This is an automated email from the ASF dual-hosted git repository.
rombert pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/sling-whiteboard.git.
from 5b6b4bc move "styles" to the top
new 9c86b1c SAML2 SP Project setup
new 7361c1f Update README.md
new 6b45a42 Started Auth Handler and Configuration for Auth Handler
new dfef794 Started resolving OpenSAML dependencies
new 26f2f09 removed commented items from pom
new 2b0a029 Finished adding OpenSAML V3 dependencies and pom.xml updates
such that the bundle Activates
new 34b80b0 Added JavaCryptoValidationInitializer is used to confirm JCE
supports the entire set of cryptographic algorithms as required by OpenSaml V3
new cde6ba1 started test SP
new bc14e21 started test idp
new 0a21421 added more static helpers
new 37da556 Added statement about this project being Derivative Works in
README.md
new 9fd734e updated dependencies
new b7890ca Updated readme and added a commons licensed diagram of SAML2
HTTP POST Binding flow
new 4023798 corrected readme.md
new abbe889 work in progress
new a1ee326 Added code to initialize OpenSAML V3. Corrected
authentication helper flow to call requestCredentials. Added dependency on
oak-auth-external for user sync'ing
new 62115f0 Added Java Keystore SPKeystore.jks for dev and initial tests
new d71ead0 Started test IDP Servlet
new aed9f50 Corrected redirect problem with auth needed at test IDP
new b982b7b Started SOAP exchange between ConsumerServlet and
ArtifactResolutionServlet.java
new 08d5f0b Classloading pain
new 1c4182a added OpenSAML-style classloading to SP and IDP servlets.
Corrected import package for HTTPSOAP11Decoder in ArtifactResolution Servlet
new 61d73ee Refactored configurations to a service so they may be shared
by the Auth Handler, Consumer Servlet and the UserManager service
new 0de45ae Started User Management service for SAML2 Sync
new 3dd0e4e Started User Management service for SAML2 Sync
new c3d988b Refactored configurations to a service so they may be shared
by the Auth Handler, Consumer Servlet and the UserManager service
new e6e7019 continued user mgt service.
new b77fca6 Fixed pom issues, added code for user management, fixed
configService
new f5da8d7 started group membership
new 6fbfc00 LPC-10 #comment Added group membership to test IDP
new 8cd93db LPC-10 #comment Consumer Servlet adds groups from assertion
to the saml2user instance for the userMgt service
new 8b2f091 LPC-10 #comment Added code to manage User Membership
new a421367 Updated diagram to show SOAP binding and Apache Sling
new 4b96b9d LPC-23 #comment Started External Identity Provider and
External Login Modules
new 4591f63 LPC-23 #comment Correct error in auth handler preventing login
new a6f8826 clean up
new 69f1333 added 'relay state.' Made use of SessionStorage for HTTP
Session handling
new d7943da LPC-11 Changed SAML2 binding from Artifact (SOAP)
back-channel to Redirect/POST front-channel
new 7ee0642 clean up
new 5d58ad7 Added POST binding to Consumer Servlet
new 1b06046 Deleted Consumer Servlet, and moved needed methods to
AuthenticationHandlerSAML2.java. Deleted ArtifactResolutionServlet.java since
this will actually use front-channel Redirect and POST bindings
new 2e68c99 Refactored static constants to SAML2ConfigServiceImpl,
updated AuthenticationHandlerSAML2 to handle SAMLRequests via POST. Updated
Saml2IDPServlet.java to use Rediect binding.
new 8475e68 LPC-23 #comment Provision user a security token that expires
and no longer persist or use AuthInfo from HTTP Session
new c4d88b9 removed commented dep org.apache.sling.commons.classloader
new 4d424b4 removed auth info getters and setters from Session Storage
new 751bfe5 There was an error with cookiePayload at least with openJDK
it was doing arithmetic operations before String concats. Adding + makes it
clear for whatever JDK that the intent is only Sting concat and all the other
types will be cohersed to string
new 51a3301 started NOTICE file
new 9937391 started NOTICE file updated README with JKS info
new 851db0e Refactored IDP and SP static credential helpers to use JKS
according to the OSGI configs. Also renamed to make it clear what they do
new 1eea413 Removed unneeded static credential code
new 19f4fc0 Updates needed to use a Java Keystore from the file system,
and the associated items added to SAML2ConfigServiceImpl for OSGI configs
new a886f6e Deleted unused SOAP dependencies. Deleted unused SP Keystore
new bbaf509 Added Shibboleth Repo based on shib devs wiki and advice.
new 9bc6168 Updated readme with Java Keystore instructions for signing
cert and SP credentials
new 637944e start resolving some pom.xml setup stuff by removing
dependencies already provided by parent
new a939f3e Made service ranking and ACS path a osgi configuration. Fixed
bugs with incorrect binding type and in building the ACS url
new 06fa45b Changed from bundle plugin from maven-bundle-plugin to
bnd-maven-plugin. Removed invalid component names.
new cf79a37 cleaned up dependencies and pom comments
new 8131fc4 Adding immediate = true for AuthenticationHandler seems to
make configurations saved take effect. Without this property, the bundle needs
to be started again.
new c90313b Refactor project by removing the Internal (development) IDP.
Deleted anything used only by the IDP code.
new b04857b Updated README with complete instructions for configuring the
SAML SP, and Keycloak IDP.
new fcb426b Added SAML2 configs that allow admins to specify which
attributes to copy from users' IDP Assertion to the JCR users properties
new 982a20a Fixed login bug for paths under /content, returning
AuthenticationInfo.FAIL_AUTH ensures the requestCredentials method is called
new 3eae5e4 Fixed NPE when sync'ed attrs config is empty. Reverted last
commit to extractCredentials
new 6e92901 removed unneeded array variabled, removed default for path
configuration
new 22f9637 Added original LICENSE from project from which this was
derived,
https://bitbucket.org/srasmusson/webprofile-ref-project-v3/src/master/LICENSE
new 449c45c added attribution for files or methods
new 8386886 Removed the instructions about importing the keycloak
settings and using the JKS from resources. I needed to do this to recover my
own local IDP instance configuration, and it just didn't work. Probably best to
just describe how I did manually. Also added an link keycloak standalone
instead of docker
new b713168 Updated the notice as recommended
new d29694c Merge pull request #51 from
cmrockwell/sling-saml2-service-provider
The 1224 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
pom.xml | 2 +
{mdresourceprovider => saml-handler}/LICENSE | 6 +-
saml-handler/NOTICE | 3 +
saml-handler/README.md | 167 +++++
saml-handler/bundle-configuration.bnd | 47 ++
saml-handler/pom.xml | 305 +++++++++
.../org/apache/sling/auth/saml2/Activator.java | 82 +++
.../auth/saml2/AuthenticationHandlerSAML2.java | 700 +++++++++++++++++++++
.../saml2/AuthenticationHandlerSAML2Config.java | 104 +++
.../java/org/apache/sling/auth/saml2/Helpers.java | 103 +++
.../sling/auth/saml2/SAML2ConfigService.java | 34 +-
.../sling/auth/saml2/Saml2UserMgtService.java | 22 +-
.../org/apache/sling/auth/saml2/TokenStore.java | 474 ++++++++++++++
.../auth/saml2/impl/SAML2ConfigServiceImpl.java | 152 +++++
.../sling/auth/saml2/impl/Saml2Credentials.java | 59 +-
.../auth/saml2/impl/Saml2UserMgtServiceImpl.java | 172 +++++
.../sling/auth/saml2/impl/SimplePrincipal.java | 43 +-
.../sling/auth/saml2/sp/KeyPairCredentials.java | 71 +++
.../sling/auth/saml2/sp/Saml2LoginModule.java | 142 +++++
.../org/apache/sling/auth/saml2/sp/Saml2User.java | 103 +++
.../org/apache/sling/auth/saml2/sp/SamlReason.java | 60 ++
.../apache/sling/auth/saml2/sp/SessionStorage.java | 64 ++
.../auth/saml2/sp/VerifySignatureCredentials.java | 68 ++
saml-handler/src/main/resources/Saml2SP.png | Bin 0 -> 169928 bytes
.../src/main/resources/jaasConfiguration.png | Bin 0 -> 176698 bytes
saml-handler/src/main/resources/jettyHttps.png | Bin 0 -> 279823 bytes
.../src/main/resources/saml2-user-mgt-acls.png | Bin 0 -> 305370 bytes
.../src/main/resources/saml2localKeycloak.png | Bin 0 -> 409734 bytes
.../src/main/resources/serviceUserMapping.png | Bin 0 -> 194394 bytes
saml-handler/src/main/resources/signedInUser.png | Bin 0 -> 484415 bytes
.../src/main/resources/userSignInToIDP.png | Bin 0 -> 372915 bytes
.../java/org/apache/sling/auth/saml2/JCETest.java | 30 +-
32 files changed, 2931 insertions(+), 82 deletions(-)
copy {mdresourceprovider => saml-handler}/LICENSE (99%)
create mode 100644 saml-handler/NOTICE
create mode 100644 saml-handler/README.md
create mode 100644 saml-handler/bundle-configuration.bnd
create mode 100644 saml-handler/pom.xml
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/AuthenticationHandlerSAML2.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/AuthenticationHandlerSAML2Config.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/Helpers.java
copy
SlingModelPersist/src/main/java/org/apache/sling/models/persistor/annotations/DirectDescendants.java
=>
saml-handler/src/main/java/org/apache/sling/auth/saml2/SAML2ConfigService.java
(58%)
copy
graphql-scripting/src/main/java/org/apache/sling/graphql/api/DataFetcherProvider.java
=>
saml-handler/src/main/java/org/apache/sling/auth/saml2/Saml2UserMgtService.java
(68%)
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/TokenStore.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/SAML2ConfigServiceImpl.java
copy
transformer/src/main/java/org/apache/sling/transformer/TransformationManager.java
=>
saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/Saml2Credentials.java
(72%)
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/Saml2UserMgtServiceImpl.java
copy
graphql-scripting/src/test/java/org/apache/sling/scripting/gql/engine/MockSchemaProvider.java
=>
saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/SimplePrincipal.java
(53%)
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/sp/KeyPairCredentials.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/sp/Saml2LoginModule.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/sp/Saml2User.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/sp/SamlReason.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/sp/SessionStorage.java
create mode 100644
saml-handler/src/main/java/org/apache/sling/auth/saml2/sp/VerifySignatureCredentials.java
create mode 100644 saml-handler/src/main/resources/Saml2SP.png
create mode 100644 saml-handler/src/main/resources/jaasConfiguration.png
create mode 100644 saml-handler/src/main/resources/jettyHttps.png
create mode 100644 saml-handler/src/main/resources/saml2-user-mgt-acls.png
create mode 100644 saml-handler/src/main/resources/saml2localKeycloak.png
create mode 100644 saml-handler/src/main/resources/serviceUserMapping.png
create mode 100644 saml-handler/src/main/resources/signedInUser.png
create mode 100644 saml-handler/src/main/resources/userSignInToIDP.png
copy
maven-central-source-reporter/src/main/java/org/apache/sling/tooling/msra/impl/Main.java
=> saml-handler/src/test/java/org/apache/sling/auth/saml2/JCETest.java (50%)
