From 3ff423c3adf3b746b57406ceb4d84443bfdf8f50 Mon Sep 17 00:00:00 2001 From: Bill Burke Date: Wed, 11 Feb 2015 20:54:01 -0500 Subject: [PATCH 1/2] saml config --- .../resources/js/controllers/applications.js | 37 +++++++++ .../partials/application-detail.html | 81 +++++++++++++------ pom.xml | 4 +- .../src/test/resources/saml/testsaml.json | 5 +- testsuite/performance/pom.xml | 4 +- 5 files changed, 98 insertions(+), 33 deletions(-) diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/applications.js b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/applications.js index 8e9adf50a0..617d5abbd1 100755 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/applications.js +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/js/controllers/applications.js @@ -553,6 +553,12 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application, "RSA_SHA512", "DSA_SHA1" ]; + $scope.nameIdFormats = [ + "username", + "email", + "transient", + "persistent" + ]; $scope.realm = realm; $scope.create = !application.name; @@ -563,6 +569,7 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application, $scope.samlClientSignature = false; $scope.samlEncrypt = false; $scope.samlForcePostBinding = false; + $scope.samlForceNameIdFormat = false; if (!$scope.create) { if (!application.attributes) { application.attributes = {}; @@ -588,13 +595,25 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application, } else if (application.attributes['saml.signature.algorithm'] == 'DSA_SHA1') { $scope.signatureAlgorithm = $scope.signatureAlgorithms[3]; } + if (application.attributes['saml_name_id_format'] == 'unspecified') { + $scope.nameIdFormat = $scope.nameIdFormats[0]; + } else if (application.attributes['saml_name_id_format'] == 'email') { + $scope.nameIdFormat = $scope.nameIdFormats[1]; + } else if (application.attributes['saml_name_id_format'] == 'transient') { + $scope.nameIdFormat = $scope.nameIdFormats[2]; + } else if (application.attributes['saml_name_id_format'] == 'persistent') { + $scope.nameIdFormat = $scope.nameIdFormats[3]; + } + } else { $scope.application = { enabled: true, attributes: {}}; $scope.application.redirectUris = []; $scope.accessType = $scope.accessTypes[0]; $scope.protocol = $scope.protocols[0]; $scope.signatureAlgorithm = $scope.signatureAlgorithms[1]; + $scope.nameIdFormat = $scope.nameIdFormats[0]; $scope.samlAuthnStatement = true; + $scope.samlForceNameIdFormat = false; } if ($scope.application.attributes["saml.server.signature"]) { @@ -633,6 +652,13 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application, $scope.samlAuthnStatement = false; } } + if ($scope.application.attributes["saml_force_name_id_format"]) { + if ($scope.application.attributes["saml_force_name_id_format"] == "true") { + $scope.samlForceNameIdFormat = true; + } else { + $scope.samlForceNameIdFormat = false; + } + } if ($scope.application.attributes["saml.multivalued.roles"]) { if ($scope.application.attributes["saml.multivalued.roles"] == "true") { $scope.samlMultiValuedRoles = true; @@ -677,6 +703,10 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application, $scope.application.attributes['saml.signature.algorithm'] = $scope.signatureAlgorithm; }; + $scope.changeNameIdFormat = function() { + $scope.application.attributes['saml_name_id_format'] = $scope.nameIdFormat; + }; + $scope.$watch(function() { return $location.path(); }, function() { @@ -733,6 +763,12 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application, } else { $scope.application.attributes["saml.authnstatement"] = "false"; + } + if ($scope.samlForceNameIdFormat == true) { + $scope.application.attributes["saml_force_name_id_format"] = "true"; + } else { + $scope.application.attributes["saml_force_name_id_format"] = "false"; + } if ($scope.samlMultiValuedRoles == true) { $scope.application.attributes["saml.multivalued.roles"] = "true"; @@ -749,6 +785,7 @@ module.controller('ApplicationDetailCtrl', function($scope, realm, application, $scope.application.protocol = $scope.protocol; $scope.application.attributes['saml.signature.algorithm'] = $scope.signatureAlgorithm; + $scope.application.attributes['saml_name_id_format'] = $scope.nameIdFormat; if ($scope.application.protocol != 'saml' && !$scope.application.bearerOnly && (!$scope.application.redirectUris || $scope.application.redirectUris.length == 0)) { Notifications.error("You must specify at least one redirect uri"); diff --git a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-detail.html b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-detail.html index 2271ef74b7..1ad2bc3f03 100755 --- a/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-detail.html +++ b/forms/common-themes/src/main/resources/theme/admin/base/resources/partials/application-detail.html @@ -56,20 +56,6 @@ -
- -
- -
- -
-
- -
- -
- -
@@ -99,7 +85,7 @@
- +
+
- +
-
- +
+
- +
+ +
- +
- +
- +
@@ -183,7 +175,7 @@
- +
@@ -193,6 +185,14 @@
+
+ +
+ +
+ +
@@ -218,6 +218,37 @@
+
+ Fine Grain SAML Endpoint Configuration +
+ +
+ +
+ +
+
+ +
+ +
+ +
+
+ +
+ +
+ +
+
+ +
+ +
+ +
+
diff --git a/pom.xml b/pom.xml index 66314cfd18..4aada1a49c 100755 --- a/pom.xml +++ b/pom.xml @@ -15,7 +15,7 @@ 0.33.12 2.3.8 1.50 - 1.46 + 1.50 1.9.9 4.2.1 2.3.7.Final @@ -143,7 +143,7 @@ org.bouncycastle - bcmail-jdk16 + bcmail-jdk15on ${bouncycastle.mail.version} diff --git a/testsuite/integration/src/test/resources/saml/testsaml.json b/testsuite/integration/src/test/resources/saml/testsaml.json index 3ebeb7cfd1..3b9931afd4 100755 --- a/testsuite/integration/src/test/resources/saml/testsaml.json +++ b/testsuite/integration/src/test/resources/saml/testsaml.json @@ -205,11 +205,8 @@ "redirectUris": [ "http://localhost:8081/employee-sig/*" ], + "adminUrl": "http://localhost:8081/employee-sig", "attributes": { - "saml_assertion_consumer_url_post": "http://localhost:8081/employee-sig", - "saml_assertion_consumer_url_redirect": "http://localhost:8081/employee-sig", - "saml_single_logout_service_url_post": "http://localhost:8081/employee-sig", - "saml_single_logout_service_url_redirect": "http://localhost:8081/employee-sig", "saml.server.signature": "true", "saml.client.signature": "true", "saml.signature.algorithm": "RSA_SHA1", diff --git a/testsuite/performance/pom.xml b/testsuite/performance/pom.xml index 7a86e40c32..f407cd3c2a 100755 --- a/testsuite/performance/pom.xml +++ b/testsuite/performance/pom.xml @@ -201,8 +201,8 @@ org.bouncycastle - bcprov-jdk16 - ${bouncycastle.version} + >bcprov-jdk15on + ${bouncycastle.crypto.version} diff --git a/testsuite/integration/src/test/resources/saml/testsaml.json b/testsuite/integration/src/test/resources/saml/testsaml.json index 3b9931afd4..9635c0c73d 100755 --- a/testsuite/integration/src/test/resources/saml/testsaml.json +++ b/testsuite/integration/src/test/resources/saml/testsaml.json @@ -123,6 +123,8 @@ "http://localhost:8081/sales-post-sig-email/*" ], "attributes": { + "saml_force_name_id_format": "true", + "saml_name_id_format": "email", "saml_assertion_consumer_url_post": "http://localhost:8081/sales-post-sig-email", "saml_assertion_consumer_url_redirect": "http://localhost:8081/sales-post-sig-email", "saml_single_logout_service_url_post": "http://localhost:8081/sales-post-sig-email",