Commit 2066778e authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

2: Migrate core behavior to new base

Task-Url: #2
parent 94414864
Pipeline #17511 passed with stage
in 1 minute and 44 seconds
package eu.dariah.de.dariahsp.sample.config; package eu.dariah.de.dariahsp.sample.config;
import java.util.ArrayList;
import java.util.List; import java.util.List;
import org.opensaml.saml.common.xml.SAMLConstants;
import lombok.Getter; import lombok.Getter;
import lombok.Setter; import lombok.Setter;
...@@ -28,15 +31,31 @@ public class SamlProperties { ...@@ -28,15 +31,31 @@ public class SamlProperties {
@Getter @Setter @Getter @Setter
public class SpProperties { public class SpProperties {
private String externalMetadata; private String externalMetadata;
private Integer maxAuthAge; private int maxAuthAge = 3600;
private String entityId; private String entityId;
private int httpClientTimoutMs = 2000;
private boolean signMetadata; private boolean signMetadata;
private String signingAlgorithm; private List<String> signingMethods;
private boolean requireArtifactResolveSigned; private List<String> digestMethods;
private boolean requireLogoutRequestSigned; private List<String> supportedProtocols;
private boolean requireLogoutResponseSigned; private boolean authnRequestSigned = true;
private List<String> allowedNameIds; private boolean logoutRequestSigned = false;
private boolean wantsAssertionsSigned = true;
private boolean wantsResponsesSigned = true;
private List<ConditionalAttributeSet> requiredAttributes; private List<ConditionalAttributeSet> requiredAttributes;
// ------------------------------------------
// Custom getters for complex default values
// ------------------------------------------
public List<String> getSupportedProtocols() {
List<String> p = supportedProtocols;
if (p==null) {
p = new ArrayList<>();
p.add(SAMLConstants.SAML20_NS);
}
return p;
}
} }
} }
\ No newline at end of file
...@@ -66,40 +66,35 @@ public class SecurityConfig { ...@@ -66,40 +66,35 @@ public class SecurityConfig {
} else { } else {
cfg.setServiceProviderMetadataPath("/tmp/sp_metadata.xml"); cfg.setServiceProviderMetadataPath("/tmp/sp_metadata.xml");
} }
cfg.setMaximumAuthenticationLifetime(saml.getSp().getMaxAuthAge());
if (saml.getSp().getMaxAuthAge()<=0) {
cfg.setMaximumAuthenticationLifetime(Integer.MAX_VALUE);
} else {
cfg.setMaximumAuthenticationLifetime(saml.getSp().getMaxAuthAge());
}
cfg.setSignatureAlgorithms(saml.getSp().getSigningMethods());
cfg.setSignatureReferenceDigestMethods(saml.getSp().getDigestMethods());
cfg.setServiceProviderEntityId(saml.getSp().getEntityId()); cfg.setServiceProviderEntityId(saml.getSp().getEntityId());
cfg.setSpLogoutRequestSigned(saml.getSp().isRequireLogoutRequestSigned()); cfg.setSpLogoutRequestSigned(saml.getSp().isLogoutRequestSigned());
// TODO: What to do here?
//cfg.setAuthnRequestBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
//cfg.setResponseBindingType(SAMLConstants.SAML2_POST_BINDING_URI);
//cfg.setNameIdPolicyFormat(nameIdPolicyFormat); cfg.setWantsAssertionsSigned(saml.getSp().isWantsAssertionsSigned());
cfg.setWantsResponsesSigned(saml.getSp().isWantsResponsesSigned());
// TODO: Refactor old properties
cfg.setWantsAssertionsSigned(saml.getSp().isRequireArtifactResolveSigned());
cfg.setWantsResponsesSigned(saml.getSp().isRequireLogoutResponseSigned());
// TODO: New properties cfg.setAuthnRequestSigned(saml.getSp().isAuthnRequestSigned());
/*
cfg.setAuthnRequestSigned(true);
cfg.setSignatureAlgorithms(signatureAlgorithms);
cfg.setSignMetadata(true);
SAML2HttpClientBuilder httpClient = new SAML2HttpClientBuilder(); cfg.setSignMetadata(saml.getSp().isSignMetadata());
httpClient.setConnectionTimeout(Duration.ofSeconds(2));
httpClient.setSocketTimeout(Duration.ofSeconds(2));
cfg.setHttpClient(httpClient.build());*/
// Static: Support only SAML2 cfg.setSupportedProtocols(saml.getSp().getSupportedProtocols());
List<String> supportedProtocols = new ArrayList<>();
supportedProtocols.add(SAMLConstants.SAML20_NS);
cfg.setSupportedProtocols(supportedProtocols);
SAML2Client samlClient = new SAML2Client(cfg); SAML2Client samlClient = new SAML2Client(cfg);
......
...@@ -32,10 +32,14 @@ auth: ...@@ -32,10 +32,14 @@ auth:
maxAuthAge: -1 maxAuthAge: -1
entityId: https://c105-229.cloud.gwdg.de/dme entityId: https://c105-229.cloud.gwdg.de/dme
signMetadata: true signMetadata: true
signingAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" #signingMethods: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
requireArtifactResolveSigned: true #digestMethods: http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512
requireLogoutRequestSigned: true #supportedProtocols: urn:oasis:names:tc:SAML:2.0:assertion
requireLogoutResponseSigned: false authnRequestSigned: true
logoutRequestSigned: true
wantsAssertionsSigned: true
wantsResponsesSigned: false
httpClientTimoutMs: 2000
requiredAttributes: requiredAttributes:
- stage: ATTRIBUTES - stage: ATTRIBUTES
required: true required: true
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment