revision of schema for reset password and self registration with old …

…authentication

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageLogin.java

@@ -159,9 +159,10 @@ public boolean isVisible() {
         });
         if (securityPolicy != null) {
             SelfRegistrationPolicyType selfRegistrationPolicy = SecurityPolicyUtil.getSelfRegistrationPolicy(securityPolicy);
+            String sequenceName = selfRegistrationPolicy.getAdditionalAuthenticationSequence() == null ? selfRegistrationPolicy.getAdditionalAuthenticationName() : selfRegistrationPolicy.getAdditionalAuthenticationSequence();
             if (selfRegistrationPolicy != null
-                    && StringUtils.isNotBlank(selfRegistrationPolicy.getAdditionalAuthenticationName())) {
-                AuthenticationSequenceType sequence = SecurityUtils.getSequenceByName(selfRegistrationPolicy.getAdditionalAuthenticationName(),
+                    && StringUtils.isNotBlank(sequenceName)) {
+                AuthenticationSequenceType sequence = SecurityUtils.getSequenceByName(sequenceName,
                         securityPolicy.getAuthentication());
                 if (sequence != null) {
                     registration.add(AttributeModifier.replace("href", new IModel<String>() {

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/SelfRegistrationDto.java

@@ -75,7 +75,7 @@ private void init(SecurityPolicyType securityPolicy, SelfRegistrationPolicyType
         this.defaultRoles = selfRegistration.getDefaultRole();
         this.initialLifecycleState = selfRegistration.getInitialLifecycleState();
         this.requiredLifecycleState = selfRegistration.getRequiredLifecycleState();
-        this.additionalAuthentication = selfRegistration.getAdditionalAuthenticationName();
+        this.additionalAuthentication = selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence();
         this.authenticationPolicy = securityPolicy.getAuthentication();
 
         this.formRef = selfRegistration.getFormRef();
@@ -93,7 +93,7 @@ private void init(SecurityPolicyType securityPolicy, SelfRegistrationPolicyType
             noncePolicy = SecurityPolicyUtil.getCredentialPolicy(mailModuleAuthentication.getCredentialName(), securityPolicy);
         } else {
             AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil.getAuthenticationPolicy(
-                    selfRegistration.getAdditionalAuthenticationName(), securityPolicy);
+                    selfRegistration.getAdditionalAuthenticationSequence() == null ? selfRegistration.getAdditionalAuthenticationName() : selfRegistration.getAdditionalAuthenticationSequence(), securityPolicy);
 
             if (authPolicy instanceof MailAuthenticationPolicyType) {
                 this.mailAuthenticationPolicy = (MailAuthenticationPolicyType) authPolicy;

infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd

@@ -107,7 +107,6 @@
                     </xsd:appinfo>
                 </xsd:annotation>
             </xsd:element>
-            <!-- later: audit: login/logout auditing settings (if needed) -->
             <xsd:element name="mailAuthentication" type="tns:MailAuthenticationPolicyType" minOccurs="0" maxOccurs="unbounded">
                 <xsd:annotation>
                     <xsd:appinfo>
@@ -1612,7 +1611,6 @@
                     </xsd:appinfo>
                 </xsd:annotation>
             </xsd:element>
-            <!-- Later: authenticationSequenceName -->
             <xsd:element name="newCredentialSource" type="tns:CredentialSourceType" minOccurs="0" maxOccurs="1">
                 <xsd:annotation>
                     <xsd:documentation>
@@ -1667,7 +1665,7 @@
             <xsd:element name="formRef" type="c:ObjectReferenceType" minOccurs="0" maxOccurs="1">
                 <xsd:annotation>
                     <xsd:documentation>
-                        Reference to form which is displayed for registration
+                        Reference to form which is displayed for reset
                     </xsd:documentation>
                     <xsd:appinfo>
                         <a:objectReferenceTargetType>tns:FormType</a:objectReferenceTargetType>
@@ -1899,6 +1897,26 @@
             <xsd:element name="displayName" type="xsd:string" minOccurs="0">
             </xsd:element>
             <xsd:element name="additionalAuthenticationName" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Deprecated from 4.5 please use element 'additionalAuthenticationSequence'.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:deprecated>true</a:deprecated>
+                        <a:deprecatedSince>4.5</a:deprecatedSince>
+                        <a:plannedRemoval>4.6</a:plannedRemoval>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="additionalAuthenticationSequence" type="xsd:string" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Defined authentication sequence, which will be use for additional authentication.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <a:since>4.5</a:since>
+                    </xsd:appinfo>
+                </xsd:annotation>
             </xsd:element>
             <xsd:element name="defaultRole" type="tns:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
                 <xsd:annotation>

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointAuthFilter.java

@@ -390,10 +390,12 @@ private boolean existOldAuthConfigurationForSelfRegistration(HttpServletRequest
             PrismObject<SecurityPolicyType> securityPolicy = getSecurityPolicy();
             if (securityPolicy != null) {
                 SelfRegistrationPolicyType selfReg = SecurityPolicyUtil.getSelfRegistrationPolicy(securityPolicy.asObjectable());
-                if (selfReg != null
-                    && StringUtils.isNotBlank(selfReg.getAdditionalAuthenticationName())
-                    && SecurityPolicyUtil.getAuthenticationPolicy(selfReg.getAdditionalAuthenticationName(), securityPolicy.asObjectable()) != null) {
-                    return true;
+                if (selfReg != null) {
+                    String sequenceName = selfReg.getAdditionalAuthenticationSequence() == null ? selfReg.getAdditionalAuthenticationName() : selfReg.getAdditionalAuthenticationSequence();
+                    if (StringUtils.isNotBlank(sequenceName)
+                            && SecurityPolicyUtil.getAuthenticationPolicy(sequenceName, securityPolicy.asObjectable()) != null) {
+                        return true;
+                    }
                 }
             }
         } catch (SchemaException e) {

model/authentication-impl/src/main/java/com/evolveum/midpoint/authentication/impl/module/configuration/SamlModuleWebSecurityConfiguration.java

@@ -37,7 +37,6 @@
 import org.springframework.security.saml2.core.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
-import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 import org.springframework.web.util.UriComponentsBuilder;
 
 import com.evolveum.midpoint.prism.crypto.EncryptionException;

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java

@@ -1484,11 +1484,13 @@ public String createRegistrationConfirmationLink(UserType userType) {
         if (securityPolicy != null && securityPolicy.getAuthentication() != null
                 && securityPolicy.getAuthentication().getSequence() != null && !securityPolicy.getAuthentication().getSequence().isEmpty()) {
             SelfRegistrationPolicyType selfRegistrationPolicy = SecurityPolicyUtil.getSelfRegistrationPolicy(securityPolicy);
-            if (selfRegistrationPolicy != null && selfRegistrationPolicy.getAdditionalAuthenticationName() != null) {
-                String resetPasswordSequenceName = selfRegistrationPolicy.getAdditionalAuthenticationName();
-                String prefix = createPrefixLinkByAuthSequence(SchemaConstants.CHANNEL_SELF_REGISTRATION_URI, resetPasswordSequenceName, securityPolicy.getAuthentication().getSequence());
-                if (prefix != null) {
-                    return createTokenConfirmationLink(prefix, userType);
+            if (selfRegistrationPolicy != null) {
+                String resetPasswordSequenceName = selfRegistrationPolicy.getAdditionalAuthenticationSequence() == null ? selfRegistrationPolicy.getAdditionalAuthenticationName() : selfRegistrationPolicy.getAdditionalAuthenticationSequence();
+                if (resetPasswordSequenceName != null) {
+                    String prefix = createPrefixLinkByAuthSequence(SchemaConstants.CHANNEL_SELF_REGISTRATION_URI, resetPasswordSequenceName, securityPolicy.getAuthentication().getSequence());
+                    if (prefix != null) {
+                        return createTokenConfirmationLink(prefix, userType);
+                    }
                 }
             }
         }