You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by mm...@apache.org on 2021/07/19 08:45:59 UTC
[syncope] branch master updated: Switch to CAS 6.4 RC6 (#273)
This is an automated email from the ASF dual-hosted git repository.
mmoayyed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new af09fec Switch to CAS 6.4 RC6 (#273)
af09fec is described below
commit af09fec8752e52fbf476dd9ff36bfd47bbddc3e7
Author: Misagh Moayyed <mm...@gmail.com>
AuthorDate: Mon Jul 19 12:45:49 2021 +0400
Switch to CAS 6.4 RC6 (#273)
* switch to 6.4 RC5
* upgrading pac4j - renaming delete method
* remove/exclude broken radius jar
* fix checkstyle
* adjust tests - wip
* fix tests - enable remote debugging for SRA on tests
* Remove @bean from version(). Return type as String cannot be a bean
* fix event repository api
* fix tests
* reset log levels; update pac4j
* reset changes
* fix build
* switch to 6.4 rc6
* Trigger build with an update
---
.../common/lib/auth/OIDCAuthModuleConf.java | 6 +-
.../service/wa/GoogleMfaAuthAccountService.java | 6 ++
.../core/logic/wa/GoogleMfaAuthAccountLogic.java | 22 +++++-
.../wa/GoogleMfaAuthAccountServiceImpl.java | 7 +-
fit/wa-reference/src/main/resources/log4j2.xml | 8 +-
fit/wa-reference/src/main/resources/wa.properties | 2 +-
.../apache/syncope/fit/sra/AbstractSRAITCase.java | 5 +-
.../org/apache/syncope/fit/ui/OIDC4UIITCase.java | 12 +--
.../src/test/resources/application-oidc.properties | 2 +-
fit/wa-reference/src/test/resources/log4j2.xml | 4 +
pom.xml | 89 ++++------------------
.../resources/debug/application-debug.properties | 2 +-
.../bootstrap/SyncopeWAPropertySourceLocator.java | 24 +++---
wa/starter/pom.xml | 17 +----
.../wa/starter/config/SyncopeWAConfiguration.java | 8 +-
.../starter/events/SyncopeWAEventRepository.java | 5 +-
...SyncopeWAGoogleMfaAuthCredentialRepository.java | 5 ++
.../starter/mapping/OIDCRPClientAppTOMapper.java | 2 +-
wa/starter/src/main/resources/log4j2.xml | 5 ++
wa/starter/src/main/resources/wa.properties | 2 +-
20 files changed, 107 insertions(+), 126 deletions(-)
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/OIDCAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/OIDCAuthModuleConf.java
index 5e5607a..4687263 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/OIDCAuthModuleConf.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/OIDCAuthModuleConf.java
@@ -64,7 +64,7 @@ public class OIDCAuthModuleConf implements AuthModuleConf {
/**
* Clock skew in order to account for drift, when validating id tokens.
*/
- private int maxClockSkew;
+ private String maxClockSkew;
/**
* Custom parameters to send along in authZ requests, etc.
@@ -139,11 +139,11 @@ public class OIDCAuthModuleConf implements AuthModuleConf {
this.preferredJwsAlgorithm = preferredJwsAlgorithm;
}
- public int getMaxClockSkew() {
+ public String getMaxClockSkew() {
return maxClockSkew;
}
- public void setMaxClockSkew(final int maxClockSkew) {
+ public void setMaxClockSkew(final String maxClockSkew) {
this.maxClockSkew = maxClockSkew;
}
diff --git a/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/wa/GoogleMfaAuthAccountService.java b/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/wa/GoogleMfaAuthAccountService.java
index 087dbad..201a871 100644
--- a/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/wa/GoogleMfaAuthAccountService.java
+++ b/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/wa/GoogleMfaAuthAccountService.java
@@ -52,6 +52,12 @@ public interface GoogleMfaAuthAccountService extends JAXRSService {
@DELETE
@Consumes({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
@Produces({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
+ @Path("accts/devices/{id}")
+ void delete(@NotNull @PathParam("id") long id);
+
+ @DELETE
+ @Consumes({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
+ @Produces({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
@Path("accts")
void deleteAll();
diff --git a/core/am/logic/src/main/java/org/apache/syncope/core/logic/wa/GoogleMfaAuthAccountLogic.java b/core/am/logic/src/main/java/org/apache/syncope/core/logic/wa/GoogleMfaAuthAccountLogic.java
index 6630b0d..ecfe757 100644
--- a/core/am/logic/src/main/java/org/apache/syncope/core/logic/wa/GoogleMfaAuthAccountLogic.java
+++ b/core/am/logic/src/main/java/org/apache/syncope/core/logic/wa/GoogleMfaAuthAccountLogic.java
@@ -50,7 +50,7 @@ public class GoogleMfaAuthAccountLogic extends AbstractAuthProfileLogic {
}
@PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
- public void deleteFor(final String owner) {
+ public void delete(final String owner) {
authProfileDAO.findByOwner(owner).ifPresent(profile -> {
profile.setGoogleMfaAuthAccounts(List.of());
authProfileDAO.save(profile);
@@ -58,6 +58,26 @@ public class GoogleMfaAuthAccountLogic extends AbstractAuthProfileLogic {
}
@PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
+ public void delete(final long id) {
+ authProfileDAO.findAll(-1, -1).
+ stream().
+ filter(Objects::nonNull).
+ filter(profile -> profile.
+ getGoogleMfaAuthAccounts().
+ stream().
+ allMatch(acct -> acct.getId() == id)).
+ findFirst().
+ ifPresentOrElse(profile -> {
+ if (profile.getGoogleMfaAuthAccounts().removeIf(acct -> acct.getId() == id)) {
+ authProfileDAO.save(profile);
+ }
+ },
+ () -> {
+ throw new NotFoundException("Could not find account for id " + id);
+ });
+ }
+
+ @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
public void deleteAll() {
authProfileDAO.findAll(-1, -1).forEach(profile -> {
profile.setGoogleMfaAuthAccounts(List.of());
diff --git a/core/am/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/wa/GoogleMfaAuthAccountServiceImpl.java b/core/am/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/wa/GoogleMfaAuthAccountServiceImpl.java
index a3d32ce..658298a 100644
--- a/core/am/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/wa/GoogleMfaAuthAccountServiceImpl.java
+++ b/core/am/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/wa/GoogleMfaAuthAccountServiceImpl.java
@@ -35,7 +35,12 @@ public class GoogleMfaAuthAccountServiceImpl extends AbstractServiceImpl impleme
@Override
public void delete(final String owner) {
- logic.deleteFor(owner);
+ logic.delete(owner);
+ }
+
+ @Override
+ public void delete(final long id) {
+ logic.delete(id);
}
@Override
diff --git a/fit/wa-reference/src/main/resources/log4j2.xml b/fit/wa-reference/src/main/resources/log4j2.xml
index 45979c0..8916f42 100644
--- a/fit/wa-reference/src/main/resources/log4j2.xml
+++ b/fit/wa-reference/src/main/resources/log4j2.xml
@@ -36,15 +36,17 @@ under the License.
</appenders>
<loggers>
-
- <asyncLogger name="org.apereo.cas" additivity="false" level="INFO">
+ <asyncLogger name="org.apereo.cas" additivity="false" level="DEBUG">
+ <appender-ref ref="main"/>
+ </asyncLogger>
+ <asyncLogger name="org.apereo.services.persondir" additivity="false" level="DEBUG">
<appender-ref ref="main"/>
</asyncLogger>
<asyncLogger name="org.apereo.inspektr.audit.support" additivity="false" level="INFO">
<appender-ref ref="main"/>
</asyncLogger>
- <asyncLogger name="org.pac4j" additivity="false" level="ERROR">
+ <asyncLogger name="org.pac4j" additivity="false" level="INFO">
<appender-ref ref="main"/>
</asyncLogger>
diff --git a/fit/wa-reference/src/main/resources/wa.properties b/fit/wa-reference/src/main/resources/wa.properties
index 5d0cd5c..6d76e2a 100644
--- a/fit/wa-reference/src/main/resources/wa.properties
+++ b/fit/wa-reference/src/main/resources/wa.properties
@@ -33,7 +33,7 @@ cas.logout.follow-service-redirects=true
cas.authn.saml-idp.core.entity-id=${cas.server.name}/syncope-wa/saml
cas.authn.saml-idp.metadata.http.metadata-backup-location=file:${conf.directory}/saml
-cas.authn.oidc.core.issuer=${cas.server.name}/syncope-wa/oidc/
+cas.authn.oidc.core.issuer=${cas.server.name}/syncope-wa/oidc
cas.authn.oidc.discovery.id-token-signing-alg-values-supported=RS256,RS384,RS512,PS256,PS384,PS512,ES256,ES384,ES512,HS256,HS384,HS512
cas.authn.oidc.discovery.user-info-signing-alg-values-supported=RS256,RS384,RS512,PS256,PS384,PS512,ES256,ES384,ES512,HS256,HS384,HS512
cas.authn.oauth.user-profile-view-type=FLAT
diff --git a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java
index 22aad9a..f03574e 100644
--- a/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java
+++ b/fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractSRAITCase.java
@@ -169,7 +169,10 @@ public abstract class AbstractSRAITCase extends AbstractITCase {
ProcessBuilder processBuilder = new ProcessBuilder(
javaHome + "/bin/java",
"-Dreactor.netty.http.server.accessLogEnabled=true",
- "-jar", sraJar);
+ "-jar",
+ "-Xdebug",
+ "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5006",
+ sraJar);
processBuilder.inheritIO();
Map<String, String> environment = processBuilder.environment();
diff --git a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/OIDC4UIITCase.java b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/OIDC4UIITCase.java
index 020677d..49ce00a 100644
--- a/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/OIDC4UIITCase.java
+++ b/fit/wa-reference/src/test/java/org/apache/syncope/fit/ui/OIDC4UIITCase.java
@@ -119,12 +119,12 @@ public class OIDC4UIITCase extends AbstractUIITCase {
cas.setClientID(appName);
cas.setClientSecret(appName);
- cas.setIssuer(WA_ADDRESS + "/oidc/");
- cas.setAuthorizationEndpoint(WA_ADDRESS + "/oidc/authorize");
- cas.setTokenEndpoint(WA_ADDRESS + "/oidc/accessToken");
- cas.setJwksUri(WA_ADDRESS + "/oidc/jwks");
- cas.setUserinfoEndpoint(WA_ADDRESS + "/oidc/profile");
- cas.setEndSessionEndpoint(WA_ADDRESS + "/oidc/logout");
+ cas.setIssuer(WA_ADDRESS + "/oidc");
+ cas.setAuthorizationEndpoint(cas.getIssuer() + "/authorize");
+ cas.setTokenEndpoint(cas.getIssuer() + "/accessToken");
+ cas.setJwksUri(cas.getIssuer() + "/jwks");
+ cas.setUserinfoEndpoint(cas.getIssuer() + "/profile");
+ cas.setEndSessionEndpoint(cas.getIssuer() + "/logout");
cas.setCreateUnmatching(createUnmatching);
cas.setSelfRegUnmatching(selfRegUnmatching);
diff --git a/fit/wa-reference/src/test/resources/application-oidc.properties b/fit/wa-reference/src/test/resources/application-oidc.properties
