From 98bf498540082ef8828a7e6985306e9c726a5b97 Mon Sep 17 00:00:00 2001
From: Bill Smith <wsmith@unicon.net>
Date: Mon, 8 Oct 2018 14:07:59 -0700
Subject: [PATCH] [SHIBUI-906]

First bit of work done on 906. I think a lot of this may get scrapped
though because it needs to extend the work done on 905. We shall see.
---
 .../CoreShibUiConfiguration.java              |  6 +-
 ...ava => CustomPropertiesConfiguration.java} | 12 +++-
 .../controller/ConfigurationController.java   |  7 ++-
 .../admin/util/AttributeUtility.java          |  4 ++
 backend/src/main/resources/application.yml    | 62 +++++++++++++++++++
 5 files changed, 84 insertions(+), 7 deletions(-)
 rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/{CustomAttributesConfiguration.java => CustomPropertiesConfiguration.java} (62%)

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
index 3cb37ee1b..b4a8adc42 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
@@ -44,7 +44,7 @@
 import javax.servlet.http.HttpServletRequest;
 
 @Configuration
-@EnableConfigurationProperties(CustomAttributesConfiguration.class)
+@EnableConfigurationProperties(CustomPropertiesConfiguration.class)
 public class CoreShibUiConfiguration {
     private static final Logger logger = LoggerFactory.getLogger(CoreShibUiConfiguration.class);
 
@@ -172,8 +172,8 @@ public LuceneUtility luceneUtility(DirectoryService directoryService) {
     }
 
     @Bean
-    public CustomAttributesConfiguration customAttributesConfiguration() {
-        return new CustomAttributesConfiguration();
+    public CustomPropertiesConfiguration customAttributesConfiguration() {
+        return new CustomPropertiesConfiguration();
     }
 
     @Bean
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomAttributesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java
similarity index 62%
rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomAttributesConfiguration.java
rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java
index aa12be6b2..a6a1db63d 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomAttributesConfiguration.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java
@@ -1,5 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.configuration;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 
@@ -12,9 +13,10 @@
  */
 @Configuration
 @ConfigurationProperties(prefix="custom")
-public class CustomAttributesConfiguration {
+public class CustomPropertiesConfiguration {
 
     private List<? extends Map<String, String>> attributes = new ArrayList<>();
+    private List<RelyingPartyOverrideProperty> overrides = new ArrayList<>();
 
     public List<? extends Map<String, String>> getAttributes() {
         return attributes;
@@ -23,4 +25,12 @@ public List<? extends Map<String, String>> getAttributes() {
     public void setAttributes(List<? extends Map<String, String>> attributes) {
         this.attributes = attributes;
     }
+
+    public List<RelyingPartyOverrideProperty> getOverrides() {
+        return overrides;
+    }
+
+    public void setOverrides(List<RelyingPartyOverrideProperty> overrides) {
+        this.overrides = overrides;
+    }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ConfigurationController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ConfigurationController.java
index 4a0388428..5453ed0c4 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ConfigurationController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ConfigurationController.java
@@ -1,6 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller;
 
-import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomAttributesConfiguration;
+import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -15,10 +15,11 @@
 public class ConfigurationController {
 
     @Autowired
-    CustomAttributesConfiguration customAttributesConfiguration;
+    CustomPropertiesConfiguration customPropertiesConfiguration;
 
     @GetMapping(value = "/customAttributes")
     public ResponseEntity<?> getCustomAttributes() {
-        return ResponseEntity.ok(customAttributesConfiguration.getAttributes());
+        System.out.println("WOO!\n" + customPropertiesConfiguration.getOverrides());
+        return ResponseEntity.ok(customPropertiesConfiguration.getAttributes());
     }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/AttributeUtility.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/AttributeUtility.java
index 2282b04e2..a241acd5b 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/AttributeUtility.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/AttributeUtility.java
@@ -67,4 +67,8 @@ public edu.internet2.tier.shibboleth.admin.ui.domain.Attribute createAttributeWi
     public edu.internet2.tier.shibboleth.admin.ui.domain.Attribute createAttributeWithArbitraryValues(String name, String friendlyName, List<String> values) {
         return createAttributeWithArbitraryValues(name, friendlyName, values.toArray(new String[]{}));
     }
+
+    //TODO createAttributeFromSet
+    // createFromNumber? XSInteger
+    //
 }
diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
index 563d01073..dd0dfb1b4 100644
--- a/backend/src/main/resources/application.yml
+++ b/backend/src/main/resources/application.yml
@@ -26,3 +26,65 @@ custom:
     - name: employeeNumber
       displayName: label.attribute-employeeNumber
   # Custom attributes
+
+# The following contains a map of "relying party overrides".
+# It is imperative when defining them that the "displayType" and "persistType" are known types.
+# Typos or unsupported values here will result in that override being skipped!
+# Supported types are as follows: boolean, integer, string, set, list
+# Note that "persistType" doesn't have to match "displayType". However, the only unmatching combination currently
+# supported is a "displayType" of "boolean" and "persistType" of "string".
+  overrides:
+  # Default overrides
+    - name: signAssertion
+      displayName: Sign the Assertion
+      displayType: boolean
+      helpText: Sign Assertion
+    - name: signResponses
+      displayName: Don't Sign the Response
+      displayType: boolean
+      helpText: Don't Sign Response
+    - name: turnOffEncryption
+      displayName: Turn Off Encryption of Response
+      displayType: boolean
+      helpText: Turn Off Encryption of Response
+    - name: useSha
+      displayName: Use SHA1 Signing Algorithm
+      displayType: boolean
+      helpText: Use SHA1 Signing Algorithm
+      persistType: string
+      persistValue: shibboleth.SecurityConfiguration.SHA1
+    - name: ignoreAuthenticationMethod
+      displayName: Ignore any SP-Requested Authentication Method
+      displayType: boolean
+      helpText: Ignore any SP-Requested Authentication Method
+      persistType: string
+      persistValue: 0x1
+    - name: omitNotBefore
+      displayName: Omit Not Before Condition
+      displayType: boolean
+      helpText: Omit Not Before Condition
+    - name: responderId
+      displayName: responderId
+      displayType: string
+      helpText: ResponderId
+    - name: nameIdFormats
+      displayName: nameIdFormats
+      displayType: list
+      helpText: Add NameID Format
+      defaultValues:
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+    - name: authenticationMethods
+      displayName: authenticationMethods
+      displayType: list
+      helpText: Authentication Methods to Use
+      defaultValues:
+        - https://refeds.org/profile/mfa
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+    - name: forceAuthn
+      displayName: Force AuthN
+      displayType: boolean
+      helpText: Disallows use (or reuse) of authentication results and login flows that don't provide a real-time proof of user presence in the login process
\ No newline at end of file