add saml_client_signature attribute (#341)

wolfaba · web-flow · commit 4169f622aeb9 · 2025-02-20T09:32:08.000-05:00
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -1677,6 +1677,10 @@ saml_artifact_binding_url
 
 saml_assertion_consumer_url_post
 
+##### `saml_client_signature`
+
+saml.client.signature
+
 ##### `saml_assertion_signature`
 
 saml.assertion.signature
diff --git a/lib/puppet/provider/keycloak_client/kcadm.rb b/lib/puppet/provider/keycloak_client/kcadm.rb
@@ -18,6 +18,7 @@ def attributes_properties
       :saml_assertion_consumer_url_post,
       :saml_encrypt,
       :saml_assertion_signature,
+      :saml_client_signature,
       :saml_signing_certificate,
       :saml_encryption_certificate,
       :saml_signing_private_key
@@ -30,6 +31,7 @@ def dot_attributes_properties
       :backchannel_logout_url,
       :saml_encrypt,
       :saml_assertion_signature,
+      :saml_client_signature,
       :saml_signing_certificate,
       :saml_encryption_certificate,
       :saml_signing_private_key
diff --git a/lib/puppet/type/keycloak_client.rb b/lib/puppet/type/keycloak_client.rb
@@ -188,6 +188,10 @@ def insync?(is)
     desc 'saml.encrypt'
   end
 
+  newproperty(:saml_client_signature) do
+    desc 'saml.client.signature'
+  end
+
   newproperty(:saml_assertion_signature) do
     desc 'saml.assertion.signature'
   end
diff --git a/spec/acceptance/5_client_spec.rb b/spec/acceptance/5_client_spec.rb
@@ -48,6 +48,7 @@ class { 'keycloak': }
         saml_assertion_consumer_url_post        => 'https://saml.foo.bar/mellon/postResponse',
         saml_encrypt                            => 'true',
         saml_assertion_signature                => 'true',
+        saml_client_signature                   => 'true',
         saml_signing_certificate                => 'MIIDQzCCAiugAwIBAgIUNALBnAmwcPKLdBer4e0i22JiEd0wDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAwwlc2FtbF9zaWduaW5nX2NlcnRpZmljYXRlLXRlc3QuZm9vLmJhcjAgFw0yMjAzMTgyMjU1MTNaGA8yMTIyMDIyMjIyNTUxM1owMDEuMCwGA1UEAwwlc2FtbF9zaWduaW5nX2NlcnRpZmljYXRlLXRlc3QuZm9vLmJhcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPKEr/vAExQ9LxF9oiiyz7JNdHgB8wxGEd5SN7YF6UOToLH2lQL5PelGnsVD13y9/ZN2qr3xl54zz8IT8EimT8YXc0k7JEDLnKrvkz/xGSKnSFnudNM7B6i2VgM7uMbCCKKbOlULALUUnUmOAsKjRyTjcue4D1tULnha+ph+h/1T9Oc0VmDf6BV54lEwOe7m7teOZCTnrM2Ll2dsZV2tgMywt87r9/yQWt3rbMjaVsLUsgV/SBd4RU6WDrsae6P7ccOWeoFyQ4fP7i7Z+Wpa8Y9pdnNraqBNmkKb4pNkW+sJkkfA47YHafAtQO4E1cOnlsKJo0fXeMgiViCoDLVYPwcCAwEAAaNTMFEwHQYDVR0OBBYEFMuSde+sXzqeWtZPfY7Bsun3h3fzMB8GA1UdIwQYMBaAFMuSde+sXzqeWtZPfY7Bsun3h3fzMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAF+KdjMVaLGJmbBpV+mw6G9QVZ8DkiMKKz5+K2usCMCVf9XWVIyYXExsTBACk1FObHjXfHkk1A9nXOEFqgPBVS8CgSspVfQjIGhDy1lwhPkDvtyuIKIDb2kf52xTru/bsAWuSEXcjbKqszN6l78AaR93n6sZKUkIsnDpvi/mG4xXBumiluJyedbQw9yj/NsYouALGWWQeHDwNJGcAxDxiLvIZjXkAo6IXRQ85n29TiLFCbF5hPmiBlUNfo5reuobvhd+qDZOssiJ4q4VrSkHZ/u4Ri623+dgyZbDqwQ20NigfuoRaxbFWxbjl5T/lg30r7sqy/YOW2wevA0wSqyxMfw=',
         saml_encryption_certificate             => 'MIIDSTCCAjGgAwIBAgIUbJ6dLiM4/T9uLT4gd13tuD469lkwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAwwoc2FtbF9lbmNyeXB0aW9uX2NlcnRpZmljYXRlLXRlc3QuZm9vLmJhcjAgFw0yMjAzMTgyMjU1NDlaGA8yMTIyMDIyMjIyNTU0OVowMzExMC8GA1UEAwwoc2FtbF9lbmNyeXB0aW9uX2NlcnRpZmljYXRlLXRlc3QuZm9vLmJhcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKmzbda8/vwS3vn1OflWhcquzhh+FphTCA4PoRsqT2/AE5cbEPqVdPQxIUVXNL+l4LM7Kl4H0vSoi3gHlH1SQCc/772gXDtByxHP0QYg+FaEIG+LbsFYeB1jJMhGblf+0xOH3uPtN9jzjkz8Xhzpcq/xgTOJDyQPfSamzW0xUtK3iXd8B7K9nNdmOm9uLPZ1p2JLhvOJu6I6dapjLDoWgJnSnaYMgRuxShktTafWU3wolyo6c6+wago/CaoEdlrcwO7VvOd/gdhAuYUhYypD7t+1mWisEBWxLo2omflr2rm2nWQX5EKx4U1lhEPxxlo0AkCCj/7hQyJt5jMzg/4QGNUCAwEAAaNTMFEwHQYDVR0OBBYEFMNcZ9lzmttxhrdVXLm+deYLJyjeMB8GA1UdIwQYMBaAFMNcZ9lzmttxhrdVXLm+deYLJyjeMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEeYMFSGUGeWkgNKTmPL3l445ai4zMWUi92+vHeta44GlBKUAbNvC8Ab4mdVFCZF0lvKqUVfeKtTDD9wSko5XjjuhblLci7oa/gOFpp3dfb5d5xtNsSoVD9ndPopApYugGlKEJI9qL39FyP9Js+rm13gsHNrMGXIfBE+FSFXu0sp0NRBnbqvz5cB8jSRb40v67tGmFVadYhomIpFsES2FuM3bY6YbD0hJ4ozLczgpfPOYw41xIAGSgbB6rwRsu+VwV7L2DW3wtq6CHksLYoiNDmdZXz0HDqmfHcMKlpUPpAkY/8q6xaO/QNEzohI60TfMRklpCLP/25n4ao3VqrHdZo=',
         saml_signing_private_key                => 'MIIEpAIBAAKCAQEAtzXe4xaXsz5KdSQdz/4+jMdO1HiBNBuL2dIQ4b+DSP5IhSU+VPQP26G49fBWkN2ZSGMhOfvfxbcGjudIl7RRKRN1XqTgada/irqhU80Z8FTYWgl6A5px87nL1peCm8f2w6N220KLdoYI/KapdNP1CUXR6iBJOrEZ3lV3CtZR5DkeOvdMEsmyhP5ajI4PMKU15ANmq8S7vPd2q/OGSQziAj467gDFDTXTWVVo1vV1HWSz9an2wdIU7XdgrzRbuuCvgb5LLpbdyy+3j3RieoQAiDAiabKZqSMhiYc6mx21tD7ppN+H6RqzRulj/7WLdxckEJ736s1xSk8boOQhEqPoIQIDAQABAoIBAQCn3aQrTjgQ87IlQsJOIRYOx09jPkakB9lL6z2sml0gNF0eIdHK5RTimHtwXJX0hhY8TRfUmQOflONdbG0HEyCKElooLcmxMCKwafAHaJWrrxHM7YHua0SdnE84f/ob4kwnVU9B9ubx4j25wLrjYJHTvTVo38w5Cqw5GvXH6DeAc4gg0xtl1kYy53xO+3ybZDZy7EpEKFbgSLNZIryrIk3v1v2uWQWj30Gb2OqppTRt2X+zSSph5MUqPIfKUweL3Ow2MbCBdNESp8QifdUld1RWEgVbZWSvcZmfYpr9w/rU+JVrVydmCBx0k8VWJmBobZydr4niVLhkhuzY8DvfLyJBAoGBAOFijou/Mh2B4mRdycwOxBcJUeL318K5MR6ondidP5SEcHpTavaQjqE9N+I0W0GPsJhzuBiUHq60TjC5GV3OYTp/G+4M4ibVYyR9UG3CrHAlgu9asakVfcOHhOJmyyD1FtI4BlNNI+nv4Ds7nHahv3yFSF/pes9VaAKm9k5ZTzmXAoGBANAYwOW8obHCLmHcrJyHcZX9icJAXP+GvmpsJpZaBSE2bs/K2cwLZnBoiUX1jH+7wWtUV2CfATMAD2UASocaYrSSF91bZAJNe3D9QliRC10IZ6SBn1Pw7u3uYVHb7JE6z4IGIrn503En5ncZcxfoc0JE9bNIM3tyEygetS/EifMHAoGAAp0Z+hTlh+IRtghAZtVlAL9i67bkEaYEI87gxbpNGnPOuhxtiR50CPqkw0LILCJ2cc4lvGM7V9tPbNE4shXKmtsOf9w2YyzmUW4CmMNBLKvCsPPkS4msQ7A2okl+4Yr2EMoFiMHEQNo/R3CRh+6oQdFp3XLfsbfT1PQKty3h9VECgYEAn6euL1R21fO+NDTjdcBww/veelt5Pk65vtq1DDuKnf2uLNxcFzFT6cA6OaN3pPR/JAJ0e1vixqcwKHR9uYPj4NgJWTpp015w67JS+bJmfn0ZT1xnyjYaig+POQe7S31MgVyFvhvPPoy3Q/8Rj3E3JMvVmjQ102slCW3t4vUuRXcCgYAkfbK84PXNvDWXQFR27fWJsLwLzORYxnk0l4oFOOJy926m/WMOfw33pVhsJInHK+iRKwPv33zo5YkB1BeGWedvM/gAgq5eSo+eqSkKn5M+eaDTlvWFrDK5tW21m49wtYOKDGo99tjgfaoJDDhGkX0NdKZ23BEvW1AInhCPNyE5rg==',
@@ -124,6 +125,7 @@ class { 'keycloak': }
         expect(data['attributes']['saml_assertion_consumer_url_post']).to eq('https://saml.foo.bar/mellon/postResponse')
         expect(data['attributes']['saml.encrypt']).to eq('true')
         expect(data['attributes']['saml.assertion.signature']).to eq('true')
+        expect(data['attributes']['saml.client.signature']).to eq('true')
         expect(data['attributes']['saml.signing.certificate']).to eq('MIIDQzCCAiugAwIBAgIUNALBnAmwcPKLdBer4e0i22JiEd0' \
           'wDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAwwlc2FtbF9zaWduaW5nX2NlcnRpZmljYXRlLXRlc3QuZm9vLmJhcjAgFw0yMjAzMTgyMjU1M' \
           'TNaGA8yMTIyMDIyMjIyNTUxM1owMDEuMCwGA1UEAwwlc2FtbF9zaWduaW5nX2NlcnRpZmljYXRlLXRlc3QuZm9vLmJhcjCCASIwDQYJKoZ' \
diff --git a/spec/unit/puppet/type/keycloak_client_spec.rb b/spec/unit/puppet/type/keycloak_client_spec.rb
@@ -95,6 +95,7 @@
       :saml_assertion_consumer_url_post,
       :saml_encrypt,
       :saml_assertion_signature,
+      :saml_client_signature,
       :saml_signing_certificate,
       :saml_encryption_certificate,
       :saml_signing_private_key