index 44bac5c..ae41565 100644
--- a/fit/wa-reference/src/test/resources/application-oidc.properties
+++ b/fit/wa-reference/src/test/resources/application-oidc.properties
@@ -15,7 +15,7 @@
# specific language governing permissions and limitations
# under the License.
am.type=OIDC
-am.oidc.configuration=http://localhost:9080/syncope-wa/oidc/
+am.oidc.configuration=http://localhost:9080/syncope-wa/oidc
am.oidc.client.id=oidcTestClientId
am.oidc.client.secret=oidcTestClientSecret
diff --git a/fit/wa-reference/src/test/resources/log4j2.xml b/fit/wa-reference/src/test/resources/log4j2.xml
index 0d20b7e..759b411 100644
--- a/fit/wa-reference/src/test/resources/log4j2.xml
+++ b/fit/wa-reference/src/test/resources/log4j2.xml
@@ -36,6 +36,10 @@ under the License.
<asyncLogger name="org.apache.syncope.fit" additivity="false" level="DEBUG">
<appender-ref ref="main"/>
</asyncLogger>
+
+ <asyncLogger name="org.apereo.cas" additivity="false" level="DEBUG">
+ <appender-ref ref="main"/>
+ </asyncLogger>
<asyncLogger name="org.springframework" additivity="false" level="INFO">
<appender-ref ref="main"/>
diff --git a/pom.xml b/pom.xml
index 000547b..023a8ba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -448,9 +448,9 @@ under the License.
<modernizer-maven.version>2.2.0</modernizer-maven.version>
- <pac4j.version>5.0.1</pac4j.version>
+ <pac4j.version>5.1.2</pac4j.version>
- <cas.version>6.4.0-RC4</cas.version>
+ <cas.version>6.4.0-RC6</cas.version>
<cas-client.version>3.6.2</cas-client.version>
<h2.version>1.4.200</h2.version>
@@ -1427,6 +1427,17 @@ under the License.
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-radius-core</artifactId>
+ <version>${cas.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>gnu-getopt</groupId>
+ <artifactId>getopt</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-radius</artifactId>
<version>${cas.version}</version>
</dependency>
@@ -1527,18 +1538,6 @@ under the License.
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-servlet-core</artifactId>
</exclusion>
- <exclusion>
- <groupId>com.yubico</groupId>
- <artifactId>webauthn-server-core</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.yubico</groupId>
- <artifactId>webauthn-server-attestation</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.yubico</groupId>
- <artifactId>yubico-util</artifactId>
- </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -1562,36 +1561,8 @@ under the License.
<groupId>com.google.code.findbugs</groupId>
<artifactId>jsr305</artifactId>
</exclusion>
- <exclusion>
- <groupId>com.yubico</groupId>
- <artifactId>webauthn-server-core</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.yubico</groupId>
- <artifactId>webauthn-server-attestation</artifactId>
- </exclusion>
- <exclusion>
- <groupId>com.yubico</groupId>
- <artifactId>yubico-util</artifactId>
- </exclusion>
</exclusions>
</dependency>
- <!-- TMP until CAS 6.4.0-RC5 -->
- <dependency>
- <groupId>com.yubico</groupId>
- <artifactId>webauthn-server-core</artifactId>
- <version>1.9.1-RC2</version>
- </dependency>
- <dependency>
- <groupId>com.yubico</groupId>
- <artifactId>webauthn-server-attestation</artifactId>
- <version>1.9.1-RC2</version>
- </dependency>
- <dependency>
- <groupId>com.yubico</groupId>
- <artifactId>yubico-util</artifactId>
- <version>1.9.1-RC2</version>
- </dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-gauth</artifactId>
@@ -2058,40 +2029,6 @@ under the License.
<enabled>true</enabled>
</releases>
</repository>
-
- <!-- Disable some Spring repositories pulled in by dependencies - see
- https://spring.io/blog/2020/10/29/notice-of-permissions-changes-to-repo-spring-io-fall-and-winter-2020 -->
- <repository>
- <id>spring-libs-milestone</id>
- <url>https://repo.spring.io/libs-milestone</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- <repository>
- <id>spring-plugins</id>
- <url>https://repo.spring.io/plugins-release/</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
- <!-- see https://jfrog.com/blog/into-the-sunset-bintray-jcenter-gocenter-and-chartcenter/ -->
- <repository>
- <id>uniconiam</id>
- <url>https://dl.bintray.com/uniconiam/maven</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- </repository>
</repositories>
<pluginRepositories>
diff --git a/sra/src/test/resources/debug/application-debug.properties b/sra/src/test/resources/debug/application-debug.properties
index c6ab6c7..7f55501 100644
--- a/sra/src/test/resources/debug/application-debug.properties
+++ b/sra/src/test/resources/debug/application-debug.properties
@@ -15,7 +15,7 @@
# specific language governing permissions and limitations
# under the License.
am.type=OIDC
-am.oidc.configuration=http://localhost:9080/syncope-wa/oidc/
+am.oidc.configuration=http://localhost:9080/syncope-wa/oidc
am.oidc.client.id=oidcTestClientId
am.oidc.client.secret=oidcTestClientSecret
diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
index 8ee3884..8d655e6 100644
--- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
+++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/SyncopeWAPropertySourceLocator.java
@@ -52,7 +52,7 @@ import org.apereo.cas.configuration.model.support.ldap.AbstractLdapAuthenticatio
import org.apereo.cas.configuration.model.support.ldap.LdapAuthenticationProperties;
import org.apereo.cas.configuration.model.support.mfa.DuoSecurityMultifactorAuthenticationProperties;
import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties;
-import org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorAuthenticationProperties;
+import org.apereo.cas.configuration.model.support.mfa.gauth.GoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.configuration.model.support.mfa.u2f.U2FMultifactorAuthenticationProperties;
import org.apereo.cas.configuration.model.support.pac4j.Pac4jDelegatedAuthenticationProperties;
import org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jGenericOidcClientProperties;
@@ -206,14 +206,14 @@ public class SyncopeWAPropertySourceLocator implements PropertySourceLocator {
final String authModule,
final GoogleMfaAuthModuleConf conf) {
- GoogleAuthenticatorMultifactorAuthenticationProperties props =
- new GoogleAuthenticatorMultifactorAuthenticationProperties();
+ GoogleAuthenticatorMultifactorProperties props =
+ new GoogleAuthenticatorMultifactorProperties();
props.setName(authModule);
- props.setIssuer(conf.getIssuer());
- props.setCodeDigits(conf.getCodeDigits());
- props.setLabel(conf.getLabel());
- props.setTimeStepSize(conf.getTimeStepSize());
- props.setWindowSize(conf.getWindowSize());
+ props.getCore().setIssuer(conf.getIssuer());
+ props.getCore().setCodeDigits(conf.getCodeDigits());
+ props.getCore().setLabel(conf.getLabel());
+ props.getCore().setTimeStepSize(conf.getTimeStepSize());
+ props.getCore().setWindowSize(conf.getWindowSize());
CasConfigurationProperties casProperties = new CasConfigurationProperties();
casProperties.getAuthn().getMfa().setGauth(props);
@@ -239,10 +239,10 @@ public class SyncopeWAPropertySourceLocator implements PropertySourceLocator {
U2FMultifactorAuthenticationProperties props = new U2FMultifactorAuthenticationProperties();
props.setName(authModule);
- props.setExpireDevices(conf.getExpireDevices());
- props.setExpireDevicesTimeUnit(TimeUnit.valueOf(conf.getExpireDevicesTimeUnit()));
- props.setExpireRegistrations(conf.getExpireRegistrations());
- props.setExpireRegistrationsTimeUnit(TimeUnit.valueOf(conf.getExpireRegistrationsTimeUnit()));
+ props.getCore().setExpireDevices(conf.getExpireDevices());
+ props.getCore().setExpireDevicesTimeUnit(TimeUnit.valueOf(conf.getExpireDevicesTimeUnit()));
+ props.getCore().setExpireRegistrations(conf.getExpireRegistrations());
+ props.getCore().setExpireRegistrationsTimeUnit(TimeUnit.valueOf(conf.getExpireRegistrationsTimeUnit()));
CasConfigurationProperties casProperties = new CasConfigurationProperties();
casProperties.getAuthn().getMfa().setU2f(props);
diff --git a/wa/starter/pom.xml b/wa/starter/pom.xml
index 9195bfd..3478777 100644
--- a/wa/starter/pom.xml
+++ b/wa/starter/pom.xml
@@ -163,6 +163,10 @@ under the License.
<artifactId>cas-server-support-themes</artifactId>
</dependency>
<dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-radius-core</artifactId>
+ </dependency>
+ <dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-radius</artifactId>
</dependency>
@@ -227,19 +231,6 @@ under the License.
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-webauthn-core</artifactId>
</dependency>
- <!-- TMP until CAS 6.4.0-RC5 -->
- <dependency>
- <groupId>com.yubico</groupId>
- <artifactId>webauthn-server-core</artifactId>
- </dependency>
- <dependency>
- <groupId>com.yubico</groupId>
- <artifactId>webauthn-server-attestation</artifactId>
- </dependency>
- <dependency>
- <groupId>com.yubico</groupId>
- <artifactId>yubico-util</artifactId>
- </dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-u2f</artifactId>
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/SyncopeWAConfiguration.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/SyncopeWAConfiguration.java
index 4283c0d..bcb0764 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/SyncopeWAConfiguration.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/SyncopeWAConfiguration.java
@@ -68,7 +68,7 @@ import org.apereo.cas.adaptors.u2f.storage.U2FDeviceRepository;
import org.apereo.cas.audit.AuditTrailExecutionPlanConfigurer;
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
import org.apereo.cas.configuration.CasConfigurationProperties;
-import org.apereo.cas.configuration.model.support.mfa.u2f.U2FMultifactorAuthenticationProperties;
+import org.apereo.cas.configuration.model.support.mfa.u2f.U2FCoreMultifactorAuthenticationProperties;
import org.apereo.cas.oidc.jwks.OidcJsonWebKeystoreGeneratorService;
import org.apereo.cas.otp.repository.credentials.OneTimeTokenCredentialRepository;
import org.apereo.cas.otp.repository.token.OneTimeTokenRepository;
@@ -90,7 +90,9 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+@Configuration(value = "SyncopeWAConfiguration", proxyBeanMethods = true)
public class SyncopeWAConfiguration {
@Autowired
@@ -259,7 +261,7 @@ public class SyncopeWAConfiguration {
@Bean
public OneTimeTokenRepository oneTimeTokenAuthenticatorTokenRepository(final WARestClient restClient) {
return new SyncopeWAGoogleMfaAuthTokenRepository(
- restClient, casProperties.getAuthn().getMfa().getGauth().getTimeStepSize());
+ restClient, casProperties.getAuthn().getMfa().getGauth().getCore().getTimeStepSize());
}
@Autowired
@@ -291,7 +293,7 @@ public class SyncopeWAConfiguration {
@Autowired
@RefreshScope
public U2FDeviceRepository u2fDeviceRepository(final WARestClient restClient) {
- U2FMultifactorAuthenticationProperties u2f = casProperties.getAuthn().getMfa().getU2f();
+ U2FCoreMultifactorAuthenticationProperties u2f = casProperties.getAuthn().getMfa().getU2f().getCore();
LocalDate expirationDate = LocalDate.now(ZoneId.systemDefault()).
minus(u2f.getExpireDevices(), DateTimeUtils.toChronoUnit(u2f.getExpireDevicesTimeUnit()));
LoadingCache<String, String> requestStorage = Caffeine.newBuilder().
