New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shibboleth dynamic login handler #1607
Shibboleth dynamic login handler #1607
Conversation
823b691
to
c66e404
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't actually compiled or even tested this but just skimmed through the code. I didn't find any critical issues, just a bunch of minor comments so far…
modules/security-aai/src/main/java/org/opencastproject/security/aai/api/AttributeMapper.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/api/AttributeMapper.java
Outdated
Show resolved
Hide resolved
modules/userdirectory/src/main/java/org/opencastproject/userdirectory/JpaGroupRoleProvider.java
Outdated
Show resolved
Hide resolved
modules/userdirectory/src/main/java/org/opencastproject/userdirectory/JpaGroupRoleProvider.java
Outdated
Show resolved
Hide resolved
.../userdirectory/src/main/java/org/opencastproject/userdirectory/JpaUserReferenceProvider.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
@@ -81,7 +82,7 @@ | |||
immediate = true, | |||
service = { RoleProvider.class, JpaGroupRoleProvider.class } | |||
) | |||
public class JpaGroupRoleProvider extends AbstractIndexProducer implements RoleProvider, GroupProvider { | |||
public class JpaGroupRoleProvider extends AbstractIndexProducer implements RoleProvider, GroupProvider, GroupRoleProvider { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't it sufficient to implement only GroupRoleProvider?
modules/security-aai/src/main/java/org/opencastproject/security/aai/DynamicLoginHandler.java
Outdated
Show resolved
Hide resolved
8eafa18
to
d50d7b2
Compare
Please, review tthe code again. Some changes were made. |
@staubesv any chance you can take another pass through this? I'm unfamiliar with any other major adopter using Shibboleth. |
Yesterday we made another integration test on a OC9 test installation with this branch and it worked. However, we found some issues:
|
Hi. I adjusted the structure of the interfaces. I also ajusted the Tests, because the mapping of givenName and sn is not Travis is not able to build because of a weird Exception. https://travis-ci.com/github/opencast/opencast/jobs/366125028 |
refs #502450 ADD Shibboleth Dynamic Loginhandler refs #501517 FIX Update group memberships in Shibboleth LoginHandler refs #501517 ADD Dynamic login handler based on spring expressions refs #501517 ADD Tests for dynamic login handler based on spring expressions refs #501517 FIX Interfaces and maven-dependency-plugin refs opencast#4870 FIX map email and name refs opencast#4943 FIX Fallback to user create when there is no user reference for existing users - FIXME Check for existence of non-ref user first FIX securitty.aai Checkstyle FIX userdirectory Checkstyle FIX all refs #502450 FIX Shibboleth Dynamic Loginhandler refs opencast#2965 FIX Example configuration for Dynamic loginhandler refs opencast#2965 FIX Use spring util 3.1 xsd - not tested - FIXME We may need to update pom.xml refs opencast#2965 FIX Mockdata
…displayName in OC
0203bc5
to
c37b22a
Compare
@lkiesow @gregorydlogan |
Hi Guys. Is there still something to be done or is this ready to merge? |
Hi @jchssystems @otti-ssystems we don't get notifications when things change, so unless someone manually checks we don't know that you'd pushed changes. If you don't see something happen within a week or so please ping the people who have been active in the ticket, or pipe up on the dev list. I have no way to test this unfortunately, so I"m somewhat hamstrung in terms of getting it merged. I'm assuming you're writing this for a client, can they verify that it's working in prod? |
Hi Greg, the handler is in production on several clients! However, we will deploy again an Opencast 9 with the handler and test it another time systematically (we did already twice). Is that OK for you? Our QA guys will test it, not the programmers, so it should be safe :-) |
Ok, sounds fair. Let's merge this then. |
This feature allows to add Shibboleth users in a dynamic way from configuration.