KEYCLOAK-2584

keycloak · Mar 25, 2016 · e497eb0 · e497eb0
1 parent b253fe9
commit e497eb0
Showing 1 changed file with 45 additions and 35 deletions.
diff --git a/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java b/adapters/saml/core/src/main/java/org/keycloak/adapters/saml/AbstractInitiateLogin.java
@@ -54,53 +54,63 @@ public int getResponseCode() {
     @Override
     public boolean challenge(HttpFacade httpFacade) {
         try {
-            String issuerURL = deployment.getEntityID();
-            String nameIDPolicyFormat = deployment.getNameIDPolicyFormat();
+            SAML2AuthnRequestBuilder authnRequestBuilder = buildSaml2AuthnRequestBuilder(deployment);
+            BaseSAML2BindingBuilder binding = createSaml2Binding(deployment);
+            sessionStore.saveRequest();
 
-            if (nameIDPolicyFormat == null) {
-                nameIDPolicyFormat =  JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
-            }
+            sendAuthnRequest(httpFacade, authnRequestBuilder, binding);
+            sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_IN);
+        } catch (Exception e) {
+            throw new RuntimeException("Could not create authentication request.", e);
+        }
+        return true;
+    }
+
+    public static BaseSAML2BindingBuilder createSaml2Binding(SamlDeployment deployment) {
+        BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
 
-            SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder()
-                    .destination(deployment.getIDP().getSingleSignOnService().getRequestBindingUrl())
-                    .issuer(issuerURL)
-                    .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
-                    .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
-            if (deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
-                String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
-                if (deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
-                    protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
-                }
-                authnRequestBuilder.protocolBinding(protocolBinding);
+        if (deployment.getIDP().getSingleSignOnService().signRequest()) {
 
+            binding.signatureAlgorithm(deployment.getSignatureAlgorithm());
+            KeyPair keypair = deployment.getSigningKeyPair();
+            if (keypair == null) {
+                throw new RuntimeException("Signing keys not configured");
             }
-            if (deployment.getAssertionConsumerServiceUrl() != null) {
-                authnRequestBuilder.assertionConsumerUrl(deployment.getAssertionConsumerServiceUrl());
+            if (deployment.getSignatureCanonicalizationMethod() != null) {
+                binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
             }
-            BaseSAML2BindingBuilder binding = new BaseSAML2BindingBuilder();
 
-            if (deployment.getIDP().getSingleSignOnService().signRequest()) {
+            binding.signWith(keypair);
+            binding.signDocument();
+        }
+        return binding;
+    }
 
+    public static SAML2AuthnRequestBuilder buildSaml2AuthnRequestBuilder(SamlDeployment deployment) {
+        String issuerURL = deployment.getEntityID();
+        String nameIDPolicyFormat = deployment.getNameIDPolicyFormat();
 
-                KeyPair keypair = deployment.getSigningKeyPair();
-                if (keypair == null) {
-                    throw new RuntimeException("Signing keys not configured");
-                }
-                if (deployment.getSignatureCanonicalizationMethod() != null) {
-                    binding.canonicalizationMethod(deployment.getSignatureCanonicalizationMethod());
-                }
+        if (nameIDPolicyFormat == null) {
+            nameIDPolicyFormat =  JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get();
+        }
 
-                binding.signWith(keypair);
-                binding.signDocument();
+        SAML2AuthnRequestBuilder authnRequestBuilder = new SAML2AuthnRequestBuilder()
+                .destination(deployment.getIDP().getSingleSignOnService().getRequestBindingUrl())
+                .issuer(issuerURL)
+                .forceAuthn(deployment.isForceAuthentication()).isPassive(deployment.isIsPassive())
+                .nameIdPolicy(SAML2NameIDPolicyBuilder.format(nameIDPolicyFormat));
+        if (deployment.getIDP().getSingleSignOnService().getResponseBinding() != null) {
+            String protocolBinding = JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get();
+            if (deployment.getIDP().getSingleSignOnService().getResponseBinding() == SamlDeployment.Binding.POST) {
+                protocolBinding = JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get();
             }
-            sessionStore.saveRequest();
+            authnRequestBuilder.protocolBinding(protocolBinding);
 
-            sendAuthnRequest(httpFacade, authnRequestBuilder, binding);
-            sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_IN);
-        } catch (Exception e) {
-            throw new RuntimeException("Could not create authentication request.", e);
         }
-        return true;
+        if (deployment.getAssertionConsumerServiceUrl() != null) {
+            authnRequestBuilder.assertionConsumerUrl(deployment.getAssertionConsumerServiceUrl());
+        }
+        return authnRequestBuilder;
     }
 
     protected abstract void sendAuthnRequest(HttpFacade httpFacade, SAML2AuthnRequestBuilder authnRequestBuilder, BaseSAML2BindingBuilder binding) throws ProcessingException, ConfigurationException, IOException;