diff --git a/fda-authentication-service/.gitignore b/fda-authentication-service/.gitignore index 56d435d49f5b1e6ac980c039672bcabce5cf7248..619d263f9c3d82f2484f6c2c82b55425b3c71597 100644 --- a/fda-authentication-service/.gitignore +++ b/fda-authentication-service/.gitignore @@ -6,7 +6,7 @@ target/ ### Generated ### ready -*.jks +*.pem ### STS ### .apt_generated diff --git a/fda-authentication-service/README.md b/fda-authentication-service/README.md index 6e9dbfb63aa63b3df874be896173c9f2797e849e..7e7d2f4aced364df369ac67d3b8365440b1a353d 100644 --- a/fda-authentication-service/README.md +++ b/fda-authentication-service/README.md @@ -9,4 +9,4 @@ use TU Wien SSO ## Development -Context metadata for IdP: `http://localhost:9097/context/saml/metadata` \ No newline at end of file +Context metadata for IdP: `http://localhost:9097/saml/metadata` \ No newline at end of file diff --git a/fda-authentication-service/pom.xml b/fda-authentication-service/pom.xml index ef5b2972a879e0f3b40bdf50216f20e2da8b6663..002414fcdd05b832ac8c8817f54adc4fd432869f 100644 --- a/fda-authentication-service/pom.xml +++ b/fda-authentication-service/pom.xml @@ -33,19 +33,6 @@ </properties> <dependencies> - <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-web</artifactId> - </dependency> - <dependency> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-security</artifactId> - </dependency> - <dependency> - <groupId>org.springframework.security.extensions</groupId> - <artifactId>spring-security-saml2-core</artifactId> - <version>${spring-saml.version}</version> - </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-validation</artifactId> @@ -60,6 +47,16 @@ <artifactId>javax.ws.rs-api</artifactId> <version>${javax-rs.version}</version> </dependency> + <!-- SAML --> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-security</artifactId> + </dependency> + <dependency> + <groupId>org.springframework.security.extensions</groupId> + <artifactId>spring-security-saml2-core</artifactId> + <version>${spring-saml.version}</version> + </dependency> <!-- Entity and API --> <dependency> <groupId>at.tuwien</groupId> @@ -74,6 +71,11 @@ <scope>compile</scope> </dependency> <!-- Testing --> + <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-test</artifactId> + <scope>test</scope> + </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> diff --git a/fda-authentication-service/rest-service/src/main/java/at/tuwien/FdaAuthenticationServiceApplication.java b/fda-authentication-service/rest-service/src/main/java/at/tuwien/FdaAuthenticationServiceApplication.java index 4501fd8b9c79fefc5ff0133cf4e0cc40a42d6385..9ee4a655b6ef187a92caba9d225d3788e0563de2 100644 --- a/fda-authentication-service/rest-service/src/main/java/at/tuwien/FdaAuthenticationServiceApplication.java +++ b/fda-authentication-service/rest-service/src/main/java/at/tuwien/FdaAuthenticationServiceApplication.java @@ -5,11 +5,11 @@ import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration; import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; -import org.springframework.web.servlet.config.annotation.EnableWebMvc; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import springfox.documentation.oas.annotations.EnableOpenApi; -@EnableWebMvc @EnableOpenApi +@EnableWebSecurity @SpringBootApplication(exclude = {DataSourceAutoConfiguration.class, DataSourceTransactionManagerAutoConfiguration.class, HibernateJpaAutoConfiguration.class}) public class FdaAuthenticationServiceApplication { diff --git a/fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java b/fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java index d506ce161099ed6bf455491b37b79a4a53d6e597..74c4207cf9e3b6ef352284d7eb033ad7614b1676 100644 --- a/fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java +++ b/fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java @@ -1,73 +1,18 @@ package at.tuwien.endpoints; -import io.swagger.annotations.ApiOperation; -import io.swagger.annotations.ApiResponse; -import io.swagger.annotations.ApiResponses; -import lombok.extern.log4j.Log4j2; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; -import org.springframework.http.ResponseEntity; -import org.springframework.security.authentication.AnonymousAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.saml.metadata.MetadataManager; import org.springframework.web.bind.annotation.*; -import javax.servlet.http.HttpServletRequest; -import java.util.Set; - -/** - * https://www.baeldung.com/spring-security-saml - */ -@Log4j2 -@RestController -@CrossOrigin(origins = "*") -@ControllerAdvice -@RequestMapping("/api/auth") +@RestController("/api/auth") public class AuthenticationEndpoint { - private final MetadataManager metadataManager; - - @Autowired - public AuthenticationEndpoint(MetadataManager metadataManager) { - this.metadataManager = metadataManager; + @RequestMapping("/") + public String index() { + return "index"; } -// @GetMapping -// @ApiOperation(value = "Check user authentication", notes = "Check if the user is authenticated") -// @ApiResponses({ -// @ApiResponse(code = 202, message = "User is authenticated."), -// @ApiResponse(code = 401, message = "The user is not authenticated"), -// }) -// public ResponseEntity<?> status() { -// final Authentication auth = SecurityContextHolder.getContext() -// .getAuthentication(); -// if (auth.isAuthenticated()) { -// return ResponseEntity.status(HttpStatus.ACCEPTED) -// .build(); -// } -// return ResponseEntity.status(HttpStatus.UNAUTHORIZED) -// .build(); -// } -// - @RequestMapping(value = "/discovery", method = RequestMethod.GET) - public String idpSelection(HttpServletRequest request) { - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - if (auth == null) { - log.debug("Current authentication instance from security context is null"); - } else { - log.debug("Current authentication instance from security context: {}", this.getClass().getSimpleName()); - } - if (auth == null || (auth instanceof AnonymousAuthenticationToken)) { - final Set<String> idps = metadataManager.getIDPEntityNames(); - for (String idp : idps) { - log.debug("Configured Identity Provider for SSO: {}", idp); - } - return "pages/discovery"; - } else { - log.warn("The current user is already logged."); - return "redirect:/landing"; - } + @RequestMapping("/hello") + public String hello() { + return "hello"; } -} +} \ No newline at end of file diff --git a/fda-authentication-service/rest-service/src/main/resources/application-docker.yml b/fda-authentication-service/rest-service/src/main/resources/application-docker.yml index 6d5e8cc25393c4dce18efcb26903333ede3f879f..e510399f39ea29aa42bfece953d8a84d3d6a127a 100644 --- a/fda-authentication-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-authentication-service/rest-service/src/main/resources/application-docker.yml @@ -16,9 +16,6 @@ eureka: fda: ready.path: /ready identity.provider: - discovery: - url: http://localhost:9097/context/saml/discovery - response: http://localhost:9097/context/saml/login metadata: https://idp.zid.tuwien.ac.at/saml2 issuer: cert: /okta.crt diff --git a/fda-authentication-service/rest-service/src/main/resources/application.yml b/fda-authentication-service/rest-service/src/main/resources/application.yml index adbbc29011c3d07bc8e466c2010d0d363cff37d6..ae3a28fe6844857cc205e75f4685a32dc1874c26 100644 --- a/fda-authentication-service/rest-service/src/main/resources/application.yml +++ b/fda-authentication-service/rest-service/src/main/resources/application.yml @@ -6,6 +6,7 @@ spring: loadbalancer.ribbon.enabled: false security: saml2: + metadata: ./rest-service/src/main/resources/saml/metadata.xml relyingparty: registration: okta-saml: @@ -15,7 +16,14 @@ spring: - certificate-location: "classpath:x509/okta.crt" singlesignon.url: https://dev-13953915.okta.com/app/dev-13953915_testtusaml_1/exk26nye6eBAomvJW5d7/sso/saml singlesignon.sign-request: false -server.port: 9097 +server: + port: 9097 + ssl.enabled: true + ssl: + key-alias: dbrepo + key-store: classpath:saml/dbrepo.p12 + key-store-password: dbrepo + key-store-type: pkcs12 logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -25,14 +33,4 @@ eureka: instance.hostname: fda-authentication-service client.serviceUrl.defaultZone: http://localhost:9090/eureka/ fda: - ready.path: ./ready - identity.provider: - metadata: ./rest-service/src/main/resources/idp_metadata.xml - discovery: - url: http://localhost:9097/context/saml/discovery - response: http://localhost:9097/context/saml/login - saml: - keystore: - location: ./dbrepo.jks - alias: dbrepo - password: dbrepo \ No newline at end of file + ready.path: ./ready \ No newline at end of file diff --git a/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.jks b/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.jks new file mode 100644 index 0000000000000000000000000000000000000000..edcd186eae340994138383d9d1ba2682484d7b26 Binary files /dev/null and b/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.jks differ diff --git a/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.p12 b/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.p12 new file mode 100644 index 0000000000000000000000000000000000000000..ff3f0de9b9d456e0cb03f5c5478b64d26be5cf63 Binary files /dev/null and b/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.p12 differ diff --git a/fda-authentication-service/rest-service/src/main/resources/saml/idp_metadata.xml b/fda-authentication-service/rest-service/src/main/resources/saml/idp_metadata.xml new file mode 100644 index 0000000000000000000000000000000000000000..79437e90d158e700b4f92cde38018d8d1adcbbea --- /dev/null +++ b/fda-authentication-service/rest-service/src/main/resources/saml/idp_metadata.xml @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor entityID="http://www.okta.com/exk26nye6eBAomvJW5d7" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"> + <md:IDPSSODescriptor WantAuthnRequestsSigned="false" + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIIDqDCCApCgAwIBAgIGAXxuFWkiMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG + A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU + MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi0xMzk1MzkxNTEcMBoGCSqGSIb3DQEJ + ARYNaW5mb0Bva3RhLmNvbTAeFw0yMTEwMTEwNjQwMDlaFw0zMTEwMTEwNjQxMDlaMIGUMQswCQYD + VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG + A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi0xMzk1MzkxNTEc + MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC + ggEBAIZny5u9B0ooc5OigsxXv9MisZZzvXdoiIUtkF3Lvd2wEsdEcl8JPeZ0Id9xskaxkVhvvVeW + W+R0yADi4mmDkqrKfOkSKqBSFlaHAlH1OZyfWLTLmMwxTuVNCu200ok33p/iyJ5dff914YEuQRVw + 1u+t9UVwtSrNoDaJG8vxh1JsZ1zXceGRENvD/NdzV/PherPNmKnnr2r10uKTDrc03NJt22AOGxY0 + s0NDHU2hqm8xNiGnztZxlcrjTKtUljOQnAsaqY+AugH1Ov40VABotgg+r69uz+lYpbDiDtpZbPfK + gwCcQwWeX0VaYDeK+ESXxo55eM8qxeMbC6CrKIALLw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA + WgUI3wswTBZa7zkF90KTnlb7+qnks4rdV8c6Guxpj5TIqsAZjDYv573Dqqpsp5QJBSfUwO1iRdXf + ueO6r8haLY2ukk5vjZd31GboH+e+py6nVATUZ5xL2JxMhDgG8Hh9Gg/rl04O4Uk12f9YJF1k5Qko + ZQ3Kaxf/5nKw3mJL4wzmJz3ezeEn4M5VyC6BfhIcIC+asScsEgjRNQQ/SrgG7ywl0C3i+P41Nw9x + cWXQ6pepnLVR9q1aaLv2cyZ7RiN0JyKxruWdZPAluPODEp65TpfKbfCBXM00Bikm4MW76rXH2sjI + uUmMDfGSFmR+urDPJdc8kL26X0kwUrbEXXsT3g== + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> + <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://dev-13953915.okta.com/app/dev-13953915_testtusaml_1/exk26nye6eBAomvJW5d7/sso/saml"/> + <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="https://dev-13953915.okta.com/app/dev-13953915_testtusaml_1/exk26nye6eBAomvJW5d7/sso/saml"/> + </md:IDPSSODescriptor> + <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://dbrepo.ossdip.at/api/auth" + index="1" /> + + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en-US">Technische Universität Wien</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en-US">TU Wien</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en-US">https://tuwien.ac.at</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>Martin Weise</md:GivenName> + <md:EmailAddress>martin.weise@tuwien.ac.at</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>Andreas Rauber</md:GivenName> + <md:EmailAddress>andreas.rauber@tuwien.ac.at</md:EmailAddress> + </md:ContactPerson> +</md:EntityDescriptor> \ No newline at end of file diff --git a/fda-authentication-service/rest-service/src/main/resources/idp_metadata.xml b/fda-authentication-service/rest-service/src/main/resources/saml/metadata.xml similarity index 71% rename from fda-authentication-service/rest-service/src/main/resources/idp_metadata.xml rename to fda-authentication-service/rest-service/src/main/resources/saml/metadata.xml index bea0721ad30fd672dc77f73caee5cc2b45b2f92f..696949e9b69d859cb1cf80d836076fed30c25cfb 100644 --- a/fda-authentication-service/rest-service/src/main/resources/idp_metadata.xml +++ b/fda-authentication-service/rest-service/src/main/resources/saml/metadata.xml @@ -34,4 +34,24 @@ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://dev-13953915.okta.com/app/dev-13953915_testtusaml_1/exk26nye6eBAomvJW5d7/sso/saml"/> </md:IDPSSODescriptor> + <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="http://localhost:9097/api/auth" + index="1" /> + + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en-US">Technische Universität Wien</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en-US">TU Wien</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en-US">https://tuwien.ac.at</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:GivenName>Martin Weise</md:GivenName> + <md:EmailAddress>martin.weise@tuwien.ac.at</md:EmailAddress> + </md:ContactPerson> + <md:ContactPerson contactType="support"> + <md:GivenName>Andreas Rauber</md:GivenName> + <md:EmailAddress>andreas.rauber@tuwien.ac.at</md:EmailAddress> + </md:ContactPerson> </md:EntityDescriptor> \ No newline at end of file diff --git a/fda-authentication-service/rest-service/src/main/resources/sp_metadata.xml b/fda-authentication-service/rest-service/src/main/resources/saml/sp_metadata.xml similarity index 68% rename from fda-authentication-service/rest-service/src/main/resources/sp_metadata.xml rename to fda-authentication-service/rest-service/src/main/resources/saml/sp_metadata.xml index 64ef410c5aa35039897347ebdfc7d40e7f627b19..696482b54ba65aaa5fc846493326ce24e1ba1003 100644 --- a/fda-authentication-service/rest-service/src/main/resources/sp_metadata.xml +++ b/fda-authentication-service/rest-service/src/main/resources/saml/sp_metadata.xml @@ -1,15 +1,20 @@ <?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" - validUntil="2021-10-13T10:33:48Z" + validUntil="2021-10-13T15:46:10Z" cacheDuration="PT604800S" entityID="at:tuwien:dbrepo:auth"> <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - Location="http://localhost:9097/api/auth" + Location="https://dbrepo.ossdip.at/api/auth" index="1" /> </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en-US">Technische Universität Wien</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en-US">TU Wien</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en-US">https://tuwien.ac.at</md:OrganizationURL> + </md:Organization> <md:ContactPerson contactType="technical"> <md:GivenName>Martin Weise</md:GivenName> <md:EmailAddress>martin.weise@tuwien.ac.at</md:EmailAddress> diff --git a/fda-authentication-service/rest-service/src/main/resources/x509/.gitkeep b/fda-authentication-service/rest-service/src/main/resources/x509/.gitkeep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-chain.pem b/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-chain.pem new file mode 100644 index 0000000000000000000000000000000000000000..d6ad39839ac1eaa2424918ebc2096ab2c661de52 --- /dev/null +++ b/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-chain.pem @@ -0,0 +1,91 @@ +-----BEGIN CERTIFICATE----- +MIIFITCCBAmgAwIBAgISBEh169kOMeYh+SgBdP8KFL2fMA0GCSqGSIb3DQEBCwUA +MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD +EwJSMzAeFw0yMTEwMTIwNzA4NTVaFw0yMjAxMTAwNzA4NTRaMBgxFjAUBgNVBAMT +DWRldi5vc3NkaXAuYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm +vl9NZd4qV53j8U1irMwR0RXR2tl0i3FqXUxGYUHabIADLciAzl83vFnPMmJFeubn +DBGfkP2Z7Q+96fgwuxhXVVovT4uCwNcUGW66LzwemYJKnauy6muPooyllLO/mHAe +hhtdber7H9dwj8gdTjIDGRgw/owElsMGYOt1XxXRpnmh6QzvprT38Lt7OTfRlvlz +//p0PoYzfeI295fSGuIAl2rVAOQJq/n/Nl3dbTQ4KdLn0raf5am1ah+S904br34J +FyDfziswLGNRQ4SuYxFUXmfyV8TsxmJeRRfBa6JFofbAsuvzJ/TcJDiaLcsWjbWz +KQTz8tWhTA1U5McU0sLTAgMBAAGjggJJMIICRTAOBgNVHQ8BAf8EBAMCBaAwHQYD +VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O +BBYEFIDkQgQxxpq9cTecpFYY97S7ClRyMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ +QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz +Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv +MBgGA1UdEQQRMA+CDWRldi5vc3NkaXAuYXQwTAYDVR0gBEUwQzAIBgZngQwBAgEw +NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j +cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgBByMqx3yJGShDGoToJ +QodeTjGLGwPr60vHaPCQYpYG9gAAAXxzjB5xAAAEAwBHMEUCIQCYOtWFJnGtJ2kC +E+De2h/eWKrQPf6guJq/tCWz3XdCPQIgdPKdERwSqECytmCG2jPXLMSxL+LrIPtY +Zl/cZSePFzkAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXxz +jCKvAAAEAwBIMEYCIQCb1vdGOZx4MU72UABM5WOdUNKLZyuqmRYY8MWCiEnuMgIh +AL1Q3SAtogxxJh61qIk9/9R+0n1xQ+xxPkq81uid+l8cMA0GCSqGSIb3DQEBCwUA +A4IBAQADxwr9oAA5hCyqqzcmqgk0fk6wv3r/hzki+mZ/CjiIN9HdcOP5rP+B29Xu +WvN+8j/nIOuwGg1vI/vQn3XUg/ICsaVDTqnN6FiK6+08Vp1A90j0hhExFMWWNIbA +OIE/KYHnqpu0jFBKRA7XhRAXCyl1JGbfhxdHJHt2oZ9RKB85b9NogUB4II9A2rE2 +BUyS4fpUAFWJOWrkvc6uV2gWfMfr85L6rnpBl6xBuEr/9zOK87jjiqyq86MBTvPu +6Pyd0m0OA9fiP/8XzrdOtmUX0yXxCpUzT7VzW/85oFU8HG1dbfu0QqGmYgYKEgwe +r8US8fgeAoSkCQJmQC6z8/PRtkI0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw +WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg +RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP +R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx +sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm +NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg +Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG +/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB +Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA +FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw +AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw +Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB +gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W +PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl +ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz +CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm +lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 +avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 +yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O +yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids +hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ +HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv +MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX +nLRbwHOoq7hHwg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC +ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL +wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D +LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK +4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 +bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y +sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ +Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 +FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc +SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql +PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND +TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 +c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx ++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB +ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu +b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E +U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu +MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC +5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW +9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG +WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O +he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC +Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 +-----END CERTIFICATE----- \ No newline at end of file diff --git a/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-key.pem b/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-key.pem new file mode 100644 index 0000000000000000000000000000000000000000..f5c34a737fbf2de072da5a63c37e94a5cdc4af21 --- /dev/null +++ b/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCmvl9NZd4qV53j +8U1irMwR0RXR2tl0i3FqXUxGYUHabIADLciAzl83vFnPMmJFeubnDBGfkP2Z7Q+9 +6fgwuxhXVVovT4uCwNcUGW66LzwemYJKnauy6muPooyllLO/mHAehhtdber7H9dw +j8gdTjIDGRgw/owElsMGYOt1XxXRpnmh6QzvprT38Lt7OTfRlvlz//p0PoYzfeI2 +95fSGuIAl2rVAOQJq/n/Nl3dbTQ4KdLn0raf5am1ah+S904br34JFyDfziswLGNR +Q4SuYxFUXmfyV8TsxmJeRRfBa6JFofbAsuvzJ/TcJDiaLcsWjbWzKQTz8tWhTA1U +5McU0sLTAgMBAAECggEALFYeXSQjCLs3Xm7BFuW/dVVVKfG5NIYHaDLanzQpIH0N +JMs9rxIwu083yiIpgzQExZat8PHKnO0t7F+UANEezcoCKuZJwECqb8u7Z4I7yB8l +R9XY27/9Tbn5D+YUTXOpDFS4XgVmH9P9ow54NWKfZbd8eTqV3HqB7OZEdXcNBCuD +1RPpEB+UJx+7HMfqRfyjSF0fKOEPjq2aBw3DfYuwiU2O/L9n5KftU05AQA8FTGe+ +gOnnGjEIPvwykspB8pgKri9TB3RAs22mrho1L7j3ThEBa+sauvUWsKG72WjHjzKJ +07WGa28uW2qhXxGZD5aAbOmLHHV2d9F81OpeRnM7kQKBgQDZO9cBdO2lvGVsnAVi +O0G1gSficX/jFUEKb15EzvyEuEElCFcIOWZgvmn+9Zr4TAJLzgSUgGTlREvLM4Zf +mh2RR2fXRMbmPiI+37+E/841Aa5b/pfJj4kolz2Y3FmlrztPTlPkx8kFckdW4HSH +WHM3VlIfWSWdGQye8EuPC5+mXQKBgQDEf+4M8q16q4SxnX2Yci46cZbnS98n7QG/ +HnuVElmnodxV7OOc773x7/nyoW8j3hhD9GWQkPjQMbT5c8pMix5+/AG2vvjtzhJW +klnYz7iw2k6+OY1oMSPu+f/wBpXOhJCniAFjPJCXwpSA+h0KuaxfOhxxOZl++E8c +gEmbc1Ua7wKBgQChBt6F0esnY9O7ApxrCInYxXiPPpsR9XtVBODYGKbOqtZ/YQNC +sWnWZM+lkuHhFFbPYlO60MH5wPp+Eh+VVmR8gHXU+MKHgZ9ZA/qv1/8/A5P/1WUm +oCOH1zRtz0kUrCRG0UUW3ZGBXAjNuWwnt8UQTAhr/GUJYrwcRPt9eZxKcQKBgQDE +P3RTUCd8RULQVRczoo2S5xEsTbVA3c8Jvnr0hhAugFRbKKymdzXAJMj/zsT+EHkx +nSu2d2NYIty46jDXw3WgozVe+1oHvvDHr4C2LbcqQc205CvbLIDT0rEPWrRRPkpu +V0Hzh3BtcPL54VIR/SAvNw1i84Des0XnlCRvcX9E1wKBgQC8DgYnsMEGFpVBp1xT +0ER0XSq5njl6vAoUCkw3jN+dkWxYjI9sWQtP5pyrE0kWDG8h9/mbRG5rTFK7PzK6 +Vilqp7hws3NuKec3uRBtoeZI2wIBVfBihTLM7AhUROsrbf2ocP1jfEvl7yd49UYI +i/dStaqfpozr864eytU8Pzct3g== +-----END PRIVATE KEY----- \ No newline at end of file diff --git a/fda-authentication-service/services/src/main/java/at/tuwien/config/SamlConfig.java b/fda-authentication-service/services/src/main/java/at/tuwien/config/SamlConfig.java index a1c2074c98476b36ac9b4f5a128afd0f99ca9eea..91f12bed3d3597b9cd40bc75862080f1cba7bf0c 100644 --- a/fda-authentication-service/services/src/main/java/at/tuwien/config/SamlConfig.java +++ b/fda-authentication-service/services/src/main/java/at/tuwien/config/SamlConfig.java @@ -1,15 +1,15 @@ package at.tuwien.config; -import at.tuwien.service.UserService; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager; import org.apache.velocity.app.VelocityEngine; -import org.opensaml.saml2.metadata.provider.*; +import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.parse.ParserPool; import org.opensaml.xml.parse.StaticBasicParserPool; import org.springframework.beans.factory.DisposableBean; import org.springframework.beans.factory.InitializingBean; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; @@ -48,42 +48,26 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import java.io.File; import java.util.*; -/** - * - */ @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) public class SamlConfig extends WebSecurityConfigurerAdapter implements InitializingBean, DisposableBean { - private final UserService userService; - private Timer backgroundTaskTimer; private MultiThreadedHttpConnectionManager multiThreadedHttpConnectionManager; - @Autowired - public SamlConfig(UserService userService) { - this.userService = userService; - } + @Value("${spring.security.saml2.metadata}") + private String serviceMetadataPath; - @Value("${fda.saml.keystore.location}") + @Value("${server.ssl.key-store}") private String samlKeystoreLocation; - @Value("${fda.saml.keystore.alias}") + @Value("${server.ssl.key-alias}") private String samlKeystoreAlias; - @Value("${fda.saml.keystore.password}") + @Value("${server.ssl.key-store-password}") private String samlKeystorePassword; - @Value("${fda.identity.provider.metadata}") - private String identityProviderMetadataPath; - - @Value("${fda.identity.provider.discovery.url}") - private String identityProviderDiscoveryUrl; - - @Value("${fda.identity.provider.discovery.response}") - private String identityProviderDiscoveryResponseUrl; - /* The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there */ @Bean public MetadataDisplayFilter metadataDisplayFilter() { @@ -121,7 +105,7 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali /* Processing filter for WebSSO profile messages */ @Bean public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception { - SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter(); + final SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter(); samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager()); samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler()); samlWebSSOProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler()); @@ -151,8 +135,7 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali return logoutHandler; } - /* Filter processing incoming logout messages. First argument determines URL user will be redirected to after - successful global logout */ + /* Filter processing incoming logout messages */ @Bean public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() { return new SAMLLogoutProcessingFilter(successLogoutHandler(), @@ -217,39 +200,24 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali return new SAMLProcessorImpl(bindings); } - /** - * Define the security filter chain in order to support SSO Auth by using SAML 2.0 - * - * @return Filter chain proxy - * @throws Exception - */ + /* Define the security filter chain in order to support SSO Auth by using SAML 2.0 */ @Bean public FilterChainProxy samlFilter() throws Exception { List<SecurityFilterChain> chains = new ArrayList<>(); - chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/login/**"), + chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"), + samlWebSSOProcessingFilter())); + chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"), + samlDiscovery())); + chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"), samlEntryPoint())); - chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/logout/**"), + chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"), samlLogoutFilter())); - chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/metadata/**"), - metadataDisplayFilter())); - chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/SSO/**"), - samlWebSSOProcessingFilter())); - chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/SSOHoK/**"), - samlWebSSOHoKProcessingFilter())); - chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/SingleLogout/**"), + chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"), samlLogoutProcessingFilter())); - chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/discovery/**"), - samlDiscovery())); return new FilterChainProxy(chains); } - /** - * Returns the authentication manager currently used by Spring. - * It represents a bean definition with the aim allow wiring from - * other classes performing the Inversion of Control (IoC). - * - * @throws Exception - */ + /* Returns the authentication manager currently used by Spring. */ @Bean @Override public AuthenticationManager authenticationManagerBean() throws Exception { @@ -258,9 +226,6 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali /** * Defines the web based security configuration. - * - * @param http It allows configuring web based security for specific http requests. - * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { @@ -282,9 +247,6 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali /** * Sets a custom authentication provider. - * - * @param auth SecurityBuilder used to create an AuthenticationManager. - * @throws Exception */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { @@ -326,7 +288,7 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali @Qualifier("idp-ssocircle") public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider() throws MetadataProviderException { final FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider( - new File(identityProviderMetadataPath)); + new File(serviceMetadataPath)); filesystemMetadataProvider.setParserPool(parserPool()); final ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(filesystemMetadataProvider, extendedMetadata()); @@ -338,10 +300,8 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali /* IDP Discovery Service */ @Bean - public SAMLDiscovery samlDiscovery() { - SAMLDiscovery idpDiscovery = new SAMLDiscovery(); - idpDiscovery.setIdpSelectionPath("/api/auth/discovery"); - return idpDiscovery; + public SAMLDiscovery samlDiscovery() throws MetadataProviderException { + return new SAMLDiscovery(); } /* Setup advanced info about metadata */ @@ -350,8 +310,6 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali ExtendedMetadata extendedMetadata = new ExtendedMetadata(); extendedMetadata.setLocal(true); extendedMetadata.setIdpDiscoveryEnabled(true); - extendedMetadata.setIdpDiscoveryURL(identityProviderDiscoveryUrl); - extendedMetadata.setIdpDiscoveryResponseURL(identityProviderDiscoveryResponseUrl); extendedMetadata.setSignMetadata(true); extendedMetadata.setEcpEnabled(true); return extendedMetadata; @@ -360,23 +318,23 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali /* Entry point to initialize authentication, default values taken from properties file */ @Bean public SAMLEntryPoint samlEntryPoint() { - SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint(); + final SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint(); samlEntryPoint.setDefaultProfileOptions(defaultWebSSOProfileOptions()); return samlEntryPoint; } @Bean public WebSSOProfileOptions defaultWebSSOProfileOptions() { - WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions(); + final WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions(); webSSOProfileOptions.setIncludeScoping(false); return webSSOProfileOptions; } @Bean public KeyManager keyManager() { - DefaultResourceLoader loader = new DefaultResourceLoader(); - Resource storeFile = loader.getResource(samlKeystoreLocation); - Map<String, String> passwords = new HashMap<>(); + final DefaultResourceLoader loader = new DefaultResourceLoader(); + final Resource storeFile = loader.getResource(samlKeystoreLocation); + final Map<String, String> passwords = new HashMap<>(); passwords.put(samlKeystoreAlias, samlKeystorePassword); return new JKSKeyManager(storeFile, samlKeystorePassword, passwords, samlKeystoreAlias); } @@ -429,8 +387,8 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali /* SAML Authentication Provider responsible for validating of received SAML messages */ @Bean public SAMLAuthenticationProvider samlAuthenticationProvider() { - SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider(); - samlAuthenticationProvider.setUserDetails(userService); + final SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider(); +// samlAuthenticationProvider.setUserDetails(userService); samlAuthenticationProvider.setForcePrincipalAsString(false); return samlAuthenticationProvider; } diff --git a/fda-authentication-service/services/src/main/java/at/tuwien/service/UserService.java b/fda-authentication-service/services/src/main/java/at/tuwien/service/UserService.java deleted file mode 100644 index e59fd5da9e84a37b113bb60d1b01e84c839d2997..0000000000000000000000000000000000000000 --- a/fda-authentication-service/services/src/main/java/at/tuwien/service/UserService.java +++ /dev/null @@ -1,29 +0,0 @@ -package at.tuwien.service; - -import lombok.extern.log4j.Log4j2; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.saml.SAMLCredential; -import org.springframework.security.saml.userdetails.SAMLUserDetailsService; -import org.springframework.stereotype.Service; - -import java.util.ArrayList; -import java.util.List; - -@Log4j2 -@Service -public class UserService implements SAMLUserDetailsService { - - @Override - public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException { - final String userID = credential.getNameID().getValue(); - log.debug("Logged in user {}", userID); - List<GrantedAuthority> authorities = new ArrayList<>(); - GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); - authorities.add(authority); - return new User(userID, "<abc123>", true, true, true, true, authorities); - } - -} diff --git a/fda-ui/components/.gitkeep b/fda-ui/components/.gitkeep new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391