1
0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2024-11-23 15:21:25 +01:00

login shows properly in keycloak, need to fix Xbool error for attributes extracting after successful login

This commit is contained in:
Dimitrios Kaitantzidis 2024-10-21 20:45:30 +03:00
parent 34ef4c7384
commit 5ad3cfdd07
5 changed files with 65 additions and 23 deletions

View File

@ -32,6 +32,7 @@ import org.springframework.security.saml2.provider.service.authentication.OpenSa
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@ -396,18 +397,42 @@ public class SecurityConfiguration {
Saml2X509Credential verificationCredential = Saml2X509Credential.verification(idpCert);
RelyingPartyRegistration rp =
RelyingPartyRegistrations.fromMetadataLocation(samlConf.getIdpMetadataUriString())
.entityId(samlConf.getEntityId())
.registrationId(samlConf.getRegistrationId())
.signingX509Credentials((c) -> c.add(signingCredential))
.singleLogoutServiceLocation(samlConf.getIdpSingleLogoutUrl())
.assertingPartyDetails(
(details) ->
details
//
// .entityId(samlConf.getIdpIssuer())
//
// .singleSignOnServiceLocation(
//
// samlConf.getIdpSingleLoginUrl())
.verificationX509Credentials(
(c) -> c.add(verificationCredential))
.wantAuthnRequestsSigned(true))
.build();
/*
RelyingPartyRegistration rp =
RelyingPartyRegistration.withRegistrationId(samlConf.getRegistrationId())
.entityId(samlConf.getEntityId())
.signingX509Credentials((c) -> c.add(signingCredential))
.assertingPartyDetails(
(details) ->
details.entityId(samlConf.getIdpIssuer())
details.entityId(samlConf.getEntityId())
.singleSignOnServiceLocation(
samlConf.getIdpSingleLoginUrl())
.verificationX509Credentials(
(c) -> c.add(verificationCredential))
.wantAuthnRequestsSigned(true))
.build();
*/
return new InMemoryRelyingPartyRegistrationRepository(rp);
}

View File

@ -70,6 +70,7 @@ public class CustomSaml2ResponseAuthenticationConverter
private Map<String, List<Object>> extractAttributes(Assertion assertion) {
Map<String, List<Object>> attributes = new HashMap<>();
try {
for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
for (Attribute attribute : attributeStatement.getAttributes()) {
String attributeName = attribute.getName();
@ -81,6 +82,10 @@ public class CustomSaml2ResponseAuthenticationConverter
attributes.put(attributeName, values);
}
}
} catch (Exception ex) {
log.error("Could not extract attributes. Error: " + ex.getMessage());
return attributes;
}
return attributes;
}
}

View File

@ -124,6 +124,7 @@ public class ApplicationProperties {
private Boolean enabled = false;
private Boolean autoCreateUser = false;
private Boolean blockRegistration = false;
private String entityId = "stirling";
private String registrationId = "stirling";
private String idpMetadataUri;
private String idpSingleLogoutUrl;
@ -149,6 +150,10 @@ public class ApplicationProperties {
}
}
public String getIdpMetadataUriString() {
return this.idpMetadataUri;
}
public Resource getSpCert() {
if (spCert.startsWith("classpath:")) {
return new ClassPathResource(spCert.substring("classpath:".length()));
@ -172,6 +177,10 @@ public class ApplicationProperties {
return new FileSystemResource(privateKey);
}
}
public String getEntityId() {
return entityId;
}
}
@Data

View File

@ -51,3 +51,5 @@ springdoc.swagger-ui.url=/v1/api-docs
posthog.api.key=phc_fiR65u5j6qmXTYL56MNrLZSWqLaDW74OrZH0Insd2xq
posthog.host=https://eu.i.posthog.com
server.port=8090

View File

@ -12,7 +12,7 @@
security:
enableLogin: false # set to 'true' to enable login
enableLogin: true # set to 'true' to enable login
csrfDisabled: true # Set to 'true' to disable CSRF protection (not recommended for production)
loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1
loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
@ -48,17 +48,18 @@ security:
scopes: openid, profile, email # Specify the scopes for which the application will request permissions
provider: google # Set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
saml2:
enabled: false
enabled: true
autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users
blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
registrationId: stirling
idpMetadataUri: https://dev-XXXXXXXX.okta.com/app/externalKey/sso/saml/metadata
idpSingleLogoutUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/slo/saml
idpSingleLoginUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/sso/saml
idpIssuer: http://www.okta.com/externalKey
idpCert: classpath:octa.crt
privateKey: classpath:saml-private-key.key
spCert: classpath:saml-public-cert.crt
entityId: 'spring-boot-app'
registrationId: 'keycloak'
idpMetadataUri: 'http://localhost:8080/realms/saml-sso/protocol/saml/descriptor'
idpSingleLogoutUrl: 'http://localhost:8080/realms/saml-sso/protocol/saml'
idpSingleLoginUrl: 'http://localhost:8080/realms/saml-sso/protocol/saml'
idpIssuer: 'http://localhost:8080/realms/saml-sso'
idpCert: 'classpath:saml-public-cert.crt'
privateKey: 'classpath:local.key'
spCert: 'classpath:local.crt'
# Enterprise edition settings unused for now please ignore!
enterpriseEdition: