From e16ee87bb563db64b0d021d37a24678991404d2c Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Fri, 15 Oct 2021 00:25:23 +0200
Subject: [PATCH] still not working
Former-commit-id: 6a593b691d9b4d2de0030ccffdd503767d5c9bdb
---
fda-authentication-service/.gitignore | 2 +-
fda-authentication-service/README.md | 2 +-
fda-authentication-service/pom.xml | 28 ++---
.../FdaAuthenticationServiceApplication.java | 4 +-
.../endpoints/AuthenticationEndpoint.java | 71 ++-----------
.../src/main/resources/application-docker.yml | 3 -
.../src/main/resources/application.yml | 22 ++--
.../src/main/resources/saml/dbrepo.jks | Bin 0 -> 2697 bytes
.../src/main/resources/saml/dbrepo.p12 | Bin 0 -> 3737 bytes
.../src/main/resources/saml/idp_metadata.xml | 57 ++++++++++
.../{idp_metadata.xml => saml/metadata.xml} | 20 ++++
.../main/resources/{ => saml}/sp_metadata.xml | 9 +-
.../src/main/resources/x509/.gitkeep | 0
.../resources/x509/dev-ossdip-at-chain.pem | 91 ++++++++++++++++
.../main/resources/x509/dev-ossdip-at-key.pem | 28 +++++
.../java/at/tuwien/config/SamlConfig.java | 100 +++++-------------
.../java/at/tuwien/service/UserService.java | 29 -----
fda-ui/components/.gitkeep | 0
18 files changed, 269 insertions(+), 197 deletions(-)
create mode 100644 fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.jks
create mode 100644 fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.p12
create mode 100644 fda-authentication-service/rest-service/src/main/resources/saml/idp_metadata.xml
rename fda-authentication-service/rest-service/src/main/resources/{idp_metadata.xml => saml/metadata.xml} (71%)
rename fda-authentication-service/rest-service/src/main/resources/{ => saml}/sp_metadata.xml (68%)
create mode 100644 fda-authentication-service/rest-service/src/main/resources/x509/.gitkeep
create mode 100644 fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-chain.pem
create mode 100644 fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-key.pem
delete mode 100644 fda-authentication-service/services/src/main/java/at/tuwien/service/UserService.java
create mode 100644 fda-ui/components/.gitkeep
diff --git a/fda-authentication-service/.gitignore b/fda-authentication-service/.gitignore
index 56d435d49f..619d263f9c 100644
--- a/fda-authentication-service/.gitignore
+++ b/fda-authentication-service/.gitignore
@@ -6,7 +6,7 @@ target/
### Generated ###
ready
-*.jks
+*.pem
### STS ###
.apt_generated
diff --git a/fda-authentication-service/README.md b/fda-authentication-service/README.md
index 6e9dbfb63a..7e7d2f4ace 100644
--- a/fda-authentication-service/README.md
+++ b/fda-authentication-service/README.md
@@ -9,4 +9,4 @@ use TU Wien SSO
## Development
-Context metadata for IdP: `http://localhost:9097/context/saml/metadata`
\ No newline at end of file
+Context metadata for IdP: `http://localhost:9097/saml/metadata`
\ No newline at end of file
diff --git a/fda-authentication-service/pom.xml b/fda-authentication-service/pom.xml
index ef5b2972a8..002414fcdd 100644
--- a/fda-authentication-service/pom.xml
+++ b/fda-authentication-service/pom.xml
@@ -33,19 +33,6 @@
</properties>
<dependencies>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-web</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
- <dependency>
- <groupId>org.springframework.security.extensions</groupId>
- <artifactId>spring-security-saml2-core</artifactId>
- <version>${spring-saml.version}</version>
- </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
@@ -60,6 +47,16 @@
<artifactId>javax.ws.rs-api</artifactId>
<version>${javax-rs.version}</version>
</dependency>
+ <!-- SAML -->
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.security.extensions</groupId>
+ <artifactId>spring-security-saml2-core</artifactId>
+ <version>${spring-saml.version}</version>
+ </dependency>
<!-- Entity and API -->
<dependency>
<groupId>at.tuwien</groupId>
@@ -74,6 +71,11 @@
<scope>compile</scope>
</dependency>
<!-- Testing -->
+ <dependency>
+ <groupId>org.springframework.security</groupId>
+ <artifactId>spring-security-test</artifactId>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
diff --git a/fda-authentication-service/rest-service/src/main/java/at/tuwien/FdaAuthenticationServiceApplication.java b/fda-authentication-service/rest-service/src/main/java/at/tuwien/FdaAuthenticationServiceApplication.java
index 4501fd8b9c..9ee4a655b6 100644
--- a/fda-authentication-service/rest-service/src/main/java/at/tuwien/FdaAuthenticationServiceApplication.java
+++ b/fda-authentication-service/rest-service/src/main/java/at/tuwien/FdaAuthenticationServiceApplication.java
@@ -5,11 +5,11 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration;
import org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration;
import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration;
-import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import springfox.documentation.oas.annotations.EnableOpenApi;
-@EnableWebMvc
@EnableOpenApi
+@EnableWebSecurity
@SpringBootApplication(exclude = {DataSourceAutoConfiguration.class,
DataSourceTransactionManagerAutoConfiguration.class, HibernateJpaAutoConfiguration.class})
public class FdaAuthenticationServiceApplication {
diff --git a/fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java b/fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java
index d506ce1610..74c4207cf9 100644
--- a/fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java
+++ b/fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java
@@ -1,73 +1,18 @@
package at.tuwien.endpoints;
-import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiResponse;
-import io.swagger.annotations.ApiResponses;
-import lombok.extern.log4j.Log4j2;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.saml.metadata.MetadataManager;
import org.springframework.web.bind.annotation.*;
-import javax.servlet.http.HttpServletRequest;
-import java.util.Set;
-
-/**
- * https://www.baeldung.com/spring-security-saml
- */
-@Log4j2
-@RestController
-@CrossOrigin(origins = "*")
-@ControllerAdvice
-@RequestMapping("/api/auth")
+@RestController("/api/auth")
public class AuthenticationEndpoint {
- private final MetadataManager metadataManager;
-
- @Autowired
- public AuthenticationEndpoint(MetadataManager metadataManager) {
- this.metadataManager = metadataManager;
+ @RequestMapping("/")
+ public String index() {
+ return "index";
}
-// @GetMapping
-// @ApiOperation(value = "Check user authentication", notes = "Check if the user is authenticated")
-// @ApiResponses({
-// @ApiResponse(code = 202, message = "User is authenticated."),
-// @ApiResponse(code = 401, message = "The user is not authenticated"),
-// })
-// public ResponseEntity<?> status() {
-// final Authentication auth = SecurityContextHolder.getContext()
-// .getAuthentication();
-// if (auth.isAuthenticated()) {
-// return ResponseEntity.status(HttpStatus.ACCEPTED)
-// .build();
-// }
-// return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
-// .build();
-// }
-//
- @RequestMapping(value = "/discovery", method = RequestMethod.GET)
- public String idpSelection(HttpServletRequest request) {
- Authentication auth = SecurityContextHolder.getContext().getAuthentication();
- if (auth == null) {
- log.debug("Current authentication instance from security context is null");
- } else {
- log.debug("Current authentication instance from security context: {}", this.getClass().getSimpleName());
- }
- if (auth == null || (auth instanceof AnonymousAuthenticationToken)) {
- final Set<String> idps = metadataManager.getIDPEntityNames();
- for (String idp : idps) {
- log.debug("Configured Identity Provider for SSO: {}", idp);
- }
- return "pages/discovery";
- } else {
- log.warn("The current user is already logged.");
- return "redirect:/landing";
- }
+ @RequestMapping("/hello")
+ public String hello() {
+ return "hello";
}
-}
+}
\ No newline at end of file
diff --git a/fda-authentication-service/rest-service/src/main/resources/application-docker.yml b/fda-authentication-service/rest-service/src/main/resources/application-docker.yml
index 6d5e8cc253..e510399f39 100644
--- a/fda-authentication-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-authentication-service/rest-service/src/main/resources/application-docker.yml
@@ -16,9 +16,6 @@ eureka:
fda:
ready.path: /ready
identity.provider:
- discovery:
- url: http://localhost:9097/context/saml/discovery
- response: http://localhost:9097/context/saml/login
metadata: https://idp.zid.tuwien.ac.at/saml2
issuer:
cert: /okta.crt
diff --git a/fda-authentication-service/rest-service/src/main/resources/application.yml b/fda-authentication-service/rest-service/src/main/resources/application.yml
index adbbc29011..ae3a28fe68 100644
--- a/fda-authentication-service/rest-service/src/main/resources/application.yml
+++ b/fda-authentication-service/rest-service/src/main/resources/application.yml
@@ -6,6 +6,7 @@ spring:
loadbalancer.ribbon.enabled: false
security:
saml2:
+ metadata: ./rest-service/src/main/resources/saml/metadata.xml
relyingparty:
registration:
okta-saml:
@@ -15,7 +16,14 @@ spring:
- certificate-location: "classpath:x509/okta.crt"
singlesignon.url: https://dev-13953915.okta.com/app/dev-13953915_testtusaml_1/exk26nye6eBAomvJW5d7/sso/saml
singlesignon.sign-request: false
-server.port: 9097
+server:
+ port: 9097
+ ssl.enabled: true
+ ssl:
+ key-alias: dbrepo
+ key-store: classpath:saml/dbrepo.p12
+ key-store-password: dbrepo
+ key-store-type: pkcs12
logging:
pattern.console: "%d %highlight(%-5level) %msg%n"
level:
@@ -25,14 +33,4 @@ eureka:
instance.hostname: fda-authentication-service
client.serviceUrl.defaultZone: http://localhost:9090/eureka/
fda:
- ready.path: ./ready
- identity.provider:
- metadata: ./rest-service/src/main/resources/idp_metadata.xml
- discovery:
- url: http://localhost:9097/context/saml/discovery
- response: http://localhost:9097/context/saml/login
- saml:
- keystore:
- location: ./dbrepo.jks
- alias: dbrepo
- password: dbrepo
\ No newline at end of file
+ ready.path: ./ready
\ No newline at end of file
diff --git a/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.jks b/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.jks
new file mode 100644
index 0000000000000000000000000000000000000000..edcd186eae340994138383d9d1ba2682484d7b26
GIT binary patch
literal 2697
zcmXqL;%a4LWHxBxvSZ`aYV&CO&dbQoxS)wkpQVXQ+n|X{-Jpqe9f}m|e3mBG*#=Fl
z(+!$fC$n)wb@6a9GA(FgbuegRwJ}J8>tN+Ih%~T3aCr>0Sw!qNH~qh9lEQiX;iO|Z
zXVT9daB<0DVp11iVpK5TVdH?9$i&IYU?9uJnb79Jn99t;sKp|%F?Z$LmWJFa=CA9s
zPR(w3&C<kj;bA+=j-MMZ>9bGfNPF{Wz4QLU>+e=|u6%r3<RQ0#$)Ua1gv95D%$9la
zXl=?&l^*@bYL+r>cTVNr+Yxd9Yb^F3%+=&NAo_TjpYYSi)l<a9CvCI+%FNyLdpc*q
zPLm1js&Bo;y$Yvpk8>9ff6lpAC-0<}J%7B8^eLs-cX7%W7((YBpS5I*XOr^5%<~d*
z^G@Cl<~p){)>$^s$u}1MRonELN94Cq1v9Vq%fHJa6xq$P8QjZHPJ5XD`Ks)Gzcs&X
zvs8uurmX7r<KalTd;88j(VWtzL;o4r%lB?9;+*(zHNz9TWqR98)$eH~Wjs#tVGZ!Q
zHFvYlkNqOSv#!?qOz1mXmiEiz=KG)%?;qK(DBIQ{Xrh{`&&z+eROK?u>PsGT%}#t-
z$TW|sURdF^0k8T0U2T8X$gVj4S7h#;O;fpQ7>{o_*kv>$@OM@R`@z`qHLMn<@3}m-
zTUgrsnRH9z<&?~K2Q_?E_q=$)(j}|#@)X-)9wE;e;YL!H)nN{DRtsysu|3vW$|o76
zv{%QfNx}Eh%`T&zA;BM>*ggm;PS9{Fl>0f+_RT+sD4UO}J6R)d?i1e;KHoEQl~LQC
z3&MXc$98iqWOiuYHP10(*M_rNIs7~F+u{-yw(w@#@42RN?VQ~XSr68|$vc8>{N{3E
zx*b~ADzSR?{tvUSp6Yp{<g@ki?{XhWua6fV)v*5-YTj?W!&0H@v`ze>P)XIU_xocx
zML+61of!4`xm=j|UH13f|CUP~U34xfaaMkjN8qf$jNda_{0kqiQ+a5+Cc8NDW9-T&
zyi*g+c8mR)Z!vY2NsCc(Z=0R(vY)pPCp_G=SH8a`WRZ6uyKvA}_k{aWcGhy|4=I-(
zX3Y+@S6Fr8*OuiULSN}Rgsn|lCl}>jB;jn8w)L!DWmLtn!^<vqZZK;;{fX0GalV=B
zjx4EjRlg;-9P9W}^<wtSeLME>_iF8AyLtK1@3KFaJXSay-Jc_EV!qQjA^V%)HId)!
zw^zn3l3gS<K}GTmfAm_*d6Tui8+<GKRvf%=!J|96E=+CA8cmNrmv}EQ5R6{Vu8_KR
zdFb_Z<=<C*(DK}Jzom2Pci!jI-djf9`(Z4+r$%v>e&ePs?$Ir}FW&huWN(^2O=`y3
z|4%D=-hUN%lNd57*vdD3e#!g(h&$#F>SYg|cM1OBF!N2%8)J!`Z_D1KYb^e$xaE5(
z)A60L?>ud+u6|g2=Ci^E<~_G+-f-Hy{%M+*D(A&x!4mq}uF5m{<ORz^Gxyh(OKt0`
zoN#*Gu8zrzCs_!wCxk>uRqikSC%AudhG_7%Ww~Djz1LrTn~|_?g@gJzH;eXw`FGzi
zE8bn%#^|E?(<oO-yC5(7z3ZpImprq*UqAQQa>r`V*V}<>I%gYXOqy{!ShMiojbrIG
zw_6yueR(5pH8a3beS&D>!NZT%$n6b$dLTcT@2-WbuJN<=2fT%OZ(lI^cF<pPLw|7e
zjQBh3)sKDI>>{48h?fa{B&4%z$vJ}(sfxa6t61Att37%Hx#d?YUp@CSVoi92;H8Tt
z5iJ#qHl~^GXuaEhRwUt*NU^?H&gUJ5s*6=#tiF5ZMLcs>``*s}@Q3np#+$1aI8IEQ
zVqN}yZ}<5tuUGrJ&wSytMDVlWz6F+>I(qd@UOaj7Om6Mm>c>+a-*OL64~jWqRC~Km
z{kPP6qe(k;4IK=m;l(AVh#{XG4?_w=5<?L~DnkK7zJVe_Qq)j{MJOaQH&wyV%-Gn%
z+{DPh)Y#P6poygru85s&K@&@oK@&?H6C;B`6H7QkhLKP)?fUeJO4^;)y%#Rpo}9qd
zc=_9Eg92iTX%UP6*S7WfysN$5qh<G{XhK61^MiQTIQK`-XQ*|~U9WIIFMaP$>E~xS
zmT@TUxq2t^{*8pPxi{2KYMfYIsl4#S6lD{K(u9B4PG8DuoS`qi*LqRF{3#P9G=kfI
zhvmI^R*-et`*oykv`z6rwj0_OZr6QIe-4r8zJIDb_buC_PYIh3Y}H+AccABWcGI`Q
zbdP`U%NSBRkF8YZES;Ii6}E|wbAzy>=E1MW<yZa@>DZQ08n|GccQSkLWdpW2j*@Ki
z&KG@Kd*l8++xlbc|Lp6>J|$jJJW_i-X))tlC7nk*6ZbZ<{ZP8uW@T-qx5sJARhFP5
zznb4|v$$@iHv6rH@F)ALC$>CnjN<*G%wKh4li-gON2fDc=N38lUG%HyD=X)g7jZrt
z%gxzx&*{n6?|GM|^eBhwoceGnS@+oV=%YtHi=<R}7p_{I#J}mL!S}lfv$QKpH$<KJ
zY*UqEvQ0t4E-bxJJWcdoO{z8PTt8Wc1DjYwlKILxPIh`#`%j&<XUVoZ^GsK~7CO(q
z&enDY`=UKOb1GAF^Ymub)y3+tWxLv~YFw<arpxNsDNDDP$8?qU89l0;Sn}#+eahVA
z+6n3*xtD{*JnntuILXF0!`X2cYo>8(#3|DprK}^Zi$4eLWGoHU__4=Z>?Z&GIlZd>
zXJ2YuFyIc^FId3sZT(nW_+{rgRn`Bo9me(Qt$Q{k2d+&GYGr<v6uxS4*Ke+Z<}-h-
z1HM)F)=5ptkWgL|^}Oo0?8h^j+tP1;SQ?kH#hk@q=H1$lr!MSjn_?$(Q@?$J@t5qi
z3bN<7cxdUL2^at0UveUI$)+;qr6T^l*>hIfSxPc)j6IPdyW&s2<esUloA*p@jyU>b
z-_6B6@eiDzPCoA@*(tniy2ll*qklgaKH4~C^Y-Q0|M{(7ZpwOo)@m2mH=C_}2`y1t
z93ov>lfsrPSbkG@{+$4o>z?Pj_AxzD2&=SdU%`AtJhI}*r6Zff_O$NaAMiltj)!W}
za;2Q9el-Hti;i5%<5XIcb#ca&J<o1-8r;iJm?!c;ddjDcLhmmb5v#O=8+yG;|DR9)
zJSX|jojqG$YjoeWyu-@0&e8Ee^Rii5U4{?bw{b;8S8n-yDuH!s-Z7=s^MZp5tD>|&
zF6?SNvgD7yi_jJaC0C6t{F5I#J&Lz8`Y0Ie68ZVN@SB!3PXf65y*1}wOEn0Yy6v<_
zy_Z$|p{}n>vfkEr&3>BJc_)^wSn+(-`KvPvm&W)6-rse)vf24~{DE&KMV_VZWp|Br
zwcV;_Imm33T2lJ_bgQ9}b>cDpjjD$Y7bwkJ-IcOqO1{DD%bdRsrE0o*Z~eT}_Br?L
zmir&BTH4FqK4Hk@IA!K7=2=+=k~!BH-G5~zANI0mbnh{+Gf*_(WMkFlV`h?KWndB6
z_oKZ0gh&zNr45GXFEjK`XP&TP8H>oSf34f=Ev@u*F60=+8HnZ7$$rgXVrFbx002Ap
B&(Ht>
literal 0
HcmV?d00001
diff --git a/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.p12 b/fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.p12
new file mode 100644
index 0000000000000000000000000000000000000000..ff3f0de9b9d456e0cb03f5c5478b64d26be5cf63
GIT binary patch
literal 3737
zcmXqL;+x9E$ZXKW=f}pW)#lOmotKfFaX}NGJxddxwLue~xj_@_Iut3^`7BMWvkjV9
zryDe}PG;kV>f+&IWLnU~>R`~sYGaTF*TKqb5NTk6;PMz~vxum#kPpA-8O7fD{hWID
z!_J(UE9|E;F{ukMF)A4FuyH_4Wa4CHFpy>AOlb39Ol4+a)M62sygltV$I}P#2VZo_
z#5k60XK7-&5OOrv>55#4$;;yt9RKe6$`O83Xw#b*0}HklVNO}nbG6UUGL*I6T575j
z`jS`bWMa<**XdEFlRmfo{V2{S;47)w#e3lWj^iipo?5%hbm8f)%=|Yxo~{y#>anG_
zSfl)v<`kdX{pD5Rqj^yqXEXlWF~3{o%R!@Sfz1=XrzhAR;Ov-C)Kb4O^IFEl^Y1p6
z=~h%S*ms+6lHaSEQjoo9WiHR%q&Ty--O}8`X~7cDPp(_F{bj`+!)JYN+vhKw$XBE#
zzanM!8ZOxncQ&jQ3E90qdS4|&uS;N!;ElKIZ%sUZ;o|Ho{);A``{uddGvLMA%r&c;
z8-KJee`h`E#`z~La~SRSNJd7>6{;F-G5FCa?4n=dShe}s^oy$!zV|+;IQ?+$VL63u
z+lm!xJ|4~Y4g9t8sLU+ZsL<H_3mPqJI2T{&Hdrx9Kvge{J5>JGwikZxOcLT7cR!Rj
zt!33-bIM>NYgB~2bX~#cgqzc6`EtKp=woG@utRb3({tV3tM49`n042TKj)X-`?XI5
z!mKLm?PK2>T(?l!v3YX#m#d0<nAI-WYuC&_@!Fa5biYlU-{LJE(yo%Olfr&&T(O2@
z+l2i>&daN`&N{A{btCLmHLJMbs$Db8S1;jU_;|MUr2w1#cI}AO&R<qrzMWk8O^4^E
z3InT~-1)7oUYBK`-VWC0E&Zcy_WdCDQ~k}sjZe2fDcdU;AA7e$d+OKn8*c=Jtv=T9
zIJ``on)bf^lu6J5i7%OgGn<zfPWttbb1A2s?UtCs;&Yy7e~Eq8R(oIYke0f!1y6%?
