You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by sk...@apache.org on 2020/03/19 08:35:26 UTC
[syncope] branch SYNCOPE-163-1 updated: [SYNCOPE-160] Added new
attributes for OIDC RPs and SAML2 SPs
This is an automated email from the ASF dual-hosted git repository.
skylark17 pushed a commit to branch SYNCOPE-163-1
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/SYNCOPE-163-1 by this push:
new b52b588 [SYNCOPE-160] Added new attributes for OIDC RPs and SAML2 SPs
b52b588 is described below
commit b52b588614d7c8e527eb8c970396ba8207e7eee0
Author: skylark17 <sk...@apache.org>
AuthorDate: Wed Mar 18 14:40:47 2020 +0100
[SYNCOPE-160] Added new attributes for OIDC RPs and SAML2 SPs
---
.../common/lib/to/client/OIDCRelyingPartyTO.java | 68 +++++++++-
.../lib/to/client/SAML2ServiceProviderTO.java | 136 ++++++++++++++++++-
.../syncope/common/lib/types/OIDCSubjectType.java | 17 +--
.../lib/types/SAML2ServiceProviderNameId.java | 43 ++++++
.../entity/authentication/OIDCRelyingParty.java | 19 ++-
.../authentication/SAML2ServiceProvider.java | 47 +++++++
.../dao/authentication/JPAOIDCRelyingPartyDAO.java | 3 +-
.../entity/authentication/JPAOIDCRelyingParty.java | 81 ++++++++++--
.../authentication/JPASAML2ServiceProvider.java | 145 +++++++++++++++++++++
.../jpa/inner/OIDCRelyingPartyTest.java | 20 +--
.../jpa/inner/SAML2ServiceProviderTest.java | 4 +
.../core/persistence/jpa/outer/PolicyTest.java | 6 +-
.../java/data/OIDCRelyingPartyDataBinderImpl.java | 20 ++-
.../data/SAML2ServiceProviderDataBinderImpl.java | 24 +++-
.../syncope/fit/core/OIDCRelyingPartyITCase.java | 13 +-
.../fit/core/SAML2ServiceProviderITCase.java | 11 +-
16 files changed, 610 insertions(+), 47 deletions(-)
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/OIDCRelyingPartyTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/OIDCRelyingPartyTO.java
index 54f473f..e8f5f57 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/OIDCRelyingPartyTO.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/OIDCRelyingPartyTO.java
@@ -20,17 +20,20 @@ package org.apache.syncope.common.lib.to.client;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.swagger.v3.oas.annotations.media.Schema;
+import java.util.ArrayList;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
-import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
+import org.apache.syncope.common.lib.types.OIDCSubjectType;
-@XmlRootElement(name = "openIdConnectRelyingParty")
+@XmlRootElement(name = "oidcRelyingParty")
@XmlType
@Schema(allOf = { ClientAppTO.class })
public class OIDCRelyingPartyTO extends ClientAppTO {
@@ -41,11 +44,22 @@ public class OIDCRelyingPartyTO extends ClientAppTO {
private String clientSecret;
+ private boolean signIdToken;
+
+ private String jwks;
+
+ private OIDCSubjectType subjectType;
+
private final List<String> redirectUris = new ArrayList<>();
+ private final Set<String> supportedGrantTypes = new HashSet<>();
+
+ private final Set<String> supportedResponseTypes = new HashSet<>();
+
@XmlTransient
@JsonProperty("@class")
- @Schema(name = "@class", required = true, example = "org.apache.syncope.common.lib.to.OpenIdConnectRelyingPartyTO")
+ @Schema(name = "@class", required = true,
+ example = "org.apache.syncope.common.lib.to.client.OIDCRelyingPartyTO")
@Override
public String getDiscriminator() {
return getClass().getName();
@@ -74,6 +88,44 @@ public class OIDCRelyingPartyTO extends ClientAppTO {
return redirectUris;
}
+ @XmlElementWrapper(name = "supportedGrantTypes")
+ @XmlElement(name = "supportedGrantType")
+ @JsonProperty("supportedGrantTypes")
+ public Set<String> getSupportedGrantTypes() {
+ return supportedGrantTypes;
+ }
+
+ @XmlElementWrapper(name = "supportedResponseTypes")
+ @XmlElement(name = "supportedResponseType")
+ @JsonProperty("supportedResponseTypes")
+ public Set<String> getSupportedResponseTypes() {
+ return supportedResponseTypes;
+ }
+
+ public boolean isSignIdToken() {
+ return signIdToken;
+ }
+
+ public void setSignIdToken(final boolean signIdToken) {
+ this.signIdToken = signIdToken;
+ }
+
+ public String getJwks() {
+ return jwks;
+ }
+
+ public void setJwks(final String jwks) {
+ this.jwks = jwks;
+ }
+
+ public OIDCSubjectType getSubjectType() {
+ return subjectType;
+ }
+
+ public void setSubjectType(final OIDCSubjectType subjectType) {
+ this.subjectType = subjectType;
+ }
+
@Override
public boolean equals(final Object obj) {
if (obj == null) {
@@ -91,6 +143,11 @@ public class OIDCRelyingPartyTO extends ClientAppTO {
.append(this.clientId, rhs.clientId)
.append(this.clientSecret, rhs.clientSecret)
.append(this.redirectUris, rhs.redirectUris)
+ .append(this.supportedGrantTypes, rhs.supportedGrantTypes)
+ .append(this.supportedResponseTypes, rhs.supportedResponseTypes)
