You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by mm...@apache.org on 2020/04/23 07:53:20 UTC
[syncope] branch master updated: SYNCOPE-1553: Translate
AuthModuleConfs to WA (#176)
This is an automated email from the ASF dual-hosted git repository.
mmoayyed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 2a1aeb1 SYNCOPE-1553: Translate AuthModuleConfs to WA (#176)
2a1aeb1 is described below
commit 2a1aeb1f7340775efc8c558f37009f072faf7bbf
Author: Misagh Moayyed <mm...@gmail.com>
AuthorDate: Thu Apr 23 12:22:22 2020 +0430
SYNCOPE-1553: Translate AuthModuleConfs to WA (#176)
* SYNCOPE-1553: map auth module conf to wa properties
* SYNCOPE-1553: map auth modules to settings
* SYNCOPE-1553: map auth modules to settings
---
.../common/lib/auth/JDBCAuthModuleConf.java | 71 +++++-
.../common/lib/auth/LDAPAuthModuleConf.java | 18 ++
.../apache/syncope/core/logic/AuthModuleLogic.java | 5 +-
.../src/test/resources/domains/MasterContent.xml | 20 +-
.../bootstrap/SyncopeWAPropertySourceLocator.java | 258 ++++++++++++++++++++-
5 files changed, 348 insertions(+), 24 deletions(-)
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
index 0141078..16bd704 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
@@ -19,6 +19,7 @@
package org.apache.syncope.common.lib.auth;
import com.fasterxml.jackson.annotation.JsonProperty;
+
import javax.xml.bind.annotation.XmlType;
import java.util.ArrayList;
import java.util.List;
@@ -40,7 +41,7 @@ public class JDBCAuthModuleConf extends AbstractAuthModuleConf {
/**
* Password field/column name to retrieve.
*/
- private String fieldPassword;
+ private String fieldPassword = "password";
/**
* Boolean field that should indicate whether the account is expired.
@@ -53,6 +54,35 @@ public class JDBCAuthModuleConf extends AbstractAuthModuleConf {
private String fieldDisabled;
/**
+ * The database dialect is a configuration setting for platform independent software (JPA, Hibernate, etc)
+ * which allows such software to translate its generic SQL statements into vendor specific DDL, DML.
+ */
+ private String dialect = "org.hibernate.dialect.H2Dialect";
+
+ /**
+ * The JDBC driver used to connect to the database.
+ */
+ private String driverClass = "org.h2.Driver";
+
+ /**
+ * The database connection URL.
+ */
+ private String url = "jdbc:h2:tcp://localhost:9092/mem:authdb;DB_CLOSE_DELAY=-1";
+
+ /**
+ * The database user.
+ * <p>
+ * The database user must have sufficient permissions to be able to handle
+ * schema changes and updates, when needed.
+ */
+ private String user = "sa";
+
+ /**
+ * The database connection password.
+ */
+ private String password = "sa";
+
+ /**
* List of column names to fetch as user attributes.
*/
private final List<String> principalAttributeList = new ArrayList<>();
@@ -96,4 +126,43 @@ public class JDBCAuthModuleConf extends AbstractAuthModuleConf {
return principalAttributeList;
}
+ public String getDialect() {
+ return dialect;
+ }
+
+ public void setDialect(final String dialect) {
+ this.dialect = dialect;
+ }
+
+ public String getDriverClass() {
+ return driverClass;
+ }
+
+ public void setDriverClass(final String driverClass) {
+ this.driverClass = driverClass;
+ }
+
+ public String getUrl() {
+ return url;
+ }
+
+ public void setUrl(final String url) {
+ this.url = url;
+ }
+
+ public String getUser() {
+ return user;
+ }
+
+ public void setUser(final String user) {
+ this.user = user;
+ }
+
+ public String getPassword() {
+ return password;
+ }
+
+ public void setPassword(final String password) {
+ this.password = password;
+ }
}
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
index afd7f90..55260bc 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
@@ -18,9 +18,16 @@
*/
package org.apache.syncope.common.lib.auth;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
+import java.util.ArrayList;
+import java.util.List;
+
@XmlRootElement(name = "ldapAuthModuleConf")
@XmlType
public class LDAPAuthModuleConf extends AbstractAuthModuleConf {
@@ -67,6 +74,11 @@ public class LDAPAuthModuleConf extends AbstractAuthModuleConf {
private String baseDn;
+ /**
+ * List of attribute names to fetch as user attributes.
+ */
+ private final List<String> principalAttributeList = new ArrayList<>();
+
public String getSearchFilter() {
return searchFilter;
}
@@ -123,4 +135,10 @@ public class LDAPAuthModuleConf extends AbstractAuthModuleConf {
this.baseDn = baseDn;
}
+ @XmlElementWrapper(name = "principalAttributeList")
+ @XmlElement(name = "principalAttributeList")
+ @JsonProperty("principalAttributeList")
+ public List<String> getPrincipalAttributeList() {
+ return principalAttributeList;
+ }
}
diff --git a/core/am/logic/src/main/java/org/apache/syncope/core/logic/AuthModuleLogic.java b/core/am/logic/src/main/java/org/apache/syncope/core/logic/AuthModuleLogic.java
index 538dc82..f8be20a 100644
--- a/core/am/logic/src/main/java/org/apache/syncope/core/logic/AuthModuleLogic.java
+++ b/core/am/logic/src/main/java/org/apache/syncope/core/logic/AuthModuleLogic.java
@@ -18,8 +18,6 @@
*/
package org.apache.syncope.core.logic;
-import static org.apache.syncope.core.logic.AbstractLogic.LOG;
-
import java.lang.reflect.Method;
import java.util.List;
import java.util.Objects;
@@ -27,6 +25,7 @@ import java.util.stream.Collectors;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.syncope.common.lib.to.AuthModuleTO;
import org.apache.syncope.common.lib.types.AMEntitlement;
+import org.apache.syncope.common.lib.types.IdRepoEntitlement;
import org.apache.syncope.core.persistence.api.dao.NotFoundException;
import org.apache.syncope.core.persistence.api.dao.auth.AuthModuleDAO;
import org.apache.syncope.core.persistence.api.entity.auth.AuthModule;
@@ -60,7 +59,7 @@ public class AuthModuleLogic extends AbstractTransactionalLogic<AuthModuleTO> {
return binder.getAuthModuleTO(authModuleDAO.save(binder.update(authModule, authModuleTO)));
}
- @PreAuthorize("hasRole('" + AMEntitlement.AUTH_MODULE_LIST + "')")
+ @PreAuthorize("hasRole('" + AMEntitlement.AUTH_MODULE_LIST + "') or hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
@Transactional(readOnly = true)
public List<AuthModuleTO> list() {
return authModuleDAO.findAll().stream().
diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
index dc7369d..9e8b21b 100644
--- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
@@ -63,26 +63,26 @@ under the License.
