This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git
commit cd9a717f17e8e30bf5a66b102069bec343c48b40 Author: Francesco Chicchiriccò <[email protected]> AuthorDate: Tue Mar 24 08:22:17 2026 +0100 Upgrading CAS and CAS client --- .../main/java/org/apache/syncope/core/logic/OIDCC4UILogic.java | 9 +++++---- .../java/org/apache/syncope/core/logic/oidc/OIDCClientCache.java | 6 ++++-- .../org/apache/syncope/core/logic/AbstractSAML2SP4UILogic.java | 8 ++++---- pom.xml | 6 +++--- sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java | 8 ++++---- .../syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizer.java | 2 +- .../wa/starter/pac4j/saml/WASAML2ClientKeystoreGenerator.java | 8 ++++---- .../syncope/wa/starter/pac4j/saml/BaseWASAML2ClientTest.java | 4 ++-- .../wa/starter/pac4j/saml/WASAML2ClientCustomizerTest.java | 6 ++++-- .../starter/pac4j/saml/WASAML2ClientKeystoreGeneratorTest.java | 3 +-- 10 files changed, 32 insertions(+), 28 deletions(-) diff --git a/ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/OIDCC4UILogic.java b/ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/OIDCC4UILogic.java index bf6c1e82e6..82098752d4 100644 --- a/ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/OIDCC4UILogic.java +++ b/ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/OIDCC4UILogic.java @@ -65,6 +65,7 @@ import org.pac4j.oidc.config.OidcConfiguration; import org.pac4j.oidc.credentials.OidcCredentials; import org.pac4j.oidc.profile.OidcProfile; import org.pac4j.oidc.redirect.OidcRedirectionActionBuilder; +import org.pac4j.oidc.redirect.Params; import org.springframework.security.access.prepost.PreAuthorize; public class OIDCC4UILogic extends AbstractTransactionalLogic<EntityTO> { @@ -136,11 +137,11 @@ public class OIDCC4UILogic extends AbstractTransactionalLogic<EntityTO> { oidcClient.setRedirectionActionBuilder(new OidcRedirectionActionBuilder(oidcClient) { @Override - protected Map<String, String> buildParams(final WebContext webContext) { - Map<String, String> params = super.buildParams(webContext); + protected Params buildParams(final WebContext webContext) { + Params params = super.buildParams(webContext); if (reauth) { - params.put(OidcConfiguration.PROMPT, "login"); - params.put(OidcConfiguration.MAX_AGE, "0"); + params.main().put(OidcConfiguration.PROMPT, "login"); + params.main().put(OidcConfiguration.MAX_AGE, "0"); } return params; } diff --git a/ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/oidc/OIDCClientCache.java b/ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/oidc/OIDCClientCache.java index df970fcbd2..3613e497b4 100644 --- a/ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/oidc/OIDCClientCache.java +++ b/ext/oidcc4ui/logic/src/main/java/org/apache/syncope/core/logic/oidc/OIDCClientCache.java @@ -39,6 +39,7 @@ import org.apache.syncope.core.persistence.api.entity.OIDCC4UIProvider; import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver; import org.pac4j.oidc.client.OidcClient; import org.pac4j.oidc.config.OidcConfiguration; +import org.pac4j.oidc.credentials.clientauth.DefaultClientAuthenticationBuilder; import org.pac4j.oidc.metadata.StaticOidcOpMetadataResolver; import org.pac4j.oidc.profile.creator.TokenValidator; import org.slf4j.Logger; @@ -132,8 +133,9 @@ public class OIDCClientCache { @Override public ClientAuthentication getClientAuthentication() { - if (clientAuthenticationRef.get() == null) { - clientAuthenticationRef.set(computeClientAuthentication()); + if (clientAuthenticationBuilder == null) { + clientAuthenticationBuilder = new DefaultClientAuthenticationBuilder(configuration, metadata); + clientAuthenticationBuilder.buildClientAuthentication(); } return super.getClientAuthentication(); } diff --git a/ext/saml2sp4ui/logic/src/main/java/org/apache/syncope/core/logic/AbstractSAML2SP4UILogic.java b/ext/saml2sp4ui/logic/src/main/java/org/apache/syncope/core/logic/AbstractSAML2SP4UILogic.java index 900409b710..b838f3eb1b 100644 --- a/ext/saml2sp4ui/logic/src/main/java/org/apache/syncope/core/logic/AbstractSAML2SP4UILogic.java +++ b/ext/saml2sp4ui/logic/src/main/java/org/apache/syncope/core/logic/AbstractSAML2SP4UILogic.java @@ -23,8 +23,8 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.X509Certificate; import org.apache.syncope.common.lib.to.EntityTO; +import