+ .append(this.signIdToken, rhs.signIdToken)
+ .append(this.jwks, rhs.jwks)
+ .append(this.subjectType, rhs.subjectType)
.isEquals();
}
@@ -101,6 +158,11 @@ public class OIDCRelyingPartyTO extends ClientAppTO {
.append(clientId)
.append(clientSecret)
.append(redirectUris)
+ .append(supportedGrantTypes)
+ .append(supportedResponseTypes)
+ .append(signIdToken)
+ .append(jwks)
+ .append(subjectType)
.toHashCode();
}
}
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/SAML2ServiceProviderTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/SAML2ServiceProviderTO.java
index 18f4360..4ef2d59 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/SAML2ServiceProviderTO.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/client/SAML2ServiceProviderTO.java
@@ -25,6 +25,7 @@ import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
+import org.apache.syncope.common.lib.types.SAML2ServiceProviderNameId;
@XmlRootElement(name = "saml2ServiceProvider")
@XmlType
@@ -37,9 +38,32 @@ public class SAML2ServiceProviderTO extends ClientAppTO {
private String metadataLocation;
+ private String metadataSignatureLocation;
+
+ private boolean signAssertions;
+
+ private boolean signResponses;
+
+ private boolean encryptionOptional;
+
+ private boolean encryptAssertions;
+
+ private String requiredAuthenticationContextClass;
+
+ private SAML2ServiceProviderNameId requiredNameIdFormat;
+
+ private Integer skewAllowance;
+
+ private String nameIdQualifier;
+
+ private String assertionAudiences;
+
+ private String serviceProviderNameIdQualifier;
+
@XmlTransient
@JsonProperty("@class")
- @Schema(name = "@class", required = true, example = "org.apache.syncope.common.lib.to.SAML2ServiceProviderTO")
+ @Schema(name = "@class", required = true,
+ example = "org.apache.syncope.common.lib.to.client.SAML2ServiceProviderTO")
@Override
public String getDiscriminator() {
return getClass().getName();
@@ -61,6 +85,94 @@ public class SAML2ServiceProviderTO extends ClientAppTO {
this.metadataLocation = metadataLocation;
}
+ public String getMetadataSignatureLocation() {
+ return metadataSignatureLocation;
+ }
+
+ public void setMetadataSignatureLocation(final String metadataSignatureLocation) {
+ this.metadataSignatureLocation = metadataSignatureLocation;
+ }
+
+ public boolean isSignAssertions() {
+ return signAssertions;
+ }
+
+ public void setSignAssertions(final boolean signAssertions) {
+ this.signAssertions = signAssertions;
+ }
+
+ public boolean isSignResponses() {
+ return signResponses;
+ }
+
+ public void setSignResponses(final boolean signResponses) {
+ this.signResponses = signResponses;
+ }
+
+ public boolean isEncryptionOptional() {
+ return encryptionOptional;
+ }
+
+ public void setEncryptionOptional(final boolean encryptionOptional) {
+ this.encryptionOptional = encryptionOptional;
+ }
+
+ public boolean isEncryptAssertions() {
+ return encryptAssertions;
+ }
+
+ public void setEncryptAssertions(final boolean encryptAssertions) {
+ this.encryptAssertions = encryptAssertions;
+ }
+
+ public String getRequiredAuthenticationContextClass() {
+ return requiredAuthenticationContextClass;
+ }
+
+ public void setRequiredAuthenticationContextClass(final String requiredAuthenticationContextClass) {
+ this.requiredAuthenticationContextClass = requiredAuthenticationContextClass;
+ }
+
+ public SAML2ServiceProviderNameId getRequiredNameIdFormat() {
+ return requiredNameIdFormat;
+ }
+
+ public void setRequiredNameIdFormat(final SAML2ServiceProviderNameId requiredNameIdFormat) {
+ this.requiredNameIdFormat = requiredNameIdFormat;
+ }
+
+ public Integer getSkewAllowance() {
+ return skewAllowance;
+ }
+
+ public void setSkewAllowance(final Integer skewAllowance) {
+ this.skewAllowance = skewAllowance;
+ }
+
+ public String getNameIdQualifier() {
+ return nameIdQualifier;
+ }
+
+ public void setNameIdQualifier(final String nameIdQualifier) {
+ this.nameIdQualifier = nameIdQualifier;
+ }
+
+ public String getAssertionAudiences() {
+ return assertionAudiences;
+ }
+
+ public void setAssertionAudiences(final String assertionAudiences) {
+ this.assertionAudiences = assertionAudiences;
+ }
+
+ public String getServiceProviderNameIdQualifier() {
+ return serviceProviderNameIdQualifier;
+ }
+
+ public void setServiceProviderNameIdQualifier(final String serviceProviderNameIdQualifier) {
+ this.serviceProviderNameIdQualifier = serviceProviderNameIdQualifier;
+ }
+
@Override
public boolean equals(final Object obj) {
if (obj == null) {
@@ -77,6 +189,17 @@ public class SAML2ServiceProviderTO extends ClientAppTO {
.appendSuper(super.equals(obj))
.append(this.entityId, rhs.entityId)
.append(this.metadataLocation, rhs.metadataLocation)
+ .append(this.metadataSignatureLocation, rhs.metadataSignatureLocation)
+ .append(this.signAssertions, rhs.signAssertions)
+ .append(this.signResponses, rhs.signResponses)
+ .append(this.encryptionOptional, rhs.encryptionOptional)
+ .append(this.encryptAssertions, rhs.encryptAssertions)
+ .append(this.requiredAuthenticationContextClass, rhs.requiredAuthenticationContextClass)
+ .append(this.requiredNameIdFormat, rhs.requiredNameIdFormat)
+ .append(this.skewAllowance, rhs.skewAllowance)
+ .append(this.nameIdQualifier, rhs.nameIdQualifier)
+ .append(this.assertionAudiences, rhs.assertionAudiences)
+ .append(this.serviceProviderNameIdQualifier, rhs.serviceProviderNameIdQualifier)
.isEquals();
}
@@ -86,6 +209,17 @@ public class SAML2ServiceProviderTO extends ClientAppTO {
.appendSuper(super.hashCode())
.append(entityId)
.append(metadataLocation)
+ .append(metadataSignatureLocation)
+ .append(signAssertions)
+ .append(signResponses)
+ .append(encryptionOptional)
+ .append(encryptAssertions)
+ .append(requiredAuthenticationContextClass)
+ .append(requiredNameIdFormat)
+ .append(skewAllowance)
+ .append(nameIdQualifier)
+ .append(assertionAudiences)
+ .append(serviceProviderNameIdQualifier)
.toHashCode();
}
}
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/SAML2ServiceProvider.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
similarity index 70%
copy from core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/SAML2ServiceProvider.java
copy to common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
index 8e25a08..93966a5 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/SAML2ServiceProvider.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/OIDCSubjectType.java
@@ -7,7 +7,7 @@
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
@@ -15,17 +15,14 @@
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
- *
*/
-package org.apache.syncope.core.persistence.api.entity.authentication;
-
-public interface SAML2ServiceProvider extends ClientApp {
-
- String getEntityId();
+package org.apache.syncope.common.lib.types;
- void setEntityId(String id);
+import javax.xml.bind.annotation.XmlEnum;
- String getMetadataLocation();
+@XmlEnum
+public enum OIDCSubjectType {
+ PAIRWISE,
+ PUBLIC
- void setMetadataLocation(String location);
}
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SAML2ServiceProviderNameId.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SAML2ServiceProviderNameId.java
new file mode 100644
index 0000000..1cdad24
--- /dev/null
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SAML2ServiceProviderNameId.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+import javax.xml.bind.annotation.XmlEnum;
+
+@XmlEnum
+public enum SAML2ServiceProviderNameId {
+
+ EMAIL_ADDRESS("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"),
+ UNSPECIFIED("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"),
+ ENTITY("urn:oasis:names:tc:SAML:2.0:nameid-format:entity"),
+ PERSISTENT("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"),
+ TRANSIENT("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"),
+ ENCRYPTED("urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted");
+
+ private final String nameId;
+
+ SAML2ServiceProviderNameId(final String nameId) {
+ this.nameId = nameId;
+ }
+
+ public String getNameId() {
+ return nameId;
+ }
+
+}
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/OIDCRelyingParty.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/OIDCRelyingParty.java
index 3e310b8..cffe89c 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/OIDCRelyingParty.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/OIDCRelyingParty.java
@@ -20,6 +20,8 @@
package org.apache.syncope.core.persistence.api.entity.authentication;
import java.util.List;
+import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCSubjectType;
public interface OIDCRelyingParty extends ClientApp {
@@ -33,5 +35,20 @@ public interface OIDCRelyingParty extends ClientApp {
List<String> getRedirectUris();
- void setRedirectUris(List<String> uris);
+ Set<String> getSupportedGrantTypes();
+
+ Set<String> getSupportedResponseTypes();
+
+ boolean isSignIdToken();
+
+ void setSignIdToken(boolean signIdToken);
+
+ String getJwks();
+
+ void setJwks(String jwks);
+
+ OIDCSubjectType getSubjectType();
+
+ void setSubjectType(OIDCSubjectType subjectType);
+
}
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/SAML2ServiceProvider.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/SAML2ServiceProvider.java
index 8e25a08..99834fd 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/SAML2ServiceProvider.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/authentication/SAML2ServiceProvider.java
@@ -19,6 +19,8 @@
*/
package org.apache.syncope.core.persistence.api.entity.authentication;
+import org.apache.syncope.common.lib.types.SAML2ServiceProviderNameId;
