Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
switch keys of saml authentication module to optional
- Loading branch information
Showing
4 changed files
with
2,631 additions
and
2,535 deletions.
There are no files selected for viewing
93 changes: 93 additions & 0 deletions
93
.../com/evolveum/midpoint/web/security/MidpointHostBasedSamlServiceProviderProvisioning.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
/* | ||
* Copyright (c) 2010-2019 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
package com.evolveum.midpoint.web.security; | ||
|
||
import org.springframework.security.saml.SamlMetadataCache; | ||
import org.springframework.security.saml.SamlTransformer; | ||
import org.springframework.security.saml.SamlValidator; | ||
import org.springframework.security.saml.key.KeyType; | ||
import org.springframework.security.saml.key.SimpleKey; | ||
import org.springframework.security.saml.provider.config.SamlConfigurationRepository; | ||
import org.springframework.security.saml.provider.provisioning.HostBasedSamlServiceProviderProvisioning; | ||
import org.springframework.security.saml.provider.service.AuthenticationRequestEnhancer; | ||
import org.springframework.security.saml.provider.service.HostedServiceProviderService; | ||
import org.springframework.security.saml.provider.service.ServiceProviderService; | ||
import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration; | ||
import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata; | ||
|
||
import java.util.Collections; | ||
import java.util.LinkedList; | ||
import java.util.List; | ||
|
||
import static org.springframework.util.StringUtils.hasText; | ||
|
||
/** | ||
* @author skublik | ||
*/ | ||
|
||
public class MidpointHostBasedSamlServiceProviderProvisioning extends HostBasedSamlServiceProviderProvisioning { | ||
|
||
private final AuthenticationRequestEnhancer authnRequestEnhancer; | ||
|
||
public MidpointHostBasedSamlServiceProviderProvisioning(SamlConfigurationRepository configuration, SamlTransformer transformer, SamlValidator validator, SamlMetadataCache cache, AuthenticationRequestEnhancer authnRequestEnhancer) { | ||
super(configuration, transformer, validator, cache, authnRequestEnhancer); | ||
this.authnRequestEnhancer = authnRequestEnhancer; | ||
} | ||
|
||
protected ServiceProviderService getHostedServiceProvider(LocalServiceProviderConfiguration spConfig) { | ||
String basePath = spConfig.getBasePath(); | ||
|
||
List<SimpleKey> keys = new LinkedList<>(); | ||
SimpleKey signingKey = null; | ||
if (spConfig.getKeys() != null) { | ||
SimpleKey activeKey = spConfig.getKeys().getActive(); | ||
if (activeKey != null) { | ||
keys.add(activeKey); | ||
keys.add(activeKey.clone(activeKey.getName() + "-encryption", KeyType.ENCRYPTION)); | ||
} | ||
keys.addAll(spConfig.getKeys().getStandBy()); | ||
signingKey = spConfig.isSignMetadata() ? spConfig.getKeys().getActive() : null; | ||
} | ||
|
||
String prefix = hasText(spConfig.getPrefix()) ? spConfig.getPrefix() : "saml/sp/"; | ||
String aliasPath = getAliasPath(spConfig); | ||
ServiceProviderMetadata metadata = | ||
serviceProviderMetadata( | ||
basePath, | ||
signingKey, | ||
keys, | ||
prefix, | ||
aliasPath, | ||
spConfig.getDefaultSigningAlgorithm(), | ||
spConfig.getDefaultDigest() | ||
); | ||
if (!spConfig.getNameIds().isEmpty()) { | ||
metadata.getServiceProvider().setNameIds(spConfig.getNameIds()); | ||
} | ||
|
||
if (!spConfig.isSingleLogoutEnabled()) { | ||
metadata.getServiceProvider().setSingleLogoutService(Collections.emptyList()); | ||
} | ||
if (hasText(spConfig.getEntityId())) { | ||
metadata.setEntityId(spConfig.getEntityId()); | ||
} | ||
if (hasText(spConfig.getAlias())) { | ||
metadata.setEntityAlias(spConfig.getAlias()); | ||
} | ||
metadata.getServiceProvider().setWantAssertionsSigned(spConfig.isWantAssertionsSigned()); | ||
metadata.getServiceProvider().setAuthnRequestsSigned(spConfig.isSignRequests()); | ||
|
||
return new HostedServiceProviderService( | ||
spConfig, | ||
metadata, | ||
getTransformer(), | ||
getValidator(), | ||
getCache(), | ||
authnRequestEnhancer | ||
); | ||
} | ||
} |
Oops, something went wrong.