Commit dbf321a0 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

726: Finalize v1.0 for release with Schema Registry

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=726
parent ca3db473
......@@ -203,6 +203,7 @@ public class MetadataController {
extendedMetadata.setRequireLogoutRequestSigned(metadata.isRequireLogoutRequestSigned());
extendedMetadata.setRequireLogoutResponseSigned(metadata.isRequireLogoutResponseSigned());
extendedMetadata.setRequireArtifactResolveSigned(metadata.isRequireArtifactResolveSigned());
extendedMetadata.setRequireAttributeQuerySigned(metadata.isRequireAttributeQuerySigned());
extendedMetadata.setSslHostnameVerification(metadata.getSslHostnameVerification());
// Metadata signing
......
......@@ -50,7 +50,7 @@ public class CheckUserFilter extends GenericFilterBean implements InitializingBe
@Override
public void afterPropertiesSet() throws ServletException {
if (attributeAggregation && incompleteAttributesRedirect==null || hostedEntityId==null) {
if (attributeAggregation && (incompleteAttributesRedirect==null || hostedEntityId==null)) {
throw new ServletException("Invalid CheckUserFilter set up; redirect and entityId must be set if attribute aggregation is enabled");
}
super.afterPropertiesSet();
......
......@@ -22,7 +22,7 @@ public class HomeController {
@Autowired private ServletContext servletContext;
@Autowired private AuthInfoHelper authInfoHelper;
@Value("#{environment.saml?environment.saml:false}")
@Value("#{environment.saml!=null?environment.saml:false}")
private boolean saml;
@RequestMapping(value = {"", "/", "/protected/home", "/overprotected/home"}, method = RequestMethod.GET)
......
auth:
local:
users:
- username: 'admin'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
roles: ["ROLE_ADMINISTRATOR"]
- username: 'tgradl'
passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
roles: ["ROLE_CONTRIBUTOR"]
saml:
keystore:
path: /data/_srv/minfba/minfba-de-dariah-eu.jks
# Comment if keystore is not protected by password
pass: 'hairad'
alias: minfba.de.dariah.eu
aliaspass: 'hairad'
\ No newline at end of file
......@@ -8,7 +8,7 @@
<context:annotation-config/>
<bean id="configLocation" class="java.lang.String">
<constructor-arg value="classpath:dariahsp.yml" />
<constructor-arg value="classpath:dariahsp_local_sample.yml" />
</bean>
<bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
<property name="resources" ref="configLocation"/>
......
......@@ -55,6 +55,12 @@
<property name="requestCache" ref="requestCache" />
</bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class="eu.dariah.de.dariahsp.saml.AttributeContextProvider"/>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
<bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
<!-- This probably needs to be changed to a persisting extension of BaseUserService -->
<bean id="userDetailsService" class="eu.dariah.de.dariahsp.sample.service.CachingUserServiceImpl">
<property name="defaultAuthority" value="Authenticated User" />
......
......@@ -38,6 +38,7 @@
<!-- Filters for processing of local authentication -->
<bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/localsec/login/**" filters="loginFilter"/>
<security:filter-chain pattern="/localsec/logout/**" filters="logoutFilter"/>
</security:filter-chain-map>
......
......@@ -124,9 +124,6 @@
<property name="idpDiscoveryResponseURL" value="${auth.saml.sp.discovery.return}" />
</bean>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
<bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
<!-- Configure HTTP Client to accept certificates from the keystore for HTTPS verification -->
<!--
<bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer">
......@@ -235,10 +232,6 @@
</property>
</bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class="eu.dariah.de.dariahsp.saml.AttributeContextProvider"/>
<!-- Processing filter for WebSSO profile messages -->
<bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
......
......@@ -250,7 +250,20 @@
<sf:errors cssClass="error" element="div" path="wantAssertionSigned" />
</div>
</div>
<div class="form-group">
<label for="requireAttributeQuerySigned" class="col-sm-3 control-label">Require signed attribute Assertion:</label>
<div class="col-sm-3">
<sf:select cssClass="form-control" path="requireAttributeQuerySigned" id="requireAttributeQuerySigned" multiple="false">
<sf:option value="true">Yes</sf:option>
<sf:option value="false">No</sf:option>
</sf:select>
</div>
<div class="col-sm-9 col-sm-offset-3">
<sf:errors cssClass="error" element="div" path="requireAttributeQuerySigned" />
</div>
</div>
<div class="form-group">
<label for="requireLogoutRequestSigned" class="col-sm-3 control-label">Require signed LogoutRequest:</label>
<div class="col-sm-3">
......
......@@ -16,6 +16,9 @@
<a class="btn btn-link btn-sm" href="<s:url value="/saml/web/metadata" />">
<span class="glyphicon glyphicon-arrow-left"></span> back to list
</a>
<a class="btn btn-default btn-sm" href="<s:url value="/saml/web/metadata/removeProvider?providerIndex=${providerIndex}" />">
<span class="glyphicon glyphicon-trash"></span> remove provider
</a>
</div>
</div>
<div>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment