From b5eb8597571c769827f6c686f6392d87f3225bbe Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Wed, 23 Oct 2024 11:09:27 +0300 Subject: [PATCH] EPMRPP-88378 || Remove old saml implementation --- build.gradle | 3 +- .../saml/SamlSecurityConfiguration.java | 48 ---- .../SamlServiceProviderBeanConfiguration.java | 151 ------------- .../SamlServiceProviderConfiguration.java | 207 ------------------ .../SamlProvidersReloadEventHandler.java | 120 +++++----- .../UiAuthenticationSuccessEventHandler.java | 3 +- .../integration/converter/SamlConverter.java | 32 ++- .../strategy/SamlIntegrationStrategy.java | 65 +++--- .../auth/integration/saml/Attribute.java | 4 +- .../saml/ReportPortalSamlAuthentication.java | 127 ++--------- ...ReportPortalSamlAuthenticationManager.java | 4 +- .../auth/integration/saml/SamlPrincipal.java | 8 +- .../integration/saml/SamlUserReplicator.java | 2 +- ...lServiceProviderProvisioningExtension.java | 170 +++++++------- .../NonAliasHostedServiceProviderService.java | 146 ++++++------ src/main/resources/banner.txt | 2 +- 16 files changed, 288 insertions(+), 804 deletions(-) delete mode 100644 src/main/java/com/epam/reportportal/auth/config/saml/SamlSecurityConfiguration.java delete mode 100644 src/main/java/com/epam/reportportal/auth/config/saml/SamlServiceProviderBeanConfiguration.java delete mode 100644 src/main/java/com/epam/reportportal/auth/config/saml/SamlServiceProviderConfiguration.java diff --git a/build.gradle b/build.gradle index bd5c7f4a..4536c691 100644 --- a/build.gradle +++ b/build.gradle @@ -89,7 +89,8 @@ dependencies { implementation 'org.bouncycastle:bcprov-jdk15on:1.70' implementation 'org.springframework.security:spring-security-ldap' // TODO: consider migration to spring-security-saml2-service-provider - implementation 'org.springframework.security.extensions:spring-security-saml2-core:2.0.0.M31' +// implementation 'org.springframework.security.extensions:spring-security-saml2-core:2.0.0.M31' + implementation 'org.springframework.security:spring-security-saml2-service-provider:5.8.14' implementation 'commons-collections:commons-collections:3.2.2' //Temporary fix of https://nvd.nist.gov/vuln/detail/CVE-2019-12400 implementation 'org.apache.santuario:xmlsec:3.0.3' diff --git a/src/main/java/com/epam/reportportal/auth/config/saml/SamlSecurityConfiguration.java b/src/main/java/com/epam/reportportal/auth/config/saml/SamlSecurityConfiguration.java deleted file mode 100644 index 95394895..00000000 --- a/src/main/java/com/epam/reportportal/auth/config/saml/SamlSecurityConfiguration.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2019 EPAM Systems - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.epam.reportportal.auth.config.saml; - -import static org.springframework.security.saml.provider.service.config.SamlServiceProviderSecurityDsl.serviceProvider; - -import org.springframework.context.annotation.Configuration; -import org.springframework.core.annotation.Order; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.saml.provider.SamlServerConfiguration; -import org.springframework.security.saml.provider.service.config.SamlServiceProviderSecurityConfiguration; -import org.springframework.security.saml.provider.service.config.SamlServiceProviderServerBeanConfiguration; - -/** - * @author Ihar Kahadouski - */ -@Configuration -@Order(4) -public class SamlSecurityConfiguration extends SamlServiceProviderSecurityConfiguration { - - private SamlServerConfiguration serverConfiguration; - - public SamlSecurityConfiguration(SamlServiceProviderServerBeanConfiguration configuration, - SamlServerConfiguration spConfiguration) { - super(configuration); - this.serverConfiguration = spConfiguration; - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - super.configure(http); - http.apply(serviceProvider()).configure(serverConfiguration); - } -} diff --git a/src/main/java/com/epam/reportportal/auth/config/saml/SamlServiceProviderBeanConfiguration.java b/src/main/java/com/epam/reportportal/auth/config/saml/SamlServiceProviderBeanConfiguration.java deleted file mode 100644 index abdaf32d..00000000 --- a/src/main/java/com/epam/reportportal/auth/config/saml/SamlServiceProviderBeanConfiguration.java +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright 2019 EPAM Systems - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.epam.reportportal.auth.config.saml; - -import static org.springframework.util.StringUtils.hasText; - -import com.epam.reportportal.auth.AuthFailureHandler; -import com.epam.reportportal.auth.integration.saml.ReportPortalSamlAuthenticationManager; -import com.epam.reportportal.auth.integration.saml.SamlAuthSuccessHandler; -import com.epam.reportportal.auth.integration.saml.SamlUserReplicator; -import com.epam.reportportal.auth.integration.saml.sp.HostBasedSamlServiceProviderProvisioningExtension; -import java.io.IOException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.interfaces.RSAPrivateKey; -import java.security.spec.InvalidKeySpecException; -import java.time.Duration; -import java.util.Base64; -import javax.servlet.Filter; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.saml.SamlKeyException; -import org.springframework.security.saml.SamlValidator; -import org.springframework.security.saml.key.SimpleKey; -import org.springframework.security.saml.provider.SamlServerConfiguration; -import org.springframework.security.saml.provider.provisioning.SamlProviderProvisioning; -import org.springframework.security.saml.provider.service.ServiceProviderService; -import org.springframework.security.saml.provider.service.authentication.SamlAuthenticationResponseFilter; -import org.springframework.security.saml.provider.service.config.SamlServiceProviderServerBeanConfiguration; -import org.springframework.security.saml.spi.DefaultValidator; -import org.springframework.security.saml.spi.SamlKeyStoreProvider; -import org.springframework.security.saml.spi.SpringSecuritySaml; -import org.springframework.security.saml.spi.opensaml.OpenSamlImplementation; -import org.springframework.security.saml.util.X509Utilities; - -/** - * Bean declarations for service provider part of SAML integration. - * - * @author Yevgeniy Svalukhin - */ -@Configuration -public class SamlServiceProviderBeanConfiguration extends - SamlServiceProviderServerBeanConfiguration { - - private final Integer maxSessionLive; - - private SamlAuthSuccessHandler samlSuccessHandler; - private AuthFailureHandler authFailureHandler; - private SamlUserReplicator samlUserReplicator; - private SamlServerConfiguration serviceProviderConfiguration; - - public SamlServiceProviderBeanConfiguration( - @Value("${rp.auth.saml.session-live}") Integer maxSessionLive, - SamlAuthSuccessHandler samlSuccessHandler, AuthFailureHandler authFailureHandler, - SamlUserReplicator samlUserReplicator, SamlServerConfiguration spConfiguration) { - this.maxSessionLive = maxSessionLive; - this.samlSuccessHandler = samlSuccessHandler; - this.authFailureHandler = authFailureHandler; - this.samlUserReplicator = samlUserReplicator; - this.serviceProviderConfiguration = spConfiguration; - } - - @Override - protected SamlServerConfiguration getDefaultHostSamlServerConfiguration() { - return serviceProviderConfiguration; - } - - @Override - public SamlProviderProvisioning getSamlProvisioning() { - return new HostBasedSamlServiceProviderProvisioningExtension( - samlConfigurationRepository(), - samlTransformer(), - samlValidator(), - samlMetadataCache(), - authenticationRequestEnhancer() - ); - } - - @Override - public Filter spAuthenticationResponseFilter() { - SamlAuthenticationResponseFilter authenticationFilter = new SamlAuthenticationResponseFilter( - getSamlProvisioning()); - authenticationFilter.setAuthenticationManager( - new ReportPortalSamlAuthenticationManager(samlUserReplicator)); - authenticationFilter.setAuthenticationSuccessHandler(samlSuccessHandler); - authenticationFilter.setAuthenticationFailureHandler(authFailureHandler); - return authenticationFilter; - } - - @Override - public SpringSecuritySaml samlImplementation() { - OpenSamlImplementation implementation = new OpenSamlImplementation(samlTime()).init(); - implementation.setSamlKeyStoreProvider(samlKeyStoreProvider()); - return implementation; - } - - @Override - public SamlValidator samlValidator() { - final DefaultValidator defaultValidator = new DefaultValidator(samlImplementation()); - defaultValidator.setMaxAuthenticationAgeMillis( - Math.toIntExact(Duration.ofMinutes(maxSessionLive).toMillis())); - return defaultValidator; - } - - private SamlKeyStoreProvider samlKeyStoreProvider() { - return new SamlKeyStoreProvider() { - @Override - public KeyStore getKeyStore(SimpleKey key) { - try { - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null, DEFAULT_KS_PASSWD); - - byte[] certbytes = X509Utilities.getDER(key.getCertificate()); - Certificate certificate = X509Utilities.getCertificate(certbytes); - ks.setCertificateEntry(key.getName(), certificate); - - if (hasText(key.getPrivateKey())) { - - RSAPrivateKey privateKey = X509Utilities.getPrivateKey( - Base64.getDecoder().decode(key.getPrivateKey()), "RSA"); - - ks.setKeyEntry(key.getName(), privateKey, key.getPassphrase().toCharArray(), - new Certificate[]{certificate}); - } - - return ks; - } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException - | InvalidKeySpecException | IOException e) { - throw new SamlKeyException(e); - } - } - }; - } -} diff --git a/src/main/java/com/epam/reportportal/auth/config/saml/SamlServiceProviderConfiguration.java b/src/main/java/com/epam/reportportal/auth/config/saml/SamlServiceProviderConfiguration.java deleted file mode 100644 index 188116d5..00000000 --- a/src/main/java/com/epam/reportportal/auth/config/saml/SamlServiceProviderConfiguration.java +++ /dev/null @@ -1,207 +0,0 @@ -/* - * Copyright 2019 EPAM Systems - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.epam.reportportal.auth.config.saml; - -import static com.epam.reportportal.auth.integration.parameter.SamlParameter.BASE_PATH; -import static java.util.Base64.getEncoder; -import static java.util.Optional.ofNullable; - -import com.epam.reportportal.auth.integration.AuthIntegrationType; -import com.epam.reportportal.auth.integration.converter.SamlConverter; -import com.epam.reportportal.auth.util.CertificationUtil; -import com.epam.reportportal.auth.util.RequestUtil; -import com.epam.ta.reportportal.dao.IntegrationRepository; -import com.epam.ta.reportportal.dao.IntegrationTypeRepository; -import com.epam.ta.reportportal.entity.integration.Integration; -import com.epam.ta.reportportal.entity.integration.IntegrationType; -import com.google.common.collect.Lists; -import java.security.PrivateKey; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.Collections; -import java.util.List; -import java.util.Optional; -import java.util.concurrent.CopyOnWriteArrayList; -import javax.inject.Provider; -import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml.saml2.core.NameID; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.saml.key.SimpleKey; -import org.springframework.security.saml.provider.SamlServerConfiguration; -import org.springframework.security.saml.provider.config.NetworkConfiguration; -import org.springframework.security.saml.provider.config.RotatingKeys; -import org.springframework.security.saml.provider.service.config.ExternalIdentityProviderConfiguration; -import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration; -import org.springframework.util.CollectionUtils; - -/** - * SAML service provider configuration based on application settings. - * - * @author Yevgeniy Svalukhin - */ -@Configuration -public class SamlServiceProviderConfiguration { - - private static final Logger LOGGER = LoggerFactory.getLogger( - SamlServiceProviderConfiguration.class); - - @Value("${rp.auth.saml.base-path}") - private String basePath; - - @Value("${rp.auth.saml.entity-id}") - private String entityId; - - @Value("${rp.auth.saml.key-alias}") - private String keyAlias; - - @Value("${rp.auth.saml.key-password}") - private String keyPassword; - - @Value("${rp.auth.saml.key-store}") - private String keyStore; - - @Value("${rp.auth.saml.key-store-password}") - private String keyStorePassword; - - @Value("${rp.auth.saml.active-key-name}") - private String activeKeyName; - - @Value("${rp.auth.saml.network-connection-timeout}") - private Integer networkConnectTimeout; - - @Value("${rp.auth.saml.network-read-timeout}") - private Integer networkReadTimeout; - - @Value("${rp.auth.saml.signed-requests}") - private Boolean signedRequests; - - @Value("${rp.auth.saml.prefix}") - private String prefix; - - @Autowired - private Provider requestProvider; - - private IntegrationTypeRepository integrationTypeRepository; - - private IntegrationRepository integrationRepository; - - public SamlServiceProviderConfiguration(IntegrationTypeRepository integrationTypeRepository, - IntegrationRepository integrationRepository) { - this.integrationTypeRepository = integrationTypeRepository; - this.integrationRepository = integrationRepository; - } - - @Bean(name = "spConfiguration") - public SamlServerConfiguration samlServerConfiguration() { - return new SamlServerConfiguration().setServiceProvider(serviceProviderConfiguration()) - .setNetwork(networkConfiguration()); - } - - private NetworkConfiguration networkConfiguration() { - return new NetworkConfiguration().setConnectTimeout(networkConnectTimeout) - .setReadTimeout(networkReadTimeout); - - } - - private LocalServiceProviderConfiguration serviceProviderConfiguration() { - LocalServiceProviderConfiguration serviceProviderConfiguration = - new LocalServiceProviderConfigurationDelegate(integrationTypeRepository); - serviceProviderConfiguration.setSignRequests(signedRequests) - .setWantAssertionsSigned(signedRequests) - .setEntityId(entityId) - .setAlias(keyAlias) - .setSignMetadata(signedRequests) - .setSingleLogoutEnabled(true) - .setNameIds(Arrays.asList(NameID.EMAIL, NameID.PERSISTENT, NameID.UNSPECIFIED)) - .setKeys(rotatingKeys()) - .setProviders(providers()) - .setPrefix(prefix) - .setBasePath(basePath); - return serviceProviderConfiguration; - } - - private List providers() { - Optional saml = integrationTypeRepository.findByName( - AuthIntegrationType.SAML.getName()); - List providers = Lists.newArrayList(); - if (saml.isPresent()) { - providers = integrationRepository.findAllGlobalByType(saml.get()); - } - - if (CollectionUtils.isEmpty(providers)) { - return new CopyOnWriteArrayList<>(); - } - - return new CopyOnWriteArrayList<>(SamlConverter.TO_EXTERNAL_PROVIDER_CONFIG.apply(providers)); - } - - private RotatingKeys rotatingKeys() { - return new RotatingKeys().setActive(getActiveKey()).setStandBy(standbyKeys()); - } - - private List standbyKeys() { - return Collections.emptyList(); - } - - private SimpleKey getActiveKey() { - - if (signedRequests) { - X509Certificate certificate = CertificationUtil.getCertificateByName(keyAlias, keyStore, - keyStorePassword); - PrivateKey privateKey = CertificationUtil.getPrivateKey(keyAlias, keyPassword, keyStore, - keyStorePassword); - - try { - return new SimpleKey().setCertificate(getEncoder().encodeToString(certificate.getEncoded())) - .setPassphrase(keyPassword) - .setPrivateKey(getEncoder().encodeToString(privateKey.getEncoded())) - .setName(activeKeyName); - } catch (CertificateEncodingException e) { - LOGGER.error("Failed to retrieve active key", e); - } - } - return new SimpleKey(); - } - - public class LocalServiceProviderConfigurationDelegate extends LocalServiceProviderConfiguration { - - private final IntegrationTypeRepository integrationTypeRepository; - - public LocalServiceProviderConfigurationDelegate( - IntegrationTypeRepository integrationTypeRepository) { - this.integrationTypeRepository = integrationTypeRepository; - } - - @Override - public String getBasePath() { - return integrationTypeRepository.findByName(AuthIntegrationType.SAML.getName()) - .flatMap(it -> Optional.ofNullable(it.getDetails())) - .flatMap(d -> Optional.ofNullable(d.getDetails())) - .flatMap(BASE_PATH::getParameter) - .orElseGet(() -> ofNullable(basePath).orElseGet( - () -> ofNullable(requestProvider.get()).map(RequestUtil::getRequestBasePath) - .orElse("/"))); - } - } - -} diff --git a/src/main/java/com/epam/reportportal/auth/event/SamlProvidersReloadEventHandler.java b/src/main/java/com/epam/reportportal/auth/event/SamlProvidersReloadEventHandler.java index 172f73d8..936af791 100644 --- a/src/main/java/com/epam/reportportal/auth/event/SamlProvidersReloadEventHandler.java +++ b/src/main/java/com/epam/reportportal/auth/event/SamlProvidersReloadEventHandler.java @@ -1,60 +1,60 @@ -/* - * Copyright 2019 EPAM Systems - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.epam.reportportal.auth.event; - -import com.epam.reportportal.auth.integration.converter.SamlConverter; -import com.epam.ta.reportportal.dao.IntegrationRepository; -import com.epam.ta.reportportal.entity.integration.Integration; -import com.epam.ta.reportportal.entity.integration.IntegrationType; -import java.util.List; -import org.springframework.context.ApplicationListener; -import org.springframework.security.saml.provider.SamlServerConfiguration; -import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration; -import org.springframework.stereotype.Component; - -/** - * Handles SAML settings changes event and reload configuration of IDP in service provider - * configuration. - * - * @author Yevgeniy Svalukhin - */ -@Component -public class SamlProvidersReloadEventHandler implements - ApplicationListener { - - private final IntegrationRepository integrationRepository; - private final SamlServerConfiguration samlConfiguration; - - public SamlProvidersReloadEventHandler(IntegrationRepository integrationRepository, - SamlServerConfiguration spConfiguration) { - this.integrationRepository = integrationRepository; - this.samlConfiguration = spConfiguration; - } - - @Override - public void onApplicationEvent(SamlProvidersReloadEvent event) { - final IntegrationType integrationType = event.getIntegrationType(); - final List integrations = integrationRepository.findAllGlobalByType( - integrationType); - - LocalServiceProviderConfiguration serviceProvider = samlConfiguration.getServiceProvider(); - - serviceProvider.getProviders().clear(); - serviceProvider.getProviders() - .addAll(SamlConverter.TO_EXTERNAL_PROVIDER_CONFIG.apply(integrations)); - } -} +///* +// * Copyright 2019 EPAM Systems +// * +// * Licensed under the Apache License, Version 2.0 (the "License"); +// * you may not use this file except in compliance with the License. +// * You may obtain a copy of the License at +// * +// * http://www.apache.org/licenses/LICENSE-2.0 +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the License is distributed on an "AS IS" BASIS, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the License for the specific language governing permissions and +// * limitations under the License. +// */ +// +//package com.epam.reportportal.auth.event; +// +//import com.epam.reportportal.auth.integration.converter.SamlConverter; +//import com.epam.ta.reportportal.dao.IntegrationRepository; +//import com.epam.ta.reportportal.entity.integration.Integration; +//import com.epam.ta.reportportal.entity.integration.IntegrationType; +//import java.util.List; +//import org.springframework.context.ApplicationListener; +//import org.springframework.security.saml.provider.SamlServerConfiguration; +//import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration; +//import org.springframework.stereotype.Component; +// +///** +// * Handles SAML settings changes event and reload configuration of IDP in service provider +// * configuration. +// * +// * @author Yevgeniy Svalukhin +// */ +//@Component +//public class SamlProvidersReloadEventHandler implements +// ApplicationListener { +// +// private final IntegrationRepository integrationRepository; +// private final SamlServerConfiguration samlConfiguration; +// +// public SamlProvidersReloadEventHandler(IntegrationRepository integrationRepository, +// SamlServerConfiguration spConfiguration) { +// this.integrationRepository = integrationRepository; +// this.samlConfiguration = spConfiguration; +// } +// +// @Override +// public void onApplicationEvent(SamlProvidersReloadEvent event) { +// final IntegrationType integrationType = event.getIntegrationType(); +// final List integrations = integrationRepository.findAllGlobalByType( +// integrationType); +// +// LocalServiceProviderConfiguration serviceProvider = samlConfiguration.getServiceProvider(); +// +// serviceProvider.getProviders().clear(); +// serviceProvider.getProviders() +// .addAll(SamlConverter.TO_EXTERNAL_PROVIDER_CONFIG.apply(integrations)); +// } +//} diff --git a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java index b62d10ea..2fe66f6a 100644 --- a/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java +++ b/src/main/java/com/epam/reportportal/auth/event/UiAuthenticationSuccessEventHandler.java @@ -29,6 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.event.EventListener; import org.springframework.security.authentication.LockedException; +import org.springframework.security.core.AuthenticatedPrincipal; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; @@ -75,7 +76,7 @@ public void onApplicationEvent(UiUserSignedInEvent event) { private ReportPortalUser acquireUser(Authentication authentication) { if (authentication instanceof ReportPortalSamlAuthentication rpAuth) { - return userRepository.findUserDetails(rpAuth.getPrincipal()) + return userRepository.findUserDetails(rpAuth.getPrincipalName()) .orElseThrow(() -> new ReportPortalException(ErrorType.USER_NOT_FOUND, rpAuth.getPrincipal())); } else { diff --git a/src/main/java/com/epam/reportportal/auth/integration/converter/SamlConverter.java b/src/main/java/com/epam/reportportal/auth/integration/converter/SamlConverter.java index 381b3f5c..b397f74f 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/converter/SamlConverter.java +++ b/src/main/java/com/epam/reportportal/auth/integration/converter/SamlConverter.java @@ -41,10 +41,6 @@ import java.util.function.BiConsumer; import java.util.function.Function; import java.util.stream.Collectors; -import java.util.stream.IntStream; -import org.springframework.security.saml.provider.service.config.ExternalIdentityProviderConfiguration; -import org.springframework.security.saml.saml2.metadata.BindingType; -import org.springframework.security.saml.saml2.metadata.NameId; import org.springframework.util.CollectionUtils; /** @@ -83,20 +79,20 @@ public class SamlConverter { return resource; }; - public static final Function, List> TO_EXTERNAL_PROVIDER_CONFIG = integrations -> { - List externalProviders = integrations.stream() - .map(integration -> new ExternalIdentityProviderConfiguration().setAlias( - IDP_ALIAS.getParameter(integration).get()) - .setMetadata(IDP_METADATA_URL.getRequiredParameter(integration)) - .setLinktext(integration.getName()) - .setAuthenticationRequestBinding(BindingType.POST.toUri()) - .setNameId(IDP_NAME_ID.getParameter(integration).map(NameId::fromUrn) - .orElse(NameId.UNSPECIFIED))) - .collect(Collectors.toList()); - IntStream.range(0, externalProviders.size()) - .forEach(value -> externalProviders.get(value).setAssertionConsumerServiceIndex(value)); - return externalProviders; - }; +// public static final Function, List> TO_EXTERNAL_PROVIDER_CONFIG = integrations -> { +// List externalProviders = integrations.stream() +// .map(integration -> new ExternalIdentityProviderConfiguration().setAlias( +// IDP_ALIAS.getParameter(integration).get()) +// .setMetadata(IDP_METADATA_URL.getRequiredParameter(integration)) +// .setLinktext(integration.getName()) +// .setAuthenticationRequestBinding(BindingType.POST.toUri()) +// .setNameId(IDP_NAME_ID.getParameter(integration).map(NameId::fromUrn) +// .orElse(NameId.UNSPECIFIED))) +// .collect(Collectors.toList()); +// IntStream.range(0, externalProviders.size()) +// .forEach(value -> externalProviders.get(value).setAssertionConsumerServiceIndex(value)); +// return externalProviders; +// }; public static final Function, SamlProvidersResource> TO_PROVIDERS_RESOURCE = integrations -> { diff --git a/src/main/java/com/epam/reportportal/auth/integration/handler/impl/strategy/SamlIntegrationStrategy.java b/src/main/java/com/epam/reportportal/auth/integration/handler/impl/strategy/SamlIntegrationStrategy.java index f50d27b5..e41e3ebb 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/handler/impl/strategy/SamlIntegrationStrategy.java +++ b/src/main/java/com/epam/reportportal/auth/integration/handler/impl/strategy/SamlIntegrationStrategy.java @@ -18,35 +18,24 @@ import static com.epam.reportportal.auth.integration.converter.SamlConverter.UPDATE_FROM_REQUEST; import static com.epam.reportportal.auth.integration.parameter.SamlParameter.BASE_PATH; -import static com.epam.reportportal.auth.integration.parameter.SamlParameter.IDP_ALIAS; -import static com.epam.reportportal.auth.integration.parameter.SamlParameter.IDP_NAME_ID; -import static com.epam.reportportal.auth.integration.parameter.SamlParameter.IDP_URL; import static java.util.Optional.ofNullable; import com.epam.reportportal.auth.event.SamlProvidersReloadEvent; -import com.epam.reportportal.auth.integration.parameter.SamlParameter; import com.epam.reportportal.auth.integration.validator.duplicate.IntegrationDuplicateValidator; import com.epam.reportportal.auth.integration.validator.request.AuthRequestValidator; +import com.epam.reportportal.model.integration.auth.UpdateAuthRQ; +import com.epam.reportportal.rules.exception.ErrorType; +import com.epam.reportportal.rules.exception.ReportPortalException; import com.epam.ta.reportportal.dao.IntegrationRepository; import com.epam.ta.reportportal.entity.integration.Integration; import com.epam.ta.reportportal.entity.integration.IntegrationType; import com.epam.ta.reportportal.entity.integration.IntegrationTypeDetails; -import com.epam.reportportal.rules.exception.ReportPortalException; -import com.epam.reportportal.rules.exception.ErrorType; -import com.epam.reportportal.model.integration.auth.UpdateAuthRQ; import java.util.HashMap; import java.util.Map; -import java.util.Objects; import org.apache.commons.validator.routines.UrlValidator; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.ApplicationEventPublisher; -import org.springframework.security.saml.provider.provisioning.SamlProviderProvisioning; -import org.springframework.security.saml.provider.service.ServiceProviderService; -import org.springframework.security.saml.provider.service.config.ExternalIdentityProviderConfiguration; -import org.springframework.security.saml.saml2.metadata.IdentityProvider; -import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata; -import org.springframework.security.saml.saml2.metadata.NameId; import org.springframework.stereotype.Service; /** @@ -55,7 +44,7 @@ @Service public class SamlIntegrationStrategy extends AuthIntegrationStrategy { - private final SamlProviderProvisioning serviceProviderProvisioning; +// private final SamlProviderProvisioning serviceProviderProvisioning; private final ApplicationEventPublisher eventPublisher; @Autowired @@ -63,10 +52,8 @@ public SamlIntegrationStrategy(IntegrationRepository integrationRepository, @Qualifier("samlUpdateAuthRequestValidator") AuthRequestValidator updateAuthRequestValidator, IntegrationDuplicateValidator integrationDuplicateValidator, - SamlProviderProvisioning serviceProviderProvisioning, ApplicationEventPublisher eventPublisher) { super(integrationRepository, updateAuthRequestValidator, integrationDuplicateValidator); - this.serviceProviderProvisioning = serviceProviderProvisioning; this.eventPublisher = eventPublisher; } @@ -105,31 +92,31 @@ private void updateBasePath(Integration integration, String basePath) { @Override protected Integration save(Integration integration) { - populateProviderDetails(integration); +// populateProviderDetails(integration); final Integration result = super.save(integration); eventPublisher.publishEvent(new SamlProvidersReloadEvent(result.getType())); return result; } - private void populateProviderDetails(Integration samlIntegration) { - Map params = samlIntegration.getParams().getParams(); - ExternalIdentityProviderConfiguration externalConfiguration = - new ExternalIdentityProviderConfiguration() - .setMetadata(SamlParameter.IDP_METADATA_URL.getRequiredParameter(samlIntegration)); - IdentityProviderMetadata remoteProvider = serviceProviderProvisioning.getHostedProvider() - .getRemoteProvider(externalConfiguration); - params.put(IDP_URL.getParameterName(), remoteProvider.getEntityId()); - params.put(IDP_ALIAS.getParameterName(), remoteProvider.getEntityAlias()); - - NameId nameId = ofNullable(remoteProvider.getDefaultNameId()).orElseGet( - () -> remoteProvider.getProviders() - .stream() - .filter(IdentityProvider.class::isInstance) - .map(IdentityProvider.class::cast) - .flatMap(v -> v.getNameIds().stream()) - .filter(Objects::nonNull) - .findFirst().orElse(NameId.UNSPECIFIED)); - - params.put(IDP_NAME_ID.getParameterName(), nameId.toString()); - } +// private void populateProviderDetails(Integration samlIntegration) { +// Map params = samlIntegration.getParams().getParams(); +// ExternalIdentityProviderConfiguration externalConfiguration = +// new ExternalIdentityProviderConfiguration() +// .setMetadata(SamlParameter.IDP_METADATA_URL.getRequiredParameter(samlIntegration)); +// IdentityProviderMetadata remoteProvider = serviceProviderProvisioning.getHostedProvider() +// .getRemoteProvider(externalConfiguration); +// params.put(IDP_URL.getParameterName(), remoteProvider.getEntityId()); +// params.put(IDP_ALIAS.getParameterName(), remoteProvider.getEntityAlias()); +// +// NameId nameId = ofNullable(remoteProvider.getDefaultNameId()).orElseGet( +// () -> remoteProvider.getProviders() +// .stream() +// .filter(IdentityProvider.class::isInstance) +// .map(IdentityProvider.class::cast) +// .flatMap(v -> v.getNameIds().stream()) +// .filter(Objects::nonNull) +// .findFirst().orElse(NameId.UNSPECIFIED)); +// +// params.put(IDP_NAME_ID.getParameterName(), nameId.toString()); +// } } diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/Attribute.java b/src/main/java/com/epam/reportportal/auth/integration/saml/Attribute.java index 4763d491..7e1ca5ed 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/Attribute.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/Attribute.java @@ -19,10 +19,8 @@ import java.io.Serializable; import java.util.LinkedList; import java.util.List; -import java.util.Objects; import lombok.EqualsAndHashCode; import lombok.Getter; -import org.springframework.security.saml.saml2.attribute.AttributeNameFormat; /** * Represents attributes extracted from SAML response message. @@ -38,7 +36,7 @@ public class Attribute implements Serializable { private String name; private String friendlyName; private List values = new LinkedList<>(); - private String nameFormat = AttributeNameFormat.UNSPECIFIED.toString(); + private String nameFormat = ""; private boolean required; diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/ReportPortalSamlAuthentication.java b/src/main/java/com/epam/reportportal/auth/integration/saml/ReportPortalSamlAuthentication.java index 17155727..b0d98fe0 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/ReportPortalSamlAuthentication.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/ReportPortalSamlAuthentication.java @@ -16,126 +16,37 @@ package com.epam.reportportal.auth.integration.saml; -import static com.epam.reportportal.auth.util.AuthUtils.CROP_DOMAIN; - import java.util.Collection; +import java.util.Collections; import java.util.LinkedList; import java.util.List; -import java.util.stream.Collectors; +import org.springframework.security.core.AuthenticatedPrincipal; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.saml.SamlAuthentication; -import org.springframework.security.saml.saml2.authentication.Assertion; -import org.springframework.security.saml.saml2.authentication.SubjectPrincipal; -import org.springframework.security.saml.spi.DefaultSamlAuthentication; +import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication; /** * Information extracted from SAML response. * * @author Yevgeniy Svalukhin */ -public class ReportPortalSamlAuthentication implements SamlAuthentication { +public class ReportPortalSamlAuthentication extends Saml2Authentication { private static final long serialVersionUID = -289812989450932L; private boolean authenticated; - private Subject subject; private List attributes = new LinkedList<>(); + private List grantedAuthorities; - private transient Assertion assertion; - private String assertingEntityId; - private String holdingEntityId; - private String relayState; + private String responseXml; private String issuer; - public ReportPortalSamlAuthentication(boolean authenticated, Assertion assertion, - String assertingEntityId, String holdingEntityId, - String relayState) { - this.authenticated = authenticated; - this.assertingEntityId = assertingEntityId; - this.holdingEntityId = holdingEntityId; - this.relayState = relayState; - this.assertion = assertion; - fillSubject(assertion); - fillAttributes(assertion); - issuer = assertion.getIssuer().getValue(); - } - - public ReportPortalSamlAuthentication(DefaultSamlAuthentication defaultSamlAuthentication) { - this( - defaultSamlAuthentication.isAuthenticated(), - defaultSamlAuthentication.getAssertion(), - defaultSamlAuthentication.getAssertingEntityId(), - defaultSamlAuthentication.getHoldingEntityId(), - defaultSamlAuthentication.getRelayState() - ); - } - - private void fillAttributes(Assertion assertion) { - List mappedAttributes = assertion.getAttributes() - .stream() - .map(attr -> new Attribute().withName(attr.getName()) - .withFriendlyName(attr.getFriendlyName()) - .withNameFormat(attr.getNameFormat().toString()) - .withRequired(attr.isRequired()) - .withValues(attr.getValues())) - .collect(Collectors.toList()); - attributes.addAll(mappedAttributes); - } - - private void fillSubject(Assertion assertion) { - subject = new Subject().setSamlPrincipal(new SamlPrincipal().setFormat(assertion.getSubject() - .getPrincipal() - .getFormat() - .getFormat() - .toString()).setValue(CROP_DOMAIN.apply(assertion.getSubject().getPrincipal().getValue()))); - } - - @Override - public String getAssertingEntityId() { - return assertingEntityId; - } - - @Override - public String getHoldingEntityId() { - return holdingEntityId; - } - - @Override - public SubjectPrincipal getSamlPrincipal() { - return subject.getSamlPrincipal(); - } - - @Override - public Assertion getAssertion() { - return assertion; - } - - @Override - public String getRelayState() { - return relayState; - } - - public void setRelayState(String relayState) { - this.relayState = relayState; - } - - protected void setHoldingEntityId(String holdingEntityId) { - this.holdingEntityId = holdingEntityId; - } - - protected void setAssertingEntityId(String assertingEntityId) { - this.assertingEntityId = assertingEntityId; - } - - @Override - public Collection getAuthorities() { - return grantedAuthorities; - } - - @Override - public Subject getCredentials() { - return subject; + public ReportPortalSamlAuthentication(Saml2Authentication defaultSamlAuthentication) { + super((AuthenticatedPrincipal) defaultSamlAuthentication.getPrincipal(), + defaultSamlAuthentication.getSaml2Response(), Collections.EMPTY_LIST); + AuthenticatedPrincipal principal = (AuthenticatedPrincipal) defaultSamlAuthentication.getPrincipal(); + this.authenticated = defaultSamlAuthentication.isAuthenticated(); + this.issuer = principal.getName(); } @Override @@ -143,11 +54,6 @@ public List getDetails() { return attributes; } - @Override - public String getPrincipal() { - return subject.getSamlPrincipal().getValue(); - } - @Override public boolean isAuthenticated() { return authenticated; @@ -161,9 +67,8 @@ public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentExce } } - @Override - public String getName() { - return subject.getSamlPrincipal().getName(); + public String getPrincipalName() { + return getName(); } public String getResponseXml() { @@ -179,6 +84,10 @@ public void setAuthorities(List grantedAuthorities) this.grantedAuthorities = grantedAuthorities; } + public List getGrantedAuthorities() { + return grantedAuthorities; + } + public String getIssuer() { return issuer; } diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/ReportPortalSamlAuthenticationManager.java b/src/main/java/com/epam/reportportal/auth/integration/saml/ReportPortalSamlAuthenticationManager.java index 1d303e82..59056d50 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/ReportPortalSamlAuthenticationManager.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/ReportPortalSamlAuthenticationManager.java @@ -22,7 +22,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.saml.spi.DefaultSamlAuthentication; +import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication; import org.springframework.stereotype.Component; /** @@ -41,7 +41,7 @@ public ReportPortalSamlAuthenticationManager(SamlUserReplicator samlUserReplicat @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { - if (authentication instanceof DefaultSamlAuthentication defaultSamlAuthentication) { + if (authentication instanceof Saml2Authentication defaultSamlAuthentication) { ReportPortalSamlAuthentication reportPortalSamlAuthentication = new ReportPortalSamlAuthentication(defaultSamlAuthentication); if (reportPortalSamlAuthentication.isAuthenticated()) { diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlPrincipal.java b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlPrincipal.java index cad92620..74d31ab8 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlPrincipal.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlPrincipal.java @@ -19,15 +19,15 @@ import java.io.Serializable; import java.security.Principal; import java.util.Objects; -import org.springframework.security.saml.saml2.authentication.SubjectPrincipal; +import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal; /** * Represents principal extracted from SAML response and used for authentication. * * @author Yevgeniy Svalukhin */ -public class SamlPrincipal extends SubjectPrincipal implements Serializable, - Principal { +public class SamlPrincipal implements Serializable, + Principal, Saml2AuthenticatedPrincipal { private static final long serialVersionUID = -341083232L; @@ -43,12 +43,10 @@ public SamlPrincipal setFormat(String format) { return this; } - @Override public String getValue() { return value; } - @Override public SamlPrincipal setValue(String value) { this.value = value; return this; diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java index 47791f1f..b53d9d72 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/SamlUserReplicator.java @@ -80,7 +80,7 @@ public SamlUserReplicator(UserRepository userRepository, ProjectRepository proje @Transactional public User replicateUser(ReportPortalSamlAuthentication samlAuthentication) { - String userName = CROP_DOMAIN.apply(samlAuthentication.getPrincipal()); + String userName = CROP_DOMAIN.apply(samlAuthentication.getPrincipalName()); Optional userOptional = userRepository.findByLogin(userName); if (userOptional.isPresent()) { diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/sp/HostBasedSamlServiceProviderProvisioningExtension.java b/src/main/java/com/epam/reportportal/auth/integration/saml/sp/HostBasedSamlServiceProviderProvisioningExtension.java index d4d099c7..ff9c1454 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/sp/HostBasedSamlServiceProviderProvisioningExtension.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/sp/HostBasedSamlServiceProviderProvisioningExtension.java @@ -1,85 +1,85 @@ -package com.epam.reportportal.auth.integration.saml.sp; - -import static org.springframework.util.StringUtils.hasText; - -import java.util.Collections; -import java.util.LinkedList; -import java.util.List; -import org.springframework.security.saml.SamlMetadataCache; -import org.springframework.security.saml.SamlTransformer; -import org.springframework.security.saml.SamlValidator; -import org.springframework.security.saml.key.KeyType; -import org.springframework.security.saml.key.SimpleKey; -import org.springframework.security.saml.provider.config.SamlConfigurationRepository; -import org.springframework.security.saml.provider.provisioning.HostBasedSamlServiceProviderProvisioning; -import org.springframework.security.saml.provider.service.AuthenticationRequestEnhancer; -import org.springframework.security.saml.provider.service.ServiceProviderService; -import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration; -import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata; - -/** - * @author Ivan Budayeu - */ -public class HostBasedSamlServiceProviderProvisioningExtension extends - HostBasedSamlServiceProviderProvisioning { - - private final AuthenticationRequestEnhancer authenticationRequestEnhancer; - - public HostBasedSamlServiceProviderProvisioningExtension( - SamlConfigurationRepository configuration, SamlTransformer transformer, - SamlValidator validator, SamlMetadataCache cache, - AuthenticationRequestEnhancer authnRequestEnhancer) { - super(configuration, transformer, validator, cache, authnRequestEnhancer); - this.authenticationRequestEnhancer = authnRequestEnhancer; - } - - @Override - protected ServiceProviderService getHostedServiceProvider( - LocalServiceProviderConfiguration spConfig) { - String basePath = spConfig.getBasePath(); - - List keys = new LinkedList<>(); - SimpleKey activeKey = spConfig.getKeys().getActive(); - keys.add(activeKey); - keys.add(activeKey.clone(activeKey.getName() + "-encryption", KeyType.ENCRYPTION)); - keys.addAll(spConfig.getKeys().getStandBy()); - SimpleKey signingKey = spConfig.isSignMetadata() ? spConfig.getKeys().getActive() : null; - - String prefix = hasText(spConfig.getPrefix()) ? spConfig.getPrefix() : "saml/sp/"; - String aliasPath = getAliasPath(spConfig); - ServiceProviderMetadata metadata = - serviceProviderMetadata( - basePath, - signingKey, - keys, - prefix, - aliasPath, - spConfig.getDefaultSigningAlgorithm(), - spConfig.getDefaultDigest() - ); - if (!spConfig.getNameIds().isEmpty()) { - metadata.getServiceProvider().setNameIds(spConfig.getNameIds()); - } - - if (!spConfig.isSingleLogoutEnabled()) { - metadata.getServiceProvider().setSingleLogoutService(Collections.emptyList()); - } - if (hasText(spConfig.getEntityId())) { - metadata.setEntityId(spConfig.getEntityId()); - } - if (hasText(spConfig.getAlias())) { - metadata.setEntityAlias(spConfig.getAlias()); - } - metadata.getServiceProvider().setWantAssertionsSigned(spConfig.isWantAssertionsSigned()); - metadata.getServiceProvider().setAuthnRequestsSigned(spConfig.isSignRequests()); - - return new NonAliasHostedServiceProviderService( - spConfig, - metadata, - getTransformer(), - getValidator(), - getCache(), - authenticationRequestEnhancer - ); - } -} +//package com.epam.reportportal.auth.integration.saml.sp; +// +//import static org.springframework.util.StringUtils.hasText; +// +//import java.util.Collections; +//import java.util.LinkedList; +//import java.util.List; +//import org.springframework.security.saml.SamlMetadataCache; +//import org.springframework.security.saml.SamlTransformer; +//import org.springframework.security.saml.SamlValidator; +//import org.springframework.security.saml.key.KeyType; +//import org.springframework.security.saml.key.SimpleKey; +//import org.springframework.security.saml.provider.config.SamlConfigurationRepository; +//import org.springframework.security.saml.provider.provisioning.HostBasedSamlServiceProviderProvisioning; +//import org.springframework.security.saml.provider.service.AuthenticationRequestEnhancer; +//import org.springframework.security.saml.provider.service.ServiceProviderService; +//import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration; +//import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata; +// +///** +// * @author Ivan Budayeu +// */ +//public class HostBasedSamlServiceProviderProvisioningExtension extends +// HostBasedSamlServiceProviderProvisioning { +// +// private final AuthenticationRequestEnhancer authenticationRequestEnhancer; +// +// public HostBasedSamlServiceProviderProvisioningExtension( +// SamlConfigurationRepository configuration, SamlTransformer transformer, +// SamlValidator validator, SamlMetadataCache cache, +// AuthenticationRequestEnhancer authnRequestEnhancer) { +// super(configuration, transformer, validator, cache, authnRequestEnhancer); +// this.authenticationRequestEnhancer = authnRequestEnhancer; +// } +// +// @Override +// protected ServiceProviderService getHostedServiceProvider( +// LocalServiceProviderConfiguration spConfig) { +// String basePath = spConfig.getBasePath(); +// +// List keys = new LinkedList<>(); +// SimpleKey activeKey = spConfig.getKeys().getActive(); +// keys.add(activeKey); +// keys.add(activeKey.clone(activeKey.getName() + "-encryption", KeyType.ENCRYPTION)); +// keys.addAll(spConfig.getKeys().getStandBy()); +// SimpleKey signingKey = spConfig.isSignMetadata() ? spConfig.getKeys().getActive() : null; +// +// String prefix = hasText(spConfig.getPrefix()) ? spConfig.getPrefix() : "saml/sp/"; +// String aliasPath = getAliasPath(spConfig); +// ServiceProviderMetadata metadata = +// serviceProviderMetadata( +// basePath, +// signingKey, +// keys, +// prefix, +// aliasPath, +// spConfig.getDefaultSigningAlgorithm(), +// spConfig.getDefaultDigest() +// ); +// if (!spConfig.getNameIds().isEmpty()) { +// metadata.getServiceProvider().setNameIds(spConfig.getNameIds()); +// } +// +// if (!spConfig.isSingleLogoutEnabled()) { +// metadata.getServiceProvider().setSingleLogoutService(Collections.emptyList()); +// } +// if (hasText(spConfig.getEntityId())) { +// metadata.setEntityId(spConfig.getEntityId()); +// } +// if (hasText(spConfig.getAlias())) { +// metadata.setEntityAlias(spConfig.getAlias()); +// } +// metadata.getServiceProvider().setWantAssertionsSigned(spConfig.isWantAssertionsSigned()); +// metadata.getServiceProvider().setAuthnRequestsSigned(spConfig.isSignRequests()); +// +// return new NonAliasHostedServiceProviderService( +// spConfig, +// metadata, +// getTransformer(), +// getValidator(), +// getCache(), +// authenticationRequestEnhancer +// ); +// } +//} diff --git a/src/main/java/com/epam/reportportal/auth/integration/saml/sp/NonAliasHostedServiceProviderService.java b/src/main/java/com/epam/reportportal/auth/integration/saml/sp/NonAliasHostedServiceProviderService.java index e6dabeaa..df2d6191 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/saml/sp/NonAliasHostedServiceProviderService.java +++ b/src/main/java/com/epam/reportportal/auth/integration/saml/sp/NonAliasHostedServiceProviderService.java @@ -1,73 +1,73 @@ -package com.epam.reportportal.auth.integration.saml.sp; - -import java.net.URI; -import java.util.UUID; -import org.joda.time.DateTime; -import org.springframework.security.saml.SamlMetadataCache; -import org.springframework.security.saml.SamlProviderNotFoundException; -import org.springframework.security.saml.SamlTransformer; -import org.springframework.security.saml.SamlValidator; -import org.springframework.security.saml.provider.service.AuthenticationRequestEnhancer; -import org.springframework.security.saml.provider.service.HostedServiceProviderService; -import org.springframework.security.saml.provider.service.config.ExternalIdentityProviderConfiguration; -import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration; -import org.springframework.security.saml.saml2.authentication.AuthenticationRequest; -import org.springframework.security.saml.saml2.authentication.Issuer; -import org.springframework.security.saml.saml2.metadata.Binding; -import org.springframework.security.saml.saml2.metadata.Endpoint; -import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata; -import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata; - -/** - * @author Ivan Budayeu - */ -public class NonAliasHostedServiceProviderService extends HostedServiceProviderService { - - private final AuthenticationRequestEnhancer authenticationRequestEnhancer; - - public NonAliasHostedServiceProviderService(LocalServiceProviderConfiguration configuration, - ServiceProviderMetadata metadata, - SamlTransformer transformer, SamlValidator validator, SamlMetadataCache cache, - AuthenticationRequestEnhancer authnRequestEnhancer) { - super(configuration, metadata, transformer, validator, cache, authnRequestEnhancer); - this.authenticationRequestEnhancer = authnRequestEnhancer; - } - - @Override - public AuthenticationRequest authenticationRequest(IdentityProviderMetadata idp) { - ExternalIdentityProviderConfiguration configuration = - getIdentityProviderConfigurationForMetadata(idp); - final URI authnBinding = configuration.getAuthenticationRequestBinding(); - Binding preferredBinding = - authnBinding == null ? Binding.REDIRECT : Binding.fromUrn(authnBinding); - Endpoint endpoint = getPreferredEndpoint(idp.getIdentityProvider().getSingleSignOnService(), - preferredBinding, 0); - ServiceProviderMetadata sp = getMetadata(); - AuthenticationRequest request = new AuthenticationRequest() - // Some service providers will not accept first character if 0..9 - // Azure AD IdP for example. - .setId("ARQ" + UUID.randomUUID().toString().substring(1)) - .setIssueInstant(new DateTime(getClock().millis())) - .setForceAuth(Boolean.FALSE) - .setPassive(Boolean.FALSE) - .setBinding(endpoint.getBinding()) - .setAssertionConsumerService( - getPreferredEndpoint(sp.getServiceProvider().getAssertionConsumerService(), null, -1)) - .setIssuer(new Issuer().setValue(sp.getEntityId())) - .setDestination(endpoint); - if (sp.getServiceProvider().isAuthnRequestsSigned()) { - request.setSigningKey(sp.getSigningKey(), sp.getAlgorithm(), sp.getDigest()); - } - return authenticationRequestEnhancer.enhance(request); - } - - private ExternalIdentityProviderConfiguration getIdentityProviderConfigurationForMetadata( - IdentityProviderMetadata idp) { - return getConfiguration().getProviders() - .stream() - .filter(i -> i.getAlias().equals(idp.getEntityAlias())) - .findFirst() - .orElseThrow(() -> new SamlProviderNotFoundException("alias:" + idp.getEntityAlias())); - } - -} +//package com.epam.reportportal.auth.integration.saml.sp; +// +//import java.net.URI; +//import java.util.UUID; +//import org.joda.time.DateTime; +//import org.springframework.security.saml.SamlMetadataCache; +//import org.springframework.security.saml.SamlProviderNotFoundException; +//import org.springframework.security.saml.SamlTransformer; +//import org.springframework.security.saml.SamlValidator; +//import org.springframework.security.saml.provider.service.AuthenticationRequestEnhancer; +//import org.springframework.security.saml.provider.service.HostedServiceProviderService; +//import org.springframework.security.saml.provider.service.config.ExternalIdentityProviderConfiguration; +//import org.springframework.security.saml.provider.service.config.LocalServiceProviderConfiguration; +//import org.springframework.security.saml.saml2.authentication.AuthenticationRequest; +//import org.springframework.security.saml.saml2.authentication.Issuer; +//import org.springframework.security.saml.saml2.metadata.Binding; +//import org.springframework.security.saml.saml2.metadata.Endpoint; +//import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata; +//import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata; +// +///** +// * @author Ivan Budayeu +// */ +//public class NonAliasHostedServiceProviderService extends HostedServiceProviderService { +// +// private final AuthenticationRequestEnhancer authenticationRequestEnhancer; +// +// public NonAliasHostedServiceProviderService(LocalServiceProviderConfiguration configuration, +// ServiceProviderMetadata metadata, +// SamlTransformer transformer, SamlValidator validator, SamlMetadataCache cache, +// AuthenticationRequestEnhancer authnRequestEnhancer) { +// super(configuration, metadata, transformer, validator, cache, authnRequestEnhancer); +// this.authenticationRequestEnhancer = authnRequestEnhancer; +// } +// +// @Override +// public AuthenticationRequest authenticationRequest(IdentityProviderMetadata idp) { +// ExternalIdentityProviderConfiguration configuration = +// getIdentityProviderConfigurationForMetadata(idp); +// final URI authnBinding = configuration.getAuthenticationRequestBinding(); +// Binding preferredBinding = +// authnBinding == null ? Binding.REDIRECT : Binding.fromUrn(authnBinding); +// Endpoint endpoint = getPreferredEndpoint(idp.getIdentityProvider().getSingleSignOnService(), +// preferredBinding, 0); +// ServiceProviderMetadata sp = getMetadata(); +// AuthenticationRequest request = new AuthenticationRequest() +// // Some service providers will not accept first character if 0..9 +// // Azure AD IdP for example. +// .setId("ARQ" + UUID.randomUUID().toString().substring(1)) +// .setIssueInstant(new DateTime(getClock().millis())) +// .setForceAuth(Boolean.FALSE) +// .setPassive(Boolean.FALSE) +// .setBinding(endpoint.getBinding()) +// .setAssertionConsumerService( +// getPreferredEndpoint(sp.getServiceProvider().getAssertionConsumerService(), null, -1)) +// .setIssuer(new Issuer().setValue(sp.getEntityId())) +// .setDestination(endpoint); +// if (sp.getServiceProvider().isAuthnRequestsSigned()) { +// request.setSigningKey(sp.getSigningKey(), sp.getAlgorithm(), sp.getDigest()); +// } +// return authenticationRequestEnhancer.enhance(request); +// } +// +// private ExternalIdentityProviderConfiguration getIdentityProviderConfigurationForMetadata( +// IdentityProviderMetadata idp) { +// return getConfiguration().getProviders() +// .stream() +// .filter(i -> i.getAlias().equals(idp.getEntityAlias())) +// .findFirst() +// .orElseThrow(() -> new SamlProviderNotFoundException("alias:" + idp.getEntityAlias())); +// } +// +//} diff --git a/src/main/resources/banner.txt b/src/main/resources/banner.txt index d88f5d33..a99909d3 100644 --- a/src/main/resources/banner.txt +++ b/src/main/resources/banner.txt @@ -6,5 +6,5 @@ ${AnsiColor.BRIGHT_YELLOW} /_/ |_|\___/ .___/\____/_/ \__/_/ \____/_/ \__/\__,_/_/ /_/ ${info.build.name}: ${info.build.version} - Built with ♡ by EPAM Systems + Built with ♡ by EPAM Systems 123 Spring Boot ${spring-boot.formatted-version}