+
public interface SAML2ServiceProvider extends ClientApp {
String getEntityId();
@@ -28,4 +30,49 @@ public interface SAML2ServiceProvider extends ClientApp {
String getMetadataLocation();
void setMetadataLocation(String location);
+
+ void setMetadataSignatureLocation(String location);
+
+ String getMetadataSignatureLocation();
+
+ void setSignAssertions(boolean location);
+
+ boolean isSignAssertions();
+
+ void setSignResponses(boolean location);
+
+ boolean isSignResponses();
+
+ void setEncryptionOptional(boolean location);
+
+ boolean isEncryptionOptional();
+
+ void setEncryptAssertions(boolean location);
+
+ boolean isEncryptAssertions();
+
+ void setRequiredAuthenticationContextClass(String location);
+
+ String getRequiredAuthenticationContextClass();
+
+ void setRequiredNameIdFormat(SAML2ServiceProviderNameId location);
+
+ SAML2ServiceProviderNameId getRequiredNameIdFormat();
+
+ void setSkewAllowance(Integer location);
+
+ Integer getSkewAllowance();
+
+ void setNameIdQualifier(String location);
+
+ String getNameIdQualifier();
+
+ void setAssertionAudiences(String location);
+
+ String getAssertionAudiences();
+
+ void setServiceProviderNameIdQualifier(String location);
+
+ String getServiceProviderNameIdQualifier();
+
}
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/authentication/JPAOIDCRelyingPartyDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/authentication/JPAOIDCRelyingPartyDAO.java
index f09c849..e01808e 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/authentication/JPAOIDCRelyingPartyDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/authentication/JPAOIDCRelyingPartyDAO.java
@@ -29,8 +29,7 @@ import javax.persistence.TypedQuery;
import java.util.List;
@Repository
-public class JPAOIDCRelyingPartyDAO extends AbstractDAO<OIDCRelyingParty>
- implements OIDCRelyingPartyDAO {
+public class JPAOIDCRelyingPartyDAO extends AbstractDAO<OIDCRelyingParty> implements OIDCRelyingPartyDAO {
@Override
public OIDCRelyingParty find(final String key) {
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/authentication/JPAOIDCRelyingParty.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/authentication/JPAOIDCRelyingParty.java
index 49fecab..37c40fb 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/authentication/JPAOIDCRelyingParty.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/authentication/JPAOIDCRelyingParty.java
@@ -29,13 +29,16 @@ import javax.persistence.JoinColumn;
import javax.persistence.Table;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
+import org.apache.syncope.common.lib.types.OIDCSubjectType;
@Entity
@Table(name = JPAOIDCRelyingParty.TABLE)
public class JPAOIDCRelyingParty extends AbstractClientApp implements OIDCRelyingParty {
- public static final String TABLE = "OpenIdConnectRelyingParty";
+ public static final String TABLE = "OIDCRelyingParty";
private static final long serialVersionUID = 7422422526695279794L;
@@ -45,23 +48,42 @@ public class JPAOIDCRelyingParty extends AbstractClientApp implements OIDCRelyin
@Column
private String clientSecret;
+ @Column
+ private boolean signIdToken;
+
+ @Column
+ private String jwks;
+
+ @Column
+ private OIDCSubjectType subjectType;
+
@ElementCollection(fetch = FetchType.EAGER)
- @Column(name = "redirectUris")
- @CollectionTable(name = "OpenIdConnectRelyingParty_RedirectUris", joinColumns =
- @JoinColumn(name = "clientId"))
+ @Column
+ @CollectionTable(name = "OIDCRelyingParty_RedirectUris",
+ joinColumns =
+ @JoinColumn(name = "client_id", referencedColumnName = "id"))
private List<String> redirectUris = new ArrayList<>();
+ @ElementCollection(fetch = FetchType.EAGER)
+ @Column
+ @CollectionTable(name = "OIDCRelyingParty_SupportedGrantTypes",
+ joinColumns =
+ @JoinColumn(name = "client_id", referencedColumnName = "id"))
+ private Set<String> supportedGrantTypes = new HashSet<>();
+
+ @ElementCollection(fetch = FetchType.EAGER)
+ @Column(name = "supportedResponseType")
+ @CollectionTable(name = "OIDCRelyingParty_SupportedResponseTypes",
+ joinColumns =
+ @JoinColumn(name = "client_id", referencedColumnName = "id"))
+ private Set<String> supportedResponseTypes = new HashSet<>();
+
@Override
public List<String> getRedirectUris() {
return redirectUris;
}
@Override
- public void setRedirectUris(final List<String> redirectUris) {
- this.redirectUris = redirectUris;
- }
-
- @Override
public String getClientId() {
return clientId;
}
@@ -80,4 +102,45 @@ public class JPAOIDCRelyingParty extends AbstractClientApp implements OIDCRelyin
public void setClientSecret(final String clientSecret) {
this.clientSecret = clientSecret;
}
+
+ @Override
+ public boolean isSignIdToken() {
+ return signIdToken;
+ }
+
+ @Override
+ public void setSignIdToken(final boolean signIdToken) {
+ this.signIdToken = signIdToken;
+ }
+
+ @Override
+ public String getJwks() {
+ return jwks;
+ }
+
+ @Override
+ public void setJwks(final String jwks) {
+ this.jwks = jwks;
+ }
+
+ @Override
+ public OIDCSubjectType getSubjectType() {
+ return subjectType;
+ }
+
+ @Override
+ public void setSubjectType(final OIDCSubjectType subjectType) {
+ this.subjectType = subjectType;
+ }
+
+ @Override
+ public Set<String> getSupportedGrantTypes() {
+ return supportedGrantTypes;
+ }
+
+ @Override
+ public Set<String> getSupportedResponseTypes() {
+ return supportedResponseTypes;
+ }
+
}
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/authentication/JPASAML2ServiceProvider.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/authentication/JPASAML2ServiceProvider.java
index 812401f..c40234c 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/authentication/JPASAML2ServiceProvider.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/authentication/JPASAML2ServiceProvider.java
@@ -22,6 +22,7 @@ import org.apache.syncope.core.persistence.api.entity.authentication.SAML2Servic
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
+import org.apache.syncope.common.lib.types.SAML2ServiceProviderNameId;
@Entity
@Table(name = JPASAML2ServiceProvider.TABLE)
@@ -37,6 +38,39 @@ public class JPASAML2ServiceProvider extends AbstractClientApp implements SAML2S
@Column(nullable = false)
private String metadataLocation;
+ @Column
+ private String metadataSignatureLocation;
+
+ @Column
+ private boolean signAssertions;
+
+ @Column
+ private boolean signResponses;
+
+ @Column
+ private boolean encryptionOptional;
+
+ @Column
+ private boolean encryptAssertions;
+
+ @Column(name = "reqAuthnContextClass")
+ private String requiredAuthenticationContextClass;
+
+ @Column
+ private SAML2ServiceProviderNameId requiredNameIdFormat;
+
+ @Column
+ private Integer skewAllowance;
+
+ @Column
+ private String nameIdQualifier;
+
+ @Column
+ private String assertionAudiences;
+
+ @Column(name = "spNameIdQualifier")
+ private String serviceProviderNameIdQualifier;
+
@Override
public String getEntityId() {
return entityId;
@@ -56,4 +90,115 @@ public class JPASAML2ServiceProvider extends AbstractClientApp implements SAML2S
public void setMetadataLocation(final String metadataLocation) {
this.metadataLocation = metadataLocation;
}
+
+ @Override
+ public String getMetadataSignatureLocation() {
+ return metadataSignatureLocation;
+ }
+
+ @Override
+ public void setMetadataSignatureLocation(final String metadataSignatureLocation) {
+ this.metadataSignatureLocation = metadataSignatureLocation;
+ }
+
+ @Override
+ public boolean isSignAssertions() {
+ return signAssertions;
+ }
+
+ @Override
+ public void setSignAssertions(final boolean signAssertions) {
+ this.signAssertions = signAssertions;
+ }
+
+ @Override
+ public boolean isSignResponses() {
+ return signResponses;
+ }
+
+ @Override
+ public void setSignResponses(final boolean signResponses) {
+ this.signResponses = signResponses;
+ }
+
+ @Override
+ public boolean isEncryptionOptional() {
+ return encryptionOptional;
+ }
+
+ @Override
+ public void setEncryptionOptional(final boolean encryptionOptional) {
+ this.encryptionOptional = encryptionOptional;
+ }
+
+ @Override
+ public boolean isEncryptAssertions() {
+ return encryptAssertions;
+ }
+
+ @Override
+ public void setEncryptAssertions(final boolean encryptAssertions) {
+ this.encryptAssertions = encryptAssertions;
+ }
+
+ @Override
+ public String getRequiredAuthenticationContextClass() {
+ return requiredAuthenticationContextClass;
+ }
+
+ @Override
+ public void setRequiredAuthenticationContextClass(final String requiredAuthenticationContextClass) {
+ this.requiredAuthenticationContextClass = requiredAuthenticationContextClass;
+ }
+
+ @Override
+ public SAML2ServiceProviderNameId getRequiredNameIdFormat() {
+ return requiredNameIdFormat;
+ }
+
+ @Override
+ public void setRequiredNameIdFormat(final SAML2ServiceProviderNameId requiredNameIdFormat) {
+ this.requiredNameIdFormat = requiredNameIdFormat;
+ }
+
+ @Override
+ public Integer getSkewAllowance() {
+ return skewAllowance;
+ }
+
+ @Override
+ public void setSkewAllowance(final Integer skewAllowance) {
+ this.skewAllowance = skewAllowance;
+ }
+
+ @Override
+ public String getNameIdQualifier() {
+ return nameIdQualifier;
+ }
+
+ @Override
+ public void setNameIdQualifier(final String nameIdQualifier) {
+ this.nameIdQualifier = nameIdQualifier;
+ }
+
+ @Override
+ public String getAssertionAudiences() {
+ return assertionAudiences;
+ }
+
+ @Override
+ public void setAssertionAudiences(final String assertionAudiences) {
+ this.assertionAudiences = assertionAudiences;
+ }
+
+ @Override
+ public String getServiceProviderNameIdQualifier() {
+ return serviceProviderNameIdQualifier;
+ }
+
+ @Override
+ public void setServiceProviderNameIdQualifier(final String serviceProviderNameIdQualifier) {
+ this.serviceProviderNameIdQualifier = serviceProviderNameIdQualifier;
+ }
+
}
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/OIDCRelyingPartyTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/OIDCRelyingPartyTest.java
index a997fc7..4e24459 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/OIDCRelyingPartyTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/OIDCRelyingPartyTest.java
@@ -29,23 +29,27 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
+import org.apache.syncope.common.lib.types.OIDCSubjectType;
import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
@Transactional("Master")
public class OIDCRelyingPartyTest extends AbstractClientAppTest {
@Autowired
- private OIDCRelyingPartyDAO openIdConnectRelyingPartyDAO;
+ private OIDCRelyingPartyDAO oidcRelyingPartyDAO;
@Test
public void find() {
- int beforeCount = openIdConnectRelyingPartyDAO.findAll().size();
+ int beforeCount = oidcRelyingPartyDAO.findAll().size();
OIDCRelyingParty rp = entityFactory.newEntity(OIDCRelyingParty.class);
rp.setName("OIDC");
rp.setDescription("This is a sample OIDC RP");
rp.setClientId("clientid");
rp.setClientSecret("secret");
+ rp.setSubjectType(OIDCSubjectType.PUBLIC);
+ rp.getSupportedGrantTypes().add("something");
+ rp.getSupportedResponseTypes().add("something");
AccessPolicy accessPolicy = buildAndSaveAccessPolicy();
rp.setAccessPolicy(accessPolicy);
@@ -53,23 +57,23 @@ public class OIDCRelyingPartyTest extends AbstractClientAppTest {
AuthPolicy authPolicy = buildAndSaveAuthPolicy();
rp.setAuthPolicy(authPolicy);
- openIdConnectRelyingPartyDAO.save(rp);
+ oidcRelyingPartyDAO.save(rp);
assertNotNull(rp);
assertNotNull(rp.getKey());
- int afterCount = openIdConnectRelyingPartyDAO.findAll().size();
+ int afterCount = oidcRelyingPartyDAO.findAll().size();
assertEquals(afterCount, beforeCount + 1);
- rp = openIdConnectRelyingPartyDAO.findByClientId("clientid");
+ rp = oidcRelyingPartyDAO.findByClientId("clientid");
assertNotNull(rp);
assertNotNull(rp.getAuthPolicy());
- rp = openIdConnectRelyingPartyDAO.findByName("OIDC");
+ rp = oidcRelyingPartyDAO.findByName("OIDC");
assertNotNull(rp);
- openIdConnectRelyingPartyDAO.deleteByClientId("clientid");
- assertNull(openIdConnectRelyingPartyDAO.findByName("OIDC"));
+ oidcRelyingPartyDAO.deleteByClientId("clientid");
+ assertNull(oidcRelyingPartyDAO.findByName("OIDC"));
}
}
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/SAML2ServiceProviderTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/SAML2ServiceProviderTest.java
index 73722f4..4e55b9c 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/SAML2ServiceProviderTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/SAML2ServiceProviderTest.java
@@ -29,6 +29,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
+import org.apache.syncope.common.lib.types.SAML2ServiceProviderNameId;
import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
@Transactional("Master")
@@ -45,6 +46,9 @@ public class SAML2ServiceProviderTest extends AbstractClientAppTest {
rp.setDescription("This is a sample SAML2 SP");
rp.setEntityId("urn:example:saml2:sp");
rp.setMetadataLocation("https://example.org/metadata.xml");
+ rp.setRequiredNameIdFormat(SAML2ServiceProviderNameId.EMAIL_ADDRESS);
+ rp.setEncryptionOptional(true);
+ rp.setEncryptAssertions(true);
AccessPolicy accessPolicy = buildAndSaveAccessPolicy();
rp.setAccessPolicy(accessPolicy);
diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PolicyTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PolicyTest.java
index 4ab711d..d5342c3 100644
--- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PolicyTest.java
+++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/PolicyTest.java
@@ -44,7 +44,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
public class PolicyTest extends AbstractClientAppTest {
@Autowired
- private OIDCRelyingPartyDAO openIdConnectRelyingPartyDAO;
+ private OIDCRelyingPartyDAO oidcRelyingPartyDAO;
@Autowired
private RealmDAO realmDAO;
@@ -64,7 +64,7 @@ public class PolicyTest extends AbstractClientAppTest {
rp.setAccessPolicy(accessPolicy);
rp.setAuthPolicy(authPolicy);
- rp = openIdConnectRelyingPartyDAO.save(rp);
+ rp = oidcRelyingPartyDAO.save(rp);
assertNotNull(rp);
assertThrows(PersistenceException.class, () -> {
@@ -91,7 +91,7 @@ public class PolicyTest extends AbstractClientAppTest {
rp.setRealm(realm);
assertDoesNotThrow(() -> {
- openIdConnectRelyingPartyDAO.save(rp);
+ oidcRelyingPartyDAO.save(rp);
entityManager().flush();
});
}
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/OIDCRelyingPartyDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/OIDCRelyingPartyDataBinderImpl.java
index 13b0f6a..972661a 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/OIDCRelyingPartyDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/OIDCRelyingPartyDataBinderImpl.java
@@ -37,7 +37,7 @@ import org.apache.syncope.core.persistence.api.entity.policy.AuthPolicy;
public class OIDCRelyingPartyDataBinderImpl implements OIDCRelyingPartyDataBinder {
@Autowired
- private OIDCRelyingPartyDAO openIdConnectRelyingPartyDAO;
+ private OIDCRelyingPartyDAO oidcRelyingPartyDAO;
@Autowired
private EntityFactory entityFactory;
@@ -55,13 +55,18 @@ public class OIDCRelyingPartyDataBinderImpl implements OIDCRelyingPartyDataBinde
final OIDCRelyingParty toBeUpdated,
final OIDCRelyingPartyTO applicationTO) {
- OIDCRelyingParty application = openIdConnectRelyingPartyDAO.save(toBeUpdated);
+ OIDCRelyingParty application = oidcRelyingPartyDAO.save(toBeUpdated);
- application.setDescription(applicationTO.getDescription());
application.setName(applicationTO.getName());
+ application.setDescription(applicationTO.getDescription());
application.setClientSecret(applicationTO.getClientSecret());
application.setClientId(applicationTO.getClientId());
- application.setRedirectUris(applicationTO.getRedirectUris());
+ application.setSignIdToken(applicationTO.isSignIdToken());
+ application.setJwks(applicationTO.getJwks());
+ application.setSubjectType(applicationTO.getSubjectType());
+ application.getRedirectUris().addAll(applicationTO.getRedirectUris());
+ application.getSupportedGrantTypes().addAll(applicationTO.getSupportedGrantTypes());
+ application.getSupportedResponseTypes().addAll(applicationTO.getSupportedResponseTypes());
if (applicationTO.getAuthPolicy() == null) {
application.setAuthPolicy(null);
@@ -112,12 +117,17 @@ public class OIDCRelyingPartyDataBinderImpl implements OIDCRelyingPartyDataBinde
public OIDCRelyingPartyTO getClientApplicationTO(final OIDCRelyingParty rp) {
OIDCRelyingPartyTO applicationTO = new OIDCRelyingPartyTO();
+ applicationTO.setName(rp.getName());
applicationTO.setKey(rp.getKey());
applicationTO.setDescription(rp.getDescription());
applicationTO.setClientId(rp.getClientId());
applicationTO.setClientSecret(rp.getClientSecret());
+ applicationTO.setSignIdToken(rp.isSignIdToken());
+ applicationTO.setJwks(rp.getJwks());
+ applicationTO.setSubjectType(rp.getSubjectType());
applicationTO.getRedirectUris().addAll(rp.getRedirectUris());
- applicationTO.setName(rp.getName());
+ applicationTO.getSupportedGrantTypes().addAll(rp.getSupportedGrantTypes());
+ applicationTO.getSupportedResponseTypes().addAll(rp.getSupportedResponseTypes());
applicationTO.setAuthPolicy(rp.getAuthPolicy() == null
? null : rp.getAuthPolicy().getKey());
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2ServiceProviderDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2ServiceProviderDataBinderImpl.java
index 4997917..c46e119 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2ServiceProviderDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2ServiceProviderDataBinderImpl.java
@@ -61,6 +61,17 @@ public class SAML2ServiceProviderDataBinderImpl implements SAML2ServiceProviderD
application.setName(applicationTO.getName());
application.setEntityId(applicationTO.getEntityId());
application.setMetadataLocation(applicationTO.getMetadataLocation());
+ application.setMetadataSignatureLocation(applicationTO.getMetadataLocation());
+ application.setSignAssertions(applicationTO.isSignAssertions());
+ application.setSignResponses(applicationTO.isSignResponses());
+ application.setEncryptionOptional(applicationTO.isEncryptionOptional());
+ application.setEncryptAssertions(applicationTO.isEncryptAssertions());
+ application.setRequiredAuthenticationContextClass(applicationTO.getRequiredAuthenticationContextClass());
+ application.setRequiredNameIdFormat(applicationTO.getRequiredNameIdFormat());
+ application.setSkewAllowance(applicationTO.getSkewAllowance());
+ application.setNameIdQualifier(applicationTO.getNameIdQualifier());
+ application.setAssertionAudiences(applicationTO.getAssertionAudiences());
+ application.setServiceProviderNameIdQualifier(applicationTO.getServiceProviderNameIdQualifier());
if (applicationTO.getAuthPolicy() == null) {
application.setAuthPolicy(null);
@@ -110,11 +121,22 @@ public class SAML2ServiceProviderDataBinderImpl implements SAML2ServiceProviderD
public SAML2ServiceProviderTO getClientApplicationTO(final SAML2ServiceProvider sp) {
SAML2ServiceProviderTO applicationTO = new SAML2ServiceProviderTO();
+ applicationTO.setName(sp.getName());
applicationTO.setKey(sp.getKey());
applicationTO.setDescription(sp.getDescription());
applicationTO.setEntityId(sp.getEntityId());
applicationTO.setMetadataLocation(sp.getMetadataLocation());
- applicationTO.setName(sp.getName());
+ applicationTO.setMetadataSignatureLocation(sp.getMetadataLocation());
+ applicationTO.setSignAssertions(sp.isSignAssertions());
+ applicationTO.setSignResponses(sp.isSignResponses());
+ applicationTO.setEncryptionOptional(sp.isEncryptionOptional());
+ applicationTO.setEncryptAssertions(sp.isEncryptAssertions());
+ applicationTO.setRequiredAuthenticationContextClass(sp.getRequiredAuthenticationContextClass());
+ applicationTO.setRequiredNameIdFormat(sp.getRequiredNameIdFormat());
+ applicationTO.setSkewAllowance(sp.getSkewAllowance());
+ applicationTO.setNameIdQualifier(sp.getNameIdQualifier());
+ applicationTO.setAssertionAudiences(sp.getAssertionAudiences());
+ applicationTO.setServiceProviderNameIdQualifier(sp.getServiceProviderNameIdQualifier());
applicationTO.setAuthPolicy(sp.getAuthPolicy() == null
? null : sp.getAuthPolicy().getKey());
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OIDCRelyingPartyITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OIDCRelyingPartyITCase.java
index 55c95ea..a7870af 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OIDCRelyingPartyITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OIDCRelyingPartyITCase.java
@@ -20,7 +20,6 @@ package org.apache.syncope.fit.core;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -32,6 +31,7 @@ import org.junit.jupiter.api.Test;
import org.apache.syncope.common.lib.to.AccessPolicyTO;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.AuthPolicyTO;
+import org.apache.syncope.common.lib.types.OIDCSubjectType;
public class OIDCRelyingPartyITCase extends AbstractITCase {
@@ -48,7 +48,10 @@ public class OIDCRelyingPartyITCase extends AbstractITCase {
OIDCRelyingPartyTO found = (OIDCRelyingPartyTO) clientAppService.read(rpTO.getKey());
assertNotNull(found);
assertFalse(StringUtils.isBlank(found.getClientId()));
- assertTrue(StringUtils.isBlank(found.getClientSecret()));
+ assertFalse(StringUtils.isBlank(found.getClientSecret()));
+ assertNotNull(found.getSubjectType());
+ assertFalse(found.getSupportedGrantTypes().isEmpty());
+ assertFalse(found.getSupportedResponseTypes().isEmpty());
assertNotNull(found.getAccessPolicy());
assertNotNull(found.getAuthPolicy());
}
@@ -107,7 +110,11 @@ public class OIDCRelyingPartyITCase extends AbstractITCase {
rpTO.setName("ExampleRP_" + getUUIDString());
rpTO.setDescription("Example OIDC RP application");
rpTO.setClientId("clientId_" + getUUIDString());
- rpTO.setClientSecret(StringUtils.EMPTY);
+ rpTO.setClientSecret("secret");
+ rpTO.setSubjectType(OIDCSubjectType.PUBLIC);
+ rpTO.getSupportedGrantTypes().add("something");
+ rpTO.getSupportedResponseTypes().add("something");
+
rpTO.setAuthPolicy(authPolicyTO.getKey());
rpTO.setAccessPolicy(accessPolicyTO.getKey());
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ServiceProviderITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ServiceProviderITCase.java
index cbee0bf..7e43f8a 100644
--- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ServiceProviderITCase.java
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ServiceProviderITCase.java
@@ -21,6 +21,7 @@ package org.apache.syncope.fit.core;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import org.apache.commons.lang3.StringUtils;
@@ -29,6 +30,7 @@ import org.apache.syncope.common.lib.to.AccessPolicyTO;
import org.apache.syncope.common.lib.to.AuthPolicyTO;
import org.apache.syncope.common.lib.to.client.SAML2ServiceProviderTO;
import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.syncope.common.lib.types.SAML2ServiceProviderNameId;
import org.apache.syncope.fit.AbstractITCase;
import org.junit.jupiter.api.Test;
@@ -48,6 +50,9 @@ public class SAML2ServiceProviderITCase extends AbstractITCase {
assertNotNull(found);
assertFalse(StringUtils.isBlank(found.getEntityId()));
assertFalse(StringUtils.isBlank(found.getMetadataLocation()));
+ assertTrue(found.isEncryptAssertions());
+ assertTrue(found.isEncryptionOptional());
+ assertNotNull(found.getRequiredNameIdFormat());
assertNotNull(found.getAccessPolicy());
assertNotNull(found.getAuthPolicy());
}
@@ -106,7 +111,11 @@ public class SAML2ServiceProviderITCase extends AbstractITCase {
saml2spto.setName("ExampleSAML2SP_" + getUUIDString());
saml2spto.setDescription("Example SAML 2.0 service provider");
saml2spto.setEntityId("SAML2SPEntityId_" + getUUIDString());
- saml2spto.setMetadataLocation("file:./test");
+ saml2spto.setMetadataLocation("file:./test.xml");
+ saml2spto.setRequiredNameIdFormat(SAML2ServiceProviderNameId.EMAIL_ADDRESS);
+ saml2spto.setEncryptionOptional(true);
+ saml2spto.setEncryptAssertions(true);
+
saml2spto.setAuthPolicy(authPolicyTO.getKey());
saml2spto.setAccessPolicy(accessPolicyTO.getKey());