@Override public ExtendedMetadata generateExtendedMetadata() { ExtendedMetadata metadata = super.generateExtendedMetadata(); metadata.setAlias(UaaUrlUtils.getSubdomain()+metadata.getAlias()); return metadata; }
protected ExtendedMetadataDelegate configureURLMetadata(SamlServiceProvider provider) throws MetadataProviderException { SamlServiceProviderDefinition def = provider.getConfig().clone(); ExtendedMetadata extendedMetadata = new ExtendedMetadata(); extendedMetadata.setAlias(provider.getEntityId()); byte[] metadata; try { metadata = fixedHttpMetaDataProvider.fetchMetadata(def.getMetaDataLocation(), def.isSkipSslValidation()); } catch (RestClientException e) { throw new MetadataProviderException("Unavailable Metadata Provider", e); } catch (URISyntaxException e) { throw new MetadataProviderException("Invalid metadata URI: " + def.getMetaDataLocation(), e); } def.setMetaDataLocation(new String(metadata, StandardCharsets.UTF_8)); return configureXMLMetadata(provider); }
protected ExtendedMetadataDelegate configureXMLMetadata(SamlIdentityProviderDefinition def) { ConfigMetadataProvider configMetadataProvider = new ConfigMetadataProvider(def.getZoneId(), def.getIdpEntityAlias(), def.getMetaDataLocation()); configMetadataProvider.setParserPool(getParserPool()); ExtendedMetadata extendedMetadata = new ExtendedMetadata(); extendedMetadata.setLocal(false); extendedMetadata.setAlias(def.getIdpEntityAlias()); ExtendedMetadataDelegate delegate = new ExtendedMetadataDelegate(configMetadataProvider, extendedMetadata); delegate.setMetadataTrustCheck(def.isMetadataTrustCheck()); return delegate; }
protected ExtendedMetadataDelegate configureXMLMetadata(SamlServiceProvider provider) { ConfigMetadataProvider configMetadataProvider = new ConfigMetadataProvider(provider.getIdentityZoneId(), provider.getEntityId(), provider.getConfig().getMetaDataLocation()); configMetadataProvider.setParserPool(getParserPool()); ExtendedMetadata extendedMetadata = new ExtendedMetadata(); extendedMetadata.setLocal(false); extendedMetadata.setAlias(provider.getEntityId()); ExtendedMetadataDelegate delegate = new ExtendedMetadataDelegate(configMetadataProvider, extendedMetadata); delegate.setMetadataTrustCheck(provider.getConfig().isMetadataTrustCheck()); return delegate; }
@Before public void setup() { otherZone = new IdentityZone(); otherZone.setId(ZONE_ID); otherZone.setName(ZONE_ID); otherZone.setSubdomain(ZONE_ID); otherZone.setConfig(new IdentityZoneConfiguration()); otherZoneDefinition = otherZone.getConfig(); otherZoneDefinition.getSamlConfig().setRequestSigned(true); otherZoneDefinition.getSamlConfig().setWantAssertionSigned(true); otherZoneDefinition.getSamlConfig().addAndActivateKey("key-1", samlKey1); otherZone.setConfig(otherZoneDefinition); generator = new ZoneAwareIdpMetadataGenerator(); extendedMetadata = new IdpExtendedMetadata(); extendedMetadata.setIdpDiscoveryEnabled(true); extendedMetadata.setAlias("entityAlias"); extendedMetadata.setSignMetadata(true); generator.setExtendedMetadata((IdpExtendedMetadata) extendedMetadata); generator.setEntityBaseURL("http://localhost:8080/uaa"); keyManager = new ZoneAwareKeyManager(); generator.setKeyManager(keyManager); }
@Before public void setUp() { otherZone = new IdentityZone(); otherZone.setId(ZONE_ID); otherZone.setName(ZONE_ID); otherZone.setSubdomain(ZONE_ID); otherZone.setConfig(new IdentityZoneConfiguration()); otherZoneDefinition = otherZone.getConfig(); otherZoneDefinition.getSamlConfig().setRequestSigned(true); otherZoneDefinition.getSamlConfig().setWantAssertionSigned(true); otherZoneDefinition.getSamlConfig().addAndActivateKey("key-1", samlKey1); otherZone.setConfig(otherZoneDefinition); generator = new ZoneAwareMetadataGenerator(); generator.setEntityBaseURL("http://localhost:8080/uaa"); generator.setEntityId("entityIdValue"); extendedMetadata = new org.springframework.security.saml.metadata.ExtendedMetadata(); extendedMetadata.setIdpDiscoveryEnabled(true); extendedMetadata.setAlias("entityAlias"); extendedMetadata.setSignMetadata(true); generator.setExtendedMetadata(extendedMetadata); keyManager = new ZoneAwareKeyManager(); generator.setKeyManager(keyManager); }
@Override public void configure(ServiceProviderBuilder builder) throws Exception { if (extendedMetadataBean == null) { if (extendedMetadata == null) { extendedMetadata = createExtendedMetadata(); //extendedMetadata.setLocal(Optional.ofNullable(local).orElseGet(extendedMetadataConfig::isLocal)); extendedMetadata.setIdpDiscoveryEnabled(Optional.ofNullable(idpDiscoveryEnabled).orElseGet(extendedMetadataConfig::isIdpDiscoveryEnabled)); extendedMetadata.setEcpEnabled(Optional.ofNullable(ecpEnabled).orElseGet(extendedMetadataConfig::isEcpEnabled)); extendedMetadata.setSignMetadata(Optional.ofNullable(signMetadata).orElseGet(extendedMetadataConfig::isSignMetadata)); extendedMetadata.setRequireLogoutRequestSigned(Optional.ofNullable(requireLogoutRequestSigned).orElseGet(extendedMetadataConfig::isRequireLogoutRequestSigned)); extendedMetadata.setRequireLogoutResponseSigned(Optional.ofNullable(requireLogoutResponseSigned).orElseGet(extendedMetadataConfig::isRequireLogoutResponseSigned)); extendedMetadata.setRequireArtifactResolveSigned(Optional.ofNullable(requireArtifactResolveSigned).orElseGet(extendedMetadataConfig::isRequireArtifactResolveSigned)); extendedMetadata.setSupportUnsolicitedResponse(Optional.ofNullable(supportUnsolicitedResponse).orElseGet(extendedMetadataConfig::isSupportUnsolicitedResponse)); extendedMetadata.setAlias(Optional.ofNullable(alias).orElseGet(extendedMetadataConfig::getAlias)); extendedMetadata.setIdpDiscoveryURL(Optional.ofNullable(idpDiscoveryURL).orElseGet(extendedMetadataConfig::getIdpDiscoveryUrl)); extendedMetadata.setIdpDiscoveryResponseURL(Optional.ofNullable(idpDiscoveryResponseURL).orElseGet(extendedMetadataConfig::getIdpDiscoveryResponseUrl)); extendedMetadata.setSecurityProfile(Optional.ofNullable(securityProfile).orElseGet(extendedMetadataConfig::getSecurityProfile)); extendedMetadata.setSslSecurityProfile(Optional.ofNullable(sslSecurityProfile).orElseGet(extendedMetadataConfig::getSslSecurityProfile)); extendedMetadata.setSslHostnameVerification(Optional.ofNullable(sslHostnameVerification).orElseGet(extendedMetadataConfig::getSslHostnameVerification)); extendedMetadata.setSigningKey(Optional.ofNullable(signingKey).orElseGet(extendedMetadataConfig::getSigningKey)); extendedMetadata.setSigningAlgorithm(Optional.ofNullable(signingAlgorithm).orElseGet(extendedMetadataConfig::getSigningAlgorithm)); extendedMetadata.setKeyInfoGeneratorName(Optional.ofNullable(keyInfoGeneratorName).orElseGet(extendedMetadataConfig::getKeyInfoGeneratorName)); extendedMetadata.setEncryptionKey(Optional.ofNullable(encryptionKey).orElseGet(extendedMetadataConfig::getEncryptionKey)); extendedMetadata.setTlsKey(Optional.ofNullable(tlsKey).orElseGet(extendedMetadataConfig::getTlsKey)); extendedMetadata.setTrustedKeys(Optional.ofNullable(trustedKeys).orElseGet(extendedMetadataConfig::getTrustedKeys)); } shareExtendedMetadata(builder); } }
@Bean BeanFactoryPostProcessor idpMetadataLoader() { return beanFactory -> { PathMatchingResourcePatternResolver metadataFilesResolver = new PathMatchingResourcePatternResolver(); try { Resource[] idpMetadataFiles = metadataFilesResolver.getResources("classpath:/idp-*.xml"); Stream.of(idpMetadataFiles).forEach(idpMetadataFile -> { try { Timer refreshTimer = new Timer(true); ResourceBackedMetadataProvider delegate = null; delegate = new ResourceBackedMetadataProvider(refreshTimer, new SpringResourceWrapperOpenSAMLResource(idpMetadataFile)); delegate.setParserPool(parserPool()); ExtendedMetadata extendedMetadata = extendedMetadata().clone(); ExtendedMetadataDelegate provider = new ExtendedMetadataDelegate(delegate, extendedMetadata); provider.setMetadataTrustCheck(true); provider.setMetadataRequireSignature(false); String idpFileName = idpMetadataFile.getFilename(); String idpName = idpFileName.substring(idpFileName.lastIndexOf("idp-") + 4, idpFileName.lastIndexOf(".xml")); extendedMetadata.setAlias(idpName); beanFactory.registerSingleton(idpName, provider); log.info("Loaded Idp Metadata bean {}: {}", idpName, idpMetadataFile); } catch (Exception e) { throw new IllegalStateException("Unable to initialize IDP Metadata", e); } }); } catch (Exception e) { throw new IllegalStateException("Unable to initialize IDP Metadata", e); } }; }