Commit 591c79de authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

720: Implement attribute checker

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=720
parent a7da196f
...@@ -3,5 +3,5 @@ package eu.dariah.de.dariahsp; ...@@ -3,5 +3,5 @@ package eu.dariah.de.dariahsp;
public class Constants { public class Constants {
public enum AUTHENTICATION_STAGE { AUTHENTICATION, ATTRIBUTES } public enum AUTHENTICATION_STAGE { AUTHENTICATION, ATTRIBUTES }
public enum REQUIRED_ATTRIBUTE_CHECKLOGIC { AND, OR } public enum REQUIRED_ATTRIBUTE_CHECKLOGIC { AND, OR, OPTIONAL }
} }
package eu.dariah.de.dariahsp.saml.attributequery; package eu.dariah.de.dariahsp.saml;
public class SAMLAttribute { import eu.dariah.de.minfba.core.util.conversion.BaseConfigurationConvertible;
private String name;
public class SAMLAttribute extends BaseConfigurationConvertible {
private static final long serialVersionUID = -926489867985009574L;
private String name;
private String nameFormat; private String nameFormat;
private String friendlyName; private String friendlyName;
private String value;
public String getName() { return name; } public String getName() { return name; }
...@@ -14,4 +19,7 @@ public class SAMLAttribute { ...@@ -14,4 +19,7 @@ public class SAMLAttribute {
public String getFriendlyName() { return friendlyName; } public String getFriendlyName() { return friendlyName; }
public void setFriendlyName(String friendlyName) { this.friendlyName = friendlyName; } public void setFriendlyName(String friendlyName) { this.friendlyName = friendlyName; }
public String getValue() { return value; }
public void setValue(String value) { this.value = value; }
} }
...@@ -7,6 +7,9 @@ import org.slf4j.Logger; ...@@ -7,6 +7,9 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.security.saml.SAMLCredential; import org.springframework.security.saml.SAMLCredential;
import eu.dariah.de.dariahsp.saml.attributequery.options.SAMLAttributeQueryExclusionOptions;
import eu.dariah.de.dariahsp.saml.attributequery.options.SAMLAttributeQueryOptions;
public class SAMLAttributeAggregationService { public class SAMLAttributeAggregationService {
protected static final Logger logger = LoggerFactory.getLogger(SAMLAttributeAggregationService.class); protected static final Logger logger = LoggerFactory.getLogger(SAMLAttributeAggregationService.class);
...@@ -60,11 +63,11 @@ public class SAMLAttributeAggregationService { ...@@ -60,11 +63,11 @@ public class SAMLAttributeAggregationService {
public boolean hasAllReqAttributes(List<Attribute> providedAttributes) { public boolean hasAllReqAttributes(List<Attribute> providedAttributes) {
// Some shortcuts... // Some shortcuts...
if (queryOptions.getRequiredAttributes() == null || queryOptions.getRequiredAttributes().size()==0) { if (queryOptions.getRequiredAttributesList() == null || queryOptions.getRequiredAttributesList().size()==0) {
return true; return true;
} else if (providedAttributes == null) { } else if (providedAttributes == null) {
return false; return false;
} else if (queryOptions.getRequiredAttributes().size() > providedAttributes.size()) { } else if (queryOptions.getRequiredAttributesList().size() > providedAttributes.size()) {
return false; return false;
} }
......
...@@ -10,6 +10,8 @@ import org.opensaml.ws.message.decoder.MessageDecodingException; ...@@ -10,6 +10,8 @@ import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.springframework.security.saml.SAMLCredential; import org.springframework.security.saml.SAMLCredential;
import eu.dariah.de.dariahsp.saml.attributequery.options.SAMLAttributeQueryOptions;
public interface SAMLAttributeQuery { public interface SAMLAttributeQuery {
public List<Attribute> queryAttributes(SAMLCredential subjectCredential, SAMLAttributeQueryOptions options) public List<Attribute> queryAttributes(SAMLCredential subjectCredential, SAMLAttributeQueryOptions options)
throws MetadataProviderException, MessageDecodingException, MessageEncodingException, SAMLException; throws MetadataProviderException, MessageDecodingException, MessageEncodingException, SAMLException;
......
...@@ -80,6 +80,7 @@ import org.springframework.util.Assert; ...@@ -80,6 +80,7 @@ import org.springframework.util.Assert;
import eu.dariah.de.dariahsp.exceptions.UserCredentialsException; import eu.dariah.de.dariahsp.exceptions.UserCredentialsException;
import eu.dariah.de.dariahsp.exceptions.UserCredentialsException.UserCredentialsExceptionTypes; import eu.dariah.de.dariahsp.exceptions.UserCredentialsException.UserCredentialsExceptionTypes;
import eu.dariah.de.dariahsp.saml.AttributeContextProvider; import eu.dariah.de.dariahsp.saml.AttributeContextProvider;
import eu.dariah.de.dariahsp.saml.attributequery.options.SAMLAttributeQueryOptions;
public class SAMLAttributeQueryImpl extends WebSSOProfileConsumerImpl implements SAMLAttributeQuery { public class SAMLAttributeQueryImpl extends WebSSOProfileConsumerImpl implements SAMLAttributeQuery {
...@@ -401,7 +402,7 @@ public class SAMLAttributeQueryImpl extends WebSSOProfileConsumerImpl implements ...@@ -401,7 +402,7 @@ public class SAMLAttributeQueryImpl extends WebSSOProfileConsumerImpl implements
SAMLObjectBuilder<NameID> builder = (SAMLObjectBuilder<NameID>)builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME); SAMLObjectBuilder<NameID> builder = (SAMLObjectBuilder<NameID>)builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
NameID nameId = builder.buildObject(); NameID nameId = builder.buildObject();
if(options.isUseOriginalSubjectNameID()) { if(options.isQueryByNameID()) {
if (subjectCredential==null || subjectCredential.getNameID()==null) { if (subjectCredential==null || subjectCredential.getNameID()==null) {
logger.error("Reuse of subject-NameID in configured but not provided for AttributeQuery generation."); logger.error("Reuse of subject-NameID in configured but not provided for AttributeQuery generation.");
throw new UserCredentialsException(UserCredentialsExceptionTypes.NAME_ID_NOT_PROVIDED, "Reuse of subject-NameID in configured but not provided for AttributeQuery generation."); throw new UserCredentialsException(UserCredentialsExceptionTypes.NAME_ID_NOT_PROVIDED, "Reuse of subject-NameID in configured but not provided for AttributeQuery generation.");
...@@ -415,17 +416,12 @@ public class SAMLAttributeQueryImpl extends WebSSOProfileConsumerImpl implements ...@@ -415,17 +416,12 @@ public class SAMLAttributeQueryImpl extends WebSSOProfileConsumerImpl implements
for (Attribute a : subjectCredential.getAttributes()) { for (Attribute a : subjectCredential.getAttributes()) {
boolean isIdentifier = false; boolean isIdentifier = false;
if (options.isSubjectIdAttributeIgnoreCase()) {
if (a.getName().equalsIgnoreCase(options.getSubjectIdAttributeName()) && if (a.getName().equalsIgnoreCase(options.getQueryAttribute().getName()) &&
a.getNameFormat().equalsIgnoreCase(options.getSubjectIdAttributeFormat())) { a.getNameFormat().equalsIgnoreCase(options.getQueryAttribute().getNameFormat())) {
isIdentifier = true;
}
} else {
if (a.getName().equals(options.getSubjectIdAttributeName()) &&
a.getNameFormat().equals(options.getSubjectIdAttributeFormat())) {
isIdentifier = true; isIdentifier = true;
} }
}
if (!isIdentifier) { if (!isIdentifier) {
continue; continue;
......
package eu.dariah.de.dariahsp.saml.attributequery.options;
import java.util.List;
import eu.dariah.de.dariahsp.Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC;
import eu.dariah.de.dariahsp.saml.SAMLAttribute;
import eu.dariah.de.minfba.core.util.conversion.BaseConfigurationConvertible;
public class SAMLAttributeGroup extends BaseConfigurationConvertible {
private static final long serialVersionUID = -7188665456657464324L;
private REQUIRED_ATTRIBUTE_CHECKLOGIC check;
private List<SAMLAttribute> attributes;
public REQUIRED_ATTRIBUTE_CHECKLOGIC getCheck() { return check; }
public void setCheck(REQUIRED_ATTRIBUTE_CHECKLOGIC check) { this.check = check; }
public List<SAMLAttribute> getAttributes() { return attributes; }
public void setAttributes(List<SAMLAttribute> attributes) { this.attributes = attributes; }
}
package eu.dariah.de.dariahsp.saml.attributequery; package eu.dariah.de.dariahsp.saml.attributequery.options;
import java.io.IOException;
import java.io.Serializable; import java.io.Serializable;
import java.util.List; import java.util.List;
import org.opensaml.saml2.core.impl.AttributeImpl; import org.opensaml.saml2.core.impl.AttributeImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonMappingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import eu.dariah.de.dariahsp.saml.SAMLAttribute;
public class SAMLAttributeQueryOptions implements Serializable, Cloneable { public class SAMLAttributeQueryOptions implements Serializable, Cloneable {
protected static final Logger logger = LoggerFactory.getLogger(SAMLAttributeQueryOptions.class);
private static final long serialVersionUID = -4144833937554662238L; private static final long serialVersionUID = -4144833937554662238L;
private final ObjectMapper objectMapper;
private String attributeAuthorityIDP; private String attributeAuthorityIDP;
private boolean useOriginalSubjectNameID = true; private boolean queryByNameID = true;
private String subjectIdAttributeFormat;
private String subjectIdAttributeName;
private boolean subjectIdAttributeIgnoreCase = true;
private List<SAMLRequiredAttributes> requiredAttributes; private SAMLRequiredAttributesList requiredAttributesList;
private boolean performAggregation = true; private boolean performAggregation = true;
...@@ -22,25 +33,47 @@ public class SAMLAttributeQueryOptions implements Serializable, Cloneable { ...@@ -22,25 +33,47 @@ public class SAMLAttributeQueryOptions implements Serializable, Cloneable {
private List<SAMLAttributeQueryExclusionOptions> exclusionOptions; private List<SAMLAttributeQueryExclusionOptions> exclusionOptions;
private SAMLAttribute queryAttribute;
public SAMLAttributeQueryOptions(ObjectMapper objectMapper) {
this.objectMapper = objectMapper;
}
public SAMLAttribute getQueryAttribute() {
return queryAttribute;
}
public void setQueryAttribute(SAMLAttribute queryAttribute) {
this.queryAttribute = queryAttribute;
}
public String getQueryAttributeAsJson() {
try {
return queryAttribute==null ? null : objectMapper.writeValueAsString(queryAttribute);
} catch (JsonProcessingException e) {
logger.error("Failed to serialize SAML Attribute", e);
return null;
}
}
public void setQueryAttributeAsJson(String queryAttributeAsJson) {
if (queryAttributeAsJson==null || queryAttributeAsJson.isEmpty()) {
return;
}
try {
this.queryAttribute = objectMapper.readValue(queryAttributeAsJson, SAMLAttribute.class);
} catch (Exception e) {
logger.error("Failed to deserialize SAML Attribute", e);
}
}
public String getAttributeAuthorityIDP() { return attributeAuthorityIDP; } public String getAttributeAuthorityIDP() { return attributeAuthorityIDP; }
public void setAttributeAuthorityIDP(String attributeAuthorityIDP) { this.attributeAuthorityIDP = attributeAuthorityIDP; } public void setAttributeAuthorityIDP(String attributeAuthorityIDP) { this.attributeAuthorityIDP = attributeAuthorityIDP; }
public boolean isUseOriginalSubjectNameID() { return useOriginalSubjectNameID; } public boolean isQueryByNameID() { return queryByNameID; }
public void setUseOriginalSubjectNameID(boolean useOriginalSubjectNameID) { this.useOriginalSubjectNameID = useOriginalSubjectNameID; } public void setQueryByNameID(boolean queryByNameID) { this.queryByNameID = queryByNameID; }
public String getSubjectIdAttributeFormat() { return subjectIdAttributeFormat; }
public void setSubjectIdAttributeFormat(String subjectIdAttributeFormat) { this.subjectIdAttributeFormat = subjectIdAttributeFormat; }
public String getSubjectIdAttributeName() { return isSubjectIdAttributeIgnoreCase() ? subjectIdAttributeName.toLowerCase() : subjectIdAttributeName; } public SAMLRequiredAttributesList getRequiredAttributesList() { return requiredAttributesList; }
public void setSubjectIdAttributeName(String subjectIdAttributeName) { this.subjectIdAttributeName = subjectIdAttributeName; } public void setRequiredAttributesList(SAMLRequiredAttributesList requiredAttributesList) { this.requiredAttributesList = requiredAttributesList; }
public boolean isSubjectIdAttributeIgnoreCase() { return subjectIdAttributeIgnoreCase; }
public void setSubjectIdAttributeIgnoreCase(boolean subjectIdAttributeIgnoreCase) { this.subjectIdAttributeIgnoreCase = subjectIdAttributeIgnoreCase; }
public List<SAMLRequiredAttributes> getRequiredAttributes() { return requiredAttributes; }
public void setRequiredAttributes(List<SAMLRequiredAttributes> requiredAttributes) { this.requiredAttributes = requiredAttributes; }
public boolean isPerformAggregation() { return performAggregation; } public boolean isPerformAggregation() { return performAggregation; }
public void setPerformAggregation(boolean performAggregation) { this.performAggregation = performAggregation; } public void setPerformAggregation(boolean performAggregation) { this.performAggregation = performAggregation; }
...@@ -50,14 +83,5 @@ public class SAMLAttributeQueryOptions implements Serializable, Cloneable { ...@@ -50,14 +83,5 @@ public class SAMLAttributeQueryOptions implements Serializable, Cloneable {
public void setExclusionOptions(List<SAMLAttributeQueryExclusionOptions> exclusionOptions) { this.exclusionOptions = exclusionOptions; } public void setExclusionOptions(List<SAMLAttributeQueryExclusionOptions> exclusionOptions) { this.exclusionOptions = exclusionOptions; }
public boolean isSubjectIdAttribute(String attributeName) {
if (useOriginalSubjectNameID) {
return false;
}
if (isSubjectIdAttributeIgnoreCase()) {
return attributeName.toLowerCase().equals(subjectIdAttributeName.toLowerCase());
} else {
return attributeName.equals(subjectIdAttributeName);
}
}
} }
\ No newline at end of file
package eu.dariah.de.dariahsp.saml.attributequery; package eu.dariah.de.dariahsp.saml.attributequery.options;
import java.util.List; import java.util.List;
import java.util.Map;
import eu.dariah.de.dariahsp.Constants.AUTHENTICATION_STAGE; import eu.dariah.de.dariahsp.Constants.AUTHENTICATION_STAGE;
import eu.dariah.de.dariahsp.Constants.REQUIRED_ATTRIBUTE_CHECKLOGIC; import eu.dariah.de.minfba.core.util.conversion.BaseConfigurationConvertible;
public class SAMLRequiredAttributes { public class SAMLRequiredAttributes extends BaseConfigurationConvertible {
private static final long serialVersionUID = 2303075498393395435L;
private boolean required; private boolean required;
private AUTHENTICATION_STAGE stage; private AUTHENTICATION_STAGE stage;
private Map<REQUIRED_ATTRIBUTE_CHECKLOGIC, List<SAMLAttribute>> attributeMap; private List<SAMLAttributeGroup> attributeGroup;
public boolean isRequired() { return required; } public boolean isRequired() { return required; }
...@@ -18,6 +18,6 @@ public class SAMLRequiredAttributes { ...@@ -18,6 +18,6 @@ public class SAMLRequiredAttributes {
public AUTHENTICATION_STAGE getStage() { return stage; } public AUTHENTICATION_STAGE getStage() { return stage; }
public void setStage(AUTHENTICATION_STAGE stage) { this.stage = stage; } public void setStage(AUTHENTICATION_STAGE stage) { this.stage = stage; }
public Map<REQUIRED_ATTRIBUTE_CHECKLOGIC, List<SAMLAttribute>> getAttributeMap() { return attributeMap; } public List<SAMLAttributeGroup> getAttributeGroup() { return attributeGroup; }
public void setAttributeMap(Map<REQUIRED_ATTRIBUTE_CHECKLOGIC, List<SAMLAttribute>> attributeMap) { this.attributeMap = attributeMap; } public void setAttributeGroup(List<SAMLAttributeGroup> attributeGroup) { this.attributeGroup = attributeGroup; }
} }
package eu.dariah.de.dariahsp.saml.attributequery.options;
import java.util.List;
import com.fasterxml.jackson.databind.ObjectMapper;
public class SAMLRequiredAttributesList {
private SAMLRequiredAttributes[] requiredAttributes;
public SAMLRequiredAttributes[] getRequiredAttributes() { return requiredAttributes; }
public void setRequiredAttributes(SAMLRequiredAttributes[] requiredAttributes) { this.requiredAttributes = requiredAttributes; }
public SAMLRequiredAttributesList() {}
public SAMLRequiredAttributesList(ObjectMapper objectMapper, String strRequiredAttributes) {
try {
Object lolo = objectMapper.readValue(strRequiredAttributes, SAMLRequiredAttributes[].class);;
"aa".toString();
} catch (Exception e) {
"aa".toString();
}
"aa".toString();
}
public int size() {
return requiredAttributes.length;
}
}
...@@ -40,9 +40,48 @@ auth: ...@@ -40,9 +40,48 @@ auth:
signingKey: dfa.de.dariah.eu signingKey: dfa.de.dariah.eu
encryptionKey: dfa.de.dariah.eu encryptionKey: dfa.de.dariah.eu
tlsKey: dfa.de.dariah.eu tlsKey: dfa.de.dariah.eu
attributeQuery:
enabled: true
#saml.sp.attr.names : urn:oid:1.3.6.1.4.1.5923.1.1.1.6, urn:oid:0.9.2342.19200300.100.1.3, urn:oid:1.3.6.1.4.1.5923.1.1.1.7, urn:oid:1.3.6.1.4.1.5923.1.1.1.9, urn:oid:2.16.840.1.113730.3.1.241 excludedEndpoints:
#saml.sp.attr.nameFormats : urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri, urn:oasis:names:tc:SAML:2.0:attrname-format:uri urls: ["https://ldap-dariah-clone.esc.rzg.mpg.de/idp/shibboleth", "https://idp.de.dariah.eu/idp/shibboleth"]
#saml.sp.attr.friendlyNames : eduPersonPrincipalName, mail, eduPersonEntitlement, eduPersonScopedAffiliation, displayName assumeAttributesComplete: true
#saml.sp.attr.required : true, true, false, false, false queryIdp: https://ldap-dariah-clone.esc.rzg.mpg.de/idp/shibboleth
\ No newline at end of file queryByNameID: false
queryAttribute:
friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
requiredAttributes:
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: AUTHENTICATION
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: AUTHENTICATION
required: false
attributeGroup:
- check: OPTIONAL
attributes:
- friendlyName: eduPersonEntitlement
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.7
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- friendlyName: eduPersonScopedAffiliation
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.9
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- friendlyName: displayName
name: urn:oid:2.16.840.1.113730.3.1.241
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
\ No newline at end of file
...@@ -203,43 +203,39 @@ ...@@ -203,43 +203,39 @@
<property name="queryOptions" ref="attributeQueryOptions" /> <property name="queryOptions" ref="attributeQueryOptions" />
</bean> </bean>
<bean id="attributeQueryOptions" class="eu.dariah.de.dariahsp.saml.attributequery.SAMLAttributeQueryOptions"> <bean id="attributeQueryOptions" class="eu.dariah.de.dariahsp.saml.attributequery.options.SAMLAttributeQueryOptions">
