You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by sk...@apache.org on 2018/03/29 11:57:35 UTC
syncope git commit: [SYNCOPE-1148] Added new option for SAML
extension - SAML-initiated self-registration
Repository: syncope
Updated Branches:
refs/heads/2_0_X b513d7af3 -> 31493e5d2
[SYNCOPE-1148] Added new option for SAML extension - SAML-initiated self-registration
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/31493e5d
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/31493e5d
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/31493e5d
Branch: refs/heads/2_0_X
Commit: 31493e5d2fc95e94460e02b8fa884ffc50758017
Parents: b513d7a
Author: skylark17 <ma...@tirasa.net>
Authored: Thu Mar 29 13:57:24 2018 +0200
Committer: skylark17 <ma...@tirasa.net>
Committed: Thu Mar 29 13:57:24 2018 +0200
----------------------------------------------------------------------
.../markup/html/form/AjaxCheckBoxPanel.html | 2 +-
.../syncope/client/enduser/pages/HomePage.java | 2 +
.../META-INF/resources/app/css/app.css | 4 +-
.../resources/META-INF/resources/app/index.html | 2 +
.../resources/META-INF/resources/app/js/app.js | 13 ++++
.../app/js/controllers/LoginController.js | 4 ++
.../app/js/controllers/SAML2SPController.js | 29 +++++++++
.../app/js/controllers/UserController.js | 30 +++++++++
.../app/js/services/saml2IdPService.js | 3 +-
.../resources/app/js/services/saml2SPService.js | 42 +++++++++++++
.../META-INF/resources/app/views/self.html | 6 +-
.../ext/saml2lsp/agent/AssertionConsumer.java | 38 +++++++++---
.../syncope/ext/saml2lsp/agent/Constants.java | 4 ++
.../client/console/pages/SAML2SPSelfReg.java | 38 ++++++++++++
.../console/wizards/SAML2IdPWizardBuilder.java | 4 ++
.../panels/SAML2IdPsDirectoryPanel.properties | 1 +
.../SAML2IdPsDirectoryPanel_it.properties | 1 +
.../SAML2IdPsDirectoryPanel_pt_BR.properties | 1 +
.../SAML2IdPsDirectoryPanel_ru.properties | 1 +
.../client/enduser/pages/SAML2SPSelfReg.java | 50 +++++++++++++++
.../resources/SAML2SPUserAttrsResource.java | 65 ++++++++++++++++++++
.../syncope/common/lib/to/SAML2IdPTO.java | 10 +++
.../common/lib/to/SAML2LoginResponseTO.java | 10 +++
.../apache/syncope/core/logic/SAML2SPLogic.java | 17 +++++
.../core/logic/saml2/SAML2IdPEntity.java | 4 ++
.../core/logic/saml2/SAML2UserManager.java | 2 +-
.../core/persistence/api/entity/SAML2IdP.java | 4 ++
.../persistence/jpa/entity/JPASAML2IdP.java | 15 +++++
.../validation/entity/SAML2IdPValidator.java | 10 +++
.../java/data/SAML2IdPDataBinderImpl.java | 2 +
.../src/main/webapp/WEB-INF/web.xml | 5 ++
.../src/main/webapp/WEB-INF/web.xml | 5 ++
32 files changed, 410 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/console/src/main/resources/org/apache/syncope/client/console/wicket/markup/html/form/AjaxCheckBoxPanel.html
----------------------------------------------------------------------
diff --git a/client/console/src/main/resources/org/apache/syncope/client/console/wicket/markup/html/form/AjaxCheckBoxPanel.html b/client/console/src/main/resources/org/apache/syncope/client/console/wicket/markup/html/form/AjaxCheckBoxPanel.html
index 17289db..e2efccd 100644
--- a/client/console/src/main/resources/org/apache/syncope/client/console/wicket/markup/html/form/AjaxCheckBoxPanel.html
+++ b/client/console/src/main/resources/org/apache/syncope/client/console/wicket/markup/html/form/AjaxCheckBoxPanel.html
@@ -23,7 +23,7 @@ under the License.
<body>
<wicket:extend>
<div class="checkbox">
- <label style="width:100%">
+ <label style="width:100%">
<input type="checkbox" wicket:id="checkboxField" />
<wicket:enclosure child="field-label">
<label wicket:id="field-label">[LABEL]</label><span wicket:id="required"/>
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/java/org/apache/syncope/client/enduser/pages/HomePage.java
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/pages/HomePage.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/pages/HomePage.java
index ef9ab90..1e78222 100644
--- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/pages/HomePage.java
+++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/pages/HomePage.java
@@ -38,6 +38,8 @@ public class HomePage extends WebPage {
} else if (!parameters.get("successMessage").isNull()) {
redirectUrl.append("#!self?successMessage=");
appendMessage(redirectUrl, parameters.get("successMessage").toString());
+ } else if (!parameters.get("saml2SPUserAttrs").isNull()) {
+ redirectUrl.append("#!self-saml2sp");
}
throw new NonResettingRestartException(redirectUrl.toString());
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/css/app.css
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/css/app.css b/client/enduser/src/main/resources/META-INF/resources/app/css/app.css
index 1e7b3c4..721abf7 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/css/app.css
+++ b/client/enduser/src/main/resources/META-INF/resources/app/css/app.css
@@ -72,10 +72,10 @@ under the License.
z-index : 10001;
}
-treasure-overlay-spinner.treasure-overlay-spinner-active .treasure-overlay-spinner-content {
+treasure-overlay-spinner .treasure-overlay-spinner-content {
height: 100%;
}
-treasure-overlay-spinner.treasure-overlay-spinner-active {
+treasure-overlay-spinner {
height: 100%;
top: 0;
bottom: 0;
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/index.html
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/index.html b/client/enduser/src/main/resources/META-INF/resources/app/index.html
index 33b8f07..cd4542a 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/index.html
+++ b/client/enduser/src/main/resources/META-INF/resources/app/index.html
@@ -100,9 +100,11 @@ under the License.
<script src="js/services/groupService.js"></script>
<script src="js/services/anyService.js"></script>
<script src="js/services/saml2IdPService.js"></script>
+ <script src="js/services/saml2SPService.js"></script>
<!--controllers-->
<script src="js/controllers/HomeController.js"></script>
<script src="js/controllers/LoginController.js"></script>
+ <script src="js/controllers/SAML2SPController.js"></script>
<script src="js/controllers/UserController.js"></script>
<!--directives-->
<script src="js/directives/dynamicPlainAttribute.js"></script>
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
index c1f47df..d4857a0 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/app.js
@@ -73,6 +73,19 @@ app.config(['$stateProvider', '$urlRouterProvider', '$httpProvider', '$translate
url: '/self?errorMessage',
templateUrl: 'views/self.html'
})
+ /* <Extensions> */
+ .state('self-saml2sp', {
+ url: '/self-saml2sp',
+ templateUrl: 'views/self.html',
+ controller: 'SAML2SPController',
+ resolve: {
+ 'userAttrs': ['SAML2SPService',
+ function (SAML2SPService) {
+ return SAML2SPService.getSAML2SPUserAttrs();
+ }]
+ }
+ })
+ /* <Extensions> */
.state('user-self-update', {
url: '/user-self-update',
templateUrl: 'views/home.html',
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/LoginController.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/LoginController.js b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/LoginController.js
index 1b68e07..b58aced 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/LoginController.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/LoginController.js
@@ -61,12 +61,15 @@ angular.module("login").controller("LoginController", ['$scope', '$rootScope', '
console.error("error retrieving user login status", response);
});
};
+
$scope.selfCreate = function () {
$location.path("/self/create");
};
+
$scope.passwordReset = function () {
$location.path("/passwordreset");
};
+
$scope.$watch(function () {
return $location.search().successMessage;
}, function (successMessage) {
@@ -76,6 +79,7 @@ angular.module("login").controller("LoginController", ['$scope', '$rootScope', '
delete $location.$$search.successMessage;
}
});
+
$scope.$watch(function () {
return $location.search().errorMessage;
}, function (errorMessage) {
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/SAML2SPController.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/SAML2SPController.js b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/SAML2SPController.js
new file mode 100644
index 0000000..05adf18
--- /dev/null
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/SAML2SPController.js
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+'use strict';
+angular.module("login").controller("SAML2SPController", function ($scope, $rootScope, $location, userAttrs) {
+ $scope.selfCreate = function () {
