Github user necouchman commented on a diff in the pull request: https://github.com/apache/guacamole-client/pull/254#discussion_r168859454 --- Diff: extensions/guacamole-auth-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java --- @@ -0,0 +1,223 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.saml.conf; + +import com.google.inject.Inject; +import com.onelogin.saml2.settings.Saml2Settings; +import com.onelogin.saml2.settings.SettingsBuilder; +import java.io.File; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.properties.FileGuacamoleProperty; +import org.apache.guacamole.properties.StringGuacamoleProperty; +import org.apache.guacamole.properties.UrlGuacamoleProperty; + +/** + * Service for retrieving configuration information regarding the SAML + * authentication module. + */ +public class ConfigurationService { + + /** + * The file containing the XML Metadata associated with the SAML IdP. + */ + private static final FileGuacamoleProperty SAML_IDP_METADATA = + new FileGuacamoleProperty() { + + @Override + public String getName() { return "saml-idp-metadata"; } + + }; + + /** + * The URL of the SAML IdP. + */ + private static final UrlGuacamoleProperty SAML_IDP_URL = + new UrlGuacamoleProperty() { + + @Override + public String getName() { return "saml-idp-url"; } + + }; + + /** + * The identifier for this SAML client. The default is + * "Apache Guacamole" + */ + private static final StringGuacamoleProperty SAML_ENTITY_ID = + new StringGuacamoleProperty() { + + @Override + public String getName() { return "saml-entity-id"; } + + }; + + /** + * The callback URL to use for SAML IdP, normally the base + * of the Guacamole install. + */ + private static final UrlGuacamoleProperty SAML_CALLBACK_URL = + new UrlGuacamoleProperty() { + + @Override + public String getName() { return "saml-callback-url"; } + + }; + + /** + * The single logout redirect URL. + */ + private static final UrlGuacamoleProperty SAML_LOGOUT_URL = + new UrlGuacamoleProperty() { + + @Override + public String getName() { return "saml-logout-url"; } + + }; + + /** + * The Guacamole server environment. + */ + @Inject + private Environment environment; + + /** + * Returns the client ID which should be submitted to the SAML IdP, + * as configured with guacamole.properties. The default value is + * "Apache Guacamole". + * + * @return + * The client ID to use when communicating with the SAML IdP, + * as configured with guacamole.properties, or the default + * of "Apache Guacamole" if not specified. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed, or if the client ID + * property is missing. + */ + private String getEntityId() throws GuacamoleException { + return environment.getProperty( + SAML_ENTITY_ID, + "Apache Guacamole" + ); + } + + /** + * The file that contains the metadata that the SAML client should + * use to communicate with the SAML IdP. This is generated by the + * SAML IdP and should be uploaded to the system where the Guacamole + * client is running. + * + * @return + * The file containinging the metadata used by the SAML client + * when it communicates with the SAML IdP. + * + * @throws GuacamoleException + * If guacmaole.propeties cannot be parsed, or if the client + * metadata is missing. + */ + private File getIdpMetadata() throws GuacamoleException { + return environment.getRequiredProperty(SAML_IDP_METADATA); + } + + /** + * Retrieve the URL used to log in to the SAML IdP. + * + * @return + * The URL used to log in to the SAML IdP. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ + private URL getIdpUrl() throws GuacamoleException { + return environment.getProperty( + SAML_IDP_URL, + null + ); + } + + /** + * The callback URL used for the SAML IdP to POST a response + * to upon completion of authentication, normally the base + * of the Guacamole install. + * + * @return + * The callback URL to be sent to the SAML IdP that will + * be POSTed to upon completion of SAML authentication. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed, or if the + * callback parameter is missing. + */ + public URL getCallbackUrl() throws GuacamoleException { + return environment.getRequiredProperty(SAML_CALLBACK_URL); + } + + /** + * Return the URL used to log out from the SAML IdP. + * + * @return + * The URL used to log out from the SAML IdP. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ + private URL getLogoutUrl() throws GuacamoleException { + return environment.getProperty( + SAML_LOGOUT_URL, + null + ); + } + + /** + * Returns the collection of SAML settings used to + * initialize the client. + * + * @return + * The collection of SAML settings used to + * initalize the SAML client. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed or + * if parameters are missing. + */ + public Saml2Settings getSamlSettings() throws GuacamoleException { + + // Initialize and configure SAML client. + Map<String, Object> samlMap = new HashMap<String, Object>(); + samlMap.put("onelogin.saml2.sp.entityid", getEntityId()); + samlMap.put("onelogin.saml2.sp.assertion_consumer_service.url", getCallbackUrl() + "/api/ext/saml/callback"); + samlMap.put("onelogin.saml2.idp.entityid", getIdpUrl()); + samlMap.put("onelogin.saml2.idp.single_sign_on_service.url", getIdpUrl()); + samlMap.put("onelogin.saml2.idp.single_sign_on_sevice.binding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"); --- End diff -- Not sure if I can use constants here??
---