You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by bh...@apache.org on 2015/05/29 15:44:00 UTC
[08/11] git commit: updated refs/heads/saml-production-grade to
89a290f
CLOUDSTACK-8457: Move config options to SAML plugin
This moves all configuration options from Config.java to SAML auth manager. This
allows us to use the config framework.
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/c916c777
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/c916c777
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/c916c777
Branch: refs/heads/saml-production-grade
Commit: c916c7777aa212443d70aee2647cd8eef698e967
Parents: f92bfc7
Author: Rohit Yadav <ro...@shapeblue.com>
Authored: Thu May 28 14:52:29 2015 +0200
Committer: Rohit Yadav <ro...@shapeblue.com>
Committed: Fri May 29 15:43:33 2015 +0200
----------------------------------------------------------------------
plugins/user-authenticators/saml2/pom.xml | 5 ++
.../cloudstack/saml/SAML2AuthManager.java | 26 +++++++
.../cloudstack/saml/SAML2AuthManagerImpl.java | 39 +++++++----
server/src/com/cloud/configuration/Config.java | 72 --------------------
4 files changed, 57 insertions(+), 85 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c916c777/plugins/user-authenticators/saml2/pom.xml
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/pom.xml b/plugins/user-authenticators/saml2/pom.xml
index fed1a54..c83b190 100644
--- a/plugins/user-authenticators/saml2/pom.xml
+++ b/plugins/user-authenticators/saml2/pom.xml
@@ -47,5 +47,10 @@
<artifactId>cloud-api</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.cloudstack</groupId>
+ <artifactId>cloud-framework-config</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c916c777/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
index 9c0d4b4..c306e81 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManager.java
@@ -18,11 +18,37 @@
package org.apache.cloudstack.saml;
import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
+import org.apache.cloudstack.framework.config.ConfigKey;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
public interface SAML2AuthManager extends PluggableAPIAuthenticator {
+
+ public static final ConfigKey<Boolean> SAMLIsPluginEnabled = new ConfigKey<Boolean>("Advanced", Boolean.class, "saml2.enabled", "false",
+ "Indicates whether SAML SSO plugin is enabled or not", true);
+
+ public static final ConfigKey<String> SAMLUserAttributeName = new ConfigKey<String>("Advanced", String.class, "saml2.user.attribute", "uid",
+ "Attribute name to be looked for in SAML response that will contain the username", true);
+
+ public static final ConfigKey<String> SAMLCloudStackRedirectionUrl = new ConfigKey<String>("Advanced", String.class, "saml2.redirect.url", "http://localhost:8080/client",
+ "The CloudStack UI url the SSO should redirected to when successful", true);
+
+ public static final ConfigKey<String> SAMLServiceProviderSingleSignOnURL = new ConfigKey<String>("Advanced", String.class, "saml2.sp.sso.url", "http://localhost:8080/client/api?command=samlSso",
+ "SAML2 CloudStack Service Provider Single Sign On URL", true);
+
+ public static final ConfigKey<String> SAMLServiceProviderSingleLogOutURL = new ConfigKey<String>("Advanced", String.class, "saml2.sp.slo.url", "http://localhost:8080/client/api?command=samlSlo",
+ "SAML2 CloudStack Service Provider Single Log Out URL", true);
+
+ public static final ConfigKey<String> SAMLServiceProviderID = new ConfigKey<String>("Advanced", String.class, "saml2.sp.id", "org.apache.cloudstack",
+ "SAML2 Service Provider Identifier String", true);
+
+ public static final ConfigKey<String> SAMLIdentityProviderMetadataURL = new ConfigKey<String>("Advanced", String.class, "saml2.idp.metadata.url", "https://openidp.feide.no/simplesaml/saml2/idp/metadata.php",
+ "SAML2 Identity Provider Metadata XML Url", true);
+
+ public static final ConfigKey<Integer> SAMLTimeout = new ConfigKey<Integer>("Advanced", Integer.class, "saml2.timeout", "30000",
+ "SAML2 IDP Metadata Downloading and parsing etc. activity timeout in milliseconds", true);
+
public String getServiceProviderId();
public String getIdentityProviderId();
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c916c777/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index 36c9da5..0704971 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -16,18 +16,19 @@
// under the License.
package org.apache.cloudstack.saml;
-import com.cloud.configuration.Config;
import com.cloud.utils.component.AdapterBase;
import org.apache.cloudstack.api.auth.PluggableAPIAuthenticator;
import org.apache.cloudstack.api.command.GetServiceProviderMetaDataCmd;
import org.apache.cloudstack.api.command.SAML2LoginAPIAuthenticatorCmd;
import org.apache.cloudstack.api.command.SAML2LogoutAPIAuthenticatorCmd;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
import org.apache.cloudstack.framework.security.keystore.KeystoreVO;
import org.apache.cloudstack.utils.auth.SAMLUtils;
-import org.apache.log4j.Logger;
import org.apache.commons.codec.binary.Base64;
+import org.apache.log4j.Logger;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -67,7 +68,7 @@ import java.util.List;
@Component
@Local(value = {SAML2AuthManager.class, PluggableAPIAuthenticator.class})
-public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManager {
+public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManager, Configurable {
private static final Logger s_logger = Logger.getLogger(SAML2AuthManagerImpl.class);
private String serviceProviderId;
@@ -96,6 +97,9 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
public boolean start() {
if (isSAMLPluginEnabled()) {
setup();
+ s_logger.info("SAML auth plugin loaded");
+ } else {
+ s_logger.info("SAML auth plugin not enabled so not loading");
}
return super.start();
}
@@ -143,19 +147,16 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
}
}
- this.serviceProviderId = _configDao.getValue(Config.SAMLServiceProviderID.key());
- this.identityProviderId = _configDao.getValue(Config.SAMLIdentityProviderID.key());
+ this.serviceProviderId = SAMLServiceProviderID.value();
+ this.identityProviderId = "https://openidp.feide.no"; // FIXME: SAMLIdentityProviderID.key();
- this.spSingleSignOnUrl = _configDao.getValue(Config.SAMLServiceProviderSingleSignOnURL.key());
- this.spSingleLogOutUrl = _configDao.getValue(Config.SAMLServiceProviderSingleLogOutURL.key());
+ this.spSingleSignOnUrl = SAMLServiceProviderSingleSignOnURL.value();
+ this.spSingleLogOutUrl = SAMLServiceProviderSingleLogOutURL.value();
- String idpMetaDataUrl = _configDao.getValue(Config.SAMLIdentityProviderMetadataURL.key());
+ String idpMetaDataUrl = SAMLIdentityProviderMetadataURL.value();
int tolerance = 30000;
- String timeout = _configDao.getValue(Config.SAMLTimeout.key());
- if (timeout != null) {
- tolerance = Integer.parseInt(timeout);
- }
+ tolerance = SAMLTimeout.value();
try {
DefaultBootstrap.bootstrap();
@@ -259,7 +260,7 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
}
public Boolean isSAMLPluginEnabled() {
- return Boolean.valueOf(_configDao.getValue(Config.SAMLIsPluginEnabled.key()));
+ return SAMLIsPluginEnabled.value();
}
public X509Certificate getSpX509Certificate() {
@@ -270,4 +271,16 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
public KeyPair getSpKeyPair() {
return spKeyPair;
}
+
+ @Override
+ public String getConfigComponentName() {
+ return "SAML2-PLUGIN";
+ }
+
+ @Override
+ public ConfigKey<?>[] getConfigKeys() {
+ return new ConfigKey<?>[]{SAMLIsPluginEnabled, SAMLUserAttributeName, SAMLCloudStackRedirectionUrl,
+ SAMLServiceProviderSingleSignOnURL, SAMLServiceProviderSingleLogOutURL,
+ SAMLServiceProviderID, SAMLIdentityProviderMetadataURL, SAMLTimeout};
+ }
}
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/c916c777/server/src/com/cloud/configuration/Config.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java
index fc529b5..0d6a4e6 100755
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@@ -1362,78 +1362,6 @@ public enum Config {
"300000",
"The allowable clock difference in milliseconds between when an SSO login request is made and when it is received.",
null),
- SAMLIsPluginEnabled(
- "Advanced",
- ManagementServer.class,
- Boolean.class,
- "saml2.enabled",
- "false",
- "Set it to true to enable SAML SSO plugin",
- null),
- SAMLUserDomain(
- "Advanced",
- ManagementServer.class,
- String.class,
- "saml2.default.domainid",
- "1",
- "The default domain UUID to use when creating users from SAML SSO",
- null),
- SAMLCloudStackRedirectionUrl(
- "Advanced",
- ManagementServer.class,
- String.class,
- "saml2.redirect.url",
- "http://localhost:8080/client",
- "The CloudStack UI url the SSO should redirected to when successful",
- null),
- SAMLServiceProviderID(
- "Advanced",
- ManagementServer.class,
- String.class,
- "saml2.sp.id",
- "org.apache.cloudstack",
- "SAML2 Service Provider Identifier String",
- null),
- SAMLServiceProviderSingleSignOnURL(
- "Advanced",
- ManagementServer.class,
- String.class,
- "saml2.sp.sso.url",
- "http://localhost:8080/client/api?command=samlSso",
- "SAML2 CloudStack Service Provider Single Sign On URL",
- null),
- SAMLServiceProviderSingleLogOutURL(
- "Advanced",
- ManagementServer.class,
- String.class,
- "saml2.sp.slo.url",
- "http://localhost:8080/client/api?command=samlSlo",
- "SAML2 CloudStack Service Provider Single Log Out URL",
- null),
- SAMLIdentityProviderID(
- "Advanced",
- ManagementServer.class,
- String.class,
- "saml2.idp.id",
- "https://openidp.feide.no",
- "SAML2 Identity Provider Identifier String",
- null),
- SAMLIdentityProviderMetadataURL(
- "Advanced",
- ManagementServer.class,
- String.class,
- "saml2.idp.metadata.url",
- "https://openidp.feide.no/simplesaml/saml2/idp/metadata.php",
- "SAML2 Identity Provider Metadata XML Url",
- null),
- SAMLTimeout(
- "Advanced",
- ManagementServer.class,
- Long.class,
- "saml2.timeout",
- "30000",
- "SAML2 IDP Metadata Downloading and parsing etc. activity timeout in milliseconds",
- null),
//NetworkType("Hidden", ManagementServer.class, String.class, "network.type", "vlan", "The type of network that this deployment will use.", "vlan,direct"),
RouterRamSize("Hidden", NetworkOrchestrationService.class, Integer.class, "router.ram.size", "256", "Default RAM for router VM (in MB).", null),