public SamlConfig(Security security) { if (!security.getAuthn().getSaml().isEnabled()) { return; } Saml saml = security.getAuthn().getSaml(); this.enabled = saml.isEnabled(); this.issuerId = saml.getIssuerId(); this.metadataUrl = "file:" + saml.getMetadataLocal(); if (StringUtils.isNotEmpty(saml.getMetadataRemote())) { this.metadataUrl = saml.getMetadataRemote(); } this.keyStore = "file:" + saml.getKeyStore(); this.keyStoreAliasName = saml.getKeyStoreAliasName(); this.keyStorePassword = saml.getKeyStorePassword(); URL u = saml.getServiceAddress(); this.redirectProtocol = u.getProtocol(); this.redirectHostname = u.getHost(); if (u.getPort() != -1) { this.redirectHostname += ":" + u.getPort(); } if (StringUtils.isNotEmpty(u.getPath())) { this.redirectBasePath = u.getPath(); } } }
@Override protected AuthnMethod editAuthnMethod(Saml s) { s.setIssuerId(isSet(issuerId) ? issuerId : s.getIssuerId()); s.setKeyStore(isSet(keystore) ? keystore : s.getKeyStore()); s.setKeyStorePassword(isSet(keystorePassword) ? keystorePassword : s.getKeyStorePassword()); s.setKeyStoreAliasName(isSet(keystoreAliasName) ? keystoreAliasName : s.getKeyStoreAliasName()); s.setServiceAddress(isSet(serviceAddress) ? serviceAddress : s.getServiceAddress()); if (isSet(metadata)) { if (metadata.startsWith("http")) { s.setMetadataRemote(metadata); s.setMetadataLocal(null); } else { s.setMetadataLocal(metadata); s.setMetadataRemote(null); } } return s; } }
/** * @return True if any core field in an authentication method has a non-empty value. "Core fields" * are generally required fields to make an authentication method work, such as client ID/secret, * or path to a certficate store. */ private boolean maybeShouldBeEnabled(Authn n) { OAuth2 o = n.getOauth2(); Saml s = n.getSaml(); Ldap l = n.getLdap(); IAP i = n.getIap(); // There isn't a good "core fields" for X509 return StringUtils.isNotEmpty(o.getClient().getClientId()) || StringUtils.isNotEmpty(o.getClient().getClientSecret()) || StringUtils.isNotEmpty(s.getIssuerId()) || StringUtils.isNotEmpty(s.getKeyStore()) || StringUtils.isNotEmpty(l.getUserDnPattern()) || StringUtils.isNotEmpty(l.getUserSearchBase()) || StringUtils.isNotEmpty(l.getUserSearchFilter()) || StringUtils.isNotEmpty(i.getAudience()); } }
public boolean isEnabled() { return getOauth2().isEnabled() || getSaml().isEnabled() || getLdap().isEnabled() || getX509().isEnabled() || getIap().isEnabled(); }
/** * @return True if any core field in an authentication method has a non-empty value. "Core fields" * are generally required fields to make an authentication method work, such as client ID/secret, * or path to a certficate store. */ private boolean maybeShouldBeEnabled(Authn n) { OAuth2 o = n.getOauth2(); Saml s = n.getSaml(); Ldap l = n.getLdap(); IAP i = n.getIap(); // There isn't a good "core fields" for X509 return StringUtils.isNotEmpty(o.getClient().getClientId()) || StringUtils.isNotEmpty(o.getClient().getClientSecret()) || StringUtils.isNotEmpty(s.getIssuerId()) || StringUtils.isNotEmpty(s.getKeyStore()) || StringUtils.isNotEmpty(l.getUserDnPattern()) || StringUtils.isNotEmpty(l.getUserSearchBase()) || StringUtils.isNotEmpty(l.getUserSearchFilter()) || StringUtils.isNotEmpty(i.getAudience()); } }
public boolean isEnabled() { return getOauth2().isEnabled() || getSaml().isEnabled() || getLdap().isEnabled() || getX509().isEnabled() || getIap().isEnabled(); }
public SamlConfig(Security security) { if (!security.getAuthn().getSaml().isEnabled()) { return; } Saml saml = security.getAuthn().getSaml(); this.enabled = saml.isEnabled(); this.issuerId = saml.getIssuerId(); this.metadataUrl = "file:" + saml.getMetadataLocal(); if (StringUtils.isNotEmpty(saml.getMetadataRemote())) { this.metadataUrl = saml.getMetadataRemote(); } this.keyStore = "file:" + saml.getKeyStore(); this.keyStoreAliasName = saml.getKeyStoreAliasName(); this.keyStorePassword = saml.getKeyStorePassword(); URL u = saml.getServiceAddress(); this.redirectProtocol = u.getProtocol(); this.redirectHostname = u.getHost(); if (u.getPort() != -1) { this.redirectHostname += ":" + u.getPort(); } if (StringUtils.isNotEmpty(u.getPath())) { this.redirectBasePath = u.getPath(); } } }
@Override protected AuthnMethod editAuthnMethod(Saml s) { s.setIssuerId(isSet(issuerId) ? issuerId : s.getIssuerId()); s.setKeyStore(isSet(keystore) ? keystore : s.getKeyStore()); s.setKeyStorePassword(isSet(keystorePassword) ? keystorePassword : s.getKeyStorePassword()); s.setKeyStoreAliasName(isSet(keystoreAliasName) ? keystoreAliasName : s.getKeyStoreAliasName()); s.setServiceAddress(isSet(serviceAddress) ? serviceAddress : s.getServiceAddress()); if (isSet(metadata)) { if (metadata.startsWith("http")) { s.setMetadataRemote(metadata); s.setMetadataLocal(null); } else { s.setMetadataLocal(metadata); s.setMetadataRemote(null); } } return s; } }
@Override protected GateConfig getGateConfig(ServiceSettings gate, Security security) { GateConfig config = new GateConfig(gate, security); if (security.getAuthn().getOauth2().isEnabled()) { config.spring = new SpringConfig(security); } else if (security.getAuthn().getSaml().isEnabled()) { config.saml = new SamlConfig(security); } else if (security.getAuthn().getLdap().isEnabled()) { config.ldap = new LdapConfig(security); } else if (security.getAuthn().getIap().isEnabled()) { config.google.iap = new IAPConfig(security); } if (security.getAuthn().getX509().isEnabled()) { config.x509 = new X509Config(security); } return config; } }
@Override public void validate(ConfigProblemSetBuilder p, Saml saml) { if (!saml.isEnabled()) { return; if (StringUtils.isEmpty(saml.getMetadataLocal()) && StringUtils.isEmpty(saml.getMetadataRemote())) { p.addProblem(Problem.Severity.ERROR, "No metadata file specified."); if (StringUtils.isNotEmpty(saml.getMetadataLocal())) { try { new File(new URI("file:" + saml.getMetadataLocal())); } catch (Exception f) { p.addProblem(Problem.Severity.ERROR, f.getMessage()); if (StringUtils.isNotEmpty(saml.getMetadataRemote())) { try { HttpClientBuilder.create().build().execute(new HttpGet(saml.getMetadataRemote())); } catch (IOException e) { p.addProblem(Problem.Severity.WARNING, "Cannot access remote metadata.xml file: " + if (StringUtils.isEmpty(saml.getIssuerId())) { p.addProblem(Problem.Severity.ERROR, "No issuerId specified."); if (StringUtils.isEmpty(saml.getKeyStore())) { p.addProblem(Problem.Severity.ERROR, "No keystore specified."); if (StringUtils.isEmpty(saml.getKeyStorePassword())) { p.addProblem(Problem.Severity.ERROR, "No keystore password specified.");
@Override protected GateConfig getGateConfig(ServiceSettings gate, Security security) { GateConfig config = new GateConfig(gate, security); if (security.getAuthn().getOauth2().isEnabled()) { config.spring = new SpringConfig(security); } else if (security.getAuthn().getSaml().isEnabled()) { config.saml = new SamlConfig(security); } else if (security.getAuthn().getLdap().isEnabled()) { config.ldap = new LdapConfig(security); } else if (security.getAuthn().getIap().isEnabled()) { config.google.iap = new IAPConfig(security); } if (security.getAuthn().getX509().isEnabled()) { config.x509 = new X509Config(security); } return config; } }
@Override public void validate(ConfigProblemSetBuilder p, Saml saml) { if (!saml.isEnabled()) { return; if (StringUtils.isEmpty(saml.getMetadataLocal()) && StringUtils.isEmpty(saml.getMetadataRemote())) { p.addProblem(Problem.Severity.ERROR, "No metadata file specified."); if (StringUtils.isNotEmpty(saml.getMetadataLocal())) { try { new File(new URI("file:" + saml.getMetadataLocal())); } catch (Exception f) { p.addProblem(Problem.Severity.ERROR, f.getMessage()); if (StringUtils.isNotEmpty(saml.getMetadataRemote())) { try { HttpClientBuilder.create().build().execute(new HttpGet(saml.getMetadataRemote())); } catch (IOException e) { p.addProblem(Problem.Severity.WARNING, "Cannot access remote metadata.xml file: " + if (StringUtils.isEmpty(saml.getIssuerId())) { p.addProblem(Problem.Severity.ERROR, "No issuerId specified."); if (StringUtils.isEmpty(saml.getKeyStore())) { p.addProblem(Problem.Severity.ERROR, "No keystore specified."); if (StringUtils.isEmpty(saml.getKeyStorePassword())) { p.addProblem(Problem.Severity.ERROR, "No keystore password specified.");
@Override protected GateConfig getGateConfig(ServiceSettings gate, Security security) { GateConfig config = new GateConfig(gate, security); if (security.getAuthn().getOauth2().isEnabled()) { config.security.oauth2 = security.getAuthn().getOauth2(); } else if (security.getAuthn().getSaml().isEnabled()) { config.saml = new SamlConfig(security); } else if (security.getAuthn().getLdap().isEnabled()) { config.ldap = new LdapConfig(security); } else if (security.getAuthn().getIap().isEnabled()) { config.google.iap = new IAPConfig(security); } if (security.getAuthn().getX509().isEnabled()) { config.x509 = new X509Config(security); } return config; } }
@Override protected GateConfig getGateConfig(ServiceSettings gate, Security security) { GateConfig config = new GateConfig(gate, security); if (security.getAuthn().getOauth2().isEnabled()) { config.security.oauth2 = security.getAuthn().getOauth2(); } else if (security.getAuthn().getSaml().isEnabled()) { config.saml = new SamlConfig(security); } else if (security.getAuthn().getLdap().isEnabled()) { config.ldap = new LdapConfig(security); } else if (security.getAuthn().getIap().isEnabled()) { config.google.iap = new IAPConfig(security); } if (security.getAuthn().getX509().isEnabled()) { config.x509 = new X509Config(security); } return config; } }