[SHIBUI-906]

First bit of work done on 906. I think a lot of this may get scrapped though because it needs to extend the work done on 905. We shall see.
TIER · Oct 8, 2018 · 98bf498 · 98bf498
1 parent 26cd713
commit 98bf498
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 7 deletions.
diff --git a/...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
@@ -44,7 +44,7 @@
 import javax.servlet.http.HttpServletRequest;
 
 @Configuration
-@EnableConfigurationProperties(CustomAttributesConfiguration.class)
+@EnableConfigurationProperties(CustomPropertiesConfiguration.class)
 public class CoreShibUiConfiguration {
     private static final Logger logger = LoggerFactory.getLogger(CoreShibUiConfiguration.class);
 
@@ -172,8 +172,8 @@ public LuceneUtility luceneUtility(DirectoryService directoryService) {
     }
 
     @Bean
-    public CustomAttributesConfiguration customAttributesConfiguration() {
-        return new CustomAttributesConfiguration();
+    public CustomPropertiesConfiguration customAttributesConfiguration() {
+        return new CustomPropertiesConfiguration();
     }
 
     @Bean

diff --git a/...ration/CustomAttributesConfiguration.java → ...ration/CustomPropertiesConfiguration.java b/...ration/CustomAttributesConfiguration.java → ...ration/CustomPropertiesConfiguration.java
@@ -1,5 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.configuration;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 
@@ -12,9 +13,10 @@
  */
 @Configuration
 @ConfigurationProperties(prefix="custom")
-public class CustomAttributesConfiguration {
+public class CustomPropertiesConfiguration {
 
     private List<? extends Map<String, String>> attributes = new ArrayList<>();
+    private List<RelyingPartyOverrideProperty> overrides = new ArrayList<>();
 
     public List<? extends Map<String, String>> getAttributes() {
         return attributes;
@@ -23,4 +25,12 @@ public List<? extends Map<String, String>> getAttributes() {
     public void setAttributes(List<? extends Map<String, String>> attributes) {
         this.attributes = attributes;
     }
+
+    public List<RelyingPartyOverrideProperty> getOverrides() {
+        return overrides;
+    }
+
+    public void setOverrides(List<RelyingPartyOverrideProperty> overrides) {
+        this.overrides = overrides;
+    }
 }
diff --git a/.../main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ConfigurationController.java b/.../main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ConfigurationController.java
@@ -1,6 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller;
 
-import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomAttributesConfiguration;
+import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -15,10 +15,11 @@
 public class ConfigurationController {
 
     @Autowired
-    CustomAttributesConfiguration customAttributesConfiguration;
+    CustomPropertiesConfiguration customPropertiesConfiguration;
 
     @GetMapping(value = "/customAttributes")
     public ResponseEntity<?> getCustomAttributes() {
-        return ResponseEntity.ok(customAttributesConfiguration.getAttributes());
+        System.out.println("WOO!\n" + customPropertiesConfiguration.getOverrides());
+        return ResponseEntity.ok(customPropertiesConfiguration.getAttributes());
     }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/AttributeUtility.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/AttributeUtility.java
@@ -67,4 +67,8 @@ public edu.internet2.tier.shibboleth.admin.ui.domain.Attribute createAttributeWi
     public edu.internet2.tier.shibboleth.admin.ui.domain.Attribute createAttributeWithArbitraryValues(String name, String friendlyName, List<String> values) {
         return createAttributeWithArbitraryValues(name, friendlyName, values.toArray(new String[]{}));
     }
+
+    //TODO createAttributeFromSet
+    // createFromNumber? XSInteger
+    //
 }
diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
@@ -26,3 +26,65 @@ custom:
     - name: employeeNumber
       displayName: label.attribute-employeeNumber
   # Custom attributes
+
+# The following contains a map of "relying party overrides".
+# It is imperative when defining them that the "displayType" and "persistType" are known types.
+# Typos or unsupported values here will result in that override being skipped!
+# Supported types are as follows: boolean, integer, string, set, list
+# Note that "persistType" doesn't have to match "displayType". However, the only unmatching combination currently
+# supported is a "displayType" of "boolean" and "persistType" of "string".
+  overrides:
+  # Default overrides
+    - name: signAssertion
+      displayName: Sign the Assertion
+      displayType: boolean
+      helpText: Sign Assertion
+    - name: signResponses
+      displayName: Don't Sign the Response
+      displayType: boolean
+      helpText: Don't Sign Response
+    - name: turnOffEncryption
+      displayName: Turn Off Encryption of Response
+      displayType: boolean
+      helpText: Turn Off Encryption of Response
+    - name: useSha
+      displayName: Use SHA1 Signing Algorithm
+      displayType: boolean
+      helpText: Use SHA1 Signing Algorithm
+      persistType: string
+      persistValue: shibboleth.SecurityConfiguration.SHA1
+    - name: ignoreAuthenticationMethod
+      displayName: Ignore any SP-Requested Authentication Method
+      displayType: boolean
+      helpText: Ignore any SP-Requested Authentication Method
+      persistType: string
+      persistValue: 0x1
+    - name: omitNotBefore
+      displayName: Omit Not Before Condition
+      displayType: boolean
+      helpText: Omit Not Before Condition
+    - name: responderId
+      displayName: responderId
+      displayType: string
+      helpText: ResponderId
+    - name: nameIdFormats
+      displayName: nameIdFormats
+      displayType: list
+      helpText: Add NameID Format
+      defaultValues:
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+    - name: authenticationMethods
+      displayName: authenticationMethods
+      displayType: list
+      helpText: Authentication Methods to Use
+      defaultValues:
+        - https://refeds.org/profile/mfa
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+    - name: forceAuthn
+      displayName: Force AuthN
+      displayType: boolean
+      helpText: Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process