
+ CatalinaHttpFacade facade = new CatalinaHttpFacade(request, null);
+ ((RefreshableKeycloakSecurityContext)ksc).logout(deploymentContext.resolveDeployment(facade));
+ }
+ }
}
- deploymentContext = new AdapterDeploymentContext(kd);
- context.getServletContext().setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext);
- AuthenticatedActionsValve actions = new AuthenticatedActionsValve(deploymentContext, getNext(), getContainer(), getObjectName());
- setNext(actions);
-
- nodesRegistrationManagement = new NodesRegistrationManagement();
+ super.logout(request);
}
- protected void beforeStop() {
- nodesRegistrationManagement.stop();
- }
-
- private static InputStream getJSONFromServletContext(ServletContext servletContext) {
+ private static InputStream getJSONFromServletContext(ServletContext servletContext) {
String json = servletContext.getInitParameter(AdapterConstants.AUTH_DATA_PARAM_NAME);
if (json == null) {
return null;
@@ -127,13 +104,12 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
if (is == null) {
String path = context.getServletContext().getInitParameter("keycloak.config.file");
if (path == null) {
- log.info("**** using /WEB-INF/keycloak.json");
+ log.debug("**** using /WEB-INF/keycloak.json");
is = context.getServletContext().getResourceAsStream("/WEB-INF/keycloak.json");
} else {
try {
is = new FileInputStream(path);
} catch (FileNotFoundException e) {
- log.severe("NOT FOUND /WEB-INF/keycloak.json");
throw new RuntimeException(e);
}
}
@@ -141,9 +117,34 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
return is;
}
+
+ public void initInternal() {
+ InputStream configInputStream = getConfigInputStream(context);
+ KeycloakDeployment kd = null;
+ if (configInputStream == null) {
+ log.warn("No adapter configuration. Keycloak is unconfigured and will deny all requests.");
+ kd = new KeycloakDeployment();
+ } else {
+ kd = KeycloakDeploymentBuilder.build(configInputStream);
+ }
+ deploymentContext = new AdapterDeploymentContext(kd);
+ context.getServletContext().setAttribute(AdapterDeploymentContext.class.getName(), deploymentContext);
+ AuthenticatedActionsValve actions = new AuthenticatedActionsValve(deploymentContext, getNext(), getContainer());
+ setNext(actions);
+
+ nodesRegistrationManagement = new NodesRegistrationManagement();
+ }
+
+ protected void beforeStop() {
+ nodesRegistrationManagement.stop();
+ }
+
@Override
public void invoke(Request request, Response response) throws IOException, ServletException {
try {
+ if (log.isTraceEnabled()) {
+ log.trace("invoke");
+ }
CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
Manager sessionManager = request.getContext().getManager();
CatalinaUserSessionManagementWrapper sessionManagementWrapper = new CatalinaUserSessionManagementWrapper(userSessionManagement, sessionManager);
@@ -159,9 +160,13 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
@Override
public boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
+ if (log.isTraceEnabled()) {
+ log.trace("*** authenticate");
+ }
CatalinaHttpFacade facade = new CatalinaHttpFacade(request, response);
KeycloakDeployment deployment = deploymentContext.resolveDeployment(facade);
if (deployment == null || !deployment.isConfigured()) {
+ log.info("*** deployment isn't configured return false");
return false;
}
@@ -188,7 +193,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
* @param request
*/
protected void checkKeycloakSession(Request request, HttpFacade facade) {
- if (request.getSessionInternal(false) == null || request.getPrincipal() == null) return;
+ if (request.getSessionInternal(false) == null || request.getSessionInternal().getPrincipal() == null) return;
RefreshableKeycloakSecurityContext session = (RefreshableKeycloakSecurityContext) request.getSessionInternal().getNote(KeycloakSecurityContext.class.getName());
if (session == null) return;
// just in case session got serialized
@@ -202,7 +207,7 @@ public class KeycloakAuthenticatorValve extends FormAuthenticator implements Lif
// Refresh failed, so user is already logged out from keycloak. Cleanup and expire our session
Session catalinaSession = request.getSessionInternal();
- log.fine("Cleanup and expire session " + catalinaSession + " after failed refresh");
+ log.debugf("Cleanup and expire session %s after failed refresh", catalinaSession.getId());
catalinaSession.removeNote(KeycloakSecurityContext.class.getName());
request.setUserPrincipal(null);
request.setAuthType(null);
diff --git a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
index 574a76afc7f..f5a1b3afe63 100755
--- a/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
+++ b/model/api/src/main/java/org/keycloak/models/utils/KeycloakModelUtils.java
@@ -132,6 +132,7 @@ public final class KeycloakModelUtils {
}
public static void generateClientKeyPairCertificate(ClientModel client) {
+ String subject = client.getClientId();
KeyPair keyPair = null;
try {
keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
@@ -140,7 +141,7 @@ public final class KeycloakModelUtils {
}
X509Certificate certificate = null;
try {
- certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, client.getClientId());
+ certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, subject);
} catch (Exception e) {
throw new RuntimeException(e);
}
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
index 99b786161c3..439bd17f000 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocol.java
@@ -155,7 +155,7 @@ public class SamlProtocol implements LoginProtocol {
if (requiresEncryption(client)) {
PublicKey publicKey = null;
try {
- publicKey = PemUtils.decodePublicKey(client.getAttribute(ClientModel.PUBLIC_KEY));
+ publicKey = SamlProtocolUtils.getEncryptionValidationKey(client);
} catch (Exception e) {
logger.error("failed", e);
return Flows.forwardToSecurityFailurePage(session, realm, uriInfo, "Failed to process response");
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java
index 66828b2ddc0..e18693aeb4e 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlProtocolUtils.java
@@ -2,6 +2,7 @@ package org.keycloak.protocol.saml;
import org.keycloak.VerificationException;
import org.keycloak.models.ClientModel;
+import org.keycloak.services.resources.admin.ClientAttributeCertificateResource;
import org.keycloak.util.PemUtils;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
@@ -10,6 +11,7 @@ import org.w3c.dom.Node;
import java.security.KeyPair;
import java.security.PublicKey;
+import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
/**
@@ -18,12 +20,15 @@ import java.security.cert.X509Certificate;
*/
public class SamlProtocolUtils {
+ public static final String SAML_SIGNING_CERTIFICATE_ATTRIBUTE = "saml.signing." + ClientAttributeCertificateResource.X509CERTIFICATE;
+ public static final String SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE = "saml.encryption." + ClientAttributeCertificateResource.X509CERTIFICATE;
+
public static void verifyDocumentSignature(ClientModel client, Document document) throws VerificationException {
if (!"true".equals(client.getAttribute("saml.client.signature"))) {
return;
}
SAML2Signature saml2Signature = new SAML2Signature();
- PublicKey publicKey = getPublicKey(client);
+ PublicKey publicKey = getSignatureValidationKey(client);
try {
if (!saml2Signature.validate(document, publicKey)) {
throw new VerificationException("Invalid signature on document");
@@ -33,16 +38,24 @@ public class SamlProtocolUtils {
}
}
- public static PublicKey getPublicKey(ClientModel client) throws VerificationException {
- String publicKeyPem = client.getAttribute(ClientModel.PUBLIC_KEY);
- if (publicKeyPem == null) throw new VerificationException("Client does not have a public key.");
- PublicKey publicKey = null;
+ public static PublicKey getSignatureValidationKey(ClientModel client) throws VerificationException {
+ return getPublicKey(client, SAML_SIGNING_CERTIFICATE_ATTRIBUTE);
+ }
+
+ public static PublicKey getEncryptionValidationKey(ClientModel client) throws VerificationException {
+ return getPublicKey(client, SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE);
+ }
+
+ public static PublicKey getPublicKey(ClientModel client, String attribute) throws VerificationException {
+ String certPem = client.getAttribute(attribute);
+ if (certPem == null) throw new VerificationException("Client does not have a public key.");
+ Certificate cert = null;
try {
- publicKey = PemUtils.decodePublicKey(publicKeyPem);
+ cert = PemUtils.decodeCertificate(certPem);
} catch (Exception e) {
- throw new VerificationException("Could not decode public key", e);
+ throw new VerificationException("Could not decode cert", e);
}
- return publicKey;
+ return cert.getPublicKey();
}
diff --git a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
index 0fc67a8e473..527ade95bc8 100755
--- a/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/saml/saml-protocol/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -309,7 +309,7 @@ public class SamlService {
// todo maybe a flag?
// SamlProtocolUtils.verifyDocumentSignature(client, documentHolder.getSamlDocument());
- PublicKey publicKey = SamlProtocolUtils.getPublicKey(client);
+ PublicKey publicKey = SamlProtocolUtils.getSignatureValidationKey(client);
UriBuilder builder = UriBuilder.fromPath("/")
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
index 5e97698a024..5d4f176e439 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ApplicationResource.java
@@ -120,9 +120,9 @@ public class ApplicationResource {
return ModelToRepresentation.toRepresentation(application);
}
- @Path("certificates")
- public ClientCertificateResource getCertficateResource() {
- return new ClientCertificateResource(realm, auth, application, session);
+ @Path("certificates/{attr}")
+ public ClientAttributeCertificateResource getCertficateResource(@PathParam("attr") String attributePrefix) {
+ return new ClientAttributeCertificateResource(realm, auth, application, session, attributePrefix);
}
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
new file mode 100755
index 00000000000..9e064c4fabb
--- /dev/null
+++ b/services/src/main/java/org/keycloak/services/resources/admin/ClientAttributeCertificateResource.java
@@ -0,0 +1,307 @@
+package org.keycloak.services.resources.admin;
+
+import org.jboss.resteasy.annotations.cache.NoCache;
+import org.jboss.resteasy.plugins.providers.multipart.InputPart;
+import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataInput;
+import org.jboss.resteasy.spi.BadRequestException;
+import org.jboss.resteasy.spi.NotAcceptableException;
+import org.jboss.resteasy.spi.NotFoundException;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.utils.KeycloakModelUtils;
+import org.keycloak.util.CertificateUtils;
+import org.keycloak.util.PemUtils;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.UriInfo;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author Bill Burke
+ * @version $Revision: 1 $
+ */
+public class ClientAttributeCertificateResource {
+ public static final String PRIVATE_KEY = "private.key";
+ public static final String X509CERTIFICATE = "certificate";
+
+ protected RealmModel realm;
+ private RealmAuth auth;
+ protected ClientModel client;
+ protected KeycloakSession session;
+ protected String attributePrefix;
+ protected String privateAttribute;
+ protected String certificateAttribute;
+
+ public ClientAttributeCertificateResource(RealmModel realm, RealmAuth auth, ClientModel client, KeycloakSession session, String attributePrefix) {
+ this.realm = realm;
+ this.auth = auth;
+ this.client = client;
+ this.session = session;
+ this.attributePrefix = attributePrefix;
+ this.privateAttribute = attributePrefix + "." + PRIVATE_KEY;
+ this.certificateAttribute = attributePrefix + "." + X509CERTIFICATE;
+ }
+
+ public static class ClientKeyPairInfo {
+ protected String privateKey;
+ protected String publicKey;
+ protected String certificate;
+
+ public String getPrivateKey() {
+ return privateKey;
+ }
+
+ public void setPrivateKey(String privateKey) {
+ this.privateKey = privateKey;
+ }
+
+ public String getCertificate() {
+ return certificate;
+ }
+
+ public void setCertificate(String certificate) {
+ this.certificate = certificate;
+ }
+ }
+
+ @GET
+ @NoCache
+ @Produces(MediaType.APPLICATION_JSON)
+ public ClientKeyPairInfo getKeyInfo() {
+ ClientKeyPairInfo info = new ClientKeyPairInfo();
+ info.setCertificate(client.getAttribute(certificateAttribute));
+ info.setPrivateKey(client.getAttribute(privateAttribute));
+ return info;
+ }
+
+
+ @POST
+ @NoCache
+ @Path("generate")
+ @Produces(MediaType.APPLICATION_JSON)
+ public ClientKeyPairInfo generate() {
+ auth.requireManage();
+
+ String subject = client.getClientId();
+ KeyPair keyPair = null;
+ try {
+ keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+ X509Certificate certificate = null;
+ try {
+ certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, subject);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ String privateKeyPem = KeycloakModelUtils.getPemFromKey(keyPair.getPrivate());
+ String certPem = KeycloakModelUtils.getPemFromCertificate(certificate);
+
+ client.setAttribute(privateAttribute, privateKeyPem);
+ client.setAttribute(certificateAttribute, certPem);
+
+
+ KeycloakModelUtils.generateClientKeyPairCertificate(client);
+ ClientKeyPairInfo info = new ClientKeyPairInfo();
+ info.setCertificate(client.getAttribute(certificateAttribute));
+ info.setPrivateKey(client.getAttribute(privateAttribute));
+ return info;
+ }
+
+ @POST
+ @Path("upload")
+ @Consumes(MediaType.MULTIPART_FORM_DATA)
+ @Produces(MediaType.APPLICATION_JSON)
+ public ClientKeyPairInfo uploadJks(@Context final UriInfo uriInfo, MultipartFormDataInput input) throws IOException {
+ auth.requireManage();
+ ClientKeyPairInfo info = new ClientKeyPairInfo();
+ Map> uploadForm = input.getFormDataMap();
+ List inputParts = uploadForm.get("file");
+
+ String keystoreFormat = uploadForm.get("keystoreFormat").get(0).getBodyAsString();
+ String keyAlias = uploadForm.get("keyAlias").get(0).getBodyAsString();
+ List keyPasswordPart = uploadForm.get("keyPassword");
+ char[] keyPassword = keyPasswordPart != null ? keyPasswordPart.get(0).getBodyAsString().toCharArray() : null;
+
+ List storePasswordPart = uploadForm.get("storePassword");
+ char[] storePassword = storePasswordPart != null ? storePasswordPart.get(0).getBodyAsString().toCharArray() : null;
+ PrivateKey privateKey = null;
+ X509Certificate certificate = null;
+ try {
+ KeyStore keyStore = null;
+ if (keystoreFormat.equals("JKS")) keyStore = KeyStore.getInstance("JKS");
+ else keyStore = KeyStore.getInstance(keystoreFormat, "BC");
+ keyStore.load(inputParts.get(0).getBody(InputStream.class, null), storePassword);
+ try {
+ privateKey = (PrivateKey)keyStore.getKey(keyAlias, keyPassword);
+ } catch (Exception e) {
+ // ignore
+ }
+ certificate = (X509Certificate)keyStore.getCertificate(keyAlias);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ if (privateKey != null) {
+ String privateKeyPem = KeycloakModelUtils.getPemFromKey(privateKey);
+ client.setAttribute(privateAttribute, privateKeyPem);
+ info.setPrivateKey(privateKeyPem);
+ } else if (certificate != null) {
+ client.removeAttribute(privateAttribute);
+ }
+
+ if (certificate != null) {
+ String certPem = KeycloakModelUtils.getPemFromCertificate(certificate);
+ client.setAttribute(certificateAttribute, certPem);
+ info.setCertificate(certPem);
+ }
+
+
+ return info;
+ }
+
+
+ public static class KeyStoreConfig {
+ protected Boolean realmCertificate;
+ protected String storePassword;
+ protected String keyPassword;
+ protected String keyAlias;
+ protected String realmAlias;
+ protected String format;
+
+ public Boolean isRealmCertificate() {
+ return realmCertificate;
+ }
+
+ public void setRealmCertificate(Boolean realmCertificate) {
+ this.realmCertificate = realmCertificate;
+ }
+
+ public String getStorePassword() {
+ return storePassword;
+ }
+
+ public void setStorePassword(String storePassword) {
+ this.storePassword = storePassword;
+ }
+
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+ public String getKeyAlias() {
+ return keyAlias;
+ }
+
+ public void setKeyAlias(String keyAlias) {
+ this.keyAlias = keyAlias;
+ }
+
+ public String getRealmAlias() {
+ return realmAlias;
+ }
+
+ public void setRealmAlias(String realmAlias) {
+ this.realmAlias = realmAlias;
+ }
+
+ public String getFormat() {
+ return format;
+ }
+
+ public void setFormat(String format) {
+ this.format = format;
+ }
+ }
+
+ @POST
+ @NoCache
+ @Path("/download")
+ @Produces(MediaType.APPLICATION_OCTET_STREAM)
+ @Consumes(MediaType.APPLICATION_JSON)
+ public byte[] getKeystore(final KeyStoreConfig config) {
+ auth.requireView();
+ if (config.getFormat() != null && !config.getFormat().equals("JKS") && !config.getFormat().equals("PKCS12")) {
+ throw new NotAcceptableException("Only support jks format.");
+ }
+ String format = config.getFormat();
+ String privatePem = client.getAttribute(privateAttribute);
+ String certPem = client.getAttribute(certificateAttribute);
+ if (privatePem == null && certPem == null) {
+ throw new NotFoundException("keypair not generated for client");
+ }
+ if (privatePem != null && config.getKeyPassword() == null) {
+ throw new BadRequestException("Need to specify a key password for jks download");
+ }
+ if (config.getStorePassword() == null) {
+ throw new BadRequestException("Need to specify a store password for jks download");
+ }
+ final KeyStore keyStore;
+ try {
+ if (format.equals("JKS")) keyStore = KeyStore.getInstance("JKS");
+ else keyStore = KeyStore.getInstance(format, "BC");
+ keyStore.load(null, null);
+ String keyAlias = config.getKeyAlias();
+ if (keyAlias == null) keyAlias = client.getClientId();
+ if (privatePem != null) {
+ PrivateKey privateKey = PemUtils.decodePrivateKey(privatePem);
+ X509Certificate clientCert = PemUtils.decodeCertificate(certPem);
+
+
+ Certificate[] chain = {clientCert};
+
+ keyStore.setKeyEntry(keyAlias, privateKey, config.getKeyPassword().trim().toCharArray(), chain);
+ } else {
+ X509Certificate clientCert = PemUtils.decodeCertificate(certPem);
+ keyStore.setCertificateEntry(keyAlias, clientCert);
+ }
+
+
+ if (config.isRealmCertificate() == null || config.isRealmCertificate().booleanValue()) {
+ X509Certificate certificate = realm.getCertificate();
+ if (certificate == null) {
+ KeycloakModelUtils.generateRealmCertificate(realm);
+ certificate = realm.getCertificate();
+ }
+ String certificateAlias = config.getRealmAlias();
+ if (certificateAlias == null) certificateAlias = realm.getName();
+ keyStore.setCertificateEntry(certificateAlias, certificate);
+
+ }
+ ByteArrayOutputStream stream = new ByteArrayOutputStream();
+ keyStore.store(stream, config.getStorePassword().trim().toCharArray());
+ stream.flush();
+ stream.close();
+ byte[] rtn = stream.toByteArray();
+ return rtn;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+
+}
diff --git a/testsuite/integration/pom.xml b/testsuite/integration/pom.xml
index b7b5428fc4a..a117e14a812 100755
--- a/testsuite/integration/pom.xml
+++ b/testsuite/integration/pom.xml
@@ -222,6 +222,18 @@
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ 2.2
+
+
+
+ test-jar
+
+
+
+
org.apache.maven.plugins
maven-deploy-plugin
diff --git a/testsuite/integration/src/test/resources/saml/testsaml.json b/testsuite/integration/src/test/resources/saml/testsaml.json
index 9196dd7fb86..8098d5b0bbb 100755
--- a/testsuite/integration/src/test/resources/saml/testsaml.json
+++ b/testsuite/integration/src/test/resources/saml/testsaml.json
@@ -57,9 +57,8 @@
"saml.signature.algorithm": "RSA_SHA256",
"saml.client.signature": "true",
"saml.authnstatement": "true",
- "privateKey": "MIICWwIBAAKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQABAoGADaTtoG/+foOZUiLjRWKL/OmyavK9vjgyFtThNkZY4qHOh0h3og0RdSbgIxAsIpEa1FUwU2W5yvI6mNeJ3ibFgCgcxqPk6GkAC7DWfQfdQ8cS+dCuaFTs8ObIQEvU50YzeNPiiFxRA+MnauCUXaKm/PnDfjd4tPgru7XZvlGh0wECQQDsBbN2cKkBKpr/b5oJiBcBaSZtWiMNuYBDn9x8uORj+Gy/49BUIMHF2EWyxOWz6ocP5YiynNRkPe21Zus7PEr1AkEA5yWQOkxUTIg43s4pxNSeHtL+Ebqcg54lY2xOQK0yufxUVZI8ODctAKmVBMiCKpU3mZQquOaQicuGtocpgxlScQI/YM31zZ5nsxLGf/5GL6KhzPJT0IYn2nk7IoFu7bjn9BjwgcPurpLA52TNMYWQsTqAKwT6DEhG1NaRqNWNpb4VAkBehObAYBwMm5udyHIeEc+CzUalm0iLLa0eRdiN7AUVNpCJ2V2Uo0NcxPux1AgeP5xXydXafDXYkwhINWcNO9qRAkEA58ckAC5loUGwU5dLaugsGH/a2Q8Ac8bmPglwfCstYDpl8Gp/eimb1eKyvDEELOhyImAv4/uZV9wN85V0xZXWsw==",
- "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQAB",
- "X509Certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
+ "saml.signing.private.key": "MIICWwIBAAKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQABAoGADaTtoG/+foOZUiLjRWKL/OmyavK9vjgyFtThNkZY4qHOh0h3og0RdSbgIxAsIpEa1FUwU2W5yvI6mNeJ3ibFgCgcxqPk6GkAC7DWfQfdQ8cS+dCuaFTs8ObIQEvU50YzeNPiiFxRA+MnauCUXaKm/PnDfjd4tPgru7XZvlGh0wECQQDsBbN2cKkBKpr/b5oJiBcBaSZtWiMNuYBDn9x8uORj+Gy/49BUIMHF2EWyxOWz6ocP5YiynNRkPe21Zus7PEr1AkEA5yWQOkxUTIg43s4pxNSeHtL+Ebqcg54lY2xOQK0yufxUVZI8ODctAKmVBMiCKpU3mZQquOaQicuGtocpgxlScQI/YM31zZ5nsxLGf/5GL6KhzPJT0IYn2nk7IoFu7bjn9BjwgcPurpLA52TNMYWQsTqAKwT6DEhG1NaRqNWNpb4VAkBehObAYBwMm5udyHIeEc+CzUalm0iLLa0eRdiN7AUVNpCJ2V2Uo0NcxPux1AgeP5xXydXafDXYkwhINWcNO9qRAkEA58ckAC5loUGwU5dLaugsGH/a2Q8Ac8bmPglwfCstYDpl8Gp/eimb1eKyvDEELOhyImAv4/uZV9wN85V0xZXWsw==",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
}
},
{
@@ -76,9 +75,8 @@
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.authnstatement": "true",
- "privateKey": "MIICWwIBAAKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQABAoGADaTtoG/+foOZUiLjRWKL/OmyavK9vjgyFtThNkZY4qHOh0h3og0RdSbgIxAsIpEa1FUwU2W5yvI6mNeJ3ibFgCgcxqPk6GkAC7DWfQfdQ8cS+dCuaFTs8ObIQEvU50YzeNPiiFxRA+MnauCUXaKm/PnDfjd4tPgru7XZvlGh0wECQQDsBbN2cKkBKpr/b5oJiBcBaSZtWiMNuYBDn9x8uORj+Gy/49BUIMHF2EWyxOWz6ocP5YiynNRkPe21Zus7PEr1AkEA5yWQOkxUTIg43s4pxNSeHtL+Ebqcg54lY2xOQK0yufxUVZI8ODctAKmVBMiCKpU3mZQquOaQicuGtocpgxlScQI/YM31zZ5nsxLGf/5GL6KhzPJT0IYn2nk7IoFu7bjn9BjwgcPurpLA52TNMYWQsTqAKwT6DEhG1NaRqNWNpb4VAkBehObAYBwMm5udyHIeEc+CzUalm0iLLa0eRdiN7AUVNpCJ2V2Uo0NcxPux1AgeP5xXydXafDXYkwhINWcNO9qRAkEA58ckAC5loUGwU5dLaugsGH/a2Q8Ac8bmPglwfCstYDpl8Gp/eimb1eKyvDEELOhyImAv4/uZV9wN85V0xZXWsw==",
- "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQAB",
- "X509Certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
+ "saml.signing.private.key": "MIICWwIBAAKBgQDVG8a7xGN6ZIkDbeecySygcDfsypjUMNPE4QJjis8B316CvsZQ0hcTTLUyiRpHlHZys2k3xEhHBHymFC1AONcvzZzpb40tAhLHO1qtAnut00khjAdjR3muLVdGkM/zMC7G5s9iIwBVhwOQhy+VsGnCH91EzkjZ4SVEr55KJoyQJQIDAQABAoGADaTtoG/+foOZUiLjRWKL/OmyavK9vjgyFtThNkZY4qHOh0h3og0RdSbgIxAsIpEa1FUwU2W5yvI6mNeJ3ibFgCgcxqPk6GkAC7DWfQfdQ8cS+dCuaFTs8ObIQEvU50YzeNPiiFxRA+MnauCUXaKm/PnDfjd4tPgru7XZvlGh0wECQQDsBbN2cKkBKpr/b5oJiBcBaSZtWiMNuYBDn9x8uORj+Gy/49BUIMHF2EWyxOWz6ocP5YiynNRkPe21Zus7PEr1AkEA5yWQOkxUTIg43s4pxNSeHtL+Ebqcg54lY2xOQK0yufxUVZI8ODctAKmVBMiCKpU3mZQquOaQicuGtocpgxlScQI/YM31zZ5nsxLGf/5GL6KhzPJT0IYn2nk7IoFu7bjn9BjwgcPurpLA52TNMYWQsTqAKwT6DEhG1NaRqNWNpb4VAkBehObAYBwMm5udyHIeEc+CzUalm0iLLa0eRdiN7AUVNpCJ2V2Uo0NcxPux1AgeP5xXydXafDXYkwhINWcNO9qRAkEA58ckAC5loUGwU5dLaugsGH/a2Q8Ac8bmPglwfCstYDpl8Gp/eimb1eKyvDEELOhyImAv4/uZV9wN85V0xZXWsw==",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGP5dZDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1zaWcvMB4XDTE0MTAxNjEyNDQyM1oXDTI0MTAxNjEyNDYwM1owMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3Qtc2lnLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1RvGu8RjemSJA23nnMksoHA37MqY1DDTxOECY4rPAd9egr7GUNIXE0y1MokaR5R2crNpN8RIRwR8phQtQDjXL82c6W+NLQISxztarQJ7rdNJIYwHY0d5ri1XRpDP8zAuxubPYiMAVYcDkIcvlbBpwh/dRM5I2eElRK+eSiaMkCUCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCLms6htnPaY69k1ntm9a5jgwSn/K61cdai8R8B0ccY7zvinn9AfRD7fiROQpFyY29wKn8WCLrJ86NBXfgFUGyR5nLNHVy3FghE36N2oHy53uichieMxffE6vhkKJ4P8ChfJMMOZlmCPsQPDvjoAghHt4mriFiQgRdPgIy/zDjSNw=="
}
},
{
@@ -95,9 +93,8 @@
"saml.server.signature": "true",
"saml.client.signature": "true",
"saml.authnstatement": "true",
- "privateKey": "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t",
- "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQAB",
- "X509Certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g=="
+ "saml.signing.private.key": "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g=="
}
},
{
@@ -116,9 +113,10 @@
"saml.client.signature": "true",
"saml.encrypt": "true",
"saml.authnstatement": "true",
- "privateKey": "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t",
- "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQAB",
- "X509Certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g=="
+ "saml.signing.private.key": "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t",
+ "saml.signing.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g==",
+ "saml.encryption.private.key": "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t",
+ "saml.encryption.certificate": "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g=="
}
},
{
@@ -136,9 +134,8 @@
"saml.client.signature": "true",
"saml.signature.algorithm": "RSA_SHA1",
"saml.authnstatement": "true",
- "privateKey": "MIICXQIBAAKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQABAoGANU1efgc6ojIvwn7Lsf8GAKN9z2D6uS0T3I9nw1k2CtI+xWhgKAUltEANx5lEfBRYIdYclidRpqrk8DYgzASrDYTHXzqVBJfAk1VrAGpqyRq+TNMLUHkXiTiSDOQ6WqhX93UGMmAgQm1RsLa6+fy1BO/B2y85+Yf2OUylsKS6avECQQDslRDiNFdtEjdvyOL20tQ7+W+eKVxVxKAyQ3gFjIIDizELZt+Jq1Wz6XV9NhK1JFtlVugeD1tlW/+K16fEmDYXAkEAzqKoN/JeGb20rfQldAUWdQbb0jrQAYlgoSU/9fYH9YVJT8vnkfhPBTwIw9H9euf1//lRP/jHltHd5ch4230YyQJBAN3rOkoltPiABPZbpuLGgwS7BwOCYrWlWmurtBLoaTCvyVKbrgXybNL1pBrOtR+rufvGWLeRyja65Gs1vY6BBQMCQQCTsNq/MjJj/522f7yNUl2cw4w2lOa7Um+IflFbAcDqkZu2ty0Kvgns2d4B6INeZ5ECpjaWnMA7YkFRzZnkd2NRAkB8lEY56ScnNigoZkkjtEUd2ejdhZPYuS9SKfv9zHwN+I+DE2vVFZz8GPq/iLcMx13PkZaYaJNQ4FtQY/hRLSn5",
- "publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQAB",
- "X509Certificate": "MIIB0DCCATkCBgFJH5u0EDANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNodHRwOi8vbG9jYWxob3N0OjgwODAvZW1wbG95ZWUtc2lnLzAeFw0xNDEwMTcxOTMzNThaFw0yNDEwMTcxOTM1MzhaMC4xLDAqBgNVBAMTI2h0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9lbXBsb3llZS1zaWcvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACKyPLGqMX8GsIrCfJU8eVnpaqzTXMglLVo/nTcfAnWe9UAdVe8N3a2PXpDBvuqNA/DEAhVcQgxdlOTWnB6s8/yLTRuH0bZgb3qGdySif+lU+E7zZ/SiDzavAvn+ABqemnzHcHyhYO+hNRGHvUbW5OAii9Vdjhm8BI32YF1NwhKp"
+ "saml.signing.private.key": "MIICXQIBAAKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQABAoGANU1efgc6ojIvwn7Lsf8GAKN9z2D6uS0T3I9nw1k2CtI+xWhgKAUltEANx5lEfBRYIdYclidRpqrk8DYgzASrDYTHXzqVBJfAk1VrAGpqyRq+TNMLUHkXiTiSDOQ6WqhX93UGMmAgQm1RsLa6+fy1BO/B2y85+Yf2OUylsKS6avECQQDslRDiNFdtEjdvyOL20tQ7+W+eKVxVxKAyQ3gFjIIDizELZt+Jq1Wz6XV9NhK1JFtlVugeD1tlW/+K16fEmDYXAkEAzqKoN/JeGb20rfQldAUWdQbb0jrQAYlgoSU/9fYH9YVJT8vnkfhPBTwIw9H9euf1//lRP/jHltHd5ch4230YyQJBAN3rOkoltPiABPZbpuLGgwS7BwOCYrWlWmurtBLoaTCvyVKbrgXybNL1pBrOtR+rufvGWLeRyja65Gs1vY6BBQMCQQCTsNq/MjJj/522f7yNUl2cw4w2lOa7Um+IflFbAcDqkZu2ty0Kvgns2d4B6INeZ5ECpjaWnMA7YkFRzZnkd2NRAkB8lEY56ScnNigoZkkjtEUd2ejdhZPYuS9SKfv9zHwN+I+DE2vVFZz8GPq/iLcMx13PkZaYaJNQ4FtQY/hRLSn5",
+ "saml.signing.certificate": "MIIB0DCCATkCBgFJH5u0EDANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNodHRwOi8vbG9jYWxob3N0OjgwODAvZW1wbG95ZWUtc2lnLzAeFw0xNDEwMTcxOTMzNThaFw0yNDEwMTcxOTM1MzhaMC4xLDAqBgNVBAMTI2h0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9lbXBsb3llZS1zaWcvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACKyPLGqMX8GsIrCfJU8eVnpaqzTXMglLVo/nTcfAnWe9UAdVe8N3a2PXpDBvuqNA/DEAhVcQgxdlOTWnB6s8/yLTRuH0bZgb3qGdySif+lU+E7zZ/SiDzavAvn+ABqemnzHcHyhYO+hNRGHvUbW5OAii9Vdjhm8BI32YF1NwhKp"
}
}
],
diff --git a/testsuite/pom.xml b/testsuite/pom.xml
index 8780d192412..9c2186d9934 100755
--- a/testsuite/pom.xml
+++ b/testsuite/pom.xml
@@ -26,6 +26,7 @@
integration
+ tomcat7
performance
tools
performance-web
diff --git a/testsuite/tomcat7/pom.xml b/testsuite/tomcat7/pom.xml
new file mode 100755
index 00000000000..419d6e8bda8
--- /dev/null
+++ b/testsuite/tomcat7/pom.xml
@@ -0,0 +1,513 @@
+
+
+
+ keycloak-testsuite-pom
+ org.keycloak
+ 1.1.0-Alpha1-SNAPSHOT
+ ../pom.xml
+
+ 4.0.0
+
+ keycloak-testsuite-tomcat7
+ Keycloak Tomcat 7Integration TestSuite
+
+
+
+
+ org.keycloak
+ keycloak-dependencies-server-all
+ ${project.version}
+ pom
+
+
+ org.keycloak
+ keycloak-admin-client
+ ${project.version}
+
+
+ log4j
+ log4j
+
+
+ org.slf4j
+ slf4j-api
+
+
+ org.slf4j
+ slf4j-log4j12
+ ${slf4j.version}
+
+
+ org.jboss.spec.javax.servlet
+ jboss-servlet-api_3.0_spec
+
+
+ org.jboss.resteasy
+ jaxrs-api
+ ${resteasy.version.latest}
+
+
+ org.jboss.resteasy
+ resteasy-jaxrs
+ ${resteasy.version.latest}
+
+
+ log4j
+ log4j
+
+
+ org.slf4j
+ slf4j-api
+
+
+ org.slf4j
+ slf4j-simple
+
+
+
+
+ org.jboss.resteasy
+ resteasy-client
+ ${resteasy.version.latest}
+
+
+ org.jboss.resteasy
+ resteasy-crypto
+ ${resteasy.version.latest}
+
+
+ org.jboss.resteasy
+ resteasy-multipart-provider
+ ${resteasy.version.latest}
+
+
+ org.jboss.resteasy
+ resteasy-jackson-provider
+ ${resteasy.version.latest}
+
+
+ org.jboss.resteasy
+ resteasy-undertow
+ ${resteasy.version.latest}
+
+
+ com.google.zxing
+ javase
+
+
+ org.bouncycastle
+ bcprov-jdk16
+
+
+ org.apache.httpcomponents
+ httpclient
+ ${keycloak.apache.httpcomponents.version}
+
+
+ org.keycloak
+ keycloak-ldap-federation
+ ${project.version}
+
+
+ org.keycloak
+ keycloak-undertow-adapter
+ ${project.version}
+
+
+ org.keycloak
+ federation-properties-example
+ ${project.version}
+
+
+ org.jboss.logging
+ jboss-logging
+
+
+ io.undertow
+ undertow-servlet
+
+
+ io.undertow
+ undertow-core
+
+
+ org.codehaus.jackson
+ jackson-core-asl
+
+
+ org.codehaus.jackson
+ jackson-mapper-asl
+
+
+ org.codehaus.jackson
+ jackson-xc
+
+
+ junit
+ junit
+
+
+ org.hamcrest
+ hamcrest-all
+
+
+ org.hibernate.javax.persistence
+ hibernate-jpa-2.0-api
+
+
+ com.h2database
+ h2
+
+
+ org.hibernate
+ hibernate-entitymanager
+
+
+ com.icegreen
+ greenmail
+
+
+ org.slf4j
+ slf4j-api
+
+
+
+
+ org.infinispan
+ infinispan-core
+
+
+ org.seleniumhq.selenium
+ selenium-java
+
+
+ xml-apis
+ xml-apis
+
+
+ org.seleniumhq.selenium
+ selenium-chrome-driver
+
+
+ org.picketbox
+ picketbox-ldap
+ test-jar
+
+
+ org.picketbox
+ picketbox-ldap
+
+
+ org.picketlink
+ picketlink-wildlfy-common
+
+
+ org.wildfly
+ wildfly-undertow
+ ${wildfly.version}
+ test
+
+
+ org.keycloak
+ keycloak-testsuite-integration
+ ${project.version}
+ test
+
+
+ org.keycloak
+ keycloak-testsuite-integration
+ ${project.version}
+ test-jar
+ test
+
+
+
+ org.apache.tomcat
+ tomcat-catalina
+ 7.0.54
+
+
+ org.apache.tomcat
+ tomcat-util
+ 7.0.54
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-core
+ 7.0.54
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ 2.2
+
+
+
+ test-jar
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-deploy-plugin
+
+ true
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+ ${maven.compiler.source}
+ ${maven.compiler.target}
+
+
+
+ org.codehaus.mojo
+ exec-maven-plugin
+
+ ${project.basedir}
+
+
+
+
+
+
+
+ keycloak-server
+
+
+
+ org.codehaus.mojo
+ exec-maven-plugin
+
+ org.keycloak.testutils.KeycloakServer
+
+
+
+
+
+
+ mail-server
+
+
+
+ org.codehaus.mojo
+ exec-maven-plugin
+
+ org.keycloak.testutils.MailServer
+
+
+
+
+
+
+ totp
+
+
+
+ org.codehaus.mojo
+ exec-maven-plugin
+
+ org.keycloak.testutils.TotpGenerator
+
+
+
+
+
+
+
+ jpa
+
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+
+
+ jpa
+ jpa
+ jpa
+ jpa
+
+
+
+
+
+
+
+
+ mongo
+
+
+ localhost
+ 27018
+ keycloak
+ true
+ 127.0.0.1
+
+
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+
+
+ test
+ integration-test
+
+ test
+
+
+
+ mongo
+ mongo
+ mongo
+ mongo
+ ${keycloak.connectionsMongo.host}
+ ${keycloak.connectionsMongo.port}
+ ${keycloak.connectionsMongo.db}
+ ${keycloak.connectionsMongo.clearOnStartup}
+ ${keycloak.connectionsMongo.bindIp}
+
+
+
+
+ default-test
+
+ true
+
+
+
+
+
+
+
+ com.github.joelittlejohn.embedmongo
+ embedmongo-maven-plugin
+
+
+ start-mongodb
+ pre-integration-test
+
+ start
+
+
+ ${keycloak.connectionsMongo.port}
+ file
+ ${project.build.directory}/mongodb.log
+ ${keycloak.connectionsMongo.bindIp}
+
+
+
+ stop-mongodb
+ post-integration-test
+
+ stop
+
+
+
+
+
+
+
+
+
+
+ infinispan
+
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+
+
+ infinispan
+ infinispan
+ infinispan
+
+
+
+
+
+
+
+
+
+
+
+ keycloak.connectionsJpa.driver
+ com.mysql.jdbc.Driver
+
+
+ mysql
+
+
+ mysql
+ mysql-connector-java
+ ${mysql.version}
+
+
+
+
+
+
+
+
+ keycloak.connectionsJpa.driver
+ org.postgresql.Driver
+
+
+ postgresql
+
+
+ org.postgresql
+ postgresql
+ ${postgresql.version}
+
+
+
+
+
+ clean-jpa
+
+
+
+ org.liquibase
+ liquibase-maven-plugin
+
+ META-INF/jpa-changelog-master.xml
+
+ ${keycloak.connectionsJpa.url}
+ ${keycloak.connectionsJpa.driver}
+ ${keycloak.connectionsJpa.user}
+ ${keycloak.connectionsJpa.password}
+
+ false
+
+
+
+ clean-jpa
+ clean
+
+ dropAll
+
+
+
+
+
+
+
+
+
diff --git a/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
new file mode 100755
index 00000000000..71ecbae0c2e
--- /dev/null
+++ b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/Tomcat7Test.java
@@ -0,0 +1,283 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.keycloak.testsuite;
+
+import org.apache.http.NameValuePair;
+import org.apache.http.client.CookieStore;
+import org.apache.http.client.utils.URLEncodedUtils;
+import org.apache.http.cookie.Cookie;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.jboss.resteasy.client.jaxrs.ResteasyClient;
+import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
+import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
+import org.junit.Assert;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.keycloak.OAuth2Constants;
+import org.keycloak.adapters.HttpClientBuilder;
+import org.keycloak.protocol.oidc.OpenIDConnectService;
+import org.keycloak.services.resources.LoginActionsService;
+import org.keycloak.testsuite.Constants;
+import org.keycloak.testsuite.OAuthClient;
+import org.keycloak.testsuite.OAuthClient.AccessTokenResponse;
+import org.keycloak.testsuite.rule.KeycloakRule;
+import org.keycloak.testsuite.rule.WebRule;
+import org.keycloak.util.BasicAuthHelper;
+import org.openqa.selenium.WebDriver;
+
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.core.Form;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriBuilder;
+import java.net.URI;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.atomic.AtomicLong;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * @author Stian Thorgersen
+ */
+public class Tomcat7Test {
+
+ @ClassRule
+ public static KeycloakRule keycloakRule = new KeycloakRule();
+
+ public static class BrowserLogin implements Runnable
+ {
+
+ private WebDriver driver;
+
+ public BrowserLogin() {
+ driver = WebRule.createWebDriver();
+ }
+
+ @Override
+ public void run() {
+ driver.manage().deleteAllCookies();
+ OAuthClient oauth = new OAuthClient(driver);
+ oauth.doLogin("test-user@localhost", "password");
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+ Assert.assertEquals(200, response.getStatusCode());
+ count.incrementAndGet();
+
+ }
+ }
+
+ public static AtomicLong count = new AtomicLong(0);
+
+ public static class JaxrsClientLogin implements Runnable
+ {
+ ResteasyClient client;
+
+ private String baseUrl = Constants.AUTH_SERVER_ROOT;
+
+ private String realm = "test";
+
+ private String responseType = OAuth2Constants.CODE;
+
+ private String grantType = "authorization_code";
+
+ private String clientId = "test-app";
+
+ private String redirectUri = "http://localhost:8081/app/auth";
+
+
+ public JaxrsClientLogin() {
+ DefaultHttpClient httpClient = (DefaultHttpClient) new HttpClientBuilder().build();
+ httpClient.setCookieStore(new CookieStore() {
+ @Override
+ public void addCookie(Cookie cookie) {
+ //To change body of implemented methods use File | Settings | File Templates.
+ }
+
+ @Override
+ public List getCookies() {
+ return Collections.emptyList();
+ }
+
+ @Override
+ public boolean clearExpired(Date date) {
+ return false; //To change body of implemented methods use File | Settings | File Templates.
+ }
+
+ @Override
+ public void clear() {
+ //To change body of implemented methods use File | Settings | File Templates.
