From 76206ce917e57ad29929b58668fcf6f3724bf096 Mon Sep 17 00:00:00 2001 From: Dmitriy Kopylenko Date: Mon, 15 Oct 2018 17:34:39 -0400 Subject: [PATCH] relying party overrides validation against JSON schema --- ...JsonSchemaValidationFailedException.groovy | 16 + ...sonSchemaValidatingControllerAdvice.groovy | 35 +- ...hemaValidationComponentsConfiguration.java | 5 - .../JsonSchemaValidationFailedException.java | 20 - ...dataSourcesJsonSchemaResourceLocation.java | 4 + .../resources/metadata-sources-ui-schema.json | 826 +++++++++--------- 6 files changed, 466 insertions(+), 440 deletions(-) create mode 100644 backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaValidationFailedException.groovy delete mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaValidationFailedException.java diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaValidationFailedException.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaValidationFailedException.groovy new file mode 100644 index 000000000..c014c4cb8 --- /dev/null +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaValidationFailedException.groovy @@ -0,0 +1,16 @@ +package edu.internet2.tier.shibboleth.admin.ui.jsonschema + +/** + * Indicates JSON schema validation failure. Encapsulates a list of error messages produced by JSON schema validator + * component. + * + * @author Dmitriy Kopylenko + */ +class JsonSchemaValidationFailedException extends RuntimeException { + + def errors + + JsonSchemaValidationFailedException(List errors) { + this.errors = errors + } +} diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/RelyingPartyOverridesJsonSchemaValidatingControllerAdvice.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/RelyingPartyOverridesJsonSchemaValidatingControllerAdvice.groovy index 7a4e8111a..213d72dbc 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/RelyingPartyOverridesJsonSchemaValidatingControllerAdvice.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/jsonschema/RelyingPartyOverridesJsonSchemaValidatingControllerAdvice.groovy @@ -1,8 +1,17 @@ package edu.internet2.tier.shibboleth.admin.ui.jsonschema +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation +import mjson.Json +import org.springframework.beans.factory.annotation.Autowired import org.springframework.core.MethodParameter +import org.springframework.http.HttpInputMessage +import org.springframework.http.HttpStatus +import org.springframework.http.ResponseEntity import org.springframework.http.converter.HttpMessageConverter import org.springframework.web.bind.annotation.ControllerAdvice +import org.springframework.web.bind.annotation.ExceptionHandler +import org.springframework.web.context.request.WebRequest import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdviceAdapter import java.lang.reflect.Type @@ -16,9 +25,31 @@ import java.lang.reflect.Type @ControllerAdvice class RelyingPartyOverridesJsonSchemaValidatingControllerAdvice extends RequestBodyAdviceAdapter { + @Autowired + MetadataSourcesJsonSchemaResourceLocation schemaLocation + + @Autowired + ObjectMapper jacksonMapper + @Override boolean supports(MethodParameter methodParameter, Type targetType, Class> converterType) { - def cls = targetType.typeName - print('cx') + targetType.typeName == EntityDescriptorRepresentation.typeName + } + + @Override + Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class> converterType) { + def relyingPartyOverrides = EntityDescriptorRepresentation.cast(body).relyingPartyOverrides + def relyingPartyOverridesJson = Json.make([relyingPartyOverrides: relyingPartyOverrides]) + def schema = Json.schema(this.schemaLocation.uri) + def validationResult = schema.validate(relyingPartyOverridesJson) + if (!validationResult.at('ok')) { + throw new JsonSchemaValidationFailedException(validationResult.at('errors').asList()) + } + body + } + + @ExceptionHandler(JsonSchemaValidationFailedException) + final ResponseEntity handleUserNotFoundException(JsonSchemaValidationFailedException ex, WebRequest request) { + new ResponseEntity<>([errors: ex.errors], HttpStatus.BAD_REQUEST) } } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/JsonSchemaValidationComponentsConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/JsonSchemaValidationComponentsConfiguration.java index c753d38c7..18e41921e 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/JsonSchemaValidationComponentsConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/JsonSchemaValidationComponentsConfiguration.java @@ -16,9 +16,4 @@ public class JsonSchemaValidationComponentsConfiguration { public MetadataSourcesJsonSchemaResourceLocation metadataSourcesJsonSchemaResourceLocation(ResourceLoader resourceLoader) { return new MetadataSourcesJsonSchemaResourceLocation(resourceLoader); } - - @Bean - public RelyingPartyOverridesJsonSchemaValidatingControllerAdvice relyingPartyOverridesJsonSchemaValidatingControllerAdvice() { - return new RelyingPartyOverridesJsonSchemaValidatingControllerAdvice(); - } } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaValidationFailedException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaValidationFailedException.java deleted file mode 100644 index 3f8463d66..000000000 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/JsonSchemaValidationFailedException.java +++ /dev/null @@ -1,20 +0,0 @@ -package edu.internet2.tier.shibboleth.admin.ui.jsonschema; - -import lombok.Getter; -import lombok.RequiredArgsConstructor; - -import java.util.List; - -/** - * Indicates JSON schema validation failure. Encapsulates a list of error messages produced by JSON schema validator - * component. - * - * @author Dmitriy Kopylenko - */ -@RequiredArgsConstructor -@Getter -public class JsonSchemaValidationFailedException extends RuntimeException { - - private final List errors; - -} diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/MetadataSourcesJsonSchemaResourceLocation.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/MetadataSourcesJsonSchemaResourceLocation.java index 5e3fab651..c922aa196 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/MetadataSourcesJsonSchemaResourceLocation.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/jsonschema/MetadataSourcesJsonSchemaResourceLocation.java @@ -33,6 +33,10 @@ public MetadataSourcesJsonSchemaResourceLocation(ResourceLoader resourceLoader) this.resourceLoader = resourceLoader; } + public void setMetadataSourcesUiSchemaLocation(String metadataSourcesUiSchemaLocation) { + this.metadataSourcesUiSchemaLocation = metadataSourcesUiSchemaLocation; + } + public URL getUrl() { return this.jsonSchemaUrl; } diff --git a/backend/src/main/resources/metadata-sources-ui-schema.json b/backend/src/main/resources/metadata-sources-ui-schema.json index 5766e298f..b755732cf 100644 --- a/backend/src/main/resources/metadata-sources-ui-schema.json +++ b/backend/src/main/resources/metadata-sources-ui-schema.json @@ -1,442 +1,442 @@ { - "type": "object", - "properties": { - "entityId": { - "title": "label.entity-id", - "description": "tooltip.entity-id", - "type": "string" + "type": "object", + "properties": { + "entityId": { + "title": "label.entity-id", + "description": "tooltip.entity-id", + "type": "string" + }, + "serviceProviderName": { + "title": "label.service-provider-name", + "description": "tooltip.service-provider-name", + "type": "string" + }, + "serviceEnabled": { + "title": "label.enable-this-service-opon-saving", + "description": "tooltip.enable-this-service-upon-saving", + "type": "boolean" + }, + "organization": { + "type": "object", + "properties": { + "name": { + "title": "label.organization-name", + "description": "tooltip.organization-name", + "type": "string" }, - "serviceProviderName": { - "title": "label.service-provider-name", - "description": "tooltip.service-provider-name", - "type": "string" + "displayName": { + "title": "label.organization-display-name", + "description": "tooltip.organization-display-name", + "type": "string" }, - "serviceEnabled": { - "title": "label.enable-this-service-opon-saving", - "description": "tooltip.enable-this-service-upon-saving", - "type": "boolean" + "url": { + "title": "label.organization-display-name", + "description": "tooltip.organization-display-name", + "type": "string" + } + }, + "dependencies": { + "name": [ + "displayName", + "url" + ], + "displayName": [ + "name", + "url" + ], + "url": [ + "name", + "displayName" + ] + } + }, + "contacts": { + "title": "label.contact-information", + "description": "tooltip.contact-information", + "type": "array", + "items": { + "$ref": "#/definitions/Contact" + } + }, + "mdui": { + "type": "object", + "properties": { + "displayName": { + "title": "label.display-name", + "description": "tooltip.mdui-display-name", + "type": "string" }, - "organization": { - "type": "object", - "properties": { - "name": { - "title": "label.organization-name", - "description": "tooltip.organization-name", - "type": "string" - }, - "displayName": { - "title": "label.organization-display-name", - "description": "tooltip.organization-display-name", - "type": "string" - }, - "url": { - "title": "label.organization-display-name", - "description": "tooltip.organization-display-name", - "type": "string" - } - }, - "dependencies": { - "name": [ - "displayName", - "url" - ], - "displayName": [ - "name", - "url" - ], - "url": [ - "name", - "displayName" - ] - } + "informationUrl": { + "title": "label.information-url", + "description": "tooltip.mdui-information-url", + "type": "string" }, - "contacts": { - "title": "label.contact-information", - "description": "tooltip.contact-information", - "type": "array", - "items": { - "$ref": "#/definitions/Contact" - } + "privacyStatementUrl": { + "title": "label.privacy-statement-url", + "description": "tooltip.mdui-privacy-statement-url", + "type": "string" }, - "mdui": { - "type": "object", - "properties": { - "displayName": { - "title": "label.display-name", - "description": "tooltip.mdui-display-name", - "type": "string" - }, - "informationUrl": { - "title": "label.information-url", - "description": "tooltip.mdui-information-url", - "type": "string" - }, - "privacyStatementUrl": { - "title": "label.privacy-statement-url", - "description": "tooltip.mdui-privacy-statement-url", - "type": "string" - }, - "description": { - "title": "label.description", - "description": "tooltip.mdui-description", - "type": "string" - }, - "logoUrl": { - "title": "label.logo-url", - "description": "tooltip.mdui-logo-url", - "type": "string" - }, - "logoHeight": { - "title": "label.logo-height", - "description": "tooltip.mdui-logo-height", - "min": 0, - "type": "integer" - }, - "logoWidth": { - "title": "label.logo-width", - "description": "tooltip.mdui-logo-width", - "min": 0, - "type": "integer" - } - } + "description": { + "title": "label.description", + "description": "tooltip.mdui-description", + "type": "string" }, - "securityInfo": { - "type": "object", - "properties": { - "x509CertificateAvailable": { - "title": "label.is-there-a-x509-certificate", - "description": "tooltip.is-there-a-x509-certificate", - "type": "boolean", - "default": false - }, - "authenticationRequestsSigned": { - "title": "label.authentication-requests-signed", - "description": "tooltip.authentication-requests-signed", - "type": "boolean", - "default": false - }, - "wantAssertionsSigned": { - "title": "label.want-assertions-signed", - "description": "tooltip.want-assertions-signed", - "type": "boolean", - "default": false - }, - "x509Certificates": { - "title": "label.x509-certificates", - "type": "array", - "items": { - "$ref": "#/definitions/Certificate" - } - } - } + "logoUrl": { + "title": "label.logo-url", + "description": "tooltip.mdui-logo-url", + "type": "string" }, - "assertionConsumerServices": { - "title": "label.assertion-consumer-service-endpoints", - "description": "", - "type": "array", - "items": { - "$ref": "#/definitions/AssertionConsumerService" - } + "logoHeight": { + "title": "label.logo-height", + "description": "tooltip.mdui-logo-height", + "min": 0, + "type": "integer" }, - "serviceProviderSsoDescriptor": { - "type": "object", - "properties": { - "protocolSupportEnum": { - "title": "label.protocol-support-enumeration", - "description": "tooltip.protocol-support-enumeration", - "type": "string", - "placeholder": "label.select-protocol", - "oneOf": [ - { - "enum": [ - "SAML 2" - ], - "description": "SAML 2" - }, - { - "enum": [ - "SAML 1.1" - ], - "description": "SAML 1.1" - } - ] - } - }, - "nameIdFormats": { - "$ref": "#/definitions/NameIdFormatList" - } + "logoWidth": { + "title": "label.logo-width", + "description": "tooltip.mdui-logo-width", + "min": 0, + "type": "integer" + } + } + }, + "securityInfo": { + "type": "object", + "properties": { + "x509CertificateAvailable": { + "title": "label.is-there-a-x509-certificate", + "description": "tooltip.is-there-a-x509-certificate", + "type": "boolean", + "default": false }, - "logoutEndpoints": { - "title": "label.logout-endpoints", - "description": "tooltip.logout-endpoints", - "type": "array", - "items": { - "$ref": "#/definitions/LogoutEndpoint" - } + "authenticationRequestsSigned": { + "title": "label.authentication-requests-signed", + "description": "tooltip.authentication-requests-signed", + "type": "boolean", + "default": false }, - "relyingPartyOverrides": { - "type": "object", - "properties": { - "signAssertion": { - "title": "label.sign-the-assertion", - "description": "tooltip.sign-assertion", - "type": "boolean", - "default": false - }, - "dontSignResponse": { - "title": "label.dont-sign-the-response", - "description": "tooltip.dont-sign-response", - "type": "boolean", - "default": false - }, - "turnOffEncryption": { - "title": "label.turn-off-encryption-of-response", - "description": "tooltip.turn-off-encryption", - "type": "boolean", - "default": false - }, - "useSha": { - "title": "label.use-sha1-signing-algorithm", - "description": "tooltip.usa-sha-algorithm", - "type": "boolean", - "default": false - }, - "ignoreAuthenticationMethod": { - "title": "label.ignore-any-sp-requested-authentication-method", - "description": "tooltip.ignore-auth-method", - "type": "boolean", - "default": false - }, - "forceAuthn": { - "title": "label.force-authn", - "description": "tooltip.force-authn", - "type": "boolean", - "default": false - }, - "omitNotBefore": { - "title": "label.omit-not-before-condition", - "type": "boolean", - "description": "tooltip.omit-not-before-condition", - "default": false - }, - "responderId": { - "title": "label.responder-id", - "description": "tooltip.responder-id", - "type": "string" - }, - "nameIdFormats": { - "$ref": "#/definitions/NameIdFormatList" - }, - "authenticationMethods": { - "$ref": "#/definitions/AuthenticationMethodList" - } - } + "wantAssertionsSigned": { + "title": "label.want-assertions-signed", + "description": "tooltip.want-assertions-signed", + "type": "boolean", + "default": false }, - "attributeRelease": { - "type": "array", - "description": "Attribute release table - select the attributes you want to release (default unchecked)", - "widget": { - "id": "checklist", - "dataUrl": "/customAttributes" + "x509Certificates": { + "title": "label.x509-certificates", + "type": "array", + "items": { + "$ref": "#/definitions/Certificate" + } + } + } + }, + "assertionConsumerServices": { + "title": "label.assertion-consumer-service-endpoints", + "description": "", + "type": "array", + "items": { + "$ref": "#/definitions/AssertionConsumerService" + } + }, + "serviceProviderSsoDescriptor": { + "type": "object", + "properties": { + "protocolSupportEnum": { + "title": "label.protocol-support-enumeration", + "description": "tooltip.protocol-support-enumeration", + "type": "string", + "placeholder": "label.select-protocol", + "oneOf": [ + { + "enum": [ + "SAML 2" + ], + "description": "SAML 2" }, - "items": { - "type": "string" + { + "enum": [ + "SAML 1.1" + ], + "description": "SAML 1.1" } + ] } + }, + "nameIdFormats": { + "$ref": "#/definitions/NameIdFormatList" + } }, - "definitions": { - "Contact": { - "type": "object", - "properties": { - "name": { - "title": "label.contact-name", - "description": "tooltip.contact-name", - "type": "string" - }, - "type": { - "title": "label.contact-type", - "description": "tooltip.contact-type", - "type": "string", - "oneOf": [ - { - "enum": [ - "support" - ], - "description": "value.support" - }, - { - "enum": [ - "technical" - ], - "description": "value.technical" - }, - { - "enum": [ - "administrative" - ], - "description": "value.administrative" - }, - { - "enum": [ - "other" - ], - "description": "value.other" - } - ] - }, - "emailAddress": { - "title": "label.contact-email-address", - "description": "tooltip.contact-email", - "type": "string", - "pattern": "^(?=.{1,254}$)(?=.{1,64}@)[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+(\\.[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+)*@[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?(\\.[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*$" - } - } + "logoutEndpoints": { + "title": "label.logout-endpoints", + "description": "tooltip.logout-endpoints", + "type": "array", + "items": { + "$ref": "#/definitions/LogoutEndpoint" + } + }, + "relyingPartyOverrides": { + "type": "object", + "properties": { + "signAssertion": { + "title": "label.sign-the-assertion", + "description": "tooltip.sign-assertion", + "type": "boolean", + "default": false + }, + "dontSignResponse": { + "title": "label.dont-sign-the-response", + "description": "tooltip.dont-sign-response", + "type": "boolean", + "default": false }, - "Certificate": { - "name": { - "title": "label.certificate-name-display-only", - "description": "tooltip.certificate-name", - "type": "string" + "turnOffEncryption": { + "title": "label.turn-off-encryption-of-response", + "description": "tooltip.turn-off-encryption", + "type": "boolean", + "default": false + }, + "useSha": { + "title": "label.use-sha1-signing-algorithm", + "description": "tooltip.usa-sha-algorithm", + "type": "boolean", + "default": false + }, + "ignoreAuthenticationMethod": { + "title": "label.ignore-any-sp-requested-authentication-method", + "description": "tooltip.ignore-auth-method", + "type": "boolean", + "default": false + }, + "forceAuthn": { + "title": "label.force-authn", + "description": "tooltip.force-authn", + "type": "boolean", + "default": false + }, + "omitNotBefore": { + "title": "label.omit-not-before-condition", + "type": "boolean", + "description": "tooltip.omit-not-before-condition", + "default": false + }, + "responderId": { + "title": "label.responder-id", + "description": "tooltip.responder-id", + "type": "string" + }, + "nameIdFormats": { + "$ref": "#/definitions/NameIdFormatList" + }, + "authenticationMethods": { + "$ref": "#/definitions/AuthenticationMethodList" + } + } + }, + "attributeRelease": { + "type": "array", + "description": "Attribute release table - select the attributes you want to release (default unchecked)", + "widget": { + "id": "checklist", + "dataUrl": "/customAttributes" + }, + "items": { + "type": "string" + } + } + }, + "definitions": { + "Contact": { + "type": "object", + "properties": { + "name": { + "title": "label.contact-name", + "description": "tooltip.contact-name", + "type": "string" + }, + "type": { + "title": "label.contact-type", + "description": "tooltip.contact-type", + "type": "string", + "oneOf": [ + { + "enum": [ + "support" + ], + "description": "value.support" + }, + { + "enum": [ + "technical" + ], + "description": "value.technical" }, - "type": { - "title": "label.type", - "description": "tooltip.certificate-type", - "type": "string", - "oneOf": [ - { - "enum": [ - "signing" - ], - "description": "value.signing" - }, - { - "enum": [ - "encryption" - ], - "description": "value.encryption" - }, - { - "enum": [ - "both" - ], - "description": "value.both" - } - ], - "default": "both" + { + "enum": [ + "administrative" + ], + "description": "value.administrative" }, - "value": { - "title": "label.certificate", - "description": "tooltip.certificate", - "type": "string" + { + "enum": [ + "other" + ], + "description": "value.other" } + ] }, - "AssertionConsumerService": { - "type": "object", - "properties": { - "locationUrl": { - "title": "label.assertion-consumer-services-location", - "description": "tooltip.assertion-consumer-service-location", - "type": "string", - "widget": { - "id": "string", - "help": "message.valid-url" - } - }, - "binding": { - "title": "label.assertion-consumer-service-location-binding", - "description": "tooltip.assertion-consumer-service-location-binding", - "type": "string", - "oneOf": [ - { - "enum": [ - "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - ], - "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - }, - { - "enum": [ - "urn:oasis:names:tc:SAML:1.0:profiles:browser-post" - ], - "description": "urn:oasis:names:tc:SAML:1.0:profiles:browser-post" - } - ] - }, - "makeDefault": { - "title": "label.mark-as-default", - "description": "tooltip.mark-as-default", - "type": "boolean" - } - } + "emailAddress": { + "title": "label.contact-email-address", + "description": "tooltip.contact-email", + "type": "string", + "pattern": "^(?=.{1,254}$)(?=.{1,64}@)[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+(\\.[-!#$%&'*+/0-9=?A-Z^_`a-z{|}~]+)*@[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?(\\.[A-Za-z0-9]([A-Za-z0-9-]{0,61}[A-Za-z0-9])?)*$" + } + } + }, + "Certificate": { + "name": { + "title": "label.certificate-name-display-only", + "description": "tooltip.certificate-name", + "type": "string" + }, + "type": { + "title": "label.type", + "description": "tooltip.certificate-type", + "type": "string", + "oneOf": [ + { + "enum": [ + "signing" + ], + "description": "value.signing" + }, + { + "enum": [ + "encryption" + ], + "description": "value.encryption" + }, + { + "enum": [ + "both" + ], + "description": "value.both" + } + ], + "default": "both" + }, + "value": { + "title": "label.certificate", + "description": "tooltip.certificate", + "type": "string" + } + }, + "AssertionConsumerService": { + "type": "object", + "properties": { + "locationUrl": { + "title": "label.assertion-consumer-services-location", + "description": "tooltip.assertion-consumer-service-location", + "type": "string", + "widget": { + "id": "string", + "help": "message.valid-url" + } }, - "NameIdFormatList": { - "title": "label.nameid-format-to-send", - "placeholder": "label.nameid-format", - "description": "tooltip.nameid-format", - "type": "array", - "uniqueItems": true, - "items": { - "type": "string", - "widget": "datalist", - "data": [ - "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", - "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", - "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" - ] + "binding": { + "title": "label.assertion-consumer-service-location-binding", + "description": "tooltip.assertion-consumer-service-location-binding", + "type": "string", + "oneOf": [ + { + "enum": [ + "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + ], + "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, - "default": null + { + "enum": [ + "urn:oasis:names:tc:SAML:1.0:profiles:browser-post" + ], + "description": "urn:oasis:names:tc:SAML:1.0:profiles:browser-post" + } + ] }, - "AuthenticationMethodList": { - "title": "label.authentication-methods-to-use", - "description": "tooltip.authentication-methods-to-use", - "type": "array", - "placeholder": "label.authentication-method", - "uniqueItems": true, - "items": { - "type": "string", - "title": "label.authentication-method", - "widget": { - "id": "datalist", - "data": [ - "https://refeds.org/profile/mfa", - "urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken", - "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" - ] - } - }, - "default": null + "makeDefault": { + "title": "label.mark-as-default", + "description": "tooltip.mark-as-default", + "type": "boolean" + } + } + }, + "NameIdFormatList": { + "title": "label.nameid-format-to-send", + "placeholder": "label.nameid-format", + "description": "tooltip.nameid-format", + "type": "array", + "uniqueItems": true, + "items": { + "type": "string", + "widget": "datalist", + "data": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" + ] + }, + "default": null + }, + "AuthenticationMethodList": { + "title": "label.authentication-methods-to-use", + "description": "tooltip.authentication-methods-to-use", + "type": "array", + "placeholder": "label.authentication-method", + "uniqueItems": true, + "items": { + "type": "string", + "title": "label.authentication-method", + "widget": { + "id": "datalist", + "data": [ + "https://refeds.org/profile/mfa", + "urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken", + "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" + ] + } + }, + "default": null + }, + "LogoutEndpoint": { + "title": "label.new-endpoint", + "description": "tooltip.new-endpoint", + "type": "object", + "properties": { + "url": { + "title": "label.url", + "description": "tooltip.url", + "type": "string" }, - "LogoutEndpoint": { - "title": "label.new-endpoint", - "description": "tooltip.new-endpoint", - "type": "object", - "properties": { - "url": { - "title": "label.url", - "description": "tooltip.url", - "type": "string" - }, - "bindingType": { - "title": "label.binding-type", - "description": "tooltip.binding-type", - "type": "string", - "oneOf": [ - { - "enum": [ - "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - ], - "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - }, - { - "enum": [ - "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - ], - "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - } - ] - - } + "bindingType": { + "title": "label.binding-type", + "description": "tooltip.binding-type", + "type": "string", + "oneOf": [ + { + "enum": [ + "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + ], + "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + }, + { + "enum": [ + "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + ], + "description": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } + ] + } + } } + } } \ No newline at end of file