+ $location.path("/self/create");
+ };
+
+ $rootScope.saml2idps.userAttrs = userAttrs;
+
+ $scope.selfCreate();
+});
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
index d682cde..ec380bd 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js
@@ -43,6 +43,10 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
value: ""
};
+ /* <Extensions> */
+ $scope.loadFromSAML2AuthSelfReg = $rootScope.saml2idps.userAttrs && $rootScope.saml2idps.userAttrs.length;
+ /* <Extensions> */
+
$scope.initUser = function () {
$scope.dynamicForm = {
plainSchemas: [],
@@ -61,6 +65,12 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
groupSchemas: ['own']
};
+ var findLoadedSAML2AttrValue = function (schemaKey) {
+ var found = $filter('filter')($rootScope.saml2idps.userAttrs, {"schema": schemaKey}, true);
+ return (found && found.length && found[0].values && found[0].values.length)
+ ? found[0].values : [];
+ };
+
var initUserSchemas = function (anyTypeClass, group) {
// initialization is done here synchronously to have all schema fields populated correctly
var schemaService;
@@ -113,6 +123,11 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
schema: plainSchemaKey,
values: initialAttributeValues
};
+
+ if ($scope.loadFromSAML2AuthSelfReg) {
+ $scope.user.plainAttrs[plainSchemaKey].values = findLoadedSAML2AttrValue(plainSchemaKey);
+ }
+
if (schemas.plainSchemas[i].multivalue) {
// initialize multivalue schema and support table: create mode, default multivalues
if (initialAttributeValues.length > 0) {
@@ -162,6 +177,11 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
schema: virSchemaKey,
values: []
};
+
+ if ($scope.loadFromSAML2AuthSelfReg) {
+ $scope.user.virAttrs[virSchemaKey].values = findLoadedSAML2AttrValue(virSchemaKey);
+ }
+
// initialize multivalue attribute and support table: create mode, only first value
$scope.dynamicForm.virtualAttributeTable[schemas.virSchemas[i].key] = {
fields: [schemas.virSchemas[i].key + "_" + 0]
@@ -182,6 +202,9 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
$scope.dynamicForm.plainSchemas = $scope.dynamicForm.plainSchemas.concat(schemas.plainSchemas);
$scope.dynamicForm.derSchemas = $scope.dynamicForm.derSchemas.concat(schemas.derSchemas);
$scope.dynamicForm.virSchemas = $scope.dynamicForm.virSchemas.concat(schemas.virSchemas);
+
+ //clean SAML Self Reg user attributes variable
+ delete $rootScope.saml2idps.userAttrs;
};
var initSecurityQuestions = function () {
@@ -421,6 +444,13 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l
initUserSchemas(null, $scope.dynamicForm.selectedGroups[index]);
}
initProperties();
+
+ if ($scope.loadFromSAML2AuthSelfReg) {
+ var username = findLoadedSAML2AttrValue("username");
+ if (username.length) {
+ $scope.user.username = username[0];
+ }
+ }
} else {
// read user from syncope core
readUser();
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2IdPService.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2IdPService.js b/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2IdPService.js
index 0c61bf1..7db0056 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2IdPService.js
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2IdPService.js
@@ -30,7 +30,8 @@ angular.module('self')
.then(function (response) {
return response.data;
}, function (response) {
- console.error("Something went wrong during saml2Idp extesion retrieval, exit with status: ", response);
+ console.error("Something went wrong during saml2Idp extension retrieval, exit with status: ",
+ response);
return $q.reject(response.data || response.statusText);
});
};
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2SPService.js
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2SPService.js b/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2SPService.js
new file mode 100644
index 0000000..85ac6a0
--- /dev/null
+++ b/client/enduser/src/main/resources/META-INF/resources/app/js/services/saml2SPService.js
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+'use strict';
+
+angular.module('self')
+ .factory('SAML2SPService', ['$q', '$http',
+ function ($q, $http) {
+
+ var saml2SPService = {};
+
+ saml2SPService.getSAML2SPUserAttrs = function () {
+ return $http.get("../api/saml2SPs/userAttrs")
+ .then(function (response) {
+ return response.data;
+ }, function (response) {
+ console.error("Something went wrong while getting saml2 user attributes, exit with status: ",
+ response);
+ return $q.reject(response.data || response.statusText);
+ });
+ };
+
+ return saml2SPService;
+ }]);
+
+
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/client/enduser/src/main/resources/META-INF/resources/app/views/self.html
----------------------------------------------------------------------
diff --git a/client/enduser/src/main/resources/META-INF/resources/app/views/self.html b/client/enduser/src/main/resources/META-INF/resources/app/views/self.html
index c7f41a2..1cc279e 100644
--- a/client/enduser/src/main/resources/META-INF/resources/app/views/self.html
+++ b/client/enduser/src/main/resources/META-INF/resources/app/views/self.html
@@ -35,11 +35,13 @@ under the License.
<form id="login-form" class="form form-signin" novalidate>
<fieldset class="form-group input-group">
<div class="form-group">
- <input autofocus="autofocus" type="text" class="form-control" id="login-username" placeholder="{{'USERNAME_PLACEHOLDER'| translate}}"
+ <input autofocus="autofocus" type="text" class="form-control" id="login-username"
+ placeholder="{{'USERNAME_PLACEHOLDER'| translate}}"
ng-required ng-model="credentials.username">
</div>
<div class="form-group">
- <input type="password" class="form-control" id="login-password" placeholder="{{'PASSWORD_PLACEHOLDER'| translate}}"
+ <input type="password" class="form-control" id="login-password"
+ placeholder="{{'PASSWORD_PLACEHOLDER'| translate}}"
ng-required ng-model="credentials.password">
</div>
<div class="form-group" ng-controller="UserController">
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/AssertionConsumer.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/AssertionConsumer.java b/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/AssertionConsumer.java
index a2fec3a..aae650b 100644
--- a/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/AssertionConsumer.java
+++ b/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/AssertionConsumer.java
@@ -18,6 +18,8 @@
*/
package org.apache.syncope.ext.saml2lsp.agent;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
@@ -27,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.common.lib.to.AttrTO;
import org.apache.syncope.common.lib.to.SAML2LoginResponseTO;
import org.apache.syncope.common.rest.api.service.SAML2SPService;
@@ -35,6 +38,9 @@ public class AssertionConsumer extends AbstractSAML2SPServlet {
private static final long serialVersionUID = 968480296813639041L;
+ private static final ObjectMapper MAPPER =
+ new ObjectMapper().setSerializationInclusion(JsonInclude.Include.NON_EMPTY);
+
@Override
protected void doPost(final HttpServletRequest request, final HttpServletResponse response)
throws ServletException, IOException {
@@ -49,15 +55,33 @@ public class AssertionConsumer extends AbstractSAML2SPServlet {
request.getRemoteAddr(),
request.getInputStream()));
- request.getSession(true).setAttribute(Constants.SAML2SPJWT, responseTO.getAccessToken());
- request.getSession(true).setAttribute(Constants.SAML2SPJWT_EXPIRE, responseTO.getAccessTokenExpiryTime());
+ if (responseTO.isSelfReg()) {
+ responseTO.getAttrs().add(
+ new AttrTO.Builder().schema("username").values(responseTO.getUsername()).build());
+ request.getSession(true).
+ setAttribute(Constants.SAML2SP_USER_ATTRS, MAPPER.writeValueAsString(responseTO.getAttrs()));
- String successURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGIN_SUCCESS_URL);
- if (successURL == null) {
- request.setAttribute("responseTO", responseTO);
- request.getRequestDispatcher("loginSuccess.jsp").forward(request, response);
+ String selfRegRedirectURL =
+ getServletContext().getInitParameter(Constants.CONTEXT_PARAM_REDIRECT_SELFREG_URL);
+ if (selfRegRedirectURL == null) {
+ request.setAttribute("responseTO", responseTO);
+ request.getRequestDispatcher("loginSuccess.jsp").forward(request, response);
+ } else {
+ response.sendRedirect(selfRegRedirectURL);
+ }
} else {
- response.sendRedirect(successURL + "?sloSupported=" + responseTO.isSloSupported());
+ request.getSession(true).
+ setAttribute(Constants.SAML2SPJWT, responseTO.getAccessToken());
+ request.getSession(true).
+ setAttribute(Constants.SAML2SPJWT_EXPIRE, responseTO.getAccessTokenExpiryTime());
+
+ String successURL = getServletContext().getInitParameter(Constants.CONTEXT_PARAM_LOGIN_SUCCESS_URL);
+ if (successURL == null) {
+ request.setAttribute("responseTO", responseTO);
+ request.getRequestDispatcher("loginSuccess.jsp").forward(request, response);
+ } else {
+ response.sendRedirect(successURL + "?sloSupported=" + responseTO.isSloSupported());
+ }
}
} catch (Exception e) {
LOG.error("While processing authentication response from IdP", e);
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Constants.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Constants.java b/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Constants.java
index b7da815..c02c582 100644
--- a/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Constants.java
+++ b/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Constants.java
@@ -34,10 +34,14 @@ public final class Constants {
public static final String CONTEXT_PARAM_LOGOUT_ERROR_URL = "saml2sp.logout.error.url";
+ public static final String CONTEXT_PARAM_REDIRECT_SELFREG_URL = "saml2sp.redirect.selfreg";
+
public static final String SAML2SPJWT = "saml2sp.jwt";
public static final String SAML2SPJWT_EXPIRE = "saml2sp.jwt.expire";
+ public static final String SAML2SP_USER_ATTRS = "saml2sp.userattrs";
+
private Constants() {
// private constructor for static utility class
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPSelfReg.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPSelfReg.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPSelfReg.java
new file mode 100644
index 0000000..c7633e8
--- /dev/null
+++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPSelfReg.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.console.pages;
+
+import org.apache.wicket.markup.html.WebPage;
+import org.apache.wicket.request.mapper.parameter.PageParameters;
+
+public class SAML2SPSelfReg extends WebPage {
+
+ private static final long serialVersionUID = -4330637558823990359L;
+
+ private static final String SAML_ACCESS_ERROR =
+ "SAML 2.0 error - Admin Console does not support Self Registration";
+
+ public SAML2SPSelfReg(final PageParameters parameters) {
+ super(parameters);
+
+ PageParameters params = new PageParameters();
+ params.add("errorMessage", SAML_ACCESS_ERROR);
+ setResponsePage(Login.class, params);
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
index 3376e64..53e342f 100644
--- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
+++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
@@ -111,6 +111,10 @@ public class SAML2IdPWizardBuilder extends AjaxWizardBuilder<SAML2IdPTO> {
"field", "createUnmatching", new PropertyModel<Boolean>(idpTO, "createUnmatching"), false);
fields.add(createUnmatching);
+ AjaxCheckBoxPanel selfRegUnmatching = new AjaxCheckBoxPanel(
+ "field", "selfRegUnmatching", new PropertyModel<Boolean>(idpTO, "selfRegUnmatching"), false);
+ fields.add(selfRegUnmatching);
+
AjaxCheckBoxPanel updateMatching = new AjaxCheckBoxPanel(
"field", "updateMatching", new PropertyModel<Boolean>(idpTO, "updateMatching"), false);
fields.add(updateMatching);
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
index 60b2a65..c2ecfe3 100644
--- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
+++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
@@ -26,3 +26,4 @@ createUnmatching=Create unmatching users
updateMatching=Update matching users
actionsClassNames=Actions
template.title=user template
+selfRegUnmatching=SAML-initiated self-registration
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties
index f1afdad..bf8fa9e 100644
--- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties
+++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties
@@ -26,3 +26,4 @@ createUnmatching=Create unmatching users
updateMatching=Update matching users
actionsClassNames=Azioni
template.title=template utenti
+selfRegUnmatching=SAML-initiated self-registration
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties
index f7bedbe..4836116 100644
--- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties
+++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties
@@ -26,3 +26,4 @@ createUnmatching=Create unmatching users
updateMatching=Update matching users
actionsClassNames=Actions
template.title=user template
+selfRegUnmatching=SAML-initiated self-registration
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties
index 311846b..f003174 100644
--- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties
+++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties
@@ -26,3 +26,4 @@ createUnmatching=Create unmatching users
updateMatching=Update matching users
actionsClassNames=\u0414\u0435\u0439\u0441\u0442\u0432\u0438\u044f
template.title=user template
+selfRegUnmatching=SAML-initiated self-registration
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/client-enduser/src/main/java/org/apache/syncope/client/enduser/pages/SAML2SPSelfReg.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-enduser/src/main/java/org/apache/syncope/client/enduser/pages/SAML2SPSelfReg.java b/ext/saml2sp/client-enduser/src/main/java/org/apache/syncope/client/enduser/pages/SAML2SPSelfReg.java
new file mode 100644
index 0000000..d7d2b45
--- /dev/null
+++ b/ext/saml2sp/client-enduser/src/main/java/org/apache/syncope/client/enduser/pages/SAML2SPSelfReg.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.enduser.pages;
+
+import org.apache.syncope.ext.saml2lsp.agent.Constants;
+import org.apache.wicket.markup.html.WebPage;
+import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
+import org.apache.wicket.request.mapper.parameter.PageParameters;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SAML2SPSelfReg extends WebPage {
+
+ private static final Logger LOG = LoggerFactory.getLogger(SAML2SPSelfReg.class);
+
+ private static final long serialVersionUID = -4330637558823990359L;
+
+ private static final String SAML_ACCESS_ERROR = "SAML 2.0 error - while getting user attributes";
+
+ public SAML2SPSelfReg(final PageParameters parameters) {
+ super(parameters);
+
+ PageParameters params = new PageParameters();
+ try {
+ params.add("saml2SPUserAttrs", ((ServletWebRequest) getRequest()).getContainerRequest().
+ getSession().getAttribute(Constants.SAML2SP_USER_ATTRS));
+ } catch (Exception e) {
+ LOG.error("While extracting user attributes", e);
+
+ params.add("errorMessage", SAML_ACCESS_ERROR);
+ }
+ setResponsePage(getApplication().getHomePage(), params);
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/client-enduser/src/main/java/org/apache/syncope/client/enduser/resources/SAML2SPUserAttrsResource.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-enduser/src/main/java/org/apache/syncope/client/enduser/resources/SAML2SPUserAttrsResource.java b/ext/saml2sp/client-enduser/src/main/java/org/apache/syncope/client/enduser/resources/SAML2SPUserAttrsResource.java
new file mode 100644
index 0000000..9d6e6af
--- /dev/null
+++ b/ext/saml2sp/client-enduser/src/main/java/org/apache/syncope/client/enduser/resources/SAML2SPUserAttrsResource.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.enduser.resources;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.apache.syncope.client.enduser.annotations.Resource;
+import org.apache.syncope.ext.saml2lsp.agent.Constants;
+import org.apache.wicket.request.cycle.RequestCycle;
+import org.apache.wicket.request.resource.AbstractResource;
+import org.apache.wicket.request.resource.IResource;
+
+@Resource(key = "saml2SPs", path = "/api/saml2SPs/userAttrs")
+public class SAML2SPUserAttrsResource extends BaseResource {
+
+ private static final long serialVersionUID = 7273151109078469253L;
+
+ @Override
+ protected ResourceResponse newResourceResponse(final IResource.Attributes attributes) {
+ ResourceResponse response = new ResourceResponse();
+ response.setContentType(MediaType.APPLICATION_JSON);
+
+ try {
+ response.setTextEncoding(StandardCharsets.UTF_8.name());
+ response.setWriteCallback(new AbstractResource.WriteCallback() {
+
+ @Override
+ public void writeData(final Attributes attributes) throws IOException {
+ attributes.getResponse().write(
+ (CharSequence) ((HttpServletRequest) RequestCycle.get().getRequest().
+ getContainerRequest()).getSession().getAttribute(Constants.SAML2SP_USER_ATTRS));
+ }
+ });
+ response.setStatusCode(Response.Status.OK.getStatusCode());
+ } catch (Exception e) {
+ LOG.error("Error retrieving saml2 user attributes", e);
+ response.setError(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), new StringBuilder()
+ .append("ErrorMessage{{ ")
+ .append(e.getMessage())
+ .append(" }}")
+ .toString());
+ }
+
+ return response;
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
index 12f53ab..aa2d2af 100644
--- a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
+++ b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
@@ -51,6 +51,8 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai
private boolean updateMatching;
+ private boolean selfRegUnmatching;
+
private boolean useDeflateEncoding;
private boolean supportUnsolicited;
@@ -108,6 +110,14 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai
this.createUnmatching = createUnmatching;
}
+ public boolean isSelfRegUnmatching() {
+ return selfRegUnmatching;
+ }
+
+ public void setSelfRegUnmatching(final boolean selfRegUnmatching) {
+ this.selfRegUnmatching = selfRegUnmatching;
+ }
+
public boolean isUpdateMatching() {
return updateMatching;
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2LoginResponseTO.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2LoginResponseTO.java b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2LoginResponseTO.java
index 2b02eb4..4c1f122 100644
--- a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2LoginResponseTO.java
+++ b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2LoginResponseTO.java
@@ -57,6 +57,8 @@ public class SAML2LoginResponseTO extends AbstractBaseBean {
private boolean sloSupported;
+ private boolean selfReg;
+
public String getNameID() {
return nameID;
}
@@ -161,4 +163,12 @@ public class SAML2LoginResponseTO extends AbstractBaseBean {
this.sloSupported = sloSupported;
}
+ public boolean isSelfReg() {
+ return selfReg;
+ }
+
+ public void setSelfReg(final boolean selfReg) {
+ this.selfReg = selfReg;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 8fe4e5a..3b68c48 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -45,6 +45,7 @@ import org.apache.syncope.common.lib.to.AttrTO;
import org.apache.syncope.common.lib.to.SAML2RequestTO;
import org.apache.syncope.common.lib.to.SAML2LoginResponseTO;
import org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO;
+import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.CipherAlgorithm;
import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.SAML2BindingType;
@@ -502,6 +503,22 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean> {
return userManager.create(idp, responseTO, nameIDValue);
}
});
+ } else if (idp.isSelfRegUnmatching()) {
+ responseTO.setNameID(nameID.getValue());
+ UserTO userTO = new UserTO();
+
+ userManager.fill(idp, responseTO, userTO);
+
+ responseTO.getAttrs().clear();
+ responseTO.getAttrs().addAll(userTO.getPlainAttrs());
+ responseTO.getAttrs().addAll(userTO.getVirAttrs());
+ if (StringUtils.isNotBlank(userTO.getUsername())) {
+ responseTO.setUsername(userTO.getUsername());
+ }
+
+ responseTO.setSelfReg(true);
+
+ return responseTO;
} else {
throw new NotFoundException("User matching the provided value " + keyValue);
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java
index 7b44396..dfc3617 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java
@@ -128,6 +128,10 @@ public class SAML2IdPEntity {
return idpTO.isCreateUnmatching();
}
+ public boolean isSelfRegUnmatching() {
+ return idpTO.isSelfRegUnmatching();
+ }
+
public boolean isUpdateMatching() {
return idpTO.isUpdateMatching();
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2UserManager.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2UserManager.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2UserManager.java
index f4374e6..3a3cc48 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2UserManager.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2UserManager.java
@@ -192,7 +192,7 @@ public class SAML2UserManager {
return actions;
}
- private void fill(final SAML2IdPEntity idp, final SAML2LoginResponseTO responseTO, final UserTO userTO) {
+ public void fill(final SAML2IdPEntity idp, final SAML2LoginResponseTO responseTO, final UserTO userTO) {
for (ItemTO item : idp.getItems()) {
List<String> values = Collections.emptyList();
AttrTO samlAttr = responseTO.getAttr(item.getExtAttrName());
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java b/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java
index 44c2c3a..fecf121 100644
--- a/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java
+++ b/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java
@@ -40,6 +40,10 @@ public interface SAML2IdP extends Entity {
void setCreateUnmatching(boolean createUnmatching);
+ boolean isSelfRegUnmatching();
+
+ void setSelfRegUnmatching(boolean selfRegUnmatching);
+
boolean isUpdateMatching();
void setUpdateMatching(boolean updateMatching);
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java
index f15d9b4..1b9e4db 100644
--- a/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java
+++ b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java
@@ -77,6 +77,11 @@ public class JPASAML2IdP extends AbstractGeneratedKeyEntity implements SAML2IdP
@Min(0)
@Max(1)
@Column(nullable = false)
+ private Integer selfRegUnmatching;
+
+ @Min(0)
+ @Max(1)
+ @Column(nullable = false)
private Integer updateMatching;
@Min(0)
@@ -143,6 +148,16 @@ public class JPASAML2IdP extends AbstractGeneratedKeyEntity implements SAML2IdP
}
@Override
+ public boolean isSelfRegUnmatching() {
+ return isBooleanAsInteger(selfRegUnmatching);
+ }
+
+ @Override
+ public void setSelfRegUnmatching(final boolean selfRegUnmatching) {
+ this.selfRegUnmatching = getBooleanAsInteger(selfRegUnmatching);
+ }
+
+ @Override
public boolean isUpdateMatching() {
return isBooleanAsInteger(updateMatching);
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java
index 225c6d1..c03d701 100644
--- a/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java
+++ b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/validation/entity/SAML2IdPValidator.java
@@ -30,6 +30,16 @@ public class SAML2IdPValidator extends AbstractValidator<SAML2IdPCheck, SAML2IdP
@Override
public boolean isValid(final SAML2IdP value, final ConstraintValidatorContext context) {
+
+ if (value.isSelfRegUnmatching() && value.isCreateUnmatching()) {
+ context.buildConstraintViolationWithTemplate(
+ getTemplate(EntityViolationType.Standard,
+ "Either selfRegUnmatching or createUnmatching, not both")).
+ addPropertyNode("selfRegUnmatching").
+ addPropertyNode("createUnmatching").addConstraintViolation();
+ return false;
+ }
+
long connObjectKeys = IterableUtils.countMatches(value.getItems(), new Predicate<SAML2IdPItem>() {
@Override
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java
index 17842d3..011e149 100644
--- a/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java
+++ b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java
@@ -178,6 +178,7 @@ public class SAML2IdPDataBinderImpl implements SAML2IdPDataBinder {
idp.setName(idpTO.getName());
idp.setMetadata(Base64.decode(idpTO.getMetadata()));
idp.setCreateUnmatching(idpTO.isCreateUnmatching());
+ idp.setSelfRegUnmatching(idpTO.isSelfRegUnmatching());
idp.setUpdateMatching(idpTO.isUpdateMatching());
idp.setUseDeflateEncoding(idpTO.isUseDeflateEncoding());
idp.setSupportUnsolicited(idpTO.isSupportUnsolicited());
@@ -243,6 +244,7 @@ public class SAML2IdPDataBinderImpl implements SAML2IdPDataBinder {
idpTO.setSupportUnsolicited(idp.isSupportUnsolicited());
idpTO.setBindingType(idp.getBindingType());
idpTO.setCreateUnmatching(idp.isCreateUnmatching());
+ idpTO.setSelfRegUnmatching(idp.isSelfRegUnmatching());
idpTO.setUpdateMatching(idp.isUpdateMatching());
idpTO.setMetadata(Base64.encode(idp.getMetadata()));
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/fit/console-reference/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/fit/console-reference/src/main/webapp/WEB-INF/web.xml b/fit/console-reference/src/main/webapp/WEB-INF/web.xml
index 66a800e..890e5b0 100644
--- a/fit/console-reference/src/main/webapp/WEB-INF/web.xml
+++ b/fit/console-reference/src/main/webapp/WEB-INF/web.xml
@@ -47,6 +47,11 @@ under the License.
<param-name>saml2sp.logout.error.url</param-name>
<param-value>../wicket/bookmarkable/org.apache.syncope.client.console.pages.Login</param-value>
</context-param>
+
+ <context-param>
+ <param-name>saml2sp.redirect.selfreg</param-name>
+ <param-value>../wicket/bookmarkable/org.apache.syncope.client.console.pages.SAML2SPSelfReg</param-value>
+ </context-param>
<!-- SESSION TIMEOUT (MINUTES)-->
<session-config>
http://git-wip-us.apache.org/repos/asf/syncope/blob/31493e5d/fit/enduser-reference/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/fit/enduser-reference/src/main/webapp/WEB-INF/web.xml b/fit/enduser-reference/src/main/webapp/WEB-INF/web.xml
index fa4720d..7f61a36 100644
--- a/fit/enduser-reference/src/main/webapp/WEB-INF/web.xml
+++ b/fit/enduser-reference/src/main/webapp/WEB-INF/web.xml
@@ -47,6 +47,11 @@ under the License.
<param-name>saml2sp.logout.error.url</param-name>
<param-value>../wicket/bookmarkable/org.apache.syncope.client.enduser.pages.HomePage</param-value>
</context-param>
+
+ <context-param>
+ <param-name>saml2sp.redirect.selfreg</param-name>
+ <param-value>../wicket/bookmarkable/org.apache.syncope.client.enduser.pages.SAML2SPSelfReg</param-value>
+ </context-param>
<!-- SESSION TIMEOUT (MINUTES)-->
<session-config>