org.pac4j.core.keystore.generation.BaseKeystoreGenerator; import org.pac4j.saml.config.SAML2Configuration; -import org.pac4j.saml.metadata.keystore.BaseSAML2KeystoreGenerator; import org.springframework.core.io.FileUrlResource; import org.springframework.core.io.support.ResourcePatternResolver; @@ -51,8 +51,8 @@ abstract class AbstractSAML2SP4UILogic extends AbstractTransactionalLogic<Entity props.getKeystoreKeypass(), null); - if (cfg.getKeystoreResource() instanceof FileUrlResource) { - cfg.setKeystoreGenerator(new BaseSAML2KeystoreGenerator(cfg) { + if (cfg.getKeystore().getKeystoreResource() instanceof FileUrlResource) { + cfg.getKeystore().setKeystoreGenerator(new BaseKeystoreGenerator(cfg.getKeystore()) { @Override protected void store( @@ -65,7 +65,7 @@ abstract class AbstractSAML2SP4UILogic extends AbstractTransactionalLogic<Entity @Override public InputStream retrieve() throws Exception { - return cfg.getKeystoreResource().getInputStream(); + return cfg.getKeystore().getKeystoreResource().getInputStream(); } }); } diff --git a/pom.xml b/pom.xml index e961d1851a..3fb60da6a2 100644 --- a/pom.xml +++ b/pom.xml @@ -461,10 +461,10 @@ under the License. <commons-jexl.version>3.6.2</commons-jexl.version> <commons-text.version>1.15.0</commons-text.version> - <pac4j.version>6.3.3</pac4j.version> + <pac4j.version>6.4.0-RC1</pac4j.version> - <cas.version>8.0.0-RC2</cas.version> - <cas-client.version>4.0.4</cas-client.version> + <cas.version>8.0.0-RC3</cas.version> + <cas-client.version>4.1.0</cas-client.version> <swagger-core.version>2.2.45</swagger-core.version> <swagger-ui.version>5.32.1</swagger-ui.version> diff --git a/sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java b/sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java index 10b098d62c..7fa2764910 100644 --- a/sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java +++ b/sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java @@ -38,9 +38,9 @@ import org.apache.syncope.sra.security.saml2.SAML2SecurityConfigUtils; import org.apache.syncope.sra.security.saml2.SAML2WebSsoAuthenticationWebFilter; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver; +import org.pac4j.core.keystore.generation.BaseKeystoreGenerator; import org.pac4j.saml.client.SAML2Client; import org.pac4j.saml.config.SAML2Configuration; -import org.pac4j.saml.metadata.keystore.BaseSAML2KeystoreGenerator; import org.springframework.beans.factory.ObjectProvider; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; @@ -257,8 +257,8 @@ public class SecurityConfig { props.getSaml2().getKeystoreKeypass(), resourceResolver.getResource(props.getSaml2().getIdpMetadata())); - if (cfg.getKeystoreResource() instanceof FileUrlResource) { - cfg.setKeystoreGenerator(new BaseSAML2KeystoreGenerator(cfg) { + if (cfg.getKeystore().getKeystoreResource() instanceof FileUrlResource) { + cfg.getKeystore().setKeystoreGenerator(new BaseKeystoreGenerator(cfg.getKeystore()) { @Override protected void store( @@ -271,7 +271,7 @@ public class SecurityConfig { @Override public InputStream retrieve() throws Exception { - return cfg.getKeystoreResource().getInputStream(); + return cfg.getKeystore().getKeystoreResource().getInputStream(); } }); } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizer.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizer.java index fe37103fc4..51a85e7b22 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizer.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizer.java @@ -41,7 +41,7 @@ public class WASAML2ClientCustomizer implements DelegatedClientFactoryCustomizer if (client instanceof SAML2Client saml2Client) { LOG.debug("Customizing SAML2 client {}", client.getName()); SAML2Configuration configuration = saml2Client.getConfiguration(); - configuration.setKeystoreGenerator( + configuration.getKeystore().setKeystoreGenerator( new WASAML2ClientKeystoreGenerator(restClient, saml2Client.getName(), configuration)); configuration.setMetadataGenerator( new WASAML2ClientMetadataGenerator(restClient, saml2Client.getName())); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientKeystoreGenerator.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientKeystoreGenerator.java index aa10409cc7..32217fc526 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientKeystoreGenerator.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientKeystoreGenerator.java @@ -30,12 +30,12 @@ import java.util.Base64; import org.apache.commons.io.IOUtils; import org.apache.syncope.common.rest.api.service.wa.WASAML2SPService; import org.apache.syncope.wa.bootstrap.WARestClient; +import org.pac4j.core.keystore.generation.BaseKeystoreGenerator; import org.pac4j.saml.config.SAML2Configuration; -import org.pac4j.saml.metadata.keystore.BaseSAML2KeystoreGenerator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class WASAML2ClientKeystoreGenerator extends BaseSAML2KeystoreGenerator { +public class WASAML2ClientKeystoreGenerator extends BaseKeystoreGenerator { protected static final Logger LOG = LoggerFactory.getLogger(WASAML2ClientKeystoreGenerator.class); @@ -48,7 +48,7 @@ public class WASAML2ClientKeystoreGenerator extends BaseSAML2KeystoreGenerator { final String saml2Client, final SAML2Configuration configuration) { - super(configuration); + super(configuration.getKeystore()); this.waRestClient = waRestClient; this.saml2Client = saml2Client; } @@ -71,7 +71,7 @@ public class WASAML2ClientKeystoreGenerator extends BaseSAML2KeystoreGenerator { String encodedKeystore; try (ByteArrayOutputStream out = new ByteArrayOutputStream()) { - char[] password = saml2Configuration.getKeystorePassword().toCharArray(); + char[] password = keystore.getKeystorePassword().toCharArray(); ks.store(out, password); out.flush(); encodedKeystore = Base64.getEncoder().encodeToString(out.toByteArray()); diff --git a/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/BaseWASAML2ClientTest.java b/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/BaseWASAML2ClientTest.java index 255ece95b6..0d7c941a27 100644 --- a/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/BaseWASAML2ClientTest.java +++ b/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/BaseWASAML2ClientTest.java @@ -99,8 +99,8 @@ public abstract class BaseWASAML2ClientTest { protected static SAML2Configuration getSAML2Configuration() throws Exception { SAML2Configuration cfg = new SAML2Configuration(); - cfg.setKeystorePassword("password"); - cfg.setPrivateKeyPassword("password"); + cfg.getKeystore().setKeystorePassword("password"); + cfg.getKeystore().setPrivateKeyPassword("password"); cfg.setIdentityProviderMetadataResource(new ClassPathResource("idp-metadata.xml")); diff --git a/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizerTest.java b/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizerTest.java index b7695f8215..94c0de2879 100644 --- a/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizerTest.java +++ b/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientCustomizerTest.java @@ -35,7 +35,9 @@ public class WASAML2ClientCustomizerTest extends BaseWASAML2ClientTest { customizer.customize(client); client.init(); - assertTrue(client.getConfiguration().getKeystoreGenerator() instanceof WASAML2ClientKeystoreGenerator); - assertTrue(client.getConfiguration().toMetadataGenerator() instanceof WASAML2ClientMetadataGenerator); + assertTrue(client.getConfiguration().getKeystore(). + getKeystoreGenerator() instanceof WASAML2ClientKeystoreGenerator); + assertTrue(client.getConfiguration(). + toMetadataGenerator() instanceof WASAML2ClientMetadataGenerator); } } diff --git a/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientKeystoreGeneratorTest.java b/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientKeystoreGeneratorTest.java index 55d01d2776..7f7cc2f17e 100644 --- a/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientKeystoreGeneratorTest.java +++ b/wa/starter/src/test/java/org/apache/syncope/wa/starter/pac4j/saml/WASAML2ClientKeystoreGeneratorTest.java @@ -21,13 +21,12 @@ package org.apache.syncope.wa.starter.pac4j.saml; import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; import org.junit.jupiter.api.Test; -import org.pac4j.saml.metadata.keystore.SAML2KeystoreGenerator; public class WASAML2ClientKeystoreGeneratorTest extends BaseWASAML2ClientTest { @Test public void generate() throws Exception { - SAML2KeystoreGenerator generator = new WASAML2ClientKeystoreGenerator( + WASAML2ClientKeystoreGenerator generator = new WASAML2ClientKeystoreGenerator( getWARestClient(), "CAS", getSAML2Configuration()); assertDoesNotThrow(generator::generate); }
