Skip to content

Commit

Permalink
Merge branch 'master' of github.com:Evolveum/midpoint
Browse files Browse the repository at this point in the history
  • Loading branch information
@1azyman
1azyman committed Feb 18, 2022
2 parents f66bdb8 + c081375 commit 6e90ca3
Show file tree
Hide file tree
Showing 6 changed files with 56 additions and 248 deletions.
5 changes: 3 additions & 2 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageLogin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,9 +159,10 @@ public boolean isVisible() {
});
if (securityPolicy != null) {
SelfRegistrationPolicyType selfRegistrationPolicy = SecurityPolicyUtil.getSelfRegistrationPolicy(securityPolicy);
String sequenceName = selfRegistrationPolicy.getAdditionalAuthenticationSequence() == null ? selfRegistrationPolicy.getAdditionalAuthenticationName() : selfRegistrationPolicy.getAdditionalAuthenticationSequence();
if (selfRegistrationPolicy != null
&& StringUtils.isNotBlank(selfRegistrationPolicy.getAdditionalAuthenticationName())) {
AuthenticationSequenceType sequence = SecurityUtils.getSequenceByName(selfRegistrationPolicy.getAdditionalAuthenticationName(),
&& StringUtils.isNotBlank(sequenceName)) {
AuthenticationSequenceType sequence = SecurityUtils.getSequenceByName(sequenceName,
securityPolicy.getAuthentication());
if (sequence != null) {
registration.add(AttributeModifier.replace("href", new IModel<String>() {
Expand Down
4 changes: 2 additions & 2 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/SelfRegistrationDto.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ private void init(SecurityPolicyType securityPolicy, SelfRegistrationPolicyType
this.defaultRoles = selfRegistration.getDefaultRole();
this.initialLifecycleState = selfRegistration.getInitialLifecycleState();
this.requiredLifecycleState = selfRegistration.getRequiredLifecycleState();
this.additionalAuthentication = selfRegistration.getAdditionalAuthenticationName();
this.additionalAuthentication = selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence();
this.authenticationPolicy = securityPolicy.getAuthentication();

this.formRef = selfRegistration.getFormRef();
Expand All @@ -93,7 +93,7 @@ private void init(SecurityPolicyType securityPolicy, SelfRegistrationPolicyType
noncePolicy = SecurityPolicyUtil.getCredentialPolicy(mailModuleAuthentication.getCredentialName(), securityPolicy);
} else {
AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil.getAuthenticationPolicy(
selfRegistration.getAdditionalAuthenticationName(), securityPolicy);
selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence(), securityPolicy);

if (authPolicy instanceof MailAuthenticationPolicyType) {
this.mailAuthenticationPolicy = (MailAuthenticationPolicyType) authPolicy;
Expand Down
224 changes: 21 additions & 203 deletions infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,6 @@
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- later: audit: login/logout auditing settings (if needed) -->
<xsd:element name="mailAuthentication" type="tns:MailAuthenticationPolicyType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:appinfo>
Expand Down Expand Up @@ -486,14 +485,6 @@
<xsd:complexContent>
<xsd:extension base="tns:AbstractAuthenticationModuleType">
<xsd:sequence>
<xsd:element name="network" type="tns:Saml2NetworkAuthenticationModuleType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="serviceProvider" type="tns:Saml2ServiceProviderAuthenticationModuleType" minOccurs="1" maxOccurs="unbounded"/>
</xsd:sequence>
</xsd:extension>
Expand Down Expand Up @@ -555,192 +546,30 @@
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="defaultDigest" type="tns:Saml2DigestAuthenticationModuleType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Default digest method. Default is SHA256;
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="signRequests" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
<xsd:annotation>
<xsd:documentation>
Flag indicating whether this service signs authentication requests.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="wantAssertionsSigned" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
<xsd:annotation>
<xsd:documentation>
Flag indicating whether this service requires signed assertions.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="singleLogoutEnabled" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="true">
<xsd:annotation>
<xsd:documentation>
Flag indicating whether this service enable single logout.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="nameId" type="tns:Saml2NameIdAuthenticationModuleType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
Name identifiers to be included in the metadata. Supported values are:
EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED and X509_SUBJECT.
Order of NameIDs in the property determines order of NameIDs
in the generated metadata.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="keys" type="tns:Saml2KeyAuthenticationModuleType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Key used by service provider.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="provider" type="tns:Saml2ProviderAuthenticationModuleType" minOccurs="1" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
Possible identity providers for this service provider.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="identityProvider" type="tns:Saml2ProviderAuthenticationModuleType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Possible identity providers for this service provider.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="metadata" type="tns:Saml2ProviderMetadataAuthenticationModuleType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Service provider can use prepared metadata.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:complexType>

