From e07493ce0846eca44c7544d65090b4dc5ed160b0 Mon Sep 17 00:00:00 2001 From: cgeorgilakis-grnet Date: Thu, 10 Oct 2024 16:50:31 +0300 Subject: [PATCH] SAML Federation process reexecute when no all IDPs are added --- CHANGELOG.md | 5 +++++ pom.xml | 2 +- .../federation/SAMLFederationProvider.java | 21 +++++++++++++++++-- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e5f48291640..4d36777e04de 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,11 @@ Full Keycloak upstream jira issue can be shown if filtered by Fix version. Our Keycloak version is working well with PostgreSQL database. For using other SQL databases, text field in database need to be evaluated. +## [Unreleased] + +### Changed +- SAML Federation process reexecute when no all IDPs are added + ## [22.0.11-1.9] - 2024-10-10 ### Fixed diff --git a/pom.xml b/pom.xml index dc3adbe61106..0580677b2e65 100644 --- a/pom.xml +++ b/pom.xml @@ -47,7 +47,7 @@ 3.2.12.Final 3.2.12.Final - ${project.version}-1.9 + ${project.version}-1.10rc1 ${timestamp} diff --git a/services/src/main/java/org/keycloak/broker/saml/federation/SAMLFederationProvider.java b/services/src/main/java/org/keycloak/broker/saml/federation/SAMLFederationProvider.java index 167773306338..a513c65a8ff4 100644 --- a/services/src/main/java/org/keycloak/broker/saml/federation/SAMLFederationProvider.java +++ b/services/src/main/java/org/keycloak/broker/saml/federation/SAMLFederationProvider.java @@ -173,8 +173,9 @@ public void updateSamlEntities() { List entities = new ArrayList(); Date validUntil = null; + InputStream inputStream = null; try { - InputStream inputStream = session.getProvider(HttpClientProvider.class).get(model.getUrl()); + inputStream = session.getProvider(HttpClientProvider.class).get(model.getUrl()); Object parsedObject = SAMLParser.getInstance().parse(inputStream); EntitiesDescriptorType entitiesDescriptorType = (EntitiesDescriptorType) parsedObject; if (entitiesDescriptorType.getValidUntil() != null ) { @@ -184,10 +185,18 @@ public void updateSamlEntities() { entities = getEntityDescriptors(entitiesDescriptorType); } catch (ParsingException | IOException e) { e.printStackTrace(); + } finally { + try { + if (inputStream != null) + inputStream.close(); + } + catch (IOException e) { + logger.error("Cannot close InputStream"); + } } if(entities.isEmpty()) - { + { return; } @@ -215,6 +224,7 @@ public void updateSamlEntities() { logger.info("Start parsing the SAML federation (id): " + model.getAlias()); try { Integer addIdPsBatchSize = realm.getAttribute(FEDERATION_INSERT_BATCH_SIZE, DEFAULT_BATCH_SIZE); + boolean reExecute = false; for (EntityDescriptorType entity : entities) { if (!parseEntity(entity)) { @@ -261,6 +271,7 @@ public void updateSamlEntities() { identityProviderModel = new SAMLIdentityProviderConfig(identityProviderModel); } else { if (addedIdps.size() > addIdPsBatchSize) { + reExecute = true; //do not parse and add more than addIdPsBatchSize IdPs continue; } @@ -364,6 +375,12 @@ public void updateSamlEntities() { model.setLastMetadataRefreshTimestamp(new Date().getTime()); realm.taskExecutionFederation(model, addedIdps, updatedIdps, existingIdps); + if (reExecute) { + TimerProvider timer = session.getProvider(TimerProvider.class); + UpdateFederation updateFederation = new UpdateFederation(model.getInternalId(),realmId); + ClusterAwareScheduledTaskRunner taskRunner = new ClusterAwareScheduledTaskRunner(session.getKeycloakSessionFactory(), updateFederation,180 * 1000); + timer.scheduleOnce(taskRunner, 180 * 1000, "UpdateFederationPart" + Instant.now().toString()); + } logger.info("Finished updating IdPs of federation (id): " + model.getInternalId()); } catch (Exception e) {