Search in sources :

Example 1 with IdentityZoneConfiguration

use of org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration in project uaa by cloudfoundry.

the class ZoneAwareWhitelistLogoutHandler method getZoneHandler.

protected WhitelistLogoutHandler getZoneHandler() {
    IdentityZoneConfiguration config = IdentityZoneHolder.get().getConfig();
    if (config == null) {
        config = new IdentityZoneConfiguration();
    }
    WhitelistLogoutHandler handler = new WhitelistLogoutHandler(config.getLinks().getLogout().getWhitelist());
    handler.setTargetUrlParameter(config.getLinks().getLogout().getRedirectParameterName());
    handler.setDefaultTargetUrl(config.getLinks().getLogout().getRedirectUrl());
    handler.setAlwaysUseDefaultTargetUrl(config.getLinks().getLogout().isDisableRedirectParameter());
    handler.setClientDetailsService(clientDetailsService);
    return handler;
}
Also used : IdentityZoneConfiguration(org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration)

Example 2 with IdentityZoneConfiguration

use of org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration in project uaa by cloudfoundry.

the class ClientAdminEndpointsIntegrationTests method testClientSecretExpiryCannotBeSet.

@Test
public void testClientSecretExpiryCannotBeSet() {
    assertTrue("Expected testzone1.localhost and testzone2.localhost to resolve to 127.0.0.1", doesSupportZoneDNS());
    String testZoneId = "testzone1";
    RestTemplate adminClient = IntegrationTestUtils.getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[0], "admin", "adminsecret"));
    RestTemplate identityClient = IntegrationTestUtils.getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[] { "zones.write", "zones.read", "scim.zones" }, "identity", "identitysecret"));
    IdentityZoneConfiguration config = new IdentityZoneConfiguration();
    // min length 5, max length 12, requires 1 uppercase lowercase digit and specialChar, expries 6 months.
    config.setClientSecretPolicy(new ClientSecretPolicy(5, 12, 1, 1, 1, 1, 6));
    IdentityZone createdZone = IntegrationTestUtils.createZoneOrUpdateSubdomain(identityClient, serverRunning.getBaseUrl(), testZoneId, testZoneId, config);
    assertEquals(-1, createdZone.getConfig().getClientSecretPolicy().getExpireSecretInMonths());
    config.setClientSecretPolicy(new ClientSecretPolicy(0, 255, 0, 0, 0, 0, 6));
    IntegrationTestUtils.createZoneOrUpdateSubdomain(identityClient, serverRunning.getBaseUrl(), testZoneId, testZoneId, config);
}
Also used : IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) RestTemplate(org.springframework.web.client.RestTemplate) ClientSecretPolicy(org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy) IdentityZoneConfiguration(org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration) Test(org.junit.Test)

Example 3 with IdentityZoneConfiguration

use of org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration in project uaa by cloudfoundry.

the class ZoneAwareIdpMetadataGenerator method getZoneDefinition.

protected IdentityZoneConfiguration getZoneDefinition() {
    IdentityZone zone = IdentityZoneHolder.get();
    IdentityZoneConfiguration definition = zone.getConfig();
    return definition != null ? definition : new IdentityZoneConfiguration();
}
Also used : IdentityZone(org.cloudfoundry.identity.uaa.zone.IdentityZone) IdentityZoneConfiguration(org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration)

Example 4 with IdentityZoneConfiguration

use of org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration in project uaa by cloudfoundry.

the class MockMvcUtils method setPrompts.

public static void setPrompts(ApplicationContext context, String zoneId, List<Prompt> prompts) {
    IdentityZoneConfiguration config = getZoneConfiguration(context, zoneId);
    config.setPrompts(prompts);
    setZoneConfiguration(context, zoneId, config);
}
Also used : IdentityZoneConfiguration(org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration)

Example 5 with IdentityZoneConfiguration

use of org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration in project uaa by cloudfoundry.

the class LoginInfoEndpoint method populatePrompts.

private void populatePrompts(Model model, List<String> exclude, String origin, Map<String, SamlIdentityProviderDefinition> samlIdentityProviders, Map<String, AbstractExternalOAuthIdentityProviderDefinition> oauthIdentityProviders, List<String> excludedPrompts, boolean returnLoginPrompts) {
    boolean noIdpsPresent = true;
    for (SamlIdentityProviderDefinition idp : samlIdentityProviders.values()) {
        if (idp.isShowSamlLink()) {
            model.addAttribute(SHOW_LOGIN_LINKS, true);
            noIdpsPresent = false;
            break;
        }
    }
    for (AbstractExternalOAuthIdentityProviderDefinition oauthIdp : oauthIdentityProviders.values()) {
        if (oauthIdp.isShowLinkText()) {
            model.addAttribute(SHOW_LOGIN_LINKS, true);
            noIdpsPresent = false;
            break;
        }
    }
    // make the list writeable
    if (noIdpsPresent) {
        excludedPrompts.add(PASSCODE);
    }
    if (!returnLoginPrompts) {
        excludedPrompts.add("username");
        excludedPrompts.add("password");
    }
    List<Prompt> prompts;
    IdentityZoneConfiguration zoneConfiguration = IdentityZoneHolder.get().getConfig();
    if (isNull(zoneConfiguration)) {
        zoneConfiguration = new IdentityZoneConfiguration();
    }
    prompts = zoneConfiguration.getPrompts();
    if (origin != null) {
        IdentityProvider providerForOrigin = null;
        try {
            providerForOrigin = providerProvisioning.retrieveByOrigin(origin, IdentityZoneHolder.get().getId());
        } catch (DataAccessException ignored) {
        }
        if (providerForOrigin != null) {
            if (providerForOrigin.getConfig() instanceof OIDCIdentityProviderDefinition) {
                OIDCIdentityProviderDefinition oidcConfig = (OIDCIdentityProviderDefinition) providerForOrigin.getConfig();
                List<Prompt> providerPrompts = oidcConfig.getPrompts();
                if (providerPrompts != null) {
                    prompts = providerPrompts;
                }
            }
        }
    }
    Map<String, String[]> map = new LinkedHashMap<>();
    for (Prompt prompt : prompts) {
        String[] details = prompt.getDetails();
        if (PASSCODE.equals(prompt.getName()) && !IdentityZoneHolder.isUaa()) {
            String urlInPasscode = extractUrlFromString(prompt.getDetails()[1]);
            if (hasText(urlInPasscode)) {
                String[] newDetails = new String[details.length];
                System.arraycopy(details, 0, newDetails, 0, details.length);
                newDetails[1] = newDetails[1].replace(urlInPasscode, addSubdomainToUrl(urlInPasscode, IdentityZoneHolder.get().getSubdomain()));
                details = newDetails;
            }
        }
        map.put(prompt.getName(), details);
    }
    if (mfaChecker.isMfaEnabled(IdentityZoneHolder.get())) {
        Prompt p = new Prompt(MFA_CODE, "password", "MFA Code ( Register at " + addSubdomainToUrl(baseUrl + " )", IdentityZoneHolder.get().getSubdomain()));
        map.putIfAbsent(p.getName(), p.getDetails());
    }
    for (String excludeThisPrompt : exclude) {
        map.remove(excludeThisPrompt);
    }
    model.addAttribute("prompts", map);
}
Also used : IdentityProvider(org.cloudfoundry.identity.uaa.provider.IdentityProvider) OIDCIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition) LinkedHashMap(java.util.LinkedHashMap) SamlIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition) AbstractExternalOAuthIdentityProviderDefinition(org.cloudfoundry.identity.uaa.provider.AbstractExternalOAuthIdentityProviderDefinition) EmptyResultDataAccessException(org.springframework.dao.EmptyResultDataAccessException) DataAccessException(org.springframework.dao.DataAccessException) IdentityZoneConfiguration(org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration)

Aggregations

IdentityZoneConfiguration (org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration)62 IdentityZone (org.cloudfoundry.identity.uaa.zone.IdentityZone)40 Test (org.junit.jupiter.api.Test)24 Matchers.containsString (org.hamcrest.Matchers.containsString)20 RandomValueStringGenerator (org.springframework.security.oauth2.common.util.RandomValueStringGenerator)16 RestTemplate (org.springframework.web.client.RestTemplate)14 Test (org.junit.Test)13 MockMvcUtils.createOtherIdentityZone (org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.createOtherIdentityZone)11 SamlIdentityProviderDefinition (org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition)9 SetServerNameRequestPostProcessor (org.cloudfoundry.identity.uaa.util.SetServerNameRequestPostProcessor)9 TokenPolicy (org.cloudfoundry.identity.uaa.zone.TokenPolicy)9 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)7 IdentityZoneProvisioning (org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning)7 BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)7 HashMap (java.util.HashMap)6 SamlServiceProviderDefinition (org.cloudfoundry.identity.uaa.provider.saml.idp.SamlServiceProviderDefinition)6 Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)6 BrandingInformation (org.cloudfoundry.identity.uaa.zone.BrandingInformation)5 SamlConfig (org.cloudfoundry.identity.uaa.zone.SamlConfig)5 Map (java.util.Map)3