use of org.apereo.cas.support.saml.idp.metadata.writer.DefaultSamlIdPCertificateAndKeyWriter in project cas by apereo.
the class SamlIdPMetadataConfiguration method samlSelfSignedCertificateWriter.
@ConditionalOnMissingBean(name = "samlSelfSignedCertificateWriter")
@Bean
@SneakyThrows
public SamlIdPCertificateAndKeyWriter samlSelfSignedCertificateWriter() {
final URL url = new URL(casProperties.getServer().getPrefix());
final DefaultSamlIdPCertificateAndKeyWriter generator = new DefaultSamlIdPCertificateAndKeyWriter();
generator.setHostname(url.getHost());
generator.setUriSubjectAltNames(CollectionUtils.wrap(url.getHost().concat("/idp/metadata")));
return generator;
}
use of org.apereo.cas.support.saml.idp.metadata.writer.DefaultSamlIdPCertificateAndKeyWriter in project cas by apereo.
the class GenerateSamlIdPMetadataCommand method generate.
/**
* Generate saml2 idp metadata at the specified location.
*
* @param metadataLocation the metadata location
* @param entityId the entity id
* @param serverPrefix the server prefix
* @param scope the scope
* @param force force generation of metadata
*/
@CliCommand(value = "generate-idp-metadata", help = "Generate SAML2 IdP Metadata")
public void generate(@CliOption(key = { "metadataLocation" }, help = "Directory location to hold metadata and relevant keys/certificates", specifiedDefaultValue = "/etc/cas/saml", unspecifiedDefaultValue = "/etc/cas/saml", optionContext = "Directory location to hold metadata and relevant keys/certificates") final String metadataLocation, @CliOption(key = { "entityId" }, help = "Entity ID to use for the generated metadata", specifiedDefaultValue = "cas.example.org", unspecifiedDefaultValue = "cas.example.org", optionContext = "Entity ID to use for the generated metadata") final String entityId, @CliOption(key = { "hostName" }, help = "CAS server prefix to be used at the IdP host name when generating metadata", specifiedDefaultValue = "https://cas.example.org/cas", unspecifiedDefaultValue = "https://cas.example.org/cas", optionContext = "CAS server prefix to be used at the IdP host name when generating metadata") final String serverPrefix, @CliOption(key = { "scope" }, help = "Scope to use when generating metadata", specifiedDefaultValue = "example.org", unspecifiedDefaultValue = "example.org", optionContext = "Scope to use when generating metadata") final String scope, @CliOption(key = { "force" }, specifiedDefaultValue = "false", unspecifiedDefaultValue = "false", help = "Force metadata generation, disregarding anything that might already be available at the specified location", optionContext = "Force metadata generation, disregarding anything that might already be available at the specified location") final boolean force) {
final SamlIdPMetadataLocator locator = new DefaultSamlIdPMetadataLocator(new File(metadataLocation));
final DefaultSamlIdPCertificateAndKeyWriter writer = new DefaultSamlIdPCertificateAndKeyWriter();
final FileSystemSamlIdPMetadataGenerator generator = new FileSystemSamlIdPMetadataGenerator(entityId, this.resourceLoader, serverPrefix, scope, locator, writer);
boolean generateMetadata = true;
if (!locator.exists()) {
LOGGER.warn("Metadata artifacts are available at the specified location: [{}]", metadataLocation);
generateMetadata = force;
}
if (generateMetadata) {
generator.initialize();
generator.generate();
LOGGER.info("Generated metadata is available at [{}]", locator.getMetadata());
} else {
LOGGER.info("No metadata was generated; it might already exist at the specified path");
}
}
use of org.apereo.cas.support.saml.idp.metadata.writer.DefaultSamlIdPCertificateAndKeyWriter in project cas by apereo.
the class GenerateSamlIdPMetadataCommand method generate.
/**
* Generate saml2 idp metadata at the specified location.
*
* @param metadataLocation the metadata location
* @param entityId the entity id
* @param serverPrefix the server prefix
* @param scope the scope
* @param force force generation of metadata
* @param subjectAltNames additional subject alternative names for cert (besides entity id)
* @throws Exception the exception
*/
@ShellMethod(key = "generate-idp-metadata", value = "Generate SAML2 IdP Metadata")
public void generate(@ShellOption(value = { "metadataLocation", "--metadataLocation" }, help = "Directory location to hold metadata and relevant keys/certificates", defaultValue = "/etc/cas/saml") final String metadataLocation, @ShellOption(value = { "entityId", "--entityId" }, help = "Entity ID to use for the generated metadata", defaultValue = "cas.example.org") final String entityId, @ShellOption(value = { "hostName", "--hostName" }, help = "CAS server prefix to be used at the IdP host name when generating metadata", defaultValue = "https://cas.example.org/cas") final String serverPrefix, @ShellOption(value = { "scope", "--scope" }, help = "Scope to use when generating metadata", defaultValue = "example.org") final String scope, @ShellOption(value = { "force", "--force" }, help = "Force metadata generation (XML only, not certs), overwriting anything at the specified location") final boolean force, @ShellOption(value = { "subjectAltNames", "--subjectAltNames" }, help = "Comma separated list of other subject alternative names for the certificate (besides entityId)", defaultValue = StringUtils.EMPTY) final String subjectAltNames) throws Exception {
val locator = new FileSystemSamlIdPMetadataLocator(new File(metadataLocation), Caffeine.newBuilder().initialCapacity(1).maximumSize(1).build());
val writer = new DefaultSamlIdPCertificateAndKeyWriter();
writer.setHostname(entityId);
if (StringUtils.isNotBlank(subjectAltNames)) {
writer.setUriSubjectAltNames(Arrays.asList(StringUtils.split(subjectAltNames, ",")));
}
val generateMetadata = FunctionUtils.doIf(locator.exists(Optional.empty()), () -> Boolean.TRUE, () -> {
LOGGER.warn("Metadata artifacts are available at the specified location [{}]", metadataLocation);
return force;
}).get();
if (generateMetadata) {
val props = new CasConfigurationProperties();
props.getAuthn().getSamlIdp().getCore().setEntityId(entityId);
props.getServer().setScope(scope);
props.getServer().setPrefix(serverPrefix);
val context = SamlIdPMetadataGeneratorConfigurationContext.builder().samlIdPMetadataLocator(locator).samlIdPCertificateAndKeyWriter(writer).applicationContext(applicationContext).casProperties(props).metadataCipherExecutor(CipherExecutor.noOpOfStringToString()).openSamlConfigBean(openSamlConfigBean).velocityEngine(velocityEngineFactoryBean).build();
val generator = new FileSystemSamlIdPMetadataGenerator(context);
generator.initialize();
generator.generate(Optional.empty());
LOGGER.info("Generated metadata is available at [{}]", locator.resolveMetadata(Optional.empty()));
} else {
LOGGER.info("No metadata was generated; it might already exist at the specified path");
}
}
Aggregations