You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2018/10/15 13:52:16 UTC
[3/3] syncope git commit: [SYNCOPE-1384] Add
RequestedAuthnContextProvider
[SYNCOPE-1384] Add RequestedAuthnContextProvider
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/fd24dd8b
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/fd24dd8b
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/fd24dd8b
Branch: refs/heads/master
Commit: fd24dd8b49a47f7868f0f995c0d180e559b4896b
Parents: 4ae9a74
Author: Francesco Chicchiriccò <il...@apache.org>
Authored: Mon Oct 15 15:39:12 2018 +0200
Committer: Francesco Chicchiriccò <il...@apache.org>
Committed: Mon Oct 15 15:52:05 2018 +0200
----------------------------------------------------------------------
.../console/rest/SAML2IdPsRestClient.java | 5 ++-
.../console/wizards/SAML2IdPWizardBuilder.java | 7 ++++
.../panels/SAML2IdPsDirectoryPanel.properties | 1 +
.../SAML2IdPsDirectoryPanel_it.properties | 1 +
.../SAML2IdPsDirectoryPanel_pt_BR.properties | 1 +
.../SAML2IdPsDirectoryPanel_ru.properties | 1 +
.../syncope/common/lib/to/SAML2IdPTO.java | 19 ++++++---
ext/saml2sp/logic/pom.xml | 5 ---
.../syncope/core/logic/SAML2IdPLogic.java | 5 +++
.../apache/syncope/core/logic/SAML2SPLogic.java | 29 ++++++++------
...AML2SPClassPathScanImplementationLookup.java | 11 ++++++
.../core/logic/saml2/SAML2IdPEntity.java | 5 ++-
.../core/persistence/api/entity/SAML2IdP.java | 4 ++
.../persistence/jpa/entity/JPASAML2IdP.java | 12 ++++++
ext/saml2sp/provisioning-api/pom.xml | 5 +++
.../api/RequestedAuthnContextProvider.java | 26 +++++++++++++
ext/saml2sp/provisioning-java/pom.xml | 5 +++
.../DefaultRequestedAuthnContextProvider.java | 41 ++++++++++++++++++++
.../java/NullRequestedAuthnContextProvider.java | 30 ++++++++++++++
.../java/data/SAML2IdPDataBinderImpl.java | 4 ++
.../rest/api/service/SAML2IdPService.java | 10 +++++
.../rest/cxf/service/SAML2IdPServiceImpl.java | 5 +++
pom.xml | 27 +++++++++++++
23 files changed, 235 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/rest/SAML2IdPsRestClient.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/rest/SAML2IdPsRestClient.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/rest/SAML2IdPsRestClient.java
index c7e6e0c..06090a0 100644
--- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/rest/SAML2IdPsRestClient.java
+++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/rest/SAML2IdPsRestClient.java
@@ -38,6 +38,10 @@ public class SAML2IdPsRestClient extends BaseRestClient {
return getService(SAML2IdPService.class).getActionsClasses();
}
+ public Set<String> getRequestedAuthnContextProviderClasses() {
+ return getService(SAML2IdPService.class).getRequestedAuthnContextProviderClasses();
+ }
+
public void importIdPs(final InputStream input) {
SyncopeConsoleSession.get().
getService(MediaType.APPLICATION_XML_TYPE, SAML2IdPService.class).importFromMetadata(input);
@@ -54,5 +58,4 @@ public class SAML2IdPsRestClient extends BaseRestClient {
public void delete(final String key) {
getService(SAML2IdPService.class).delete(key);
}
-
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
index aa3dec5..3d6fc14 100644
--- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
+++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
@@ -131,6 +131,13 @@ public class SAML2IdPWizardBuilder extends AjaxWizardBuilder<SAML2IdPTO> {
bindingType.setChoices(Arrays.asList(SAML2BindingType.values()));
fields.add(bindingType);
+ AjaxTextFieldPanel requestedAuthnContextProviderClassName = new AjaxTextFieldPanel(
+ "field", "requestedAuthnContextProviderClassName",
+ new PropertyModel<String>(idpTO, "requestedAuthnContextProviderClassName"));
+ requestedAuthnContextProviderClassName.setChoices(
+ new ArrayList<>(restClient.getRequestedAuthnContextProviderClasses()));
+ fields.add(requestedAuthnContextProviderClassName);
+
AjaxPalettePanel<String> actionsClassNames = new AjaxPalettePanel.Builder<String>().
setAllowMoveAll(true).setAllowOrder(true).
setName(new StringResourceModel("actionsClassNames", directoryPanel).getString()).
