Merge pull request keycloak#3483 from hmlnarik/KEYCLOAK-3870-keycloak…

…-saml-xsd

KEYCLOAK-3870 Schema for keycloak-saml.xml

adapters/saml/core/src/test/java/org/keycloak/adapters/saml/config/parsers/KeycloakSamlAdapterXMLParserTest.java

@@ -87,7 +87,7 @@ public void testXmlParser() throws Exception {
         assertEquals(1, config.getSps().size());
         SP sp = config.getSps().get(0);
         assertEquals("sp", sp.getEntityID());
-        assertEquals("ssl", sp.getSslPolicy());
+        assertEquals("EXTERNAL", sp.getSslPolicy());
         assertEquals("format", sp.getNameIDPolicyFormat());
         assertTrue(sp.isForceAuthentication());
         assertTrue(sp.isIsPassive());
@@ -106,26 +106,26 @@ public void testXmlParser() throws Exception {
         assertTrue(encryption.isEncryption());
         assertEquals("private pem", encryption.getPrivateKeyPem());
         assertEquals("public pem", encryption.getPublicKeyPem());
-        assertEquals("policy", sp.getPrincipalNameMapping().getPolicy());
+        assertEquals("FROM_ATTRIBUTE", sp.getPrincipalNameMapping().getPolicy());
         assertEquals("attribute", sp.getPrincipalNameMapping().getAttributeName());
         assertTrue(sp.getRoleAttributes().size() == 1);
         assertTrue(sp.getRoleAttributes().contains("member"));
 
         IDP idp = sp.getIdp();
         assertEquals("idp", idp.getEntityID());
-        assertEquals("RSA", idp.getSignatureAlgorithm());
+        assertEquals("RSA_SHA256", idp.getSignatureAlgorithm());
         assertEquals("canon", idp.getSignatureCanonicalizationMethod());
         assertTrue(idp.getSingleSignOnService().isSignRequest());
         assertTrue(idp.getSingleSignOnService().isValidateResponseSignature());
-        assertEquals("post", idp.getSingleSignOnService().getRequestBinding());
+        assertEquals("POST", idp.getSingleSignOnService().getRequestBinding());
         assertEquals("url", idp.getSingleSignOnService().getBindingUrl());
 
         assertTrue(idp.getSingleLogoutService().isSignRequest());
         assertTrue(idp.getSingleLogoutService().isSignResponse());
         assertTrue(idp.getSingleLogoutService().isValidateRequestSignature());
         assertTrue(idp.getSingleLogoutService().isValidateResponseSignature());
-        assertEquals("redirect", idp.getSingleLogoutService().getRequestBinding());
-        assertEquals("post", idp.getSingleLogoutService().getResponseBinding());
+        assertEquals("REDIRECT", idp.getSingleLogoutService().getRequestBinding());
+        assertEquals("POST", idp.getSingleLogoutService().getResponseBinding());
         assertEquals("posturl", idp.getSingleLogoutService().getPostBindingUrl());
         assertEquals("redirecturl", idp.getSingleLogoutService().getRedirectBindingUrl());
 

adapters/saml/core/src/test/resources/org/keycloak/adapters/saml/config/parsers/keycloak-saml-multiple-signing-keys.xml

@@ -15,9 +15,11 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter">
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="sp"
-        sslPolicy="ssl"
+        sslPolicy="ALL"
         nameIDPolicyFormat="format"
         forceAuthentication="true"
         isPassive="true">
@@ -37,28 +39,28 @@
                 </PublicKeyPem>
             </Key>
         </Keys>
-        <PrincipalNameMapping policy="policy" attribute="attribute"/>
+        <PrincipalNameMapping policy="FROM_ATTRIBUTE" attribute="attribute"/>
         <RoleIdentifiers>
             <Attribute name="member"/>
         </RoleIdentifiers>
         <IDP entityID="idp"
-             signatureAlgorithm="RSA"
+             signatureAlgorithm="RSA_SHA512"
              signatureCanonicalizationMethod="canon"
              signaturesRequired="true"
                 >
             <SingleSignOnService signRequest="true"
                                  validateResponseSignature="true"
-                                 requestBinding="post"
-                                 bindingUrl="url"
+                                 requestBinding="POST"
+                                 bindingUrl="bindingurl"
                     />
 
             <SingleLogoutService
                     validateRequestSignature="true"
                     validateResponseSignature="true"
                     signRequest="true"
                     signResponse="true"
-                    requestBinding="redirect"
-                    responseBinding="post"
+                    requestBinding="REDIRECT"
+                    responseBinding="POST"
                     postBindingUrl="posturl"
                     redirectBindingUrl="redirecturl"
                     />

adapters/saml/core/src/test/resources/org/keycloak/adapters/saml/config/parsers/keycloak-saml-wth-http-client-settings.xml

