[SHIBUI-1058]

WIP

pac4j-module/src/main/java/net/unicon/shibui/pac4j/BetterSAML2Profile.java

@@ -0,0 +1,23 @@
+package net.unicon.shibui.pac4j;
+
+import org.pac4j.saml.profile.SAML2Profile;
+
+import java.util.Collection;
+
+public class BetterSAML2Profile extends SAML2Profile {
+    private final String usernameAttribute;
+
+    public BetterSAML2Profile(final String usernameAttribute) {
+        this.usernameAttribute = usernameAttribute;
+    }
+
+    @Override
+    public String getUsername() {
+        Object username = getAttribute(usernameAttribute);
+        if (username instanceof Collection) {
+            return (String) ((Collection)username).toArray()[0];
+        } else {
+            return (String) username;
+        }
+    }
+}

pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java

@@ -3,17 +3,13 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
 import org.pac4j.core.client.Clients;
 import org.pac4j.core.config.Config;
-import org.pac4j.core.context.Pac4jConstants;
 import org.pac4j.core.profile.definition.CommonProfileDefinition;
 import org.pac4j.saml.client.SAML2Client;
 import org.pac4j.saml.client.SAML2ClientConfiguration;
 import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
-import java.util.HashMap;
-import java.util.Map;
-
 @Configuration
 public class Pac4jConfiguration {
     @Bean
@@ -34,16 +30,17 @@ public Config config(final Pac4jConfigurationProperties pac4jConfigurationProper
         saml2ClientConfiguration.setForceServiceProviderMetadataGeneration(pac4jConfigurationProperties.isForceServiceProviderMetadataGeneration());
         saml2ClientConfiguration.setWantsAssertionsSigned(pac4jConfigurationProperties.isWantAssertionsSigned());
 
-/*        Map<String, String> mappedAttributes = new HashMap<>();
-        mappedAttributes.put(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername(), Pac4jConstants.USERNAME);
-        saml2ClientConfiguration.setMappedAttributes(mappedAttributes);*/
-
         saml2ClientConfiguration.setAttributeAsId(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername());
 
         final SAML2Client saml2Client = new SAML2Client(saml2ClientConfiguration);
         saml2Client.setName("Saml2Client");
         saml2Client.addAuthorizationGenerator(saml2ModelAuthorizationGenerator);
 
+        //TODO: pray
+        SAML2Authenticator saml2Authenticator = new SAML2Authenticator(saml2ClientConfiguration.getAttributeAsId(), saml2ClientConfiguration.getMappedAttributes());
+        saml2Authenticator.setProfileDefinition(new CommonProfileDefinition<>(p -> new BetterSAML2Profile(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername())));
+        saml2Client.setAuthenticator(saml2Authenticator);
+
         final Clients clients = new Clients(pac4jConfigurationProperties.getCallbackUrl(), saml2Client);
 
         final Config config = new Config(clients);

pac4j-module/src/main/java/net/unicon/shibui/pac4j/SAML2ModelAuthorizationGenerator.java

@@ -17,7 +17,7 @@ public SAML2ModelAuthorizationGenerator(UserRepository userRepository) {
 
     @Override
     public SAML2Profile generate(WebContext context, SAML2Profile profile) {
-        Optional<User> user = userRepository.findByUsername(profile.getId());
+        Optional<User> user = userRepository.findByUsername(profile.getUsername());
         user.ifPresent( u -> profile.addRole(u.getRole()));
         return profile;
     }