public URI generateRedirectUri(String samlParameterName, String redirectUri, Document document) throws ConfigurationException, ProcessingException, IOException { KeycloakUriBuilder builder = KeycloakUriBuilder.fromUri(redirectUri) .replaceQuery(null) .queryParam(samlParameterName, base64Encoded(document)); if (relayState != null) { builder.queryParam("RelayState", relayState); } if (sign) { builder.queryParam( GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, signatureAlgorithm.getXmlSignatureMethod()); URI uri = builder.build(); String rawQuery = uri.getRawQuery(); Signature signature = signatureAlgorithm.createSignature(); byte[] sig = new byte[0]; try { signature.initSign(signingKeyPair.getPrivate()); signature.update(rawQuery.getBytes("UTF-8")); sig = signature.sign(); } catch (InvalidKeyException | UnsupportedEncodingException | SignatureException e) { throw new ProcessingException(e); } String encodedSig = RedirectBindingUtil.base64URLEncode(sig); builder.queryParam(GeneralConstants.SAML_SIGNATURE_REQUEST_KEY, encodedSig); } return builder.build(); }
public void signDocument(Document samlDocument) throws ProcessingException { String signatureMethod = signatureAlgorithm.getXmlSignatureMethod(); String signatureDigestMethod = signatureAlgorithm.getXmlSignatureDigestMethod(); SAML2Signature samlSignature = new SAML2Signature(); if (signatureMethod != null) { samlSignature.setSignatureMethod(signatureMethod); } if (signatureDigestMethod != null) { samlSignature.setDigestMethod(signatureDigestMethod); } Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument); samlSignature.setNextSibling(nextSibling); if (signingCertificate != null) { samlSignature.setX509Certificate(signingCertificate); } samlSignature.signSAMLDocument( samlDocument, signingKeyName, signingKeyPair, canonicalizationMethodType); }