@@ -15,9 +15,11 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter">
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="sp"
-        sslPolicy="ssl"
+        sslPolicy="ALL"
         nameIDPolicyFormat="format"
         forceAuthentication="true"
         isPassive="true">
@@ -37,18 +39,18 @@
                 </PublicKeyPem>
             </Key>
         </Keys>
-        <PrincipalNameMapping policy="policy" attribute="attribute"/>
+        <PrincipalNameMapping policy="FROM_ATTRIBUTE" attribute="attribute"/>
         <RoleIdentifiers>
             <Attribute name="member"/>
         </RoleIdentifiers>
         <IDP entityID="idp"
-             signatureAlgorithm="RSA"
+             signatureAlgorithm="RSA_SHA512"
              signatureCanonicalizationMethod="canon"
              signaturesRequired="true"
                 >
             <SingleSignOnService signRequest="true"
                                  validateResponseSignature="true"
-                                 requestBinding="post"
+                                 requestBinding="POST"
                                  bindingUrl="url"
                     />
 
@@ -57,8 +59,8 @@
                     validateResponseSignature="true"
                     signRequest="true"
                     signResponse="true"
-                    requestBinding="redirect"
-                    responseBinding="post"
+                    requestBinding="REDIRECT"
+                    responseBinding="POST"
                     postBindingUrl="posturl"
                     redirectBindingUrl="redirecturl"
                     />

adapters/saml/core/src/test/resources/org/keycloak/adapters/saml/config/parsers/keycloak-saml.xml

@@ -15,14 +15,16 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter">
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="sp"
-        sslPolicy="ssl"
+        sslPolicy="EXTERNAL"
         nameIDPolicyFormat="format"
         forceAuthentication="true"
         isPassive="true">
         <Keys>
-            <Key signing="true" >
+            <Key signing="true">
                 <KeyStore file="file" resource="cp" password="pw">
                     <PrivateKey alias="private alias" password="private pw"/>
                     <Certificate alias="cert alias"/>
@@ -37,18 +39,18 @@
                 </PublicKeyPem>
             </Key>
         </Keys>
-        <PrincipalNameMapping policy="policy" attribute="attribute"/>
+        <PrincipalNameMapping policy="FROM_ATTRIBUTE" attribute="attribute"/>
         <RoleIdentifiers>
             <Attribute name="member"/>
         </RoleIdentifiers>
         <IDP entityID="idp"
-             signatureAlgorithm="RSA"
+             signatureAlgorithm="RSA_SHA256"
              signatureCanonicalizationMethod="canon"
              signaturesRequired="true"
                 >
             <SingleSignOnService signRequest="true"
                                  validateResponseSignature="true"
-                                 requestBinding="post"
+                                 requestBinding="POST"
                                  bindingUrl="url"
                     />
 
@@ -57,8 +59,8 @@
                     validateResponseSignature="true"
                     signRequest="true"
                     signResponse="true"
-                    requestBinding="redirect"
-                    responseBinding="post"
+                    requestBinding="REDIRECT"
+                    responseBinding="POST"
                     postBindingUrl="posturl"
                     redirectBindingUrl="redirecturl"
                     />

examples/saml/post-with-encryption/src/main/webapp/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8080/sales-post-enc/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

examples/saml/post-with-signature/src/main/webapp/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8080/sales-post-sig/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

examples/saml/redirect-with-signature/src/main/webapp/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8080/employee-sig/"
         sslPolicy="EXTERNAL"
         logoutPage="/logout.jsp"

examples/saml/servlet-filter/src/main/webapp/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8080/saml-servlet-filter/"
         sslPolicy="EXTERNAL"
         logoutPage="/logout.jsp">

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-assertion-sales-post-sig/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/bad-assertion-sales-post-sig/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-sales-post-sig/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/bad-client-sales-post-sig/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-client-signed-post/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/bad-client-sales-post-sig/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-sales-post-sig/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/bad-realm-sales-post-sig/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/bad-realm-signed-post/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/bad-realm-sales-post-sig/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-front/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/employee-sig-front/"
         sslPolicy="EXTERNAL"
         logoutPage="/logout.jsp"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-post-noidpkey/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/employee-sig-post-noidpkey/"
         sslPolicy="EXTERNAL"
         logoutPage="/logout.jsp"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-redir-noidpkey/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/employee-sig-redir-noidpkey/"
         sslPolicy="EXTERNAL"
         logoutPage="/logout.jsp"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig-redir-opt-noidpkey/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/employee-sig-redir-opt-noidpkey/"
         sslPolicy="EXTERNAL"
         logoutPage="/logout.jsp"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee-sig/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/employee-sig/"
         sslPolicy="EXTERNAL"
         logoutPage="/logout.jsp"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/employee/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/employee2/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/employee2/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/encrypted-post/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/sales-post-enc/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/input-portal/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/input-portal/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"

testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/mappers/WEB-INF/keycloak-saml.xml

@@ -15,7 +15,9 @@
   ~ limitations under the License.
   -->
 
-<keycloak-saml-adapter>
+<keycloak-saml-adapter xmlns="urn:keycloak:saml:adapter"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="urn:keycloak:saml:adapter http://www.keycloak.org/schema/keycloak_saml_adapter_1_7.xsd">
     <SP entityID="http://localhost:8081/employee2/"
         sslPolicy="EXTERNAL"
         nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"