<xsd:simpleType name="Saml2NameIdAuthenticationModuleType">
<xsd:annotation>
<xsd:documentation>
Possible NameId.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
<jaxb:typesafeEnumClass/>
</xsd:appinfo>
</xsd:annotation>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="EMAIL"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="TRANSIENT"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="PERSISTENT"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="UNSPECIFIED"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="X509_SUBJECT"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleType>

<xsd:simpleType name="Saml2DigestAuthenticationModuleType">
<xsd:annotation>
<xsd:documentation>
Possible digest method.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
<jaxb:typesafeEnumClass/>
</xsd:appinfo>
</xsd:annotation>
<xsd:restriction base="xsd:string">
<xsd:enumeration value="http://www.w3.org/2000/09/xmldsig#sha1">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="SHA1"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="http://www.w3.org/2001/04/xmlenc#sha256">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="SHA256"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="http://www.w3.org/2001/04/xmlenc#sha512">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="SHA512"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
<xsd:enumeration value="http://www.w3.org/2001/04/xmlenc#ripemd160">
<xsd:annotation>
<xsd:appinfo>
<jaxb:typesafeEnumMember name="RIPEMD160"/>
</xsd:appinfo>
</xsd:annotation>
</xsd:enumeration>
</xsd:restriction>
</xsd:simpleType>

<xsd:simpleType name="Saml2SigningAlgorithmAuthenticationModuleType">
<xsd:annotation>
<xsd:documentation>
Expand Down Expand Up @@ -951,43 +780,13 @@
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="alias" type="xsd:string" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Unique alias used to identify the selected local service provider based on used URL.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="metadata" type="tns:Saml2ProviderMetadataAuthenticationModuleType" minOccurs="1" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Metadata of Identity provider.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="skipSslValidation" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
<xsd:annotation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="metadataTrustCheck" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
<xsd:annotation>
<xsd:documentation>
Flag indicating disabled signature verification.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:plannedRemoval>4.5</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="linkText" type="xsd:string" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Expand Down Expand Up @@ -1812,7 +1611,6 @@
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<!-- Later: authenticationSequenceName -->
<xsd:element name="newCredentialSource" type="tns:CredentialSourceType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Expand Down Expand Up @@ -1867,7 +1665,7 @@
<xsd:element name="formRef" type="c:ObjectReferenceType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Reference to form which is displayed for registration
Reference to form which is displayed for reset
</xsd:documentation>
<xsd:appinfo>
<a:objectReferenceTargetType>tns:FormType</a:objectReferenceTargetType>
Expand Down Expand Up @@ -2099,6 +1897,26 @@
<xsd:element name="displayName" type="xsd:string" minOccurs="0">
</xsd:element>
<xsd:element name="additionalAuthenticationName" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Deprecated from 4.5 please use element 'additionalAuthenticationSequence'.
</xsd:documentation>
<xsd:appinfo>
<a:deprecated>true</a:deprecated>
<a:deprecatedSince>4.5</a:deprecatedSince>
<a:plannedRemoval>4.6</a:plannedRemoval>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="additionalAuthenticationSequence" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Defined authentication sequence, which will be use for additional authentication.
</xsd:documentation>
<xsd:appinfo>
<a:since>4.5</a:since>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="defaultRole" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
Expand Down
10 changes: 6 additions & 4 deletions ...pl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointAuthFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,10 +390,12 @@ private boolean existOldAuthConfigurationForSelfRegistration(HttpServletRequest
PrismObject<SecurityPolicyType> securityPolicy = getSecurityPolicy();
if (securityPolicy != null) {
SelfRegistrationPolicyType selfReg = SecurityPolicyUtil.getSelfRegistrationPolicy(securityPolicy.asObjectable());
if (selfReg != null
&& StringUtils.isNotBlank(selfReg.getAdditionalAuthenticationName())
&& SecurityPolicyUtil.getAuthenticationPolicy(selfReg.getAdditionalAuthenticationName(), securityPolicy.asObjectable()) != null) {
return true;
if (selfReg != null) {
String sequenceName = selfReg.getAdditionalAuthenticationSequence() == null ? selfReg.getAdditionalAuthenticationName() : selfReg.getAdditionalAuthenticationSequence();
if (StringUtils.isNotBlank(sequenceName)
&& SecurityPolicyUtil.getAuthenticationPolicy(sequenceName, securityPolicy.asObjectable()) != null) {
return true;
}
}
}
} catch (SchemaException e) {
Expand Down

0 comments on commit 6e90ca3

Please sign in to comment.