zX~40L@cX;%?i_Il+4YBEho@J%+fj#~=jEBR@?M^5k!voD*K}=QxzurvCF(Q7FDBi(
z+vzea(>>HS25NdSTOQfRw9`KHPK-3W^?K<dO`(?wyjiFBHmyE=NsY~@Iwp)kevV%8
z=l&%v9}GAAU-EIw#r;Z=<wp-j_lLeKmc9F`xZkB}(!F5bOAbd@?iQVFD{i`IS^JA~
z%Re{!IBziO>$w-U==-0lmhRk;xMxPo8=3F4S^dAEyWBk5soOZSa!u)f*Y4#O_QILc
z2DA6?^F4MaYhJDmuhZVn2<|7c`~57`r>)rY|Cp|(co>tqo6gVuw)VYi<o_PGOMDig
zx%&R2nFag3J(C>n{H@#+FRW^-(!blX$n)<0wbgO<LCSA3Lu`4qoX@kCWthhsJj^)A
z{M~b5?GG-~ja}T&gFIhcePozvcW&GN^7RXtzm;p;DAS6yXX*U8LBjs4<t5u0{O0}6
zESu)6e|C3|e!_*f-*qN5U2HhNR&ed~FSXB3`YtI?+I}u5BvX}Lcge<xzvl0mAO2po
zShhqog6(`q;DzOT7Vq4>;tZF%{Q1jEPMun9y5yvivCA8Y$)3B_6n^GUdwFczocVFZ
z_kv8PFY!EEH)E2q9Dmj7>N)yzHcb{tJsL1S=j&?ib;2J^yK*Klg)A&^?DzJ5uywn`
z8{I?AQ_4RII`;grx8J_xdYJ6L0{c_04_+4E5#97l>)`k22?t-<FJHOviEE>|YO?XO
zua7&<pV()gmi%>TRePo9eF?#8E2ib2KA(D69c#P(g<W}t=t1SRO-X5Ag|DqBf1WcT
z@?%{|jF!P>?U_QwtG=Xejc#~kESz7m<8DNym4)!%wV`GU#DkXEFkc9``#N21{=NtC
z9~1qWec8_$Iv7a9i%U)sLq0hkh7^V*h9ZVkh609s14V?SsG$gpP)KHOs)C`Jv5A3^
znW?3rk)ee_6GtOl5j)$0CXOP5CXPHNMh1f>j&y_!BcWoNN7?Lw@8cV}D<3b~x2)*m
zqc?~4iV;&xSL}=VvO1UL&*{s4S@QMmtPM@<A0GLMl;>~fNaL(#YrXGSnK!@uTfmgm
zzNY;QHXC?3d5+KAw)0lHosZ7J@4HrQeX+xL;-!fRNkJxETkqvXT;eLTH_6#_Lu*2G
zih)Y)RcGymceQ?;I`rgN;^Ok7joV8?+MF6W0*zZ^cl$8aJxg5lW8STkD+N7$e+vZd
ze|55&ufg2R>&eAC3!)aNuWxI%&6ljmzuy1f`*~V>+7@+@%5uw%Axy>RHY}goRbAbt
zCf(wm%Gs>`{1j*T&5-bIOa}5!`<?!Md85n!vvN(Xi$TwX#NB6gKG?1?NwNL7iPNa^
z&E)C>FZRC(Jgh%y_abKgPduD&=WR|nc)$9QpsT|qNrBsE%4Z5kwVFLknD*jgh?k@O
zmgkoqG%PG&xj9kE;ag63kL%@<j<EIpd!tLdg*8?38v?&@T#s9_B(8XR+Q$U9nL%&j
zcDl5tlyC5uA=IF_P_ROV^DTSj-ZxLxn3`NpYQD64@R#vQfX3==aX0nWye$kgy0BdS
z+7fSD(dqtkQq(S;%B-!F-YNZU_3FCo|2ZVj2`4Of4gSZqlkx1{Q;QOHZ|>Q(uy@hq
z_O{2*&pr5dr;~|6=X-m`{o|=Dyr&QPM~N_szWp?-?$S-KpG_wmCRU|gT3b+JZPS@{
zZPF9b74PNt{t-xRJb&_wUh<tSH`T>WjKA@GpEUn9zngxA*e>a?w_l=q%v^g{q<#vl
zPib40|IWF2XaCtC7pC(YIrx8_e6l!G?UA2f|Msk@x%)3Z6jNKZS>1;>y&y)!xqIbz
z(P=IFpZ7g$KjhuA`mEKPk4r)wy(^`I*H63_CqG-rjpu1`isnCQwVM$u_BKs^bkOWX
z+ol~C`1<R7uRgu*6DzZj?dZ#MIsQdl%i_F`@BVKwds&^>nPU(9?uFQ|d2V#1N$cvz
zRK|<vrZ|2#x&L%t+50)%jP`#D*yqSicD0BoG+*YvQfm6|;Fepvl^U;Z&Jg~T>hq&%
z_mw3~hg?0@HC0%*924+N&-^Or@Zi&zX;!OsH7jdgm56DknBCgl$YGboFY35RF*btR
zFQ~OEJH24m^H}$n+I@c3OVjTN{7?{B^H<(><B9_2-h*atAJRj&%Dp^1Eo8G}AJ=ql
z@jdIZ<cu9+Z*M>2z<u5K{Dsu(lbfFZ&1=8)TBmlg+c}<xOlogjucnop&(t;EUaI{(
zD{#Kb`loWjYdP+F*RZa<l{w)`>hbS=uaB$$WE6JFoyR}#!Msn&x4m{x50{DEzr85N
zd#ikk&-L?l<zYA8EYa4SbAtEutiCJyd!JmJeX?z7mdCNYg4DxZD!wZgFF)~1ujWAJ
z!@h#qe}9R+yb&aLtKH-9?1cu$*IkI1{p0_~sj1<=&fJ@H@kZ&DtR1IQAF|5*dYz)8
z!N#_X^_zVw$K7O?Cc%vb-RfRX^Gxo#*<TTRv$-|r<U2!)B$uK&)fZk&p2y$t!GC4t
zhUeWLa~N;P9O9Q!x2c_fT1MdMdcHRk`d%&!>9u)#xGU35P3beUg-YwbeOvR-{BQrB
zpqqCtt@-e^QWNbA5&Hx+My<}(m(_KW8GT>gZTddN);2|L`=1phms4NP%&cEJWB)@=
zg}E2z-kSdZgM$j!)K4buGuA9}UTr_M|Fuz4-`DS_*BnsTQ&DV{_S!+dOFuhyjyJpO
zH@zMAZ2Ql>R$@x}lx=lpztk<JDqg*3b1uXtU0SlDP=S4V*TtJE!OCXy)WmCV_VI9<
z&SXBe$#B)AQ@5X)uXwTaMx=!E;hqIE&dy%#biMcW!T#OXO43W;_X@vsG+M;0e9F0|
z<KVmp6ZTlmG?+g*S!T284c+AFLc4Re{hm>pnmCnRWB!!`b8D5JEo6%d*q5q(YUh>H
z|N3ej47}f3@bCL=-(b*je`T{@RzTO%-~Z06X8)D@@7tnv*50NEi_S%A+}<K-a<ax;
zx_#oRPt)|C3n^cBUMDBEUCHb8q~{JU_a*vyI^M7N=;|yet=k#Uu-u_)pWvFe5hcI5
zdF5Wq8nblmz18Y*Gp19x_t*mA`HEM1udS$`aL}=N!lgx#5y_L^s@T?daGb4Wwo*Od
z^R>A}%=qlF({j6Z9L`peJC&2YcS__W?dyg<FH%IZ#GdZl=zVFgmfYp8lgrnCH@0M0
zoj7@U36qt#g{_&1@7CgfyFLfoc=^e#+vyzLq4Hz>XD6|LIXf~c`QF97)y+BT(4@y`
zbL_&6!|7FbcHLgbCI0!-x4d~-uK(+go?z}h@}Zr#|IDr8y1vlcViP?S_vF+vOWr>t
z(X=^xe}xC@1i`+m96K4Z<PD9^{q%Nai^z>GG5a}R*epxJq<*2_vA(d@rgUMh$%{p&
z#xpEfHI?6f+nX=tW`B>w1zU^Rbo7|ZT3vUwh~mF`?q2G~32g~C*UbIB-pgISy;&gb
z$_#B+^&{+4_pCm?+~HZC_pf=;64U4UGwogV%7DY6NicoC<`QPHU}??AA2+Krbx&_J
ze2`SBzxwyl+&>SBKE#}|Wp=PD*A>fRdivqzIi-TAG(Yt_`rp%^>vrs#=G)9yD|S|6
z&wSMf=AUL<-T$S1O^Kj%|Ex6!f8_l=)$n{(_~j)NS*jE-`tS$!9lG!L?6#Qk<~b+!
z=yKlWx1VfKoTql;FR$kNLr<OiE<aJetkx~rs$1cw(<9tvoB1LB%AB?93U6FtS={&~
zr})(pFB!r1s_@Hh1)n(!qo(j4cdsi|Yr4%_zb1gc`F)$>Huc5cM*nUce0xl4533UI
zaRa+Vc9#axqwYyx0wwAkZk%$rSM-Sc%^hjH>Rn(&s}_HTZLEQvfuaE?8>==SGm{i6
z1B=KPg9mKf-{XB<@6@*`=sR{*9N3b?A`%s7dG>Smj!u>@Pv5_Nr>a;}{9qyzGh^EV
E0ENHSTmS$7
literal 0
HcmV?d00001
diff --git a/fda-authentication-service/rest-service/src/main/resources/saml/idp_metadata.xml b/fda-authentication-service/rest-service/src/main/resources/saml/idp_metadata.xml
new file mode 100644
index 0000000000..79437e90d1
--- /dev/null
+++ b/fda-authentication-service/rest-service/src/main/resources/saml/idp_metadata.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<md:EntityDescriptor entityID="http://www.okta.com/exk26nye6eBAomvJW5d7"
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
+ <md:IDPSSODescriptor WantAuthnRequestsSigned="false"
+ protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:KeyDescriptor use="signing">
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDqDCCApCgAwIBAgIGAXxuFWkiMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG
+ A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+ MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi0xMzk1MzkxNTEcMBoGCSqGSIb3DQEJ
+ ARYNaW5mb0Bva3RhLmNvbTAeFw0yMTEwMTEwNjQwMDlaFw0zMTEwMTEwNjQxMDlaMIGUMQswCQYD
+ VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
+ A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi0xMzk1MzkxNTEc
+ MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBAIZny5u9B0ooc5OigsxXv9MisZZzvXdoiIUtkF3Lvd2wEsdEcl8JPeZ0Id9xskaxkVhvvVeW
+ W+R0yADi4mmDkqrKfOkSKqBSFlaHAlH1OZyfWLTLmMwxTuVNCu200ok33p/iyJ5dff914YEuQRVw
+ 1u+t9UVwtSrNoDaJG8vxh1JsZ1zXceGRENvD/NdzV/PherPNmKnnr2r10uKTDrc03NJt22AOGxY0
+ s0NDHU2hqm8xNiGnztZxlcrjTKtUljOQnAsaqY+AugH1Ov40VABotgg+r69uz+lYpbDiDtpZbPfK
+ gwCcQwWeX0VaYDeK+ESXxo55eM8qxeMbC6CrKIALLw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+ WgUI3wswTBZa7zkF90KTnlb7+qnks4rdV8c6Guxpj5TIqsAZjDYv573Dqqpsp5QJBSfUwO1iRdXf
+ ueO6r8haLY2ukk5vjZd31GboH+e+py6nVATUZ5xL2JxMhDgG8Hh9Gg/rl04O4Uk12f9YJF1k5Qko
+ ZQ3Kaxf/5nKw3mJL4wzmJz3ezeEn4M5VyC6BfhIcIC+asScsEgjRNQQ/SrgG7ywl0C3i+P41Nw9x
+ cWXQ6pepnLVR9q1aaLv2cyZ7RiN0JyKxruWdZPAluPODEp65TpfKbfCBXM00Bikm4MW76rXH2sjI
+ uUmMDfGSFmR+urDPJdc8kL26X0kwUrbEXXsT3g==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </md:KeyDescriptor>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="https://dev-13953915.okta.com/app/dev-13953915_testtusaml_1/exk26nye6eBAomvJW5d7/sso/saml"/>
+ <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+ Location="https://dev-13953915.okta.com/app/dev-13953915_testtusaml_1/exk26nye6eBAomvJW5d7/sso/saml"/>
+ </md:IDPSSODescriptor>
+ <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="https://dbrepo.ossdip.at/api/auth"
+ index="1" />
+
+ </md:SPSSODescriptor>
+ <md:Organization>
+ <md:OrganizationName xml:lang="en-US">Technische Universität Wien</md:OrganizationName>
+ <md:OrganizationDisplayName xml:lang="en-US">TU Wien</md:OrganizationDisplayName>
+ <md:OrganizationURL xml:lang="en-US">https://tuwien.ac.at</md:OrganizationURL>
+ </md:Organization>
+ <md:ContactPerson contactType="technical">
+ <md:GivenName>Martin Weise</md:GivenName>
+ <md:EmailAddress>martin.weise@tuwien.ac.at</md:EmailAddress>
+ </md:ContactPerson>
+ <md:ContactPerson contactType="support">
+ <md:GivenName>Andreas Rauber</md:GivenName>
+ <md:EmailAddress>andreas.rauber@tuwien.ac.at</md:EmailAddress>
+ </md:ContactPerson>
+</md:EntityDescriptor>
\ No newline at end of file
diff --git a/fda-authentication-service/rest-service/src/main/resources/idp_metadata.xml b/fda-authentication-service/rest-service/src/main/resources/saml/metadata.xml
similarity index 71%
rename from fda-authentication-service/rest-service/src/main/resources/idp_metadata.xml
rename to fda-authentication-service/rest-service/src/main/resources/saml/metadata.xml
index bea0721ad3..696949e9b6 100644
--- a/fda-authentication-service/rest-service/src/main/resources/idp_metadata.xml
+++ b/fda-authentication-service/rest-service/src/main/resources/saml/metadata.xml
@@ -34,4 +34,24 @@
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://dev-13953915.okta.com/app/dev-13953915_testtusaml_1/exk26nye6eBAomvJW5d7/sso/saml"/>
</md:IDPSSODescriptor>
+ <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+ <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
+ <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+ Location="http://localhost:9097/api/auth"
+ index="1" />
+
+ </md:SPSSODescriptor>
+ <md:Organization>
+ <md:OrganizationName xml:lang="en-US">Technische Universität Wien</md:OrganizationName>
+ <md:OrganizationDisplayName xml:lang="en-US">TU Wien</md:OrganizationDisplayName>
+ <md:OrganizationURL xml:lang="en-US">https://tuwien.ac.at</md:OrganizationURL>
+ </md:Organization>
+ <md:ContactPerson contactType="technical">
+ <md:GivenName>Martin Weise</md:GivenName>
+ <md:EmailAddress>martin.weise@tuwien.ac.at</md:EmailAddress>
+ </md:ContactPerson>
+ <md:ContactPerson contactType="support">
+ <md:GivenName>Andreas Rauber</md:GivenName>
+ <md:EmailAddress>andreas.rauber@tuwien.ac.at</md:EmailAddress>
+ </md:ContactPerson>
</md:EntityDescriptor>
\ No newline at end of file
diff --git a/fda-authentication-service/rest-service/src/main/resources/sp_metadata.xml b/fda-authentication-service/rest-service/src/main/resources/saml/sp_metadata.xml
similarity index 68%
rename from fda-authentication-service/rest-service/src/main/resources/sp_metadata.xml
rename to fda-authentication-service/rest-service/src/main/resources/saml/sp_metadata.xml
index 64ef410c5a..696482b54b 100644
--- a/fda-authentication-service/rest-service/src/main/resources/sp_metadata.xml
+++ b/fda-authentication-service/rest-service/src/main/resources/saml/sp_metadata.xml
@@ -1,15 +1,20 @@
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- validUntil="2021-10-13T10:33:48Z"
+ validUntil="2021-10-13T15:46:10Z"
cacheDuration="PT604800S"
entityID="at:tuwien:dbrepo:auth">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
- Location="http://localhost:9097/api/auth"
+ Location="https://dbrepo.ossdip.at/api/auth"
index="1" />
</md:SPSSODescriptor>
+ <md:Organization>
+ <md:OrganizationName xml:lang="en-US">Technische Universität Wien</md:OrganizationName>
+ <md:OrganizationDisplayName xml:lang="en-US">TU Wien</md:OrganizationDisplayName>
+ <md:OrganizationURL xml:lang="en-US">https://tuwien.ac.at</md:OrganizationURL>
+ </md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>Martin Weise</md:GivenName>
<md:EmailAddress>martin.weise@tuwien.ac.at</md:EmailAddress>
diff --git a/fda-authentication-service/rest-service/src/main/resources/x509/.gitkeep b/fda-authentication-service/rest-service/src/main/resources/x509/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-chain.pem b/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-chain.pem
new file mode 100644
index 0000000000..d6ad39839a
--- /dev/null
+++ b/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-chain.pem
@@ -0,0 +1,91 @@
+-----BEGIN CERTIFICATE-----
+MIIFITCCBAmgAwIBAgISBEh169kOMeYh+SgBdP8KFL2fMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMTEwMTIwNzA4NTVaFw0yMjAxMTAwNzA4NTRaMBgxFjAUBgNVBAMT
+DWRldi5vc3NkaXAuYXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm
+vl9NZd4qV53j8U1irMwR0RXR2tl0i3FqXUxGYUHabIADLciAzl83vFnPMmJFeubn
+DBGfkP2Z7Q+96fgwuxhXVVovT4uCwNcUGW66LzwemYJKnauy6muPooyllLO/mHAe
+hhtdber7H9dwj8gdTjIDGRgw/owElsMGYOt1XxXRpnmh6QzvprT38Lt7OTfRlvlz
+//p0PoYzfeI295fSGuIAl2rVAOQJq/n/Nl3dbTQ4KdLn0raf5am1ah+S904br34J
+FyDfziswLGNRQ4SuYxFUXmfyV8TsxmJeRRfBa6JFofbAsuvzJ/TcJDiaLcsWjbWz
+KQTz8tWhTA1U5McU0sLTAgMBAAGjggJJMIICRTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+BBYEFIDkQgQxxpq9cTecpFYY97S7ClRyMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
+QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
+Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
+MBgGA1UdEQQRMA+CDWRldi5vc3NkaXAuYXQwTAYDVR0gBEUwQzAIBgZngQwBAgEw
+NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
+cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgBByMqx3yJGShDGoToJ
+QodeTjGLGwPr60vHaPCQYpYG9gAAAXxzjB5xAAAEAwBHMEUCIQCYOtWFJnGtJ2kC
+E+De2h/eWKrQPf6guJq/tCWz3XdCPQIgdPKdERwSqECytmCG2jPXLMSxL+LrIPtY
+Zl/cZSePFzkAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq/L8cP5tRwAAAXxz
+jCKvAAAEAwBIMEYCIQCb1vdGOZx4MU72UABM5WOdUNKLZyuqmRYY8MWCiEnuMgIh
+AL1Q3SAtogxxJh61qIk9/9R+0n1xQ+xxPkq81uid+l8cMA0GCSqGSIb3DQEBCwUA
+A4IBAQADxwr9oAA5hCyqqzcmqgk0fk6wv3r/hzki+mZ/CjiIN9HdcOP5rP+B29Xu
+WvN+8j/nIOuwGg1vI/vQn3XUg/ICsaVDTqnN6FiK6+08Vp1A90j0hhExFMWWNIbA
+OIE/KYHnqpu0jFBKRA7XhRAXCyl1JGbfhxdHJHt2oZ9RKB85b9NogUB4II9A2rE2
+BUyS4fpUAFWJOWrkvc6uV2gWfMfr85L6rnpBl6xBuEr/9zOK87jjiqyq86MBTvPu
+6Pyd0m0OA9fiP/8XzrdOtmUX0yXxCpUzT7VzW/85oFU8HG1dbfu0QqGmYgYKEgwe
+r8US8fgeAoSkCQJmQC6z8/PRtkI0
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-key.pem b/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-key.pem
new file mode 100644
index 0000000000..f5c34a737f
--- /dev/null
+++ b/fda-authentication-service/rest-service/src/main/resources/x509/dev-ossdip-at-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCmvl9NZd4qV53j
+8U1irMwR0RXR2tl0i3FqXUxGYUHabIADLciAzl83vFnPMmJFeubnDBGfkP2Z7Q+9
+6fgwuxhXVVovT4uCwNcUGW66LzwemYJKnauy6muPooyllLO/mHAehhtdber7H9dw
+j8gdTjIDGRgw/owElsMGYOt1XxXRpnmh6QzvprT38Lt7OTfRlvlz//p0PoYzfeI2
+95fSGuIAl2rVAOQJq/n/Nl3dbTQ4KdLn0raf5am1ah+S904br34JFyDfziswLGNR
+Q4SuYxFUXmfyV8TsxmJeRRfBa6JFofbAsuvzJ/TcJDiaLcsWjbWzKQTz8tWhTA1U
+5McU0sLTAgMBAAECggEALFYeXSQjCLs3Xm7BFuW/dVVVKfG5NIYHaDLanzQpIH0N
+JMs9rxIwu083yiIpgzQExZat8PHKnO0t7F+UANEezcoCKuZJwECqb8u7Z4I7yB8l
+R9XY27/9Tbn5D+YUTXOpDFS4XgVmH9P9ow54NWKfZbd8eTqV3HqB7OZEdXcNBCuD
+1RPpEB+UJx+7HMfqRfyjSF0fKOEPjq2aBw3DfYuwiU2O/L9n5KftU05AQA8FTGe+
+gOnnGjEIPvwykspB8pgKri9TB3RAs22mrho1L7j3ThEBa+sauvUWsKG72WjHjzKJ
+07WGa28uW2qhXxGZD5aAbOmLHHV2d9F81OpeRnM7kQKBgQDZO9cBdO2lvGVsnAVi
+O0G1gSficX/jFUEKb15EzvyEuEElCFcIOWZgvmn+9Zr4TAJLzgSUgGTlREvLM4Zf
+mh2RR2fXRMbmPiI+37+E/841Aa5b/pfJj4kolz2Y3FmlrztPTlPkx8kFckdW4HSH
+WHM3VlIfWSWdGQye8EuPC5+mXQKBgQDEf+4M8q16q4SxnX2Yci46cZbnS98n7QG/
+HnuVElmnodxV7OOc773x7/nyoW8j3hhD9GWQkPjQMbT5c8pMix5+/AG2vvjtzhJW
+klnYz7iw2k6+OY1oMSPu+f/wBpXOhJCniAFjPJCXwpSA+h0KuaxfOhxxOZl++E8c
+gEmbc1Ua7wKBgQChBt6F0esnY9O7ApxrCInYxXiPPpsR9XtVBODYGKbOqtZ/YQNC
+sWnWZM+lkuHhFFbPYlO60MH5wPp+Eh+VVmR8gHXU+MKHgZ9ZA/qv1/8/A5P/1WUm
+oCOH1zRtz0kUrCRG0UUW3ZGBXAjNuWwnt8UQTAhr/GUJYrwcRPt9eZxKcQKBgQDE
+P3RTUCd8RULQVRczoo2S5xEsTbVA3c8Jvnr0hhAugFRbKKymdzXAJMj/zsT+EHkx
+nSu2d2NYIty46jDXw3WgozVe+1oHvvDHr4C2LbcqQc205CvbLIDT0rEPWrRRPkpu
+V0Hzh3BtcPL54VIR/SAvNw1i84Des0XnlCRvcX9E1wKBgQC8DgYnsMEGFpVBp1xT
+0ER0XSq5njl6vAoUCkw3jN+dkWxYjI9sWQtP5pyrE0kWDG8h9/mbRG5rTFK7PzK6
+Vilqp7hws3NuKec3uRBtoeZI2wIBVfBihTLM7AhUROsrbf2ocP1jfEvl7yd49UYI
+i/dStaqfpozr864eytU8Pzct3g==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/fda-authentication-service/services/src/main/java/at/tuwien/config/SamlConfig.java b/fda-authentication-service/services/src/main/java/at/tuwien/config/SamlConfig.java
index a1c2074c98..91f12bed3d 100644
--- a/fda-authentication-service/services/src/main/java/at/tuwien/config/SamlConfig.java
+++ b/fda-authentication-service/services/src/main/java/at/tuwien/config/SamlConfig.java
@@ -1,15 +1,15 @@
package at.tuwien.config;
-import at.tuwien.service.UserService;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.saml2.metadata.provider.*;
+import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
@@ -48,42 +48,26 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import java.io.File;
import java.util.*;
-/**
- *
- */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SamlConfig extends WebSecurityConfigurerAdapter implements InitializingBean, DisposableBean {
- private final UserService userService;
-
private Timer backgroundTaskTimer;
private MultiThreadedHttpConnectionManager multiThreadedHttpConnectionManager;
- @Autowired
- public SamlConfig(UserService userService) {
- this.userService = userService;
- }
+ @Value("${spring.security.saml2.metadata}")
+ private String serviceMetadataPath;
- @Value("${fda.saml.keystore.location}")
+ @Value("${server.ssl.key-store}")
private String samlKeystoreLocation;
- @Value("${fda.saml.keystore.alias}")
+ @Value("${server.ssl.key-alias}")
private String samlKeystoreAlias;
- @Value("${fda.saml.keystore.password}")
+ @Value("${server.ssl.key-store-password}")
private String samlKeystorePassword;
- @Value("${fda.identity.provider.metadata}")
- private String identityProviderMetadataPath;
-
- @Value("${fda.identity.provider.discovery.url}")
- private String identityProviderDiscoveryUrl;
-
- @Value("${fda.identity.provider.discovery.response}")
- private String identityProviderDiscoveryResponseUrl;
-
/* The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there */
@Bean
public MetadataDisplayFilter metadataDisplayFilter() {
@@ -121,7 +105,7 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
/* Processing filter for WebSSO profile messages */
@Bean
public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception {
- SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter();
+ final SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter();
samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager());
samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
samlWebSSOProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
@@ -151,8 +135,7 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
return logoutHandler;
}
- /* Filter processing incoming logout messages. First argument determines URL user will be redirected to after
- successful global logout */
+ /* Filter processing incoming logout messages */
@Bean
public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
return new SAMLLogoutProcessingFilter(successLogoutHandler(),
@@ -217,39 +200,24 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
return new SAMLProcessorImpl(bindings);
}
- /**
- * Define the security filter chain in order to support SSO Auth by using SAML 2.0
- *
- * @return Filter chain proxy
- * @throws Exception
- */
+ /* Define the security filter chain in order to support SSO Auth by using SAML 2.0 */
@Bean
public FilterChainProxy samlFilter() throws Exception {
List<SecurityFilterChain> chains = new ArrayList<>();
- chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/login/**"),
+ chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
+ samlWebSSOProcessingFilter()));
+ chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
+ samlDiscovery()));
+ chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
samlEntryPoint()));
- chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/logout/**"),
+ chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
samlLogoutFilter()));
- chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/metadata/**"),
- metadataDisplayFilter()));
- chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/SSO/**"),
- samlWebSSOProcessingFilter()));
- chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/SSOHoK/**"),
- samlWebSSOHoKProcessingFilter()));
- chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/SingleLogout/**"),
+ chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
samlLogoutProcessingFilter()));
- chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/context/saml/discovery/**"),
- samlDiscovery()));
return new FilterChainProxy(chains);
}
- /**
- * Returns the authentication manager currently used by Spring.
- * It represents a bean definition with the aim allow wiring from
- * other classes performing the Inversion of Control (IoC).
- *
- * @throws Exception
- */
+ /* Returns the authentication manager currently used by Spring. */
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
@@ -258,9 +226,6 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
/**
* Defines the web based security configuration.
- *
- * @param http It allows configuring web based security for specific http requests.
- * @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
@@ -282,9 +247,6 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
/**
* Sets a custom authentication provider.
- *
- * @param auth SecurityBuilder used to create an AuthenticationManager.
- * @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -326,7 +288,7 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider() throws MetadataProviderException {
final FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(
- new File(identityProviderMetadataPath));
+ new File(serviceMetadataPath));
filesystemMetadataProvider.setParserPool(parserPool());
final ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(filesystemMetadataProvider,
extendedMetadata());
@@ -338,10 +300,8 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
/* IDP Discovery Service */
@Bean
- public SAMLDiscovery samlDiscovery() {
- SAMLDiscovery idpDiscovery = new SAMLDiscovery();
- idpDiscovery.setIdpSelectionPath("/api/auth/discovery");
- return idpDiscovery;
+ public SAMLDiscovery samlDiscovery() throws MetadataProviderException {
+ return new SAMLDiscovery();
}
/* Setup advanced info about metadata */
@@ -350,8 +310,6 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
ExtendedMetadata extendedMetadata = new ExtendedMetadata();
extendedMetadata.setLocal(true);
extendedMetadata.setIdpDiscoveryEnabled(true);
- extendedMetadata.setIdpDiscoveryURL(identityProviderDiscoveryUrl);
- extendedMetadata.setIdpDiscoveryResponseURL(identityProviderDiscoveryResponseUrl);
extendedMetadata.setSignMetadata(true);
extendedMetadata.setEcpEnabled(true);
return extendedMetadata;
@@ -360,23 +318,23 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
/* Entry point to initialize authentication, default values taken from properties file */
@Bean
public SAMLEntryPoint samlEntryPoint() {
- SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint();
+ final SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint();
samlEntryPoint.setDefaultProfileOptions(defaultWebSSOProfileOptions());
return samlEntryPoint;
}
@Bean
public WebSSOProfileOptions defaultWebSSOProfileOptions() {
- WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
+ final WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
webSSOProfileOptions.setIncludeScoping(false);
return webSSOProfileOptions;
}
@Bean
public KeyManager keyManager() {
- DefaultResourceLoader loader = new DefaultResourceLoader();
- Resource storeFile = loader.getResource(samlKeystoreLocation);
- Map<String, String> passwords = new HashMap<>();
+ final DefaultResourceLoader loader = new DefaultResourceLoader();
+ final Resource storeFile = loader.getResource(samlKeystoreLocation);
+ final Map<String, String> passwords = new HashMap<>();
passwords.put(samlKeystoreAlias, samlKeystorePassword);
return new JKSKeyManager(storeFile, samlKeystorePassword, passwords, samlKeystoreAlias);
}
@@ -429,8 +387,8 @@ public class SamlConfig extends WebSecurityConfigurerAdapter implements Initiali
/* SAML Authentication Provider responsible for validating of received SAML messages */
@Bean
public SAMLAuthenticationProvider samlAuthenticationProvider() {
- SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
- samlAuthenticationProvider.setUserDetails(userService);
+ final SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
+// samlAuthenticationProvider.setUserDetails(userService);
samlAuthenticationProvider.setForcePrincipalAsString(false);
return samlAuthenticationProvider;
}
diff --git a/fda-authentication-service/services/src/main/java/at/tuwien/service/UserService.java b/fda-authentication-service/services/src/main/java/at/tuwien/service/UserService.java
deleted file mode 100644
index e59fd5da9e..0000000000
--- a/fda-authentication-service/services/src/main/java/at/tuwien/service/UserService.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package at.tuwien.service;
-
-import lombok.extern.log4j.Log4j2;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.saml.SAMLCredential;
-import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
-import org.springframework.stereotype.Service;
-
-import java.util.ArrayList;
-import java.util.List;
-
-@Log4j2
-@Service
-public class UserService implements SAMLUserDetailsService {
-
- @Override
- public Object loadUserBySAML(SAMLCredential credential) throws UsernameNotFoundException {
- final String userID = credential.getNameID().getValue();
- log.debug("Logged in user {}", userID);
- List<GrantedAuthority> authorities = new ArrayList<>();
- GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
- authorities.add(authority);
- return new User(userID, "<abc123>", true, true, true, true, authorities);
- }
-
-}
diff --git a/fda-ui/components/.gitkeep b/fda-ui/components/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2
--
GitLab