SAML Elytron Adapter Galleon Pack

[Nate]

Do we know what version of Wildfly will get this pulled in and when?  https://issues.redhat.com/browse/WFLY-16306

[Cameron Rodriguez]

Hi Nate,

The changes in WFLY-16306 depend on a separate PR being merged in Keycloak (https://github.com/keycloak/keycloak/pull/15964), and then being added to a new feature pack. Discussions are still ongoing, so there isn't an immediate timeline available. Sorry about that.

Best,

On Sat, Feb 25, 2023 at 1:01 PM Nate <luvt...@gmail.com> wrote:

Do we know what version of Wildfly will get this pulled in and when?  https://issues.redhat.com/browse/WFLY-16306

--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/cbc92939-8707-4743-a9a4-3c366564220dn%40googlegroups.com.

--

Cameron Rodriguez (he/him)

Software Engineering Intern

WildFly Elytron

caro...@redhat.com

[Nate]

Hi,

Thank you for the reply.  However, does it really depend on the keycloak bit?  That just says it provides a galleon layer to make installing the Keycloak Elytron SAML Adapter easier.  I already have a homemade galleon layer with accompanying CLI script to install it.  I am just waiting on the support for it on the Wildfly (Elytron Security) side.  Since the legacy-security subsystem was removed in Wildfly 25 I literally cannot upgrade past Wildfly24 because I cannot install the Keycloak SAML Adapter nor the Keycloak Elytron SAML Adapter.  Is there another SAML adapter solution that you can recommend?

Thanks again,

Nate

[Diana Krepinska]

Hello Nate,

can you please elaborate on why you cannot install keycloak elytron SAML adapter past WildFly 24? I just tried to install it on wildfly-26.1.1.Final. I unzipped keycloak-saml-wildfly-adapter-21.0.0.zip in WILDFLY-26_HOME and run ./bin/jboss-cli.sh -c --file=bin/adapter-elytron-install-saml.cli as mentioned in their docs https://www.keycloak.org/docs/latest/securing_apps/#_saml_jboss_adapter and it passed okay.

If it does not pass for you, can you provide error log and your server configuration and ideally a sample app to reproduce with?

Thank you!

[Nate]

Thank you so much for looking into my problem.  I am building a bootable-jar with wildfly-jar-maven-plugin.  I run the adapter-elytron-install-saml.cli during the build using the plugin's cli-session handler.  I am building the jar with a custom feature-pack which includes my application plus a custom keycloak-saml layer.  I get the following error at run-time:

Caused by: java.lang.RuntimeException: Legacy WildFly security layer is no longer supported by the Keycloak WildFly adapter
at org.keycloak.keycloak-...@21.0.0//org.keycloak.subsystem.adapter.saml.extension.KeycloakDependencyProcessorWildFly.addPlatformSpecificModules(KeycloakDependencyProcessorWildFly.java:42)
at org.keycloak.keycloak-...@21.0.0//org.keycloak.subsystem.adapter.saml.extension.KeycloakDependencyProcessor.deploy(KeycloakDependencyProcessor.java:68)
at org.jboss...@18.1.0.Final//org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:182)
... 8 more

I will try to throw together a sample app to reproduce the issue.

Thanks again

[Nate]

Never mind and thank you for your support.  Turns out I had jboss-web.xml files in some of my webapps that had <security-domain> set explicitly and that is what caused the error above.