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/events/SyncopeWAEventRepository.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/events/SyncopeWAEventRepository.java
index 1286ea1..c89eea0 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/events/SyncopeWAEventRepository.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/events/SyncopeWAEventRepository.java
@@ -58,11 +58,11 @@ public class SyncopeWAEventRepository extends AbstractCasEventRepository {
}
@Override
- public void saveInternal(final CasEvent event) {
+ public CasEvent saveInternal(final CasEvent event) {
SyncopeClient syncopeClient = waRestClient.getSyncopeClient();
if (syncopeClient == null) {
LOG.debug("Syncope client is not yet ready to store audit record");
- return;
+ return null;
}
LOG.info("Saving Cas events");
@@ -96,6 +96,7 @@ public class SyncopeWAEventRepository extends AbstractCasEventRepository {
} catch (JsonProcessingException e) {
LOG.error("During serialization", e);
}
+ return event;
}
@Override
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/SyncopeWAGoogleMfaAuthCredentialRepository.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/SyncopeWAGoogleMfaAuthCredentialRepository.java
index 3b8b102..003a187 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/SyncopeWAGoogleMfaAuthCredentialRepository.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/SyncopeWAGoogleMfaAuthCredentialRepository.java
@@ -163,6 +163,11 @@ public class SyncopeWAGoogleMfaAuthCredentialRepository extends BaseGoogleAuthen
}
@Override
+ public void delete(final long id) {
+ waRestClient.getSyncopeClient().getService(GoogleMfaAuthAccountService.class).delete(id);
+ }
+
+ @Override
public long count() {
return waRestClient.getSyncopeClient().getService(GoogleMfaAuthAccountService.class).list().getTotalCount();
}
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
index eca4e7d..bc0a5f4 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/OIDCRPClientAppTOMapper.java
@@ -64,7 +64,7 @@ public class OIDCRPClientAppTOMapper extends AbstractClientAppMapper {
OidcRegisteredService service = new OidcRegisteredService();
setCommon(service, rp);
- service.setServiceId(Stream.concat(rp.getRedirectUris().stream(), Stream.of(rp.getLogoutUri())).
+ service.setServiceId(rp.getRedirectUris().stream().
filter(Objects::nonNull).
collect(Collectors.joining("|")));
service.setClientId(rp.getClientId());
diff --git a/wa/starter/src/main/resources/log4j2.xml b/wa/starter/src/main/resources/log4j2.xml
index 45979c0..e97e441 100644
--- a/wa/starter/src/main/resources/log4j2.xml
+++ b/wa/starter/src/main/resources/log4j2.xml
@@ -40,6 +40,11 @@ under the License.
<asyncLogger name="org.apereo.cas" additivity="false" level="INFO">
<appender-ref ref="main"/>
</asyncLogger>
+
+ <asyncLogger name="org.apereo.services.persondir" additivity="false" level="INFO">
+ <appender-ref ref="main"/>
+ </asyncLogger>
+
<asyncLogger name="org.apereo.inspektr.audit.support" additivity="false" level="INFO">
<appender-ref ref="main"/>
</asyncLogger>
diff --git a/wa/starter/src/main/resources/wa.properties b/wa/starter/src/main/resources/wa.properties
index 81d0d2e..226946c 100644
--- a/wa/starter/src/main/resources/wa.properties
+++ b/wa/starter/src/main/resources/wa.properties
@@ -33,7 +33,7 @@ cas.logout.follow-service-redirects=true
cas.authn.saml-idp.core.entity-id=${cas.server.name}/syncope-wa/saml
cas.authn.saml-idp.metadata.http.metadata-backup-location=file:${conf.directory}/saml
-cas.authn.oidc.core.issuer=${cas.server.name}/syncope-wa/oidc/
+cas.authn.oidc.core.issuer=${cas.server.name}/syncope-wa/oidc
cas.authn.oidc.discovery.id-token-signing-alg-values-supported=RS256,RS384,RS512,PS256,PS384,PS512,ES256,ES384,ES512,HS256,HS384,HS512
cas.authn.oidc.discovery.user-info-signing-alg-values-supported=RS256,RS384,RS512,PS256,PS384,PS512,ES256,ES384,ES512,HS256,HS384,HS512
cas.authn.oauth.user-profile-view-type=FLAT