diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/NameIdFormatFilterUiDefinitionController.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/NameIdFormatFilterUiDefinitionController.groovy index 8177af7d7..80bbffe94 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/NameIdFormatFilterUiDefinitionController.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/NameIdFormatFilterUiDefinitionController.groovy @@ -12,7 +12,6 @@ import org.springframework.web.bind.annotation.RestController import javax.annotation.PostConstruct -import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaLocationLookup.entityAttributesFiltersSchema import static edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaLocationLookup.nameIdFormatFilterSchema import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index cf7c44d8f..c7cf4105a 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -103,6 +103,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { if (metadataFilter instanceof NameIdFormatFilter) { NameIdFormatFilter nameIdFormatFilter = NameIdFormatFilter.cast(metadataFilter) NameIDFormatFilter openSamlTargetFilter = new OpenSamlNameIdFormatFilter() + openSamlTargetFilter.removeExistingFormats = nameIdFormatFilter.removeExistingFormats Map, Collection> predicateRules = [:] def type = nameIdFormatFilter.nameIdFormatFilterTarget.nameIdFormatFilterTargetType def values = nameIdFormatFilter.nameIdFormatFilterTarget.value diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/opensaml/OpenSamlNameIdFormatFilter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/opensaml/OpenSamlNameIdFormatFilter.java index 1fb1ccc38..7f4fc30ba 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/opensaml/OpenSamlNameIdFormatFilter.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/opensaml/OpenSamlNameIdFormatFilter.java @@ -1,12 +1,23 @@ package edu.internet2.tier.shibboleth.admin.ui.domain.filters.opensaml; +import net.shibboleth.utilities.java.support.annotation.constraint.NonnullElements; +import net.shibboleth.utilities.java.support.component.ComponentSupport; import org.opensaml.core.xml.XMLObject; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.saml.common.SAMLObjectBuilder; import org.opensaml.saml.metadata.resolver.filter.FilterException; import org.opensaml.saml.metadata.resolver.filter.impl.NameIDFormatFilter; +import org.opensaml.saml.saml2.metadata.AttributeAuthorityDescriptor; import org.opensaml.saml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.NameIDFormat; +import org.opensaml.saml.saml2.metadata.PDPDescriptor; +import org.opensaml.saml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import javax.annotation.Nonnull; import javax.annotation.Nullable; +import java.util.Collection; /** * Extension to open saml type for workaround forced component initialization check. We need to override filter @@ -16,6 +27,22 @@ */ public class OpenSamlNameIdFormatFilter extends NameIDFormatFilter { + private boolean removeExistingFormats; + + @Nonnull private final SAMLObjectBuilder formatBuilder; + + public OpenSamlNameIdFormatFilter() { + formatBuilder = (SAMLObjectBuilder) + XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilderOrThrow( + NameIDFormat.DEFAULT_ELEMENT_NAME); + } + + @Override + public void setRemoveExistingFormats(final boolean flag) { + ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this); + removeExistingFormats = flag; + } + @Nullable @Override public XMLObject filter(@Nullable XMLObject metadata) throws FilterException { @@ -31,4 +58,32 @@ public XMLObject filter(@Nullable XMLObject metadata) throws FilterException { return metadata; } + + /**Overridden to get rid of log statements which result in NPE in the base class with parent being null**/ + @Override + protected void filterRoleDescriptor(@Nonnull final RoleDescriptor role, + @Nonnull @NonnullElements final Collection formats) { + + final Collection roleFormats; + + if (role instanceof SPSSODescriptor) { + roleFormats = ((SPSSODescriptor) role).getNameIDFormats(); + } else if (role instanceof AttributeAuthorityDescriptor) { + roleFormats = ((AttributeAuthorityDescriptor) role).getNameIDFormats(); + } else if (role instanceof PDPDescriptor) { + roleFormats = ((PDPDescriptor) role).getNameIDFormats(); + } else { + return; + } + + if (removeExistingFormats && !roleFormats.isEmpty()) { + roleFormats.clear(); + } + + for (final String format : formats) { + final NameIDFormat nif = formatBuilder.buildObject(); + nif.setFormat(format); + roleFormats.add(nif); + } + } }