SHIBUI-2380

Incremental commit: - Adding Oauth/OIDC binding type to the AssertionConsumerService list - Updating how the SPSSODESCRIPTOR identifies OIDC protocol
TIER · Sep 20, 2022 · 7afc474 · 7afc474
1 parent e63841d
commit 7afc474
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 9 deletions.
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java
@@ -1,5 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.oidc.OAuthRPExtensions;
 import lombok.EqualsAndHashCode;
 import org.hibernate.envers.Audited;
 import org.opensaml.core.xml.XMLObject;
@@ -76,6 +77,10 @@ public void setID(String id) {
 
     @Override
     public List<String> getSupportedProtocols() {
+        // This protocol must be included if this is OIDC data
+        if (isOidcType() && !supportedProtocols.contains("http://openid.net/specs/openid-connect-core-1_0.html")) {
+            supportedProtocols.add("http://openid.net/specs/openid-connect-core-1_0.html");
+        }
         return supportedProtocols;
     }
 
@@ -195,4 +200,16 @@ public List<XMLObject> getOrderedChildren() {
 
         return Collections.unmodifiableList(children);
     }
-}
+
+    @Transient
+    public boolean isOidcType() {
+        if (getExtensions().getOrderedChildren().size() > 0) {
+            for (XMLObject e : getExtensions().getOrderedChildren()) {
+                if (e.getElementQName().getLocalPart().equals(OAuthRPExtensions.TYPE_LOCAL_NAME)) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+}
diff --git a/...n/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/...n/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java
@@ -177,14 +177,7 @@ public EntityDescriptorRepresentation createNewEntityDescriptorFromXMLOrigin(Ent
     }
 
     private EntityDescriptorProtocol determineEntityDescriptorProtocol(EntityDescriptor ed) {
-        boolean oidcType = false;
-        if (ed.getSPSSODescriptor("") != null && ed.getSPSSODescriptor("").getExtensions().getOrderedChildren().size() > 0) {
-            for (XMLObject e : ed.getSPSSODescriptor("").getExtensions().getOrderedChildren()) {
-                if (e.getElementQName().getLocalPart().equals(OAuthRPExtensions.TYPE_LOCAL_NAME)) {
-                    oidcType = true;
-                }
-            }
-        }
+        boolean oidcType = ed.getSPSSODescriptor("") != null && ed.getSPSSODescriptor("").isOidcType();
         return oidcType ? EntityDescriptorProtocol.OIDC : EntityDescriptorProtocol.SAML;
     }
 
@@ -462,6 +455,7 @@ public EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throw
         if (!userService.isAuthorizedFor(ed)) {
             throw new ForbiddenException();
         }
+
         return ed;
     }
 

diff --git a/backend/src/main/resources/metadata-sources-ui-schema.json b/backend/src/main/resources/metadata-sources-ui-schema.json
@@ -329,6 +329,12 @@
                                 "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
                             ],
                             "description": "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
+                        },
+                        {
+                            "enum": [
+                                "https://tools.ietf.org/html/rfc6749#section-3.1.2"
+                            ],
+                            "description": "OIDC / OAUTH Binding"
                         }
                     ]
                 },