<Implementation id="DenyAttrReleasePolicyConf" type="ATTR_RELEASE_CONF" engine="JAVA"
body='{"@class":"org.apache.syncope.common.lib.policy.AllowedAttrReleasePolicyConf","name":"DenyAttrReleasePolicyConf"}'/>
<AttrReleasePolicy id="219935c7-deb3-40b3-8a9a-683037e523a2" name="DenyAttrReleasePolicy" description="deny attribute release policy policy"/>
-
+
<!-- Authentication modules -->
- <AuthModule id="be456831-593d-4003-b273-4c3fb61700df" name="DefaultLDAPAuthModule"
- description="LDAP auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","name":"MyLDAPAuthModuleConf","userIdAttribute":"uid","bindCredential":"Password","ldapUrl":"ldap://localhost:1389","searchFilter":"cn={user}","baseDn":"dc=example,dc=org","subtreeSearch":true}'/>
+ <AuthModule id="be456831-593d-4003-b273-4c3fb61700df" name="DefaultLDAPAuthModule"
+ description="LDAP auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.LDAPAuthModuleConf","name":"MyLDAPAuthModuleConf","userIdAttribute":"cn","bindDn": "cn=Directory Manager,dc=example,dc=org", "bindCredential":"Password","ldapUrl":"ldap://localhost:1389","searchFilter":"cn={user}","baseDn":"ou=people,dc=example,dc=org","subtreeSearch":true}'/>
<AuthModule id="4c3ed7e8-7008-11ea-bc55-0242ac130003" name="DefaultJDBCAuthModule"
- description="JDBC auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","name":"MyJDBCAuthModuleConf", "sql":"SELECT * FROM table WHERE name=?"}'/>
+ description="JDBC auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.JDBCAuthModuleConf","name":"MyJDBCAuthModuleConf", "sql":"SELECT * FROM users_table WHERE name=?", "fieldPassword": "password"}'/>
<AuthModule id="4c3ed4e6-7008-11ea-bc55-0242ac130003" name="DefaultGoogleMfaAuthModule"
description="Google Mfa auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf","name":"MyGoogleMfaAuthModuleConf","codeDigits":6,"issuer":"SyncopeTest"}'/>
<AuthModule id="4c3ed8f6-7008-11ea-bc55-0242ac130003" name="DefaultOIDCAuthModule"
- description="OIDC auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.OIDCAuthModuleConf","name":"MyOIDCAuthModuleConf", "discoveryUri":"www.testurl.com"}'/>
+ description="OIDC auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.OIDCAuthModuleConf","name":"MyOIDCAuthModuleConf", "discoveryUri":"www.testurl.com", "id":"client-id", "secret": "client-secret" }'/>
<AuthModule id="4c3ed9d2-7008-11ea-bc55-0242ac130003" name="DefaultSAML2IdPAuthModule"
- description="SAML2 IdP auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf","name":"MySAML2IdPAuthModuleConf", "providerName":"testProviderName","serviceProviderMetadataPath":"file:/etc/metadata"}'/>
+ description="SAML2 IdP auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf","name":"MySAML2IdPAuthModuleConf", "keystorePassword":"p@$$word","privateKeyPassword":"p@$$word","keystorePath":"file:/etc/metadata/keystore.jks","identityProviderMetadataPath":"file:/etc/metadata/idp.xml", "serviceProviderMetadataPath":"file:/etc/metadata/sp.xml", "serviceProviderEntityId":"syncope:apache:org"}'/>
<AuthModule id="4c3edbbc-7008-11ea-bc55-0242ac130003" name="DefaultJaasAuthModule"
- description="Jaas auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.JaasAuthModuleConf","name":"MyJaasAuthModuleConf","realm":"SYNCOPE","kerberosRealmSystemProperty":"sample-value"}'/>
+ description="Jaas auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.JaasAuthModuleConf","name":"MyJaasAuthModuleConf","realm":"SYNCOPE","kerberosRealmSystemProperty":"sample-value", "loginConfigType": "JavaLoginConfig", "loginConfigurationFile": "file:/etc/jaas/login.conf"}'/>
<AuthModule id="4c3edc98-7008-11ea-bc55-0242ac130003" name="DefaultStaticAuthModule"
- description="Static auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.StaticAuthModuleConf","name":"MyStaticAuthModuleConf","users":{"user1": "testUserPassword123"}}'/>
+ description="Static auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.StaticAuthModuleConf","name":"MyStaticAuthModuleConf","users":{"syncope1": "$cynop3"}}'/>
<AuthModule id="4c3edd60-7008-11ea-bc55-0242ac130003" name="DefaultSyncopeAuthModule"
- description="Syncope auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf","name":"MySyncopeAuthModuleConf","domain":"Master","url":"http://mydomain.com/syncope/rest"}'/>
+ description="Syncope auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf","name":"MySyncopeAuthModuleConf","domain":"Master","url":"http://localhost:9080/syncope/rest"}'/>
<AuthModule id="07c528f3-63b4-4dc1-a4da-87f35b8bdec8" name="DefaultRadiusAuthModule"
- description="Radius auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.RadiusAuthModuleConf","name":"MyRadiusAuthModuleConf","protocol":"MSCHAPv2","inetAddress":"1.2.3.4", "sharedSecret":"thesecret"}'/>
+ description="Radius auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.RadiusAuthModuleConf","name":"MyRadiusAuthModuleConf","protocol":"PAP","inetAddress":"localhost", "sharedSecret":"testing123"}'/>
<AuthModule id="f6e1288d-50d9-45fe-82ee-597c42242205" name="DefaultU2FAuthModule"
description="U2F auth module" jsonConf='{"@class":"org.apache.syncope.common.lib.auth.U2FAuthModuleConf","name":"MyU2FAuthModuleConf","expireDevices":40}'/>
diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
index 22f3669..875ac90 100644
--- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
+++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
@@ -19,6 +19,34 @@
package org.apache.syncope.wa.bootstrap;
+import org.apereo.cas.configuration.CasConfigurationProperties;
+import org.apereo.cas.configuration.CasCoreConfigurationUtils;
+import org.apereo.cas.configuration.model.support.generic.AcceptAuthenticationProperties;
+import org.apereo.cas.configuration.model.support.jaas.JaasAuthenticationProperties;
+import org.apereo.cas.configuration.model.support.jdbc.authn.QueryJdbcAuthenticationProperties;
+import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
+import org.apereo.cas.configuration.model.support.mfa.GoogleAuthenticatorMultifactorProperties;
+import org.apereo.cas.configuration.model.support.mfa.U2FMultifactorProperties;
+import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGenericOidcClientProperties;
+import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties;
+import org.apereo.cas.configuration.model.support.pac4j.saml.Pac4jSamlClientProperties;
+import org.apereo.cas.configuration.model.support.radius.RadiusProperties;
+import org.apereo.cas.configuration.model.support.syncope.SyncopeAuthenticationProperties;
+import org.apereo.cas.util.model.TriStateBoolean;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.syncope.common.lib.auth.AuthModuleConf;
+import org.apache.syncope.common.lib.auth.GoogleMfaAuthModuleConf;
+import org.apache.syncope.common.lib.auth.JDBCAuthModuleConf;
+import org.apache.syncope.common.lib.auth.JaasAuthModuleConf;
+import org.apache.syncope.common.lib.auth.LDAPAuthModuleConf;
+import org.apache.syncope.common.lib.auth.OIDCAuthModuleConf;
+import org.apache.syncope.common.lib.auth.RadiusAuthModuleConf;
+import org.apache.syncope.common.lib.auth.SAML2IdPAuthModuleConf;
+import org.apache.syncope.common.lib.auth.StaticAuthModuleConf;
+import org.apache.syncope.common.lib.auth.SyncopeAuthModuleConf;
+import org.apache.syncope.common.lib.auth.U2FAuthModuleConf;
+import org.apache.syncope.common.rest.api.service.AuthModuleService;
import org.apache.syncope.wa.WARestClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -28,8 +56,9 @@ import org.springframework.core.env.Environment;
import org.springframework.core.env.MapPropertySource;
import org.springframework.core.env.PropertySource;
-import java.util.HashMap;
import java.util.Map;
+import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
@Order
public class SyncopeWAPropertySourceLocator implements PropertySourceLocator {
@@ -41,19 +70,228 @@ public class SyncopeWAPropertySourceLocator implements PropertySourceLocator {
this.waRestClient = waRestClient;
}
+ private static void mapSyncopeAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ SyncopeAuthModuleConf conf = SyncopeAuthModuleConf.class.cast(authConf);
+ SyncopeAuthenticationProperties syncopeProps = new SyncopeAuthenticationProperties();
+ syncopeProps.setName(conf.getName());
+ syncopeProps.setDomain(conf.getDomain());
+ syncopeProps.setUrl(conf.getUrl());
+ casProperties.getAuthn().setSyncope(syncopeProps);
+ }
+
+ private static void mapStaticAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ StaticAuthModuleConf conf = StaticAuthModuleConf.class.cast(authConf);
+ AcceptAuthenticationProperties staticProps = new AcceptAuthenticationProperties();
+ staticProps.setName(conf.getName());
+ String users = conf.getUsers().entrySet().stream().
+ map(entry -> entry.getKey() + "::" + entry.getValue()).
+ collect(Collectors.joining(","));
+ staticProps.setUsers(users);
+ casProperties.getAuthn().setAccept(staticProps);
+ }
+
+ private static void mapLdapAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ LDAPAuthModuleConf ldapConf = LDAPAuthModuleConf.class.cast(authConf);
+
+ LdapAuthenticationProperties ldapProps = new LdapAuthenticationProperties();
+ ldapProps.setName(ldapConf.getName());
+ ldapProps.setBaseDn(ldapConf.getBaseDn());
+ ldapProps.setBindCredential(ldapConf.getBindCredential());
+ ldapProps.setSearchFilter(ldapConf.getSearchFilter());
+ ldapProps.setPrincipalAttributeId(ldapConf.getUserIdAttribute());
+ ldapProps.setLdapUrl(ldapConf.getLdapUrl());
+ ldapProps.setSubtreeSearch(ldapConf.isSubtreeSearch());
+ ldapProps.setPrincipalAttributeList(ldapConf.getPrincipalAttributeList());
+ casProperties.getAuthn().getLdap().add(ldapProps);
+ }
+
+ private static void mapGoogleMfaAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ GoogleMfaAuthModuleConf conf = GoogleMfaAuthModuleConf.class.cast(authConf);
+
+ GoogleAuthenticatorMultifactorProperties props = new GoogleAuthenticatorMultifactorProperties();
+ props.setName(conf.getName());
+ props.setIssuer(conf.getIssuer());
+ props.setCodeDigits(conf.getCodeDigits());
+ props.setLabel(conf.getLabel());
+ props.setTimeStepSize(conf.getTimeStepSize());
+ props.setWindowSize(conf.getWindowSize());
+
+ casProperties.getAuthn().getMfa().setGauth(props);
+ }
+
+ private static void mapU2fAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ U2FAuthModuleConf conf = U2FAuthModuleConf.class.cast(authConf);
+
+ U2FMultifactorProperties props = new U2FMultifactorProperties();
+ props.setName(conf.getName());
+ props.setExpireDevices(conf.getExpireDevices());
+ props.setExpireDevicesTimeUnit(TimeUnit.valueOf(conf.getExpireDevicesTimeUnit()));
+ props.setExpireRegistrations(conf.getExpireRegistrations());
+ props.setExpireRegistrationsTimeUnit(TimeUnit.valueOf(conf.getExpireRegistrationsTimeUnit()));
+ casProperties.getAuthn().getMfa().setU2f(props);
+ }
+
+ private static void mapJaasAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ JaasAuthModuleConf conf = JaasAuthModuleConf.class.cast(authConf);
+ JaasAuthenticationProperties props = new JaasAuthenticationProperties();
+ props.setName(conf.getName());
+ props.setLoginConfigType(conf.getLoginConfigType());
+ props.setKerberosKdcSystemProperty(conf.getKerberosKdcSystemProperty());
+ props.setKerberosRealmSystemProperty(conf.getKerberosRealmSystemProperty());
+ props.setLoginConfigType(conf.getLoginConfigurationFile());
+ props.setRealm(conf.getRealm());
+ casProperties.getAuthn().getJaas().add(props);
+ }
+
+ private static void mapJdbcAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ JDBCAuthModuleConf conf = JDBCAuthModuleConf.class.cast(authConf);
+ QueryJdbcAuthenticationProperties props = new QueryJdbcAuthenticationProperties();
+ props.setName(conf.getName());
+ props.setSql(conf.getSql());
+ props.setFieldDisabled(conf.getFieldDisabled());
+ props.setFieldExpired(conf.getFieldExpired());
+ props.setFieldPassword(conf.getFieldPassword());
+ props.setDialect(conf.getDialect());
+ props.setDriverClass(conf.getDriverClass());
+ props.setPassword(conf.getPassword());
+ props.setUrl(conf.getUrl());
+ props.setUser(conf.getUser());
+ props.setPrincipalAttributeList(conf.getPrincipalAttributeList());
+ casProperties.getAuthn().getJdbc().getQuery().add(props);
+ }
+
+ private static void mapOidcAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ OIDCAuthModuleConf conf = OIDCAuthModuleConf.class.cast(authConf);
+ Pac4jGenericOidcClientProperties props = new Pac4jGenericOidcClientProperties();
+ props.setId(conf.getId());
+ props.setCustomParams(conf.getCustomParams());
+ props.setDiscoveryUri(conf.getDiscoveryUri());
+ props.setMaxClockSkew(conf.getMaxClockSkew());
+ props.setClientName(conf.getName());
+ props.setPreferredJwsAlgorithm(conf.getPreferredJwsAlgorithm());
+ props.setResponseMode(conf.getResponseMode());
+ props.setResponseType(conf.getResponseType());
+ props.setScope(conf.getScope());
+ props.setSecret(conf.getSecret());
+ props.setPrincipalAttributeId(conf.getUserIdAttribute());
+ Pac4jOidcClientProperties client = new Pac4jOidcClientProperties();
+ client.setGeneric(props);
+ casProperties.getAuthn().getPac4j().getOidc().add(client);
+ }
+
+ private static void mapRadiusAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ RadiusAuthModuleConf conf = RadiusAuthModuleConf.class.cast(authConf);
+ RadiusProperties props = new RadiusProperties();
+ props.setName(conf.getName());
+
+ props.getClient().setAccountingPort(conf.getAccountingPort());
+ props.getClient().setAuthenticationPort(conf.getAuthenticationPort());
+ props.getClient().setInetAddress(conf.getInetAddress());
+ props.getClient().setSharedSecret(conf.getSharedSecret());
+ props.getClient().setSocketTimeout(conf.getSocketTimeout());
+
+ props.getServer().setNasIdentifier(conf.getNasIdentifier());
+ props.getServer().setNasIpAddress(conf.getNasIpAddress());
+ props.getServer().setNasIpv6Address(conf.getNasIpv6Address());
+ props.getServer().setNasPort(conf.getNasPort());
+ props.getServer().setNasPortId(conf.getNasPortId());
+ props.getServer().setNasPortType(conf.getNasPortType());
+ props.getServer().setNasRealPort(conf.getNasRealPort());
+ props.getServer().setProtocol(conf.getProtocol());
+ props.getServer().setRetries(conf.getRetries());
+
+ casProperties.getAuthn().setRadius(props);
+ }
+
+ private static void mapSaml2IdPAuthModuleConf(final CasConfigurationProperties casProperties,
+ final AuthModuleConf authConf) {
+ SAML2IdPAuthModuleConf conf = SAML2IdPAuthModuleConf.class.cast(authConf);
+ Pac4jSamlClientProperties props = new Pac4jSamlClientProperties();
+ props.setAcceptedSkew(conf.getAcceptedSkew());
+ props.setAssertionConsumerServiceIndex(conf.getAssertionConsumerServiceIndex());
+ props.setAttributeConsumingServiceIndex(conf.getAttributeConsumingServiceIndex());
+ props.setAuthnContextClassRef(conf.getAuthnContextClassRefs());
+ props.setAuthnContextComparisonType(conf.getAuthnContextComparisonType());
+ props.setBlackListedSignatureSigningAlgorithms(conf.getBlackListedSignatureSigningAlgorithms());
+ props.setDestinationBinding(conf.getDestinationBinding());
+ props.setIdentityProviderMetadataPath(conf.getIdentityProviderMetadataPath());
+ props.setKeystoreAlias(conf.getKeystoreAlias());
+ props.setKeystorePassword(conf.getKeystorePassword());
+ props.setKeystorePath(conf.getKeystorePath());
+ props.setMaximumAuthenticationLifetime(conf.getMaximumAuthenticationLifetime());
+ props.setNameIdPolicyFormat(conf.getNameIdPolicyFormat());
+ props.setPrivateKeyPassword(conf.getPrivateKeyPassword());
+ props.setProviderName(conf.getProviderName());
+ props.setServiceProviderEntityId(conf.getServiceProviderEntityId());
+ props.setServiceProviderMetadataPath(conf.getServiceProviderMetadataPath());
+ props.setSignatureAlgorithms(conf.getSignatureAlgorithms());
+ props.setSignatureCanonicalizationAlgorithm(conf.getSignatureCanonicalizationAlgorithm());
+ props.setSignatureReferenceDigestMethods(conf.getSignatureReferenceDigestMethods());
+ props.setPrincipalAttributeId(conf.getUserIdAttribute());
+ if (StringUtils.isBlank(conf.getNameIdPolicyAllowCreate())) {
+ props.setNameIdPolicyAllowCreate(TriStateBoolean.UNDEFINED);
+ } else {
+ props.setNameIdPolicyAllowCreate(TriStateBoolean.valueOf(conf.getNameIdPolicyAllowCreate().toUpperCase()));
+ }
+ casProperties.getAuthn().getPac4j().getSaml().add(props);
+ }
+
@Override
public PropertySource<?> locate(final Environment environment) {
- try {
- Map<String, Object> properties = new HashMap<>();
- if (WARestClient.isReady()) {
- LOG.info("Bootstrapping WA configuration");
- return new MapPropertySource(getClass().getName(), properties);
- }
-
+ if (!WARestClient.isReady()) {
LOG.warn("Application context is not ready to bootstrap WA configuration");
return null;
- } catch (Exception e) {
- throw new IllegalArgumentException("Unable to fetch settings", e);
}
+ LOG.info("Bootstrapping WA configuration");
+ AuthModuleService authService = waRestClient.getSyncopeClient().getService(AuthModuleService.class);
+ CasConfigurationProperties casProperties = new CasConfigurationProperties();
+ authService.list().forEach(authModuleTO -> {
+
+ AuthModuleConf authConf = authModuleTO.getConf();
+ LOG.debug("Mapping auth module {}:{} as conf {}", authModuleTO.getKey(),
+ authModuleTO.getName(), authConf.getName());
+ if (authConf instanceof LDAPAuthModuleConf) {
+ mapLdapAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof StaticAuthModuleConf) {
+ mapStaticAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof SyncopeAuthModuleConf) {
+ mapSyncopeAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof GoogleMfaAuthModuleConf) {
+ mapGoogleMfaAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof JaasAuthModuleConf) {
+ mapJaasAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof JDBCAuthModuleConf) {
+ mapJdbcAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof OIDCAuthModuleConf) {
+ mapOidcAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof RadiusAuthModuleConf) {
+ mapRadiusAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof SAML2IdPAuthModuleConf) {
+ mapSaml2IdPAuthModuleConf(casProperties, authConf);
+ }
+ if (authConf instanceof U2FAuthModuleConf) {
+ mapU2fAuthModuleConf(casProperties, authConf);
+ }
+ });
+ Map<String, Object> properties = CasCoreConfigurationUtils.asMap(casProperties.withHolder());
+ LOG.debug("Collected WA properties: {}", properties);
+ return new MapPropertySource(getClass().getName(), properties);
}
}