<property name="performAggregation" value="true" /> <constructor-arg ref="objectMapper" />
<property name="attributeAuthorityIDP" value="https://ldap-dariah-clone.esc.rzg.mpg.de/idp/shibboleth" /> <property name="performAggregation" value="${auth.saml.sp.attributeQuery.enabled:false}" />
<property name="useOriginalSubjectNameID" value="false" /> <property name="attributeAuthorityIDP" value="${auth.saml.sp.attributeQuery.queryIdp:#{null}}" />
<property name="subjectIdAttributeName" value="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"></property> <property name="queryByNameID" value="${auth.saml.sp.attributeQuery.queryByNameID:false}" />
<property name="subjectIdAttributeFormat" value="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> <property name="queryAttributeAsJson" value="${auth.saml.sp.attributeQuery.queryAttribute:#{null}}" />
<property name="exclusionOptions"> <property name="exclusionOptions">
<list> <list>
<bean class="eu.dariah.de.dariahsp.saml.attributequery.SAMLAttributeQueryExclusionOptions"> <bean class="eu.dariah.de.dariahsp.saml.attributequery.options.SAMLAttributeQueryExclusionOptions">
<property name="assumeRequiredAttributes" value="true" /> <property name="assumeRequiredAttributes" value="${auth.saml.sp.attributeQuery.excludedEndpoints.assumeAttributesComplete:false}" />
<property name="excludedEndpoints"> <property name="excludedEndpoints" value="${auth.saml.sp.attributeQuery.excludedEndpoints.url:#{null}}" />
<list>
<value>https://ldap-dariah-clone.esc.rzg.mpg.de/idp/shibboleth</value>
<value>https://idp.de.dariah.eu/idp/shibboleth</value>
</list>
</property>
</bean> </bean>
</list> </list>
</property> </property>
<property name="requiredAttributesList" ref="requiredAttributes" />
</bean>
<bean id="requiredAttributesList" class="eu.dariah.de.dariahsp.saml.attributequery.options.SAMLRequiredAttributesList">
<property name="requiredAttributes" ref="requiredAttributes" /> <constructor-arg ref="objectMapper" />
<constructor-arg value="${auth.saml.sp.requiredAttributes:#{null}}" />
</bean> </bean>
<util:list id="requiredAttributes" value-type="eu.dariah.de.dariahsp.saml.attributequery.SAMLRequiredAttributes"> <util:list id="requiredAttributes" value-type="eu.dariah.de.dariahsp.saml.attributequery.options.SAMLRequiredAttributes">
<bean class="eu.dariah.de.dariahsp.saml.attributequery.SAMLRequiredAttributes">
<!-- <bean class="eu.dariah.de.dariahsp.saml.attributequery.options.SAMLRequiredAttributes">
<property name="stage" value="ATTRIBUTES" /> <property name="stage" value="ATTRIBUTES" />
<property name="required" value="true" /> <property name="required" value="true" />
<property name="attributeMap"> <property name="attributeMap">
<map> <map>
<entry key="AND"> <entry key="AND">
<list value-type="eu.dariah.de.dariahsp.saml.attributequery.SAMLAttribute"> <list value-type="eu.dariah.de.dariahsp.saml.SAMLAttribute">
<bean class="eu.dariah.de.dariahsp.saml.attributequery.SAMLAttribute"> <bean class="eu.dariah.de.dariahsp.saml.SAMLAttribute">
<property name="friendlyName" value="eduPersonPrincipalName" /> <property name="friendlyName" value="eduPersonPrincipalName" />
<property name="name" value="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" /> <property name="name" value="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" />
<property name="nameFormat" value="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" /> <property name="nameFormat" value="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
...@@ -248,7 +244,7 @@ ...@@ -248,7 +244,7 @@
</entry> </entry>
</map> </map>
</property> </property>
</bean> </bean> -->
</util:list> </util:list>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment