# dariahsp This library contains a wrapper for Spring Security SAML, along with extensions useful particularly for the context of DARIAH-DE. Fundamentally, this library distinguishes two authentication methods: the *local* method is intended primarily for developer and test setups, the *saml* method is targeted towards production environments. ## Authentication methods ### Local To support local authentication, configure this library as in the *security-local-context.xml* template. To complete the setup for this method, applications might want to implement the *UserService* interface (base implementation *BaseUserService*) to provide access to persisted user information. The implementation needs to be provided to the *LocalAuthenticationProvider*. In cases that do not require user detail persistence, no implementation of the *UserDetails* should be provided to the *LocalAuthenticationProvider*. To create sha256 hashes on linux shells, you can use the following command (replace foo with the desired password): ``` $ echo -n foo | openssl dgst -binary -sha1 | openssl base64 ``` ### SAML ## Further info ### Java keystore Based on a X.509 keypair and certificate chains, the required Java keystore can easily be consolidated with `openssl` and the `keytool` (comes with Java installation). The followings steps show the commands for the example of the keystore for dfa.de.dariah.eu and the appropriate input. Please modify accordingly: **Convert pem/pem keypair to p12 for easier input:** For the -name argument make sure to chose the later alias of the keypair in the keystore -- specified in the following step with the -alias argument. ``` $ openssl pkcs12 -export -name dfa.de.dariah.eu -in dfa-de-dariah-eu-signed.pem -inkey dfa-de-dariah-eu-privatekey.pem > dfa-de-dariah-eu.p12 ``` **Import p12 keypair and create Java keystore** ``` $ keytool -importkeystore -alias dfa.de.dariah.eu -srckeystore dfa-de-dariah-eu.p12 -destkeystore dfa-de-dariah-eu.jks -srcstoretype pkcs12 ``` **Import required trusted ca certificates (in our case the chain of our keypair and the trusted SAML metadata provider keychains)** ``` $ keytool -import -trustcacerts -alias gwdg_certificate_chain_g2 -file gwdg_certificate_chain_g2.pem -keystore dfa-de-dariah-eu.jks $ keytool -import -trustcacerts -alias dfn-aai -file dfn-aai.pem -keystore dfa-de-dariah-eu.jks $ keytool -import -trustcacerts -alias dfn-aai-g2 -file dfn-aai.g2.pem -keystore dfa-de-dariah-eu.jks ``` A more or less convenient option to view and edit Java keystore can be found in the [KeyStore Explorer](http://keystore-explorer.org/) **Specify configuration parameters** ``` saml.keystore.path = /path/to/dfa-de-dariah-eu.jks saml.keystore.pass = password # as entered in step 2 (keytool -importkeystore) saml.keystore.alias = dfa.de.dariah.eu saml.keystore.aliaspass = password # as entered in step 1 (openssl pkcs12 -export) ```