Commit 2066778e authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

2: Migrate core behavior to new base

Task-Url: #2
parent 94414864
Pipeline #17511 passed with stage
in 1 minute and 44 seconds
package eu.dariah.de.dariahsp.sample.config;
import java.util.ArrayList;
import java.util.List;
import org.opensaml.saml.common.xml.SAMLConstants;
import lombok.Getter;
import lombok.Setter;
......@@ -28,15 +31,31 @@ public class SamlProperties {
@Getter @Setter
public class SpProperties {
private String externalMetadata;
private Integer maxAuthAge;
private int maxAuthAge = 3600;
private String entityId;
private int httpClientTimoutMs = 2000;
private boolean signMetadata;
private String signingAlgorithm;
private boolean requireArtifactResolveSigned;
private boolean requireLogoutRequestSigned;
private boolean requireLogoutResponseSigned;
private List<String> allowedNameIds;
private List<String> signingMethods;
private List<String> digestMethods;
private List<String> supportedProtocols;
private boolean authnRequestSigned = true;
private boolean logoutRequestSigned = false;
private boolean wantsAssertionsSigned = true;
private boolean wantsResponsesSigned = true;
private List<ConditionalAttributeSet> requiredAttributes;
// ------------------------------------------
// Custom getters for complex default values
// ------------------------------------------
public List<String> getSupportedProtocols() {
List<String> p = supportedProtocols;
if (p==null) {
p = new ArrayList<>();
p.add(SAMLConstants.SAML20_NS);
}
return p;
}
}
}
\ No newline at end of file
......@@ -66,40 +66,35 @@ public class SecurityConfig {
} else {
cfg.setServiceProviderMetadataPath("/tmp/sp_metadata.xml");
}
if (saml.getSp().getMaxAuthAge()<=0) {
cfg.setMaximumAuthenticationLifetime(Integer.MAX_VALUE);
} else {
cfg.setMaximumAuthenticationLifetime(saml.getSp().getMaxAuthAge());
cfg.setServiceProviderEntityId(saml.getSp().getEntityId());
}
cfg.setSpLogoutRequestSigned(saml.getSp().isRequireLogoutRequestSigned());
cfg.setSignatureAlgorithms(saml.getSp().getSigningMethods());
cfg.setSignatureReferenceDigestMethods(saml.getSp().getDigestMethods());
cfg.setServiceProviderEntityId(saml.getSp().getEntityId());
cfg.setSpLogoutRequestSigned(saml.getSp().isLogoutRequestSigned());
// TODO: What to do here?
//cfg.setAuthnRequestBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
//cfg.setResponseBindingType(SAMLConstants.SAML2_POST_BINDING_URI);
cfg.setWantsAssertionsSigned(saml.getSp().isWantsAssertionsSigned());
cfg.setWantsResponsesSigned(saml.getSp().isWantsResponsesSigned());
//cfg.setNameIdPolicyFormat(nameIdPolicyFormat);
// TODO: Refactor old properties
cfg.setWantsAssertionsSigned(saml.getSp().isRequireArtifactResolveSigned());
cfg.setWantsResponsesSigned(saml.getSp().isRequireLogoutResponseSigned());
cfg.setAuthnRequestSigned(saml.getSp().isAuthnRequestSigned());
// TODO: New properties
/*
cfg.setAuthnRequestSigned(true);
cfg.setSignatureAlgorithms(signatureAlgorithms);
cfg.setSignMetadata(true);
cfg.setSignMetadata(saml.getSp().isSignMetadata());
SAML2HttpClientBuilder httpClient = new SAML2HttpClientBuilder();
httpClient.setConnectionTimeout(Duration.ofSeconds(2));
httpClient.setSocketTimeout(Duration.ofSeconds(2));
cfg.setHttpClient(httpClient.build());*/
// Static: Support only SAML2
List<String> supportedProtocols = new ArrayList<>();
supportedProtocols.add(SAMLConstants.SAML20_NS);
cfg.setSupportedProtocols(supportedProtocols);
cfg.setSupportedProtocols(saml.getSp().getSupportedProtocols());
SAML2Client samlClient = new SAML2Client(cfg);
......
......@@ -32,10 +32,14 @@ auth:
maxAuthAge: -1
entityId: https://c105-229.cloud.gwdg.de/dme
signMetadata: true
signingAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
requireArtifactResolveSigned: true
requireLogoutRequestSigned: true
requireLogoutResponseSigned: false
#signingMethods: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
#digestMethods: http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512
#supportedProtocols: urn:oasis:names:tc:SAML:2.0:assertion
authnRequestSigned: true
logoutRequestSigned: true
wantsAssertionsSigned: true
wantsResponsesSigned: false
httpClientTimoutMs: 2000
requiredAttributes:
- stage: ATTRIBUTES
required: true
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment