Commit dbf321a0 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

726: Finalize v1.0 for release with Schema Registry

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=726
parent ca3db473
...@@ -203,6 +203,7 @@ public class MetadataController { ...@@ -203,6 +203,7 @@ public class MetadataController {
extendedMetadata.setRequireLogoutRequestSigned(metadata.isRequireLogoutRequestSigned()); extendedMetadata.setRequireLogoutRequestSigned(metadata.isRequireLogoutRequestSigned());
extendedMetadata.setRequireLogoutResponseSigned(metadata.isRequireLogoutResponseSigned()); extendedMetadata.setRequireLogoutResponseSigned(metadata.isRequireLogoutResponseSigned());
extendedMetadata.setRequireArtifactResolveSigned(metadata.isRequireArtifactResolveSigned()); extendedMetadata.setRequireArtifactResolveSigned(metadata.isRequireArtifactResolveSigned());
extendedMetadata.setRequireAttributeQuerySigned(metadata.isRequireAttributeQuerySigned());
extendedMetadata.setSslHostnameVerification(metadata.getSslHostnameVerification()); extendedMetadata.setSslHostnameVerification(metadata.getSslHostnameVerification());
// Metadata signing // Metadata signing
......
...@@ -50,7 +50,7 @@ public class CheckUserFilter extends GenericFilterBean implements InitializingBe ...@@ -50,7 +50,7 @@ public class CheckUserFilter extends GenericFilterBean implements InitializingBe
@Override @Override
public void afterPropertiesSet() throws ServletException { public void afterPropertiesSet() throws ServletException {
if (attributeAggregation && incompleteAttributesRedirect==null || hostedEntityId==null) { if (attributeAggregation && (incompleteAttributesRedirect==null || hostedEntityId==null)) {
throw new ServletException("Invalid CheckUserFilter set up; redirect and entityId must be set if attribute aggregation is enabled"); throw new ServletException("Invalid CheckUserFilter set up; redirect and entityId must be set if attribute aggregation is enabled");
} }
super.afterPropertiesSet(); super.afterPropertiesSet();
......
...@@ -22,7 +22,7 @@ public class HomeController { ...@@ -22,7 +22,7 @@ public class HomeController {
@Autowired private ServletContext servletContext; @Autowired private ServletContext servletContext;
@Autowired private AuthInfoHelper authInfoHelper; @Autowired private AuthInfoHelper authInfoHelper;
@Value("#{environment.saml?environment.saml:false}") @Value("#{environment.saml!=null?environment.saml:false}")
private boolean saml; private boolean saml;
@RequestMapping(value = {"", "/", "/protected/home", "/overprotected/home"}, method = RequestMethod.GET) @RequestMapping(value = {"", "/", "/protected/home", "/overprotected/home"}, method = RequestMethod.GET)
......
auth:
local:
users:
- username: 'admin'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
roles: ["ROLE_ADMINISTRATOR"]
- username: 'tgradl'
passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
roles: ["ROLE_CONTRIBUTOR"]
saml:
keystore:
path: /data/_srv/minfba/minfba-de-dariah-eu.jks
# Comment if keystore is not protected by password
pass: 'hairad'
alias: minfba.de.dariah.eu
aliaspass: 'hairad'
\ No newline at end of file
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
<context:annotation-config/> <context:annotation-config/>
<bean id="configLocation" class="java.lang.String"> <bean id="configLocation" class="java.lang.String">
<constructor-arg value="classpath:dariahsp.yml" /> <constructor-arg value="classpath:dariahsp_local_sample.yml" />
</bean> </bean>
<bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean"> <bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
<property name="resources" ref="configLocation"/> <property name="resources" ref="configLocation"/>
......
...@@ -55,6 +55,12 @@ ...@@ -55,6 +55,12 @@
<property name="requestCache" ref="requestCache" /> <property name="requestCache" ref="requestCache" />
</bean> </bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class="eu.dariah.de.dariahsp.saml.AttributeContextProvider"/>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
<bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
<!-- This probably needs to be changed to a persisting extension of BaseUserService --> <!-- This probably needs to be changed to a persisting extension of BaseUserService -->
<bean id="userDetailsService" class="eu.dariah.de.dariahsp.sample.service.CachingUserServiceImpl"> <bean id="userDetailsService" class="eu.dariah.de.dariahsp.sample.service.CachingUserServiceImpl">
<property name="defaultAuthority" value="Authenticated User" /> <property name="defaultAuthority" value="Authenticated User" />
......
...@@ -38,6 +38,7 @@ ...@@ -38,6 +38,7 @@
<!-- Filters for processing of local authentication --> <!-- Filters for processing of local authentication -->
<bean id="authFilter" class="org.springframework.security.web.FilterChainProxy"> <bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant"> <security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
<security:filter-chain pattern="/localsec/login/**" filters="loginFilter"/> <security:filter-chain pattern="/localsec/login/**" filters="loginFilter"/>
<security:filter-chain pattern="/localsec/logout/**" filters="logoutFilter"/> <security:filter-chain pattern="/localsec/logout/**" filters="logoutFilter"/>
</security:filter-chain-map> </security:filter-chain-map>
......
...@@ -124,9 +124,6 @@ ...@@ -124,9 +124,6 @@
<property name="idpDiscoveryResponseURL" value="${auth.saml.sp.discovery.return}" /> <property name="idpDiscoveryResponseURL" value="${auth.saml.sp.discovery.return}" />
</bean> </bean>
<!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
<bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
<!-- Configure HTTP Client to accept certificates from the keystore for HTTPS verification --> <!-- Configure HTTP Client to accept certificates from the keystore for HTTPS verification -->
<!-- <!--
<bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer"> <bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer">
...@@ -235,10 +232,6 @@ ...@@ -235,10 +232,6 @@
</property> </property>
</bean> </bean>
<!-- Provider of default SAML Context -->
<bean id="contextProvider" class="eu.dariah.de.dariahsp.saml.AttributeContextProvider"/>
<!-- Processing filter for WebSSO profile messages --> <!-- Processing filter for WebSSO profile messages -->
<bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter"> <bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
......
...@@ -250,7 +250,20 @@ ...@@ -250,7 +250,20 @@
<sf:errors cssClass="error" element="div" path="wantAssertionSigned" /> <sf:errors cssClass="error" element="div" path="wantAssertionSigned" />
</div> </div>
</div> </div>
<div class="form-group">
<label for="requireAttributeQuerySigned" class="col-sm-3 control-label">Require signed attribute Assertion:</label>
<div class="col-sm-3">
<sf:select cssClass="form-control" path="requireAttributeQuerySigned" id="requireAttributeQuerySigned" multiple="false">
<sf:option value="true">Yes</sf:option>
<sf:option value="false">No</sf:option>
</sf:select>
</div>
<div class="col-sm-9 col-sm-offset-3">
<sf:errors cssClass="error" element="div" path="requireAttributeQuerySigned" />
</div>
</div>
<div class="form-group"> <div class="form-group">
<label for="requireLogoutRequestSigned" class="col-sm-3 control-label">Require signed LogoutRequest:</label> <label for="requireLogoutRequestSigned" class="col-sm-3 control-label">Require signed LogoutRequest:</label>
<div class="col-sm-3"> <div class="col-sm-3">
......
...@@ -16,6 +16,9 @@ ...@@ -16,6 +16,9 @@
<a class="btn btn-link btn-sm" href="<s:url value="/saml/web/metadata" />"> <a class="btn btn-link btn-sm" href="<s:url value="/saml/web/metadata" />">
<span class="glyphicon glyphicon-arrow-left"></span> back to list <span class="glyphicon glyphicon-arrow-left"></span> back to list
</a> </a>
<a class="btn btn-default btn-sm" href="<s:url value="/saml/web/metadata/removeProvider?providerIndex=${providerIndex}" />">
<span class="glyphicon glyphicon-trash"></span> remove provider
</a>
</div> </div>
</div> </div>
<div> <div>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment