use of org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider in project cas by apereo.
the class CasRegisteredServicesTestConfiguration method inMemoryRegisteredServices.
@Bean
public List inMemoryRegisteredServices() {
final List l = new ArrayList();
AbstractRegisteredService svc = RegisteredServiceTestUtils.getRegisteredService("testencryption$");
final ReturnAllowedAttributeReleasePolicy policy = new ReturnAllowedAttributeReleasePolicy();
policy.setAuthorizedToReleaseCredentialPassword(true);
policy.setAuthorizedToReleaseProxyGrantingTicket(true);
final RegisteredServicePublicKeyImpl publicKey = new RegisteredServicePublicKeyImpl();
publicKey.setLocation("classpath:keys/RSA1024Public.key");
svc.setPublicKey(publicKey);
svc.setAttributeReleasePolicy(policy);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testDefault");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://example\\.com/normal/.*");
svc.setEvaluationOrder(10);
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://example\\.com/high/.*");
svc.setEvaluationOrder(20);
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
final HashSet handlers = CollectionUtils.wrapHashSet(AcceptUsersAuthenticationHandler.class.getSimpleName(), TestOneTimePasswordAuthenticationHandler.class.getSimpleName());
svc.setRequiredHandlers(handlers);
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("(https://)*google.com$");
svc.setEvaluationOrder(1);
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
svc.setPublicKey(new RegisteredServicePublicKeyImpl("classpath:keys/RSA4096Public.key", "RSA"));
final ReturnAllowedAttributeReleasePolicy policy1 = new ReturnAllowedAttributeReleasePolicy();
policy1.setAuthorizedToReleaseCredentialPassword(true);
policy1.setAuthorizedToReleaseProxyGrantingTicket(true);
svc.setAttributeReleasePolicy(policy1);
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("eduPersonTest");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("eduPersonAffiliation"));
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testencryption$");
final ReturnAllowedAttributeReleasePolicy policy2 = new ReturnAllowedAttributeReleasePolicy();
policy2.setAuthorizedToReleaseCredentialPassword(true);
policy2.setAuthorizedToReleaseProxyGrantingTicket(true);
svc.setAttributeReleasePolicy(policy2);
svc.setPublicKey(new RegisteredServicePublicKeyImpl("classpath:keys/RSA1024Public.key", "RSA"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^TestServiceAttributeForAuthzFails");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("cn", CollectionUtils.wrapSet("cnValue"), "givenName", CollectionUtils.wrapSet("gnameValue"))));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^TestSsoFalse");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(true, false));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("TestServiceAttributeForAuthzPasses");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("groupMembership", CollectionUtils.wrapSet("adopters"))));
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("eduPersonTestInvalid");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("nonExistentAttributeName"));
svc.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(CollectionUtils.wrap("groupMembership")));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testAnonymous");
svc.setUsernameAttributeProvider(new AnonymousRegisteredServiceUsernameAttributeProvider());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^http://www.jasig.org.+");
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("usernameAttributeProviderService");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("cn"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("proxyService");
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy("^https://.+"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^test.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(1000);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://localhost.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(100);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://carmenwiki.osu.edu.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(99);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("jwtservice");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
final DefaultRegisteredServiceProperty prop = new DefaultRegisteredServiceProperty();
prop.setValues(CollectionUtils.wrapSet(Boolean.TRUE.toString()));
svc.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_SERVICE_TICKET.getPropertyName(), prop);
svc.setEvaluationOrder(2000);
l.add(svc);
return l;
}
use of org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider in project cas by apereo.
the class SamlSPUtils method newSamlServiceProviderService.
/**
* New saml service provider registration.
* Precedence of services is lowest so generated service can be overridden by non-generated version.
* @param sp the properties
* @param resolver the resolver
* @return the saml registered service
*/
@SneakyThrows
public static SamlRegisteredService newSamlServiceProviderService(final AbstractSamlSPProperties sp, final SamlRegisteredServiceCachingMetadataResolver resolver) {
if (StringUtils.isBlank(sp.getMetadata())) {
LOGGER.debug("Skipped registration of [{}] since no metadata location is defined", sp.getName());
return null;
}
val service = new SamlRegisteredService();
service.setName(sp.getName());
service.setDescription(sp.getDescription());
service.setEvaluationOrder(Ordered.LOWEST_PRECEDENCE);
service.setMetadataLocation(sp.getMetadata());
val attributesToRelease = new ArrayList<>(sp.getAttributes());
if (StringUtils.isNotBlank(sp.getNameIdAttribute())) {
attributesToRelease.add(sp.getNameIdAttribute());
service.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider(sp.getNameIdAttribute()));
}
if (StringUtils.isNotBlank(sp.getNameIdFormat())) {
service.setRequiredNameIdFormat(sp.getNameIdFormat());
}
val attributes = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(attributesToRelease);
val policy = new ChainingAttributeReleasePolicy();
policy.addPolicy(new ReturnMappedAttributeReleasePolicy(CollectionUtils.wrap(attributes)));
service.setAttributeReleasePolicy(policy);
service.setMetadataCriteriaRoles(SPSSODescriptor.DEFAULT_ELEMENT_NAME.getLocalPart());
service.setMetadataCriteriaRemoveEmptyEntitiesDescriptors(true);
service.setMetadataCriteriaRemoveRolelessEntityDescriptors(true);
if (StringUtils.isNotBlank(sp.getSignatureLocation())) {
service.setMetadataSignatureLocation(sp.getSignatureLocation());
}
val entityIDList = determineEntityIdList(sp, resolver, service);
if (entityIDList.isEmpty()) {
LOGGER.warn("Skipped registration of [{}] since no metadata entity ids could be found", sp.getName());
return null;
}
val entityIds = org.springframework.util.StringUtils.collectionToDelimitedString(entityIDList, "|");
service.setMetadataCriteriaDirection(PredicateFilter.Direction.INCLUDE.name());
service.setMetadataCriteriaPattern(entityIds);
LOGGER.debug("Registering saml service [{}] by entity id [{}]", sp.getName(), entityIds);
service.setServiceId(entityIds);
service.setSignAssertions(sp.getSignAssertions());
service.setSignResponses(sp.isSignResponses());
return service;
}
use of org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider in project cas by apereo.
the class DefaultUsernameAttributeProviderMapper method toUsernameAttributeProvider.
@Override
public RegisteredServiceUsernameAttributeProvider toUsernameAttributeProvider(final ServiceData data) {
final RegisteredServiceUsernameAttributeProviderEditBean userAttrProvider = data.getUserAttrProvider();
final String uidType = userAttrProvider.getType();
if (StringUtils.equalsIgnoreCase(uidType, RegisteredServiceUsernameAttributeProviderEditBean.Types.DEFAULT.toString())) {
return new DefaultRegisteredServiceUsernameProvider();
} else if (StringUtils.equalsIgnoreCase(uidType, RegisteredServiceUsernameAttributeProviderEditBean.Types.ANONYMOUS.toString())) {
final String salt = userAttrProvider.getValue();
if (StringUtils.isNotBlank(salt)) {
final ShibbolethCompatiblePersistentIdGenerator generator = new ShibbolethCompatiblePersistentIdGenerator(salt);
return new AnonymousRegisteredServiceUsernameAttributeProvider(generator);
} else {
throw new IllegalArgumentException("Invalid sale value for anonymous ids " + salt);
}
} else if (StringUtils.equalsIgnoreCase(uidType, RegisteredServiceUsernameAttributeProviderEditBean.Types.ATTRIBUTE.toString())) {
final String attr = userAttrProvider.getValue();
if (StringUtils.isNotBlank(attr)) {
return new PrincipalAttributeRegisteredServiceUsernameProvider(attr);
} else {
throw new IllegalArgumentException("Invalid attribute specified for username");
}
}
return null;
}
use of org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider in project cas by apereo.
the class DefaultUsernameAttributeProviderMapper method mapUsernameAttributeProvider.
@Override
public void mapUsernameAttributeProvider(final RegisteredServiceUsernameAttributeProvider provider, final ServiceData bean) {
final RegisteredServiceUsernameAttributeProviderEditBean uBean = bean.getUserAttrProvider();
if (provider instanceof DefaultRegisteredServiceUsernameProvider) {
uBean.setType(RegisteredServiceUsernameAttributeProviderEditBean.Types.DEFAULT.toString());
} else if (provider instanceof AnonymousRegisteredServiceUsernameAttributeProvider) {
final AnonymousRegisteredServiceUsernameAttributeProvider anonymous = (AnonymousRegisteredServiceUsernameAttributeProvider) provider;
uBean.setType(RegisteredServiceUsernameAttributeProviderEditBean.Types.ANONYMOUS.toString());
final PersistentIdGenerator generator = anonymous.getPersistentIdGenerator();
if (generator instanceof ShibbolethCompatiblePersistentIdGenerator) {
final ShibbolethCompatiblePersistentIdGenerator sh = (ShibbolethCompatiblePersistentIdGenerator) generator;
if (sh.getSalt() != null) {
final String salt = new String(sh.getSalt(), Charset.defaultCharset());
uBean.setValue(salt);
} else {
throw new IllegalArgumentException("Salt cannot be null");
}
}
} else if (provider instanceof PrincipalAttributeRegisteredServiceUsernameProvider) {
final PrincipalAttributeRegisteredServiceUsernameProvider p = (PrincipalAttributeRegisteredServiceUsernameProvider) provider;
uBean.setType(RegisteredServiceUsernameAttributeProviderEditBean.Types.ATTRIBUTE.toString());
uBean.setValue(p.getUsernameAttribute());
}
}
Aggregations