+ }
+ });
+ ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(httpClient);
+ this.client = new ResteasyClientBuilder().httpEngine(engine).build();
+ }
+
+ public String getLoginFormUrl(String state) {
+ UriBuilder b = OpenIDConnectService.loginPageUrl(UriBuilder.fromUri(baseUrl));
+ if (responseType != null) {
+ b.queryParam(OAuth2Constants.RESPONSE_TYPE, responseType);
+ }
+ if (clientId != null) {
+ b.queryParam(OAuth2Constants.CLIENT_ID, clientId);
+ }
+ if (redirectUri != null) {
+ b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
+ }
+ if (state != null) {
+ b.queryParam(OAuth2Constants.STATE, state);
+ }
+ return b.build(realm).toString();
+ }
+
+ public String getProcessLoginUrl(String state) {
+ UriBuilder b = LoginActionsService.processLoginUrl(UriBuilder.fromUri(baseUrl));
+ if (clientId != null) {
+ b.queryParam(OAuth2Constants.CLIENT_ID, clientId);
+ }
+ if (redirectUri != null) {
+ b.queryParam(OAuth2Constants.REDIRECT_URI, redirectUri);
+ }
+ if (state != null) {
+ b.queryParam(OAuth2Constants.STATE, state);
+ }
+ return b.build(realm).toString();
+ }
+
+ static Pattern actionParser = Pattern.compile("action=\"([^\"]+)\"");
+
+ public void run() {
+ //this.client = new ResteasyClientBuilder().build();
+ String state = "42";
+ String loginFormUrl = getLoginFormUrl(state);
+ String html = client.target(loginFormUrl).request().get(String.class);
+ Matcher matcher = actionParser.matcher(html);
+ matcher.find();
+ String actionUrl = matcher.group(1);
+ if (!actionUrl.startsWith("http")) {
+ actionUrl = UriBuilder.fromUri(actionUrl).scheme("http").host("localhost").port(8081).build().toString();
+ }
+ Form form = new Form();
+ form.param("username", "test-user@localhost");
+ form.param("password", "password");
+ Response response = client.target(actionUrl).request().post(Entity.form(form));
+ URI uri = null;
+ Assert.assertEquals(302, response.getStatus());
+ uri = response.getLocation();
+ for (String header : response.getHeaders().keySet()) {
+ for (Object value : response.getHeaders().get(header)) {
+ System.out.println(header + ": " + value);
+ }
+ }
+ response.close();
+
+ Assert.assertNotNull(uri);
+ String code = getCode(uri);
+ Assert.assertNotNull(code);
+
+ form = new Form();
+ form.param(OAuth2Constants.GRANT_TYPE, grantType)
+ .param(OAuth2Constants.CODE, code)
+ .param(OAuth2Constants.REDIRECT_URI, redirectUri);
+
+ String authorization = BasicAuthHelper.createHeader(clientId, "password");
+
+ String res = client.target(OpenIDConnectService.accessCodeToTokenUrl(UriBuilder.fromUri(baseUrl)).build(realm)).request()
+ .header(HttpHeaders.AUTHORIZATION, authorization)
+ .post(Entity.form(form), String.class);
+ count.incrementAndGet();
+ //client.close();
+ }
+
+ public String getCode(URI uri) {
+ Map m = new HashMap();
+ List pairs = URLEncodedUtils.parse(uri, "UTF-8");
+ for (NameValuePair p : pairs) {
+ if (p.getName().equals("code")) return p.getValue();
+ m.put(p.getName(), p.getValue());
+ }
+ return null;
+ }
+
+
+ public void close()
+ {
+ client.close();
+ }
+ }
+
+ @Test
+ public void perfJaxrsClientLogin()
+ {
+ long ITERATIONS = 3;
+ JaxrsClientLogin login = new JaxrsClientLogin();
+ long start = System.currentTimeMillis();
+ for (int i = 0; i < ITERATIONS; i++) {
+ //System.out.println("*************************");
+ login.run();
+ }
+ long end = System.currentTimeMillis() - start;
+ System.out.println("took: " + end);
+ }
+
+ @Test
+ public void perfBrowserLogin()
+ {
+ long ITERATIONS = 3;
+ long start = System.currentTimeMillis();
+ BrowserLogin login = new BrowserLogin();
+ for (int i = 0; i < ITERATIONS; i++) {
+ //System.out.println("----------------------------------");
+ login.run();
+ }
+ long end = System.currentTimeMillis() - start;
+ System.out.println("took: " + end);
+ }
+
+ @Test
+ public void multiThread() throws Exception {
+ int num_threads = 20;
+ Thread[] threads = new Thread[num_threads];
+ for (int i = 0; i < num_threads; i++) {
+ threads[i] = new Thread(new Runnable() {
+ @Override
+ public void run() {
+ perfJaxrsClientLogin();
+ }
+ });
+ }
+ long start = System.currentTimeMillis();
+ for (int i = 0; i < num_threads; i++) {
+ threads[i].start();
+ }
+ for (int i = 0; i < num_threads; i++) {
+ threads[i].join();
+ }
+ long end = System.currentTimeMillis() - start;
+ System.out.println(count.toString() + " took: " + end);
+ System.out.println(count.floatValue() / ((float)end) * 1000+ " logins/s");
+ }
+
+}
diff --git a/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/tomcat7/TomcatAdapterTest.java b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/tomcat7/TomcatAdapterTest.java
new file mode 100755
index 00000000000..78072330a33
--- /dev/null
+++ b/testsuite/tomcat7/src/test/java/org/keycloak/testsuite/tomcat7/TomcatAdapterTest.java
@@ -0,0 +1,24 @@
+package org.keycloak.testsuite.tomcat7;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.startup.Tomcat;
+
+import java.io.File;
+
+/**
+ * @author Bill Burke
+ * @version $Revision: 1 $
+ */
+public class TomcatAdapterTest {
+ public void startServer() throws LifecycleException {
+ Tomcat tomcat = new Tomcat();
+ tomcat.setPort(8080);
+ //tomcat.addWebapp()
+ File base = new File(System.getProperty("java.io.tmpdir"));
+ Context rootCtx = tomcat.addContext("/app", base.getAbsolutePath());
+ //Tomcat.addServlet(rootCtx, "dateServlet", new DatePrintServlet());
+ rootCtx.addServletMapping("/date", "dateServlet");
+ tomcat.start();
+ tomcat.getServer().await();
+ }}