Skip to content

Commit

Permalink
feat(jans-keycloak-integration): enhancements to keycloak integration #…
Browse files Browse the repository at this point in the history
…8614 (#8747)

* fix(jans-linux-setup): improper scim configuration for jans kc #8210
* updated the keycloak configuration file to reflect the  configuration for the storage-spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak protocol mapper

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): remove references to jans standalone persistence layer

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper for kc #8614
* added persistence manager configuration for protocol mapper

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): added dependencies for protocol mapper #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper  #8614
* added dependencies to protocol mapper
* added protocol mapper main class

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): experimental protocol mapper #8614
* added relevant models to fetch user attributes
* refactored the db configuration classes

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): janssen spi bundle  #8614
* created maven project for janssen spi bundle

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): janssen spi bundle #8614
* added dependencies xml

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to job-scheduler #8614
* added support for new protocol mapper in job scheduler
* fixed typo in application shutdown log message

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak integration enhancements  #8614
* added support for the protocol-mapper in job-scheduler configuration
* fixed issue in  job-scheduler logging configuration that caused too many log files to be created

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): spi bundle #8614
* additions to the spi bundle pom file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): keycloak integration enhancements #8614
* added protocol mapper implementation

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added thin bridge spi provider
* added models for thin bridge provider

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* moved authenticator spi to spi module
* minor refactoring to the authenticator spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* moved authenticator rest service spi to spi module

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added new storage provider implementation

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added missing files to spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* added resource files to spi module

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* bump spi version to 1.1.3-SNAPSHOT
* removed protocol-mapper PoC from build modules

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* minor bugfix to scheduler. did not show fatal startup errors in log file

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
*fix for fatal errors which don't still appear in the logs

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* further housekeeping in job-scheduler

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* fixed bug in user storage spi preventing authentication in new version of keycloak

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* have scheduler create saml clients with document and assertion signing as default configuration

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancement to jans-keycloak-integration #8614
* removed reference to protocol-mapper poc submodule

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* removed reference to storage-spi module
* restored job-scheduler module in build pom

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* removed authenticator source as it was moved to spi

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614
* fixes suggested by static analyser

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

* feat(jans-keycloak-integration): enhancements to jans-keycloak-integration #8614

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>

---------

Signed-off-by: Rolain Djeumen <uprightech@gmail.com>
  • Loading branch information
uprightech authored Jun 24, 2024
1 parent 6f2a27f commit e3ddb60
Show file tree
Hide file tree
Showing 85 changed files with 1,504 additions and 1,660 deletions.
62 changes: 0 additions & 62 deletions jans-keycloak-integration/authenticator/installation.md

This file was deleted.

77 changes: 0 additions & 77 deletions jans-keycloak-integration/authenticator/pom.xml

This file was deleted.

This file was deleted.

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -152,8 +152,8 @@ private void initClientRepresentation() {
clientRepresentation.setAuthenticationFlowBindingOverrides(authnFlowBindingOverrides);

//set default saml attributes
samlShoulDocumentsBeSigned(false);
samlSignAssertions(false);
samlShoulDocumentsBeSigned(true);
samlSignAssertions(true);
samlForcePostBinding(false);
samlEncryptAssertions(false);
samlForceArtifactBinding(false);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,12 @@ public SamlUserAttributeMapperBuilder attributeNameFormatUnspecified() {
return this;
}

public SamlUserAttributeMapperBuilder jansAttributeName(final String attributename) {

config.put("jans.attribute.name",attributename);
return this;
}

public ProtocolMapper build() {

return this.mapper;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -87,14 +87,23 @@ public static void main(String[] args) throws InterruptedException, ParserCreate
Thread.sleep(1000);
}
}
log.info("Application shutthing down");
log.info("Application shutting down");
}catch(StartupError e) {
log.error("Application startup failed",e);
if(jobScheduler != null) {
jobScheduler.stop();
}
System.exit(-1);
return;
}catch(InterruptedException e) {
log.error("Application interrupted",e);
Thread.currentThread().interrupt();
}catch(Exception e) {
log.error("Fatal error starting application",e);
if(jobScheduler != null ) {
jobScheduler.stop();
}
System.exit(-1);
}

}
Expand Down Expand Up @@ -163,10 +172,8 @@ private static final JobScheduler createQuartzJobSchedulerFromConfiguration(AppC

private static final void runCronJobs() {

log.debug("Running trust relationship sync cron job");
TrustRelationshipSyncJob trsyncjob = new TrustRelationshipSyncJob();
trsyncjob.run(null);
log.debug("Trust relationship sync cron job complete");
}

private static final void performPostStartupOperations() {
Expand Down Expand Up @@ -271,7 +278,7 @@ public static class ShutdownHook extends Thread {
public void run() {

try {
log.debug("Shutting down application");
log.info("Shutting down application");
if (jobScheduler != null) {
jobScheduler.stop();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,7 @@ public TrustRelationshipSyncJob() {
this.keycloakApi = App.keycloakApi();
this.realm = App.configuration().keycloakResourcesRealm();
this.samlUserAttributeMapperId = App.configuration().keycloakResourcesSamlUserAttributeMapper();
try {
this.authnBrowserFlow = keycloakApi.getAuthenticationFlowFromAlias(realm,App.configuration().keycloakResourcesBrowserFlowAlias());
}catch(Exception e) {
log.warn("Could not properly initialize sync job",e);
this.authnBrowserFlow = null;
}
this.authnBrowserFlow = keycloakApi.getAuthenticationFlowFromAlias(realm,App.configuration().keycloakResourcesBrowserFlowAlias());
}

@Override
Expand Down Expand Up @@ -213,13 +208,10 @@ private void addReleasedAttributesToManagedSamlClient(ManagedSamlClient client,
List<ProtocolMapper> protmappers = releasedattributes.stream().map((r)-> {
log.debug("Preparing to add released attribute {} to managed saml client with clientId {}",r.getName(),client.clientId());
return ProtocolMapper
.samlUserAttributeMapper(samlUserAttributeMapperId)
.name(generateKeycloakUniqueProtocolMapperName(r))
.userAttribute(r.getName())
.friendlyName(r.getDisplayName()!=null?r.getDisplayName():r.getName())
.attributeName(r.getSaml2Uri())
.attributeNameFormatUriReference()
.build();
.samlUserAttributeMapper(samlUserAttributeMapperId)
.name(generateKeycloakUniqueProtocolMapperName(r))
.jansAttributeName(r.getName())
.build();
}).toList();

keycloakApi.addProtocolMappersToManagedSamlClient(realm, client, protmappers);
Expand All @@ -230,10 +222,7 @@ private void updateManagedSamlClientProtocolMapper(ManagedSamlClient client, Pro
log.debug("Updating managed client released attribute. Client id: {} / Attribute name: {}",client.clientId(),releasedattribute.getName());
ProtocolMapper newmapper = ProtocolMapper
.samlUserAttributeMapper(mapper)
.userAttribute(releasedattribute.getName())
.friendlyName(releasedattribute.getDisplayName()!=null?releasedattribute.getDisplayName():releasedattribute.getName())
.attributeName(releasedattribute.getSaml2Uri())
.attributeNameFormatUriReference()
.jansAttributeName(releasedattribute.getName())
.build();
keycloakApi.updateManagedSamlClientProtocolMapper(realm, client,newmapper);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,7 @@ public void execute(JobExecutionContext context) throws JobExecutionException {
io.jans.kc.scheduler.job.Job job = (io.jans.kc.scheduler.job.Job) constructor.newInstance();
ExecutionContext effectivecontext = new QuartzExecutionContext(context.getMergedJobDataMap());
job.run(effectivecontext);
} catch(ReflectiveOperationException e) {
e.printStackTrace();
}catch(Exception e) {
throw new JobExecutionException("Failed to run job " + jobname,e);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,4 +28,4 @@ app.job.trustrelationship-sync.schedule-interval=PT10M
# keycloak resources configuration
app.keycloak.resources.realm=jans
app.keycloak.resources.authn.browser.flow-alias=janssen login
app.keycloak.resources.saml.user-attribute-mapper=saml-user-attribute-mapper
app.keycloak.resources.saml.user-attribute-mapper=kc-jans-saml-user-attribute-mapper
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
<File>${app.logdir}/scheduler.log</File>
<append>true</append>
<rollingPolicy class="TimeBasedRollingPolicy">
<fileNamePattern>${app.logdir}/scheduler-%d{yyyy-mm-dd}.log.gz</fileNamePattern>
<fileNamePattern>${app.logdir}/scheduler-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
<maxHistory>${app.logging.loghistory:-180}</maxHistory>
</rollingPolicy>

Expand Down
Loading

0 comments on commit e3ddb60

Please sign in to comment.