Added custom InMemory SAML2 Authentication Request Repository
Added attributes mapping in application*.yml config Added attributes default values in application*.yml config Corrected MOCK-IDP to return InResponseTo and complex attribute names
This commit is contained in:
parent
f548a0b31e
commit
eb3a621b17
7 changed files with 458 additions and 75 deletions
|
|
@ -144,14 +144,14 @@ resilient:
|
|||
enabled: false
|
||||
port: 8081
|
||||
mock-idp:
|
||||
enabled: true
|
||||
enabled: false
|
||||
path: classpath:mock-idp/idp.js
|
||||
security:
|
||||
saml2: # ADDED to support SAMLv2 authentication to IDP.
|
||||
# Metadata endpoint ${base-url}/saml2/service-provider-metadata/mock-idp
|
||||
enabled: true
|
||||
idp-id: unl-idp # The id of the IDP to use. One from the collection in relyingparty.registration
|
||||
base-url: https://resilient.localhost # old: https://localhost:8443
|
||||
idp-id: mock-idp # The id of the IDP to use. One from the collection in relyingparty.registration
|
||||
base-url: http://resilient.localhost # old: https://localhost:8443
|
||||
success-url: http://resilient.localhost/
|
||||
failure-url: http://resilient.localhost/login
|
||||
relyingparty:
|
||||
|
|
@ -163,10 +163,22 @@ resilient:
|
|||
url: http://mock-idp.localhost/saml/sso # old: http://localhost:3000/saml/sso
|
||||
# OPTIONAL. A list of query parameters to add to single-sign-on.url. This is usefull for mock-idp, to give instructions on how to behave
|
||||
query-parameters:
|
||||
spUrl: https://resilient.localhost # The callback to Service Provider, after IDP authentication (OK | KO). Appends the encoded url: acs=https%3A%2F%2Fresilient.localhost%2Flogin%2Fsaml2%2Fsso%2Fmock-idp
|
||||
spUrl: http://resilient.localhost # The callback to Service Provider, after IDP authentication (OK | KO). Appends the encoded url: acs=https%3A%2F%2Fresilient.localhost%2Flogin%2Fsaml2%2Fsso%2Fmock-idp
|
||||
issuerUrl: http://mock-idp.localhost/saml/metadata # The IDP entity-id. This is needed for mock-idp to build saml2 response
|
||||
single-logout:
|
||||
url: http://mock-idp.localhost/saml/slo # old: http://localhost:3000/saml/slo
|
||||
attributes: # This is a mapping between the needed attributes, and the names of the attributes in the SAML2 Response
|
||||
# Leave BLANK if SAML doesn't provide that attribute'
|
||||
name: name # the user display name [OPTIONAL]
|
||||
username: urn:mace:dir:attribute-def:mail # the username, typically for authentication. Fallsback to email. [MANDATORY]
|
||||
email: email # the user email [MANDATORY]
|
||||
organization-code: organization_code # organization unit code [OPTIONAL]
|
||||
security-group-code: security_group # security group code [OPTIONAL]
|
||||
role: roles # a single role is expected [OPTIONAL]
|
||||
defaults: # For some attributes defaults can be given. This will be used if SAML2 response doesn't have them
|
||||
organization-code: NOVA # default organization unit code
|
||||
security-group-code: GRP_USER # default security group code
|
||||
role: ROLE_USER # default role
|
||||
verification:
|
||||
credentials:
|
||||
- certificate-location: classpath:saml/idp-public.cert
|
||||
|
|
@ -183,15 +195,28 @@ resilient:
|
|||
url: http://unl-idp.localhost/saml/sso
|
||||
# OPTIONAL. A list of query parameters to add to single-sign-on.url. This is usefull for mock-idp, to give instructions on how to behave
|
||||
query-parameters:
|
||||
spUrl: https://resilient.localhost # The callback to Service Provider, after IDP authentication (OK | KO). Appends the encoded url: acs=https%3A%2F%2Fresilient.localhost%2Flogin%2Fsaml2%2Fsso%2Fmock-idp
|
||||
spUrl: http://resilient.localhost # The callback to Service Provider, after IDP authentication (OK | KO). Appends the encoded url: acs=https%3A%2F%2Fresilient.localhost%2Flogin%2Fsaml2%2Fsso%2Fmock-idp
|
||||
issuerUrl: http://unl-idp.localhost/saml/metadata # The IDP entity-id. This is needed for mock-idp to build saml2 response
|
||||
single-logout:
|
||||
url: http://unl-idp.localhost/saml/slo # old: http://localhost:3000/saml/slo
|
||||
attributes: # This is a mapping between the needed attributes, and the names of the attributes in the SAML2 Response
|
||||
# Leave BLANK if SAML doesn't provide that attribute'
|
||||
name: urn:mace:dir:attribute-def:displayName # the user display name [OPTIONAL]
|
||||
username: urn:mace:dir:attribute-def:mail # the username, typically for authentication. Fallsback to email. [MANDATORY]
|
||||
email: urn:mace:dir:attribute-def:mail # the user email [MANDATORY]
|
||||
organization-code: # organization unit code [OPTIONAL]
|
||||
security-group-code: # security group code [OPTIONAL]
|
||||
role: # a single role is expected [OPTIONAL]
|
||||
defaults: # For some attributes defaults can be given. This will be used if SAML2 response doesn't have them
|
||||
organization-code: NOVA # default organization unit code
|
||||
security-group-code: GRP_USER # default security group code
|
||||
role: ROLE_USER # default role
|
||||
verification:
|
||||
credentials:
|
||||
- certificate-location: classpath:saml/idp-public.cert
|
||||
want-authn-signed: false # Validate signature in entire message response (true-validates/false-doesn't validate)
|
||||
want-assertion-signed: true # Validate signature in assertions message response (true-validates/false-doesn't validate)
|
||||
check-in-response-to: false # The UNL IDP doesn't implement this. Must be false.
|
||||
signing:
|
||||
credentials:
|
||||
- private-key-location: classpath:saml/private.key
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue