Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add saml client installation provider #263

Merged
merged 6 commits into from
Apr 13, 2020
Merged

feat: add saml client installation provider #263

merged 6 commits into from
Apr 13, 2020

Conversation

Filirom1
Copy link
Contributor

@Filirom1 Filirom1 commented Mar 26, 2020
edited
Loading

Hello,

I need to retrieve the SAML installation XML to inject it in AWS SAML Provider

resource "keycloak_realm" "realm" {
    realm   = "my-realm"
    enabled = true
}

resource "keycloak_saml_client" "saml_client" {
    realm_id                = "${keycloak_realm.realm.id}"
    client_id               = "test-saml-client"
    name                    = "test-saml-client"

    sign_documents          = false
    sign_assertions         = true
    include_authn_statement = true

    signing_certificate = "${file("saml-cert.pem")}"
    signing_private_key = "${file("saml-key.pem")}"
}

data "keycloak_saml_client_installation_provider" "saml_idp_descriptor" {
  realm_id    = "${keycloak_realm.realm.id}"
  client_id   = "${keycloak_saml_client.saml_client}"
  provider_id = "saml-idp-descriptor"
}

resource "aws_iam_saml_provider" "default" {
  name                   = "myprovider"
  saml_metadata_document = data.keycloak_saml_client_installation_provider.saml_idp_descriptor.value
}

I started this Pull Request that is working, but I will need help if you need tests or refactoring because I am not fluent in golang yet :-)

Cheers
Romain

@mrparkers
Copy link
Contributor

Hey @Filirom1, thanks for the PR!

I think the code you've submitted looks good so far. I really like the example you posted in this PR, that's a good use case for this data source. If you'd like, you could include that example in the docs to show off a real use case for this.

I've never personally used the "Installation" tab for a SAML client before, but based on the code you've submitted, it looks like you're expecting an XML document to be returned in the value attribute. I think a good test for this data source would create a realm, a saml client, and a saml installation provider data source (just like your example), and grab the value attribute from the data source and use golang's xml package to parse it. You'll have to create a basic struct with xml tags, but you don't have to include the entire structure of the xml payload if you don't want to. All I want to assert is that the value attribute is an xml document.

You can look at examples for parsing xml in the xml package godoc: https://golang.org/pkg/encoding/xml/. Feel free to model your test similarly to the other data source tests.

If you have any specific questions about any of this please feel free to let me know. Thanks!

@Filirom1
Copy link
Contributor Author

Filirom1 commented Apr 6, 2020

Is it OK for you @mrparkers ?

mrparkers
mrparkers approved these changes Apr 13, 2020
View reviewed changes
Copy link
Contributor

@mrparkers mrparkers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the PR!

@mrparkers mrparkers merged commit 92cdb36 into keycloak:master Apr 13, 2020
@jurgen-weber-deltatre
Copy link

so for setting up a SAML client for AWS...

signing_certificate = "${file("saml-cert.pem")}"

signing_private_key = "${file("saml-key.pem")}"

what are these files? Where do I get them?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrparkers mrparkers mrparkers approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Filirom1 @mrparkers @jurgen-weber-deltatre