From 7afc474f516e2f97a4d2173263cd227c0ef5b0c0 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 20 Sep 2022 09:36:42 -0700 Subject: [PATCH] SHIBUI-2380 Incremental commit: - Adding Oauth/OIDC binding type to the AssertionConsumerService list - Updating how the SPSSODESCRIPTOR identifies OIDC protocol --- .../admin/ui/domain/RoleDescriptor.java | 19 ++++++++++++++++++- .../JPAEntityDescriptorServiceImpl.java | 10 ++-------- .../resources/metadata-sources-ui-schema.json | 6 ++++++ 3 files changed, 26 insertions(+), 9 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java index b5bc78bc6..c64edb0ad 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java @@ -1,5 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.domain; +import edu.internet2.tier.shibboleth.admin.ui.domain.oidc.OAuthRPExtensions; import lombok.EqualsAndHashCode; import org.hibernate.envers.Audited; import org.opensaml.core.xml.XMLObject; @@ -76,6 +77,10 @@ public void setID(String id) { @Override public List getSupportedProtocols() { + // This protocol must be included if this is OIDC data + if (isOidcType() && !supportedProtocols.contains("http://openid.net/specs/openid-connect-core-1_0.html")) { + supportedProtocols.add("http://openid.net/specs/openid-connect-core-1_0.html"); + } return supportedProtocols; } @@ -195,4 +200,16 @@ public List getOrderedChildren() { return Collections.unmodifiableList(children); } -} + + @Transient + public boolean isOidcType() { + if (getExtensions().getOrderedChildren().size() > 0) { + for (XMLObject e : getExtensions().getOrderedChildren()) { + if (e.getElementQName().getLocalPart().equals(OAuthRPExtensions.TYPE_LOCAL_NAME)) { + return true; + } + } + } + return false; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java index 2eae4f760..8e400949c 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java @@ -177,14 +177,7 @@ public EntityDescriptorRepresentation createNewEntityDescriptorFromXMLOrigin(Ent } private EntityDescriptorProtocol determineEntityDescriptorProtocol(EntityDescriptor ed) { - boolean oidcType = false; - if (ed.getSPSSODescriptor("") != null && ed.getSPSSODescriptor("").getExtensions().getOrderedChildren().size() > 0) { - for (XMLObject e : ed.getSPSSODescriptor("").getExtensions().getOrderedChildren()) { - if (e.getElementQName().getLocalPart().equals(OAuthRPExtensions.TYPE_LOCAL_NAME)) { - oidcType = true; - } - } - } + boolean oidcType = ed.getSPSSODescriptor("") != null && ed.getSPSSODescriptor("").isOidcType(); return oidcType ? EntityDescriptorProtocol.OIDC : EntityDescriptorProtocol.SAML; } @@ -462,6 +455,7 @@ public EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throw if (!userService.isAuthorizedFor(ed)) { throw new ForbiddenException(); } + return ed; } diff --git a/backend/src/main/resources/metadata-sources-ui-schema.json b/backend/src/main/resources/metadata-sources-ui-schema.json index 93ad3ec81..fdb7e5d46 100644 --- a/backend/src/main/resources/metadata-sources-ui-schema.json +++ b/backend/src/main/resources/metadata-sources-ui-schema.json @@ -329,6 +329,12 @@ "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" ], "description": "urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" + }, + { + "enum": [ + "https://tools.ietf.org/html/rfc6749#section-3.1.2" + ], + "description": "OIDC / OAUTH Binding" } ] },