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
index c2ecfe3..3010eaa 100644
--- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
+++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
@@ -27,3 +27,4 @@ updateMatching=Update matching users
actionsClassNames=Actions
template.title=user template
selfRegUnmatching=SAML-initiated self-registration
+requestedAuthnContextProviderClassName=RequestedAuthnContext provider
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties
index bf8fa9e..fe2dc04 100644
--- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties
+++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_it.properties
@@ -27,3 +27,4 @@ updateMatching=Update matching users
actionsClassNames=Azioni
template.title=template utenti
selfRegUnmatching=SAML-initiated self-registration
+requestedAuthnContextProviderClassName=RequestedAuthnContext provider
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties
index 4836116..9f4b9b0 100644
--- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties
+++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties
@@ -27,3 +27,4 @@ updateMatching=Update matching users
actionsClassNames=Actions
template.title=user template
selfRegUnmatching=SAML-initiated self-registration
+requestedAuthnContextProviderClassName=RequestedAuthnContext provider
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties
----------------------------------------------------------------------
diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties
index f003174..e8de69f 100644
--- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties
+++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel_ru.properties
@@ -27,3 +27,4 @@ updateMatching=Update matching users
actionsClassNames=\u0414\u0435\u0439\u0441\u0442\u0432\u0438\u044f
template.title=user template
selfRegUnmatching=SAML-initiated self-registration
+requestedAuthnContextProviderClassName=RequestedAuthnContext provider
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
index 851ff3a..609f012 100644
--- a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
+++ b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
@@ -63,6 +63,8 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai
private final List<String> actionsClassNames = new ArrayList<>();
+ private String requestedAuthnContextProviderClassName;
+
@Override
public String getKey() {
return key;
@@ -130,6 +132,14 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai
this.useDeflateEncoding = useDeflateEncoding;
}
+ public boolean isSupportUnsolicited() {
+ return supportUnsolicited;
+ }
+
+ public void setSupportUnsolicited(final boolean supportUnsolicited) {
+ this.supportUnsolicited = supportUnsolicited;
+ }
+
public SAML2BindingType getBindingType() {
return bindingType;
}
@@ -197,12 +207,11 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai
return actionsClassNames;
}
- public boolean isSupportUnsolicited() {
- return supportUnsolicited;
+ public String getRequestedAuthnContextProviderClassName() {
+ return requestedAuthnContextProviderClassName;
}
- public void setSupportUnsolicited(final boolean supportUnsolicited) {
- this.supportUnsolicited = supportUnsolicited;
+ public void setRequestedAuthnContextProviderClassName(final String requestedAuthnContextProviderClassName) {
+ this.requestedAuthnContextProviderClassName = requestedAuthnContextProviderClassName;
}
-
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/logic/pom.xml
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/pom.xml b/ext/saml2sp/logic/pom.xml
index fc47152..4abfefa 100644
--- a/ext/saml2sp/logic/pom.xml
+++ b/ext/saml2sp/logic/pom.xml
@@ -54,11 +54,6 @@ under the License.
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-rs-security-sso-saml</artifactId>
</dependency>
-
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml-saml-impl</artifactId>
- </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
index 170aff9..ef9d2c5 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
@@ -79,6 +79,11 @@ public class SAML2IdPLogic extends AbstractSAML2Logic<SAML2IdPTO> {
return implLookup.getActionsClasses();
}
+ @PreAuthorize("isAuthenticated()")
+ public Set<String> getRequestedAuthnContextProviderClasses() {
+ return implLookup.getRequestedAuthnContextProvidersClasses();
+ }
+
private SAML2IdPTO complete(final SAML2IdP idp, final SAML2IdPTO idpTO) {
SAML2IdPEntity idpEntity = cache.get(idpTO.getEntityID());
if (idpEntity == null) {
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 5bfc357..4ae24d7 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -55,6 +55,7 @@ import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
import org.apache.syncope.core.persistence.api.dao.NotFoundException;
import org.apache.syncope.core.persistence.api.dao.SAML2IdPDAO;
import org.apache.syncope.core.persistence.api.entity.SAML2IdP;
+import org.apache.syncope.core.provisioning.api.RequestedAuthnContextProvider;
import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObject;
@@ -64,9 +65,6 @@ import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
-import org.opensaml.saml.saml2.core.AuthnContext;
-import org.opensaml.saml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
@@ -74,17 +72,14 @@ import org.opensaml.saml.saml2.core.LogoutResponse;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.NameIDPolicy;
import org.opensaml.saml.saml2.core.NameIDType;
-import org.opensaml.saml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.SessionIndex;
import org.opensaml.saml.saml2.core.StatusCode;
-import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDPolicyBuilder;
-import org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder;
import org.opensaml.saml.saml2.core.impl.SessionIndexBuilder;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
@@ -104,10 +99,13 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
+import org.apache.syncope.core.provisioning.java.DefaultRequestedAuthnContextProvider;
+import org.apache.syncope.core.spring.ApplicationContextProvider;
import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.apache.syncope.core.spring.security.AuthDataAccessor;
import org.apache.syncope.core.spring.security.Encryptor;
import org.opensaml.core.xml.schema.XSAny;
+import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.util.ResourceUtils;
@Component
@@ -298,11 +296,18 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean> {
nameIDPolicy.setAllowCreate(true);
nameIDPolicy.setSPNameQualifier(spEntityID);
- AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
- authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
- RequestedAuthnContext requestedAuthnContext = new RequestedAuthnContextBuilder().buildObject();
- requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
- requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
+ RequestedAuthnContextProvider requestedAuthnContextProvider = new DefaultRequestedAuthnContextProvider();
+ if (idp.getRequestedAuthnContextProviderClassName() != null) {
+ try {
+ Class<?> actionsClass = Class.forName(idp.getRequestedAuthnContextProviderClassName());
+ requestedAuthnContextProvider = (RequestedAuthnContextProvider) ApplicationContextProvider.
+ getBeanFactory().createBean(actionsClass, AbstractBeanDefinition.AUTOWIRE_BY_TYPE, true);
+ } catch (Exception e) {
+ LOG.warn("Cannot instantiate '{}', reverting to {}",
+ idp.getRequestedAuthnContextProviderClassName(),
+ DefaultRequestedAuthnContextProvider.class.getName(), e);
+ }
+ }
AuthnRequest authnRequest = new AuthnRequestBuilder().buildObject();
authnRequest.setID("_" + UUID_GENERATOR.generate().toString());
@@ -313,7 +318,7 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean> {
authnRequest.setIssueInstant(new DateTime());
authnRequest.setIssuer(issuer);
authnRequest.setNameIDPolicy(nameIDPolicy);
- authnRequest.setRequestedAuthnContext(requestedAuthnContext);
+ authnRequest.setRequestedAuthnContext(requestedAuthnContextProvider.provide());
authnRequest.setDestination(idp.getSSOLocation(idp.getBindingType()).getLocation());
SAML2RequestTO requestTO = new SAML2RequestTO();
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPClassPathScanImplementationLookup.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPClassPathScanImplementationLookup.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPClassPathScanImplementationLookup.java
index 13b3cab..ce8fb5a 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPClassPathScanImplementationLookup.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPClassPathScanImplementationLookup.java
@@ -24,6 +24,7 @@ import java.util.HashSet;
import java.util.Set;
import org.apache.syncope.core.persistence.api.ImplementationLookup;
import org.apache.syncope.core.persistence.api.SyncopeLoader;
+import org.apache.syncope.core.provisioning.api.RequestedAuthnContextProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.config.BeanDefinition;
@@ -42,6 +43,8 @@ public class SAML2SPClassPathScanImplementationLookup implements SyncopeLoader {
private Set<String> actionsClasses;
+ private Set<String> requestedAuthnContextProvidersClasses;
+
@Override
public Integer getPriority() {
return Integer.MIN_VALUE;
@@ -50,9 +53,11 @@ public class SAML2SPClassPathScanImplementationLookup implements SyncopeLoader {
@Override
public void load() {
actionsClasses = new HashSet<>();
+ requestedAuthnContextProvidersClasses = new HashSet<>();
ClassPathScanningCandidateComponentProvider scanner = new ClassPathScanningCandidateComponentProvider(false);
scanner.addIncludeFilter(new AssignableTypeFilter(SAML2IdPActions.class));
+ scanner.addIncludeFilter(new AssignableTypeFilter(RequestedAuthnContextProvider.class));
for (BeanDefinition bd : scanner.findCandidateComponents(DEFAULT_BASE_PACKAGE)) {
try {
@@ -62,6 +67,8 @@ public class SAML2SPClassPathScanImplementationLookup implements SyncopeLoader {
if (SAML2IdPActions.class.isAssignableFrom(clazz) && !isAbstractClazz) {
actionsClasses.add(clazz.getName());
+ } else if (RequestedAuthnContextProvider.class.isAssignableFrom(clazz) && !isAbstractClazz) {
+ requestedAuthnContextProvidersClasses.add(clazz.getName());
}
} catch (Throwable t) {
LOG.warn("Could not inspect class {}", bd.getBeanClassName(), t);
@@ -69,10 +76,14 @@ public class SAML2SPClassPathScanImplementationLookup implements SyncopeLoader {
}
actionsClasses = Collections.unmodifiableSet(actionsClasses);
+ requestedAuthnContextProvidersClasses = Collections.unmodifiableSet(requestedAuthnContextProvidersClasses);
}
public Set<String> getActionsClasses() {
return actionsClasses;
}
+ public Set<String> getRequestedAuthnContextProvidersClasses() {
+ return requestedAuthnContextProvidersClasses;
+ }
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java
index 4318069..18bb168 100644
--- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java
+++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java
@@ -162,6 +162,10 @@ public class SAML2IdPEntity {
return idpTO.getActionsClassNames();
}
+ public String getRequestedAuthnContextProviderClassName() {
+ return idpTO.getRequestedAuthnContextProviderClassName();
+ }
+
public Endpoint getSSOLocation(final SAML2BindingType bindingType) {
return ssoBindings.get(bindingType.getUri());
}
@@ -177,5 +181,4 @@ public class SAML2IdPEntity {
public KeyStore getTrustStore() {
return trustStore;
}
-
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java b/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java
index 91bb69f..3cf9ddc 100644
--- a/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java
+++ b/ext/saml2sp/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/SAML2IdP.java
@@ -73,4 +73,8 @@ public interface SAML2IdP extends Entity {
List<? extends SAML2IdPItem> getItems();
List<String> getActionsClassNames();
+
+ String getRequestedAuthnContextProviderClassName();
+
+ void setRequestedAuthnContextProviderClassName(String requestedAuthnContextProviderClassName);
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java
index 54e76be..a2cc963 100644
--- a/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java
+++ b/ext/saml2sp/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPASAML2IdP.java
@@ -93,6 +93,8 @@ public class JPASAML2IdP extends AbstractGeneratedKeyEntity implements SAML2IdP
@JoinColumn(name = "saml2IdP_id", referencedColumnName = "id"))
private List<String> actionsClassNames = new ArrayList<>();
+ private String requestedAuthnContextProviderClassName;
+
@Override
public String getEntityID() {
return entityID;
@@ -220,4 +222,14 @@ public class JPASAML2IdP extends AbstractGeneratedKeyEntity implements SAML2IdP
public List<String> getActionsClassNames() {
return actionsClassNames;
}
+
+ @Override
+ public String getRequestedAuthnContextProviderClassName() {
+ return requestedAuthnContextProviderClassName;
+ }
+
+ @Override
+ public void setRequestedAuthnContextProviderClassName(final String requestedAuthnContextProviderClassName) {
+ this.requestedAuthnContextProviderClassName = requestedAuthnContextProviderClassName;
+ }
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/provisioning-api/pom.xml
----------------------------------------------------------------------
diff --git a/ext/saml2sp/provisioning-api/pom.xml b/ext/saml2sp/provisioning-api/pom.xml
index a9ec15c..6d1cc80 100644
--- a/ext/saml2sp/provisioning-api/pom.xml
+++ b/ext/saml2sp/provisioning-api/pom.xml
@@ -54,6 +54,11 @@ under the License.
<artifactId>syncope-ext-saml2sp-common-lib</artifactId>
<version>${project.version}</version>
</dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/RequestedAuthnContextProvider.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/RequestedAuthnContextProvider.java b/ext/saml2sp/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/RequestedAuthnContextProvider.java
new file mode 100644
index 0000000..0905fd9
--- /dev/null
+++ b/ext/saml2sp/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/RequestedAuthnContextProvider.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.provisioning.api;
+
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
+
+public interface RequestedAuthnContextProvider {
+
+ RequestedAuthnContext provide();
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/provisioning-java/pom.xml
----------------------------------------------------------------------
diff --git a/ext/saml2sp/provisioning-java/pom.xml b/ext/saml2sp/provisioning-java/pom.xml
index d136aa8..f20030e 100644
--- a/ext/saml2sp/provisioning-java/pom.xml
+++ b/ext/saml2sp/provisioning-java/pom.xml
@@ -48,6 +48,11 @@ under the License.
<artifactId>syncope-ext-saml2sp-provisioning-api</artifactId>
<version>${project.version}</version>
</dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-impl</artifactId>
+ </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultRequestedAuthnContextProvider.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultRequestedAuthnContextProvider.java b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultRequestedAuthnContextProvider.java
new file mode 100644
index 0000000..ec54a9b
--- /dev/null
+++ b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultRequestedAuthnContextProvider.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.provisioning.java;
+
+import org.apache.syncope.core.provisioning.api.RequestedAuthnContextProvider;
+import org.opensaml.saml.saml2.core.AuthnContext;
+import org.opensaml.saml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder;
+import org.opensaml.saml.saml2.core.impl.RequestedAuthnContextBuilder;
+
+public class DefaultRequestedAuthnContextProvider implements RequestedAuthnContextProvider {
+
+ @Override
+ public RequestedAuthnContext provide() {
+ AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
+ authnContextClassRef.setAuthnContextClassRef(AuthnContext.PPT_AUTHN_CTX);
+ RequestedAuthnContext requestedAuthnContext = new RequestedAuthnContextBuilder().buildObject();
+ requestedAuthnContext.setComparison(AuthnContextComparisonTypeEnumeration.EXACT);
+ requestedAuthnContext.getAuthnContextClassRefs().add(authnContextClassRef);
+
+ return requestedAuthnContext;
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/NullRequestedAuthnContextProvider.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/NullRequestedAuthnContextProvider.java b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/NullRequestedAuthnContextProvider.java
new file mode 100644
index 0000000..e95922a
--- /dev/null
+++ b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/NullRequestedAuthnContextProvider.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.core.provisioning.java;
+
+import org.apache.syncope.core.provisioning.api.RequestedAuthnContextProvider;
+import org.opensaml.saml.saml2.core.RequestedAuthnContext;
+
+public class NullRequestedAuthnContextProvider implements RequestedAuthnContextProvider {
+
+ @Override
+ public RequestedAuthnContext provide() {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java
index 7e4fb4c..85c693a 100644
--- a/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java
+++ b/ext/saml2sp/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/SAML2IdPDataBinderImpl.java
@@ -208,6 +208,8 @@ public class SAML2IdPDataBinderImpl implements SAML2IdPDataBinder {
idp.getActionsClassNames().clear();
idp.getActionsClassNames().addAll(idpTO.getActionsClassNames());
+ idp.setRequestedAuthnContextProviderClassName(idpTO.getRequestedAuthnContextProviderClassName());
+
return saml2IdPDAO.save(idp);
}
@@ -249,6 +251,8 @@ public class SAML2IdPDataBinderImpl implements SAML2IdPDataBinder {
idpTO.getActionsClassNames().addAll(idp.getActionsClassNames());
+ idpTO.setRequestedAuthnContextProviderClassName(idp.getRequestedAuthnContextProviderClassName());
+
return idpTO;
}
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPService.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPService.java b/ext/saml2sp/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPService.java
index a20a3b9..ac117c7 100644
--- a/ext/saml2sp/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPService.java
+++ b/ext/saml2sp/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPService.java
@@ -64,6 +64,16 @@ public interface SAML2IdPService extends JAXRSService {
Set<String> getActionsClasses();
/**
+ * Returns the list of available RequestedAuthnContextProviders implementations.
+ *
+ * @return the list of available RequestedAuthnContextProviders implementations
+ */
+ @GET
+ @Path("requestedAuthnContextProviders")
+ @Produces({ MediaType.APPLICATION_JSON })
+ Set<String> getRequestedAuthnContextProviderClasses();
+
+ /**
* Returns a list of all defined SAML 2.0 Identity Providers.
*
* @return list of all defined SAML 2.0 Identity Providers
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2IdPServiceImpl.java
----------------------------------------------------------------------
diff --git a/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2IdPServiceImpl.java b/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2IdPServiceImpl.java
index ebda30d..5952bec 100644
--- a/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2IdPServiceImpl.java
+++ b/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2IdPServiceImpl.java
@@ -41,6 +41,11 @@ public class SAML2IdPServiceImpl extends AbstractServiceImpl implements SAML2IdP
}
@Override
+ public Set<String> getRequestedAuthnContextProviderClasses() {
+ return logic.getRequestedAuthnContextProviderClasses();
+ }
+
+ @Override
public List<SAML2IdPTO> list() {
return logic.list();
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/fd24dd8b/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index b35481f..ef68dce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -696,6 +696,33 @@ under the License.
<!-- OpenSAML -->
<dependency>
<groupId>org.opensaml</groupId>
+ <artifactId>opensaml-saml-api</artifactId>
+ <version>${opensaml.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-storage-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml-messaging-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.velocity</groupId>
+ <artifactId>velocity</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>com.google.code.findbugs</groupId>
+ <artifactId>jsr305</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
<artifactId>opensaml-saml-impl</artifactId>
<version>${opensaml.version}</version>
<exclusions>