-
Notifications
You must be signed in to change notification settings - Fork 826
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New SAML 2024.05.30 - Not to merge but just for SAML feature branch testing #2908
base: develop
Are you sure you want to change the base?
Commits on Jul 12, 2024
-
remove: SAML extension library dependency
Co-authored-by: Peter Chen <peter-h.chen@broadcom.com> Co-authored-by: Bruce Ricard <bruce.ricard@broadcom.com> Co-authored-by: Danny Faught <danny.faught@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for dd91275 - Browse repository at this point
Copy the full SHA dd91275View commit details -
Ignore non-functioning SAML tests
* Instead of calling fail(). We have a suspicion that there is a bug in the way the tests are running (most of them are somehow not running with "./gradlew test" and we have a theory that a combination of mixing junit4 imports and the junit5 fail() might be contributing. * I was careful to use @ignore for tests importing the junit4 @test, and @disabled for tests using the junit5 @test. * These annotations were added, with the idea that you can search for '@ignore("SAML' and '@disabled("SAML' to find the tests that need attention before we finish the SAML library conversion. @ignore("SAML test fails") @ignore("SAML test doesn't compile") @ignore("SAML test setup doesn't compile") @disabled("SAML test fails") @disabled("SAML test doesn't compile") * A few tests are set to ignore because they're failing for the right reasons, but more work is needed to finish that and get back to green. The goal is to start tracking these annotations instead of failing tests, so we can stay green. * Tests now running: server module: 3,435 (in IntelliJ) (98 total ignored) uaa module: 67 (command line run of "./gradlew test" for all tests - still needs troubleshooting) Co-authored-by: Danny Faught <danny.faught@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 316af55 - Browse repository at this point
Copy the full SHA 316af55View commit details -
update @ignore - test now compiles
Co-authored-by: Hongchol Sinn <hongchol.sinn@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 65ac33b - Browse repository at this point
Copy the full SHA 65ac33bView commit details -
feat: switch to new Spring Security SAML library
* Removed commented-out references to the outdated SAML extension library Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 38b3d94 - Browse repository at this point
Copy the full SHA 38b3d94View commit details -
feat: Supply metadata through /saml/metadata
- Adds back endpoint and incorporates forwarding for new pattern saml2 endpoints, Still has some wip elements WithHttpsNotRequired > samlMetadataReturnsOk still red RelyingPartyRegistration is hardcoded in xml, /saml/metadata/ with trailing slash not working missing parity with develop [#186986697] Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 2d6d669 - Browse repository at this point
Copy the full SHA 2d6d669View commit details -
fix: handle case when Servlet Path is null and ensures test WithHttps…
…NotRequired -> samlMetadataReturnsOk is green - fixed one test but still WithHttpsRequired > samlMetadataReturnsOk is red after fixing this test - HealthzShouldNotBeProtectedMockMvcTests > WithHttpsRequired > samlMetadataRedirects() FAILED java.lang.AssertionError: Range for response status value 200 expected:<REDIRECTION> but was:<SUCCESSFUL> [#186986697] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 1cefd02 - Browse repository at this point
Copy the full SHA 1cefd02View commit details -
remove: SAML extension library dependency
Co-authored-by: Peter Chen <peter-h.chen@broadcom.com> Co-authored-by: Bruce Ricard <bruce.ricard@broadcom.com> Co-authored-by: Danny Faught <danny.faught@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 2deef93 - Browse repository at this point
Copy the full SHA 2deef93View commit details -
Ignore non-functioning SAML tests
* Instead of calling fail(). We have a suspicion that there is a bug in the way the tests are running (most of them are somehow not running with "./gradlew test" and we have a theory that a combination of mixing junit4 imports and the junit5 fail() might be contributing. * I was careful to use @ignore for tests importing the junit4 @test, and @disabled for tests using the junit5 @test. * These annotations were added, with the idea that you can search for '@ignore("SAML' and '@disabled("SAML' to find the tests that need attention before we finish the SAML library conversion. @ignore("SAML test fails") @ignore("SAML test doesn't compile") @ignore("SAML test setup doesn't compile") @disabled("SAML test fails") @disabled("SAML test doesn't compile") * A few tests are set to ignore because they're failing for the right reasons, but more work is needed to finish that and get back to green. The goal is to start tracking these annotations instead of failing tests, so we can stay green. * Tests now running: server module: 3,435 (in IntelliJ) (98 total ignored) uaa module: 67 (command line run of "./gradlew test" for all tests - still needs troubleshooting) Co-authored-by: Danny Faught <danny.faught@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 843b0ce - Browse repository at this point
Copy the full SHA 843b0ceView commit details -
feat: Supply metadata through /saml/metadata
- Adds back endpoint and incorporates forwarding for new pattern saml2 endpoints, Still has some wip elements WithHttpsNotRequired > samlMetadataReturnsOk still red RelyingPartyRegistration is hardcoded in xml, /saml/metadata/ with trailing slash not working missing parity with develop [#186986697] Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 9416e40 - Browse repository at this point
Copy the full SHA 9416e40View commit details -
fix: handle case when Servlet Path is null and ensures test WithHttps…
…NotRequired -> samlMetadataReturnsOk is green - fixed one test but still WithHttpsRequired > samlMetadataReturnsOk is red after fixing this test - HealthzShouldNotBeProtectedMockMvcTests > WithHttpsRequired > samlMetadataRedirects() FAILED java.lang.AssertionError: Range for response status value 200 expected:<REDIRECTION> but was:<SUCCESSFUL> [#186986697] Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 56d7cec - Browse repository at this point
Copy the full SHA 56d7cecView commit details -
feat: reliably serve SAML SP metadata
- With the new SAML lib, SAML SP metadata generation relies on a relyingPartyRegistration, which requires a valid SAML IDP metadata. In the context of UAA external SAML IDP login, UAA does not know what the SAML IDP metadata is, until the operator adds it via the /identity-providers endpoint. Also, some SAML IDPs might require you to supply the SAML SP metadata first before you can obtain the SAML IDP metadata. See relevant issue: spring-projects/spring-security#11369 - Previously, to solve this problem, the SAML SP metadata generation relies on relyingPartyRegistration values in saml-providers.xml, which hardcodes a SAML IDP metadata URL (point to some example Okta SAML instance); this means that UAA's SP metadata generation relies on the example Okta SAML instance to be running. - This commit, instead, supplies a hardcoded dummy SAML IDP metadata here to unblock the SAML SP metadata generation, at the advice of Spring Security team, so that UAA's functioning does not rely on some external running Okta instance. - code reference: https://github.com/spring-projects/spring-security-samples/blob/1b28351693d60f01a511cbcc18b64590452a3851/servlet/java-configuration/saml2/login/src/main/java/example/SecurityConfiguration.java#L62 [#186986697] Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for fbd23c9 - Browse repository at this point
Copy the full SHA fbd23c9View commit details -
Configuration menu - View commit details
-
Copy full SHA for 81a12a4 - Browse repository at this point
Copy the full SHA 81a12a4View commit details -
disable docs test that shouldn't be running
* Has to be commented out of the erb file even when the test method used @disabled. Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 236a34c - Browse repository at this point
Copy the full SHA 236a34cView commit details -
- A continuation of 65d1f0f - This is a test recently added to develop branch, so ignoring this here because the SAML feature is still being built. [#186986697] Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 044b790 - Browse repository at this point
Copy the full SHA 044b790View commit details -
refactor: shorten the dummy IDP metadata
- to reflect the fact that this IDP metadata just needs to exist in its bare minimal form, where the specific fields in it do not affect the SP metadata generation [#186986697] Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for d8d2bfd - Browse repository at this point
Copy the full SHA d8d2bfdView commit details -
fix: "invalid XML" error in tests
- previously some tests error with: ``` net.shibboleth.utilities.java.support.xml.XMLParserException: Unable to parse inputstream, it contained invalid XML ``` - this issue is fixed once we switch to loading the idp saml metadata via a file (instead of an InputStream) [186822654] Co-authored-by: Danny Faught <danny.faught@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 89f268f - Browse repository at this point
Copy the full SHA 89f268fView commit details -
wip: configure some metadata params
Co-authored-by: Danny Faught <danny.faught@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for c572972 - Browse repository at this point
Copy the full SHA c572972View commit details -
* We're reprioritizing the test to get this test to pass. Co-authored-by: Bruce Ricard <bruce.ricard@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 5fcd361 - Browse repository at this point
Copy the full SHA 5fcd361View commit details -
Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for a5fa5d8 - Browse repository at this point
Copy the full SHA a5fa5d8View commit details -
Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for a4fdec9 - Browse repository at this point
Copy the full SHA a4fdec9View commit details -
wip: ensuring the endpoint for metadata works both in forward and dir…
…ect request - Tests are failing but they are behaving as expected with curl and browser for /saml/metadata /saml/metadata/example and /saml/metadata/example/ - /saml/metadata/ is not returning xml - The dispatcher ordering along with position in the filter-mapping must be set properly. [#186986697] Co-authored-by: Bruce Ricard <bruce.ricard@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 2c2cfc9 - Browse repository at this point
Copy the full SHA 2c2cfc9View commit details -
Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 82d048b - Browse repository at this point
Copy the full SHA 82d048bView commit details -
wip: ensuring the saml metadata endpoint for metadata works in Mock M…
…VC Tests - /saml/metadata/ is not returning xml [#186986697] Co-authored-by: Filip Hanik <fhanik@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for f3655b5 - Browse repository at this point
Copy the full SHA f3655b5View commit details -
wip: entityID assertion works in testSamlMetadataDefault
Co-authored-by: Alicia Yingling <alicia.yingling@broadcom.com> Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 5ea4e2b - Browse repository at this point
Copy the full SHA 5ea4e2bView commit details -
feat: entity_id assertion passes
Co-authored-by: Alicia Yingling <alicia.yingling@broadcom.com> Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for fe0ec2d - Browse repository at this point
Copy the full SHA fe0ec2dView commit details -
wip: use working metadata path temporarily
* Must be changed back to /saml/metadata later, removing "example". Co-authored-by: Alicia Yingling <alicia.yingling@broadcom.com> Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for c6f79af - Browse repository at this point
Copy the full SHA c6f79afView commit details -
Co-authored-by: Alicia Yingling <alicia.yingling@broadcom.com> Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 5883f8e - Browse repository at this point
Copy the full SHA 5883f8eView commit details -
wip: updating to non forwarding for /saml/metadata to the example def…
…ault - Updated to use direct GetMapping [#186986697] Co-authored-by: Filip Hanik <fhanik@vmware.com>
Configuration menu - View commit details
-
Copy full SHA for 900c423 - Browse repository at this point
Copy the full SHA 900c423View commit details -
wip: Ensuring the WantsAssertionSigned and AuthnRequestsSigned are po…
…pulated in SPSSODescriptor - Building out EntityDescriptor in the RelyingPartyRegistration which contains the SPSSODescriptor picked up by the resolve method [#186986697] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for e4d72f7 - Browse repository at this point
Copy the full SHA e4d72f7View commit details -
wip: Adding in signature elements for SAML metadata.xml endpoint payload
- Need to fix credential type being empty Caused by: java.lang.IllegalArgumentException: credentials types cannot be empty ....(SamlRelyingPartyRegistrationRepository.java:84) [#186986697] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 8aa2fd9 - Browse repository at this point
Copy the full SHA 8aa2fd9View commit details -
wip: Adding in signature elements for SAML metadata.xml endpoint payload
- Signature is not positioned correctly. It should be a child of EntityDescriptor, but the singingX509Credential.signing call positions it in SPSODescriptor [#186986697] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 7839fa2 - Browse repository at this point
Copy the full SHA 7839fa2View commit details -
feat: populate SAMP SP metadata fields: entityID, NameIDFormat, Authn…
…RequestsSigned - correctly reads off UAA configs to populate these fields, instead of using hardcoded values - refactor to directly reading `login.saml.NameID` config (a more modern approach) instead of constructing a bean in xml (a more legacy approach) - side note: update the UAA config used in mock mvc tests (/uaa/src/test/resources/integration_test_properties.yml) to use a non-default option of `login.saml.nameID` so that we can test that the correct value is being piped through Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for f1fb4ec - Browse repository at this point
Copy the full SHA f1fb4ecView commit details -
refactor: clean up commented out code
- there are many commented out codes from prior wip commits (which at this point, I decided, are too hard to fix or tidy up). Hence, in this commit, clean them up [186822654] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for d344e43 - Browse repository at this point
Copy the full SHA d344e43View commit details -
Ignore non-functioning SAML tests
- the SAML SP metadata is still WIP, so this IT will fail. Ignoring it for now so that "CI" is green along with all other SAML tests currently failing / non-functional due to the WIP state of the SAML feature. - see defails of this approach in 73520d9 [186822654] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 59b6605 - Browse repository at this point
Copy the full SHA 59b6605View commit details -
Update opensaml libraries to 4.x
https: //docs.spring.io/spring-security/reference/5.8/migration/servlet/saml2.html Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 1fd65d9 - Browse repository at this point
Copy the full SHA 1fd65d9View commit details -
Refactor annotations and formatting
Use RestController, Slf4j, Getter Use textblocks Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 32607ed - Browse repository at this point
Copy the full SHA 32607edView commit details -
Refactor tests: formatting, andExpectAll and assertThat
Use assertThat Use textblocks Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 6800b09 - Browse repository at this point
Copy the full SHA 6800b09View commit details -
Change from SAML XML to Java Config
Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 8dcdfd6 - Browse repository at this point
Copy the full SHA 8dcdfd6View commit details -
feat: populate sp metadata field WantAssertionsSigned
[#186986697] Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for f42f575 - Browse repository at this point
Copy the full SHA f42f575View commit details -
feat: saml sp metadata field - signing cert
- also: refactor the UAA config used in mock mvc tests (/uaa/src/test/resources/integration_test_properties.yml) from the deprecated saml key fields (eg: login.serviceProviderKey) to the new ones (eg: login.saml.keys), so that we test for the new fields. - also fix the api docs test so that it now correctly marks the retrieve id zones response's `config.samlConfig.certificate` as optional (this field is only returned if you use the deprecated saml key config fields) [#186986697] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for a9debd7 - Browse repository at this point
Copy the full SHA a9debd7View commit details -
feat: saml sp metadata encryption cert
- populate saml sp metadata field for use='encryption' cert - might be counter-intuitive that the setting on rp registration that controls this is "decryptionX509Credentials", but the resulting sp metadata indeed includes use='encryption' which matches develop branch [186822654] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 0f259fc - Browse repository at this point
Copy the full SHA 0f259fcView commit details -
refactor: consolidate saml sp configs
- to be processed by a single class "SamlConfiguration" where the @ConfigurationProperties(prefix="login.saml") annotation has the ability to process all fields under the login.saml section of UAA.yml - this is helpful because we can now centrally read, process, even validate all saml config fields under "login.saml" - pay attention to @ConfigurationProperties annotation's various requirements though: such as the private field names need to match the actually UAA.yml field name (e.g.: login.saml.fooBar -> private String fooBar); and that there need to be public setters and getters for each field - see: https://docs.spring.io/spring-boot/docs/current/reference/html/features.html#features.external-config.typesafe-configuration-properties.using-annotated-types - the exception of the saml entity id, which in UAA.yml is somehow outside of the login.saml context (set by login.entityID) so that field stays under class SamlEntityIdConfiguration Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 7861a78 - Browse repository at this point
Copy the full SHA 7861a78View commit details -
- these getters and setters are required for @ConfigurationProperties annotation to work; use lombok so that we don't need to explicitly define them [186822654] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 1fa24ad - Browse repository at this point
Copy the full SHA 1fa24adView commit details -
refactor: simplify lombok annotation
- as @DaTa covers the getters and setters Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for a43bacd - Browse repository at this point
Copy the full SHA a43bacdView commit details -
fix: maintain existing saml sp metadata file name
- configure the file name of the saml sp metadata (the downloaded xml file name when accessing the metadata endpoint: http://localhost:8080/uaa/saml/metadata) to match the status quo on develop branch: "saml-sp.xml" - This file name likely do not matter, but out of caution, we should maintain the same file name as before [186822654] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for c29b447 - Browse repository at this point
Copy the full SHA c29b447View commit details -
fix: saml sp metadata test set up
- now that the metadata is being provided at the correct location: /saml/metadata, we can correct the test expectation to reflect that (hence matching the develop branch) [#186986697] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 0e9837a - Browse repository at this point
Copy the full SHA 0e9837aView commit details -
fix: SAML SP metadata endpoint and its https redirect
- Removed forwarding of `/saml/metadata` endpoint to `/saml/metadata/example`. It is not necessary because `/saml/metadata` endpoint method already calls `/saml/metadata/{registrationId}` with `example` as the default registrationId. (See class `SamlMetadataEndpoint`.) - Made `HttpsEnforcementFilter` to be added to the top of the `SecurityFilterChainPostProcessor`'s `SecurityFilterChain`. - Added `secFilterOpen06SAMLMetadata` to `SecurityFilterChainPostProcessor`'s `redirectToHttps` list. [#186986697] Co-authored-by: Duane May <duane.may@broadcom.com> Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 09685a8 - Browse repository at this point
Copy the full SHA 09685a8View commit details -
- Removed SamlExtensionUrlForwardingFilter. Just commented out for now in case we need it later. - Removed unneeded comments in test code. [#186986697] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 2daf1bc - Browse repository at this point
Copy the full SHA 2daf1bcView commit details -
[#187084275] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for e4de3eb - Browse repository at this point
Copy the full SHA e4de3ebView commit details -
refactor: Spring Annotations on SamlRelyingPartyRegistrationRepository
- Change SamlRelyingPartyRegistrationRepository to Configuration - Use constructor args instead of Autowired Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for a4a37a9 - Browse repository at this point
Copy the full SHA a4a37a9View commit details -
fix: multiple versions of the opensaml library
still had opensaml 3.4.6 Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for b075cbd - Browse repository at this point
Copy the full SHA b075cbdView commit details -
feat: send SAML authn request to IDP
- when SAML IDP is configured via uaa.yml, when the user goes to "/uaa/saml2/authenticate/{saml-idp-alias}", they will get sent to the configured SAML IDP with a SAML authn request. Specifically, spring-security will do the following: - when the IDP's Binding mode is "HTTP-Redirect", the user is redirected to the IDP - when the IDP's Binding mode is "HTTP-POST", the user's browser is triggered to POST to the IDP. For this to work, the ContentSecurityPolicyFilter needs to updated to exempt "/saml2" from policy enforcement, such that the script that initiates the POST can be executed in the browser. Similar to how this filter exempts /saml (the existing saml-related path on develop branch). - refactor: update the dummy IDP metadata file dummy-saml-idp-metadata.xml to not point to example.com, but to https://www.cloudfoundry.org (which is more of a known destination) - refactor: use constant DEFAULT_REGISTRATION_ID [#187084275] Co-authored-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for c3a2068 - Browse repository at this point
Copy the full SHA c3a2068View commit details -
Configuration menu - View commit details
-
Copy full SHA for 6fbbdaf - Browse repository at this point
Copy the full SHA 6fbbdafView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8eb263a - Browse repository at this point
Copy the full SHA 8eb263aView commit details -
Merge SamlConfigProps to single class
prefix="login.saml" was in 2 ConfigProps classes before merged into 1
Configuration menu - View commit details
-
Copy full SHA for 7d75dff - Browse repository at this point
Copy the full SHA 7d75dffView commit details -
Configuration menu - View commit details
-
Copy full SHA for 88f9e4a - Browse repository at this point
Copy the full SHA 88f9e4aView commit details -
feat: Saml Login redirects to IDP
Reads provider info from database Passes the registrationId as relayState Signed-off-by: Prateek Gangwal <prateek.gangwal@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for da67d4d - Browse repository at this point
Copy the full SHA da67d4dView commit details -
fix: click first saml link matching text
when running multiple IT tests, the simplesamlphp2 link was also listed, and causing a conflict with url matcher Signed-off-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for cb31d22 - Browse repository at this point
Copy the full SHA cb31d22View commit details -
feat: AssertionConsumerService SAML user login
Signed-off-by: Duane May <duane.may@broadcom.com> Signed-off-by: Ivan Protsiuk <ivan.protsiuk@broadcom.com> #187106956
Configuration menu - View commit details
-
Copy full SHA for 2054d0f - Browse repository at this point
Copy the full SHA 2054d0fView commit details -
Signed-off-by: Ivan Protsiuk <ivan.protsiuk@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 00665f9 - Browse repository at this point
Copy the full SHA 00665f9View commit details -
Improve Testing of SAML Request/Response
- Improve Testing of SAML Request/Response with Saml2TestUtils - Configure assertionConsumerServiceLocation in one location. - Attempted move to OpenSaml4AuthenticationProvider requires a shadow dependency on opensaml to remove the need for non-FIPS compliant security provider. Not yet in place Signed-off-by: Duane May <duane.may@broadcom.com> Signed-off-by: Alicia Yingling <alicia.yingling@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 44a8d57 - Browse repository at this point
Copy the full SHA 44a8d57View commit details -
Move user shadowing, attribute processing, and authorities processing to their own classes. Enable Authorities Signed-off-by: Ivan Protsiuk <ivan.protsiuk@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for a3fc3f6 - Browse repository at this point
Copy the full SHA a3fc3f6View commit details -
Pull in OpenSaml4AuthenticationProvider
This provides general response validation. Signed-off-by: Prateek Gangwal <prateek.gangwal@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 538233f - Browse repository at this point
Copy the full SHA 538233fView commit details -
Verify user attributes, roles, user name, email extraction
Signed-off-by: Prateek Gangwal <prateek.gangwal@broadcom.com> #187809240
Configuration menu - View commit details
-
Copy full SHA for f2d6a42 - Browse repository at this point
Copy the full SHA f2d6a42View commit details -
Signed-off-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 8f3bc78 - Browse repository at this point
Copy the full SHA 8f3bc78View commit details -
Run kill_uaa as part of integrationTests
Signed-off-by: Duane May <duane.may@broadcom.com> Signed-off-by: Hongchol Sinn <hongchol.sinn@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 6d6beea - Browse repository at this point
Copy the full SHA 6d6beeaView commit details -
Annotate Disabled tests with more information
Signed-off-by: Hongchol Sinn <hongchol.sinn@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 48a6cc1 - Browse repository at this point
Copy the full SHA 48a6cc1View commit details -
- Main logout flows are working - IDP Initiated logout is working - Handle metadata XML passed in instead of metadata location for both bootstrap and SamlIdentityProviderConfigurator Signed-off-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 0fe1b04 - Browse repository at this point
Copy the full SHA 0fe1b04View commit details -
fix Selenium HomePage can be one of two urls.
- clean up the rest of the pageObjects package Signed-off-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 5ae1b3e - Browse repository at this point
Copy the full SHA 5ae1b3eView commit details -
- now attempts to retrieve the non-existent url https://simplesamlphp.uaa.com/saml2/idp/metadata.php Signed-off-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 5455ef6 - Browse repository at this point
Copy the full SHA 5455ef6View commit details -
feature: Zone-aware SAML SP metadata
- Implemented to the same level as the default IdenityZone's SP metadata generation. - Minus `NameIDFormat` value populaition and registration-ID specific implementation. [#187846376]
Configuration menu - View commit details
-
Copy full SHA for f331940 - Browse repository at this point
Copy the full SHA f331940View commit details -
Disable
findByRegistrationIdWhenNoneFound
test as the assertion is ……not valid anymore.
Configuration menu - View commit details
-
Copy full SHA for 52a4894 - Browse repository at this point
Copy the full SHA 52a4894View commit details -
- No longer have Ignored tests only Disabled Signed-off-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for eb5baeb - Browse repository at this point
Copy the full SHA eb5baebView commit details -
Update IdentityZone related classes and tests
Signed-off-by: Duane May <duane.may@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for cdc6590 - Browse repository at this point
Copy the full SHA cdc6590View commit details -
feat: basic SAML SP metadata for non-default ID zone
- correctly populates the basic fields of non-default zone SAML SP metadata (such as WantAssertionsSigned and AuthnRequestsSigned), so that for default vs. non-default zones, the SP metadatas have feature parity. [#187846376] Signed-off-by: Duane May <duane.may@broadcom.com> Signed-off-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for 748f5f2 - Browse repository at this point
Copy the full SHA 748f5f2View commit details -
wip: zoned metadata fixes and zoned login
Signed-off-by: Peter Chen <peter-h.chen@broadcom.com>
Configuration menu - View commit details
-
Copy full SHA for a21cd27 - Browse repository at this point
Copy the full SHA a21cd27View commit details