Merge remote-tracking branch 'origin/master'

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java

@@ -522,7 +522,7 @@ public EntityDescriptorRepresentation createRepresentationFromDescriptor(org.ope
                                 if (jpaAttribute.getAttributeValues().size() != 1) {
                                     throw new RuntimeException("Multiple/No values detected where one is expected!");
                                 }
-                                attributeValues = getValueFromXSStringOrXSAny(jpaAttribute.getAttributeValues().get(0));
+                                attributeValues = getValueFromXMLObject(jpaAttribute.getAttributeValues().get(0));
                                 break;
                             case INTEGER:
                                 if (jpaAttribute.getAttributeValues().size() != 1) {
@@ -536,7 +536,7 @@ public EntityDescriptorRepresentation createRepresentationFromDescriptor(org.ope
                                 }
                                 if (overrideProperty.getPersistType() != null &&
                                     !overrideProperty.getPersistType().equals(overrideProperty.getDisplayType())) {
-                                    attributeValues = getValueFromXSStringOrXSAny(jpaAttribute.getAttributeValues().get(0));
+                                    attributeValues = getValueFromXMLObject(jpaAttribute.getAttributeValues().get(0));
                                 } else {
                                     attributeValues = Boolean.valueOf(((XSBoolean) jpaAttribute.getAttributeValues()
                                             .get(0)).getStoredValue());
@@ -545,7 +545,7 @@ public EntityDescriptorRepresentation createRepresentationFromDescriptor(org.ope
                             case SET:
                             case LIST:
                                 attributeValues = jpaAttribute.getAttributeValues().stream()
-                                        .map(attributeValue -> getValueFromXSStringOrXSAny(attributeValue))
+                                        .map(attributeValue -> getValueFromXMLObject(attributeValue))
                                         .collect(Collectors.toList());
                         }
                         relyingPartyOverrides.put(((RelyingPartyOverrideProperty) override.get()).getName(), attributeValues);
@@ -559,11 +559,17 @@ public EntityDescriptorRepresentation createRepresentationFromDescriptor(org.ope
         return representation;
     }
 
-    private String getValueFromXSStringOrXSAny(XMLObject xmlObject) {
-        if (xmlObject instanceof XSAny) {
-            return ((XSAny)xmlObject).getTextContent();
-        } else {
-            return ((XSString)xmlObject).getValue();
+    private String getValueFromXMLObject(XMLObject xmlObject) {
+        String objectType = xmlObject.getClass().getSimpleName();
+        switch (objectType) {
+            case "XSAny":
+                return ((XSAny)xmlObject).getTextContent();
+            case "XSString":
+                return ((XSString)xmlObject).getValue();
+            case "XSBoolean":
+                return ((XSBoolean)xmlObject).getStoredValue();
+            default:
+                throw new RuntimeException(String.format("Unsupported XML Object type [%s]", objectType));
         }
     }
 

backend/src/main/resources/application.properties

@@ -77,3 +77,5 @@ spring.mail.properties.mail.smtp.starttls.enable=false
 shibui.mail.text-email-template-path-prefix=/mail/text/
 shibui.mail.html.email-template-path-prefix=/mail/html/
 shibui.mail.system-email-address=doNotReply@shibui.org
+
+shibui.roles=ROLE_ADMIN,ROLE_USER,ROLE_NONE

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImplTests.groovy

@@ -6,7 +6,10 @@ import edu.internet2.tier.shibboleth.admin.ui.configuration.CoreShibUiConfigurat
 import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration
 import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor
 import edu.internet2.tier.shibboleth.admin.ui.domain.XSAny
+import edu.internet2.tier.shibboleth.admin.ui.domain.XSAnyBuilder
 import edu.internet2.tier.shibboleth.admin.ui.domain.XSBoolean
+import edu.internet2.tier.shibboleth.admin.ui.domain.XSBooleanBuilder
+import edu.internet2.tier.shibboleth.admin.ui.domain.XSStringBuilder
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.AssertionConsumerServiceRepresentation
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.ContactRepresentation
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation
@@ -786,6 +789,59 @@ class JPAEntityDescriptorServiceImplTests extends Specification {
         expectedVersion == actualVersion
     }
 
+    def "SHIBUI-1220 getValueFromXMLObject handles XSAny"() {
+        given:
+        def builder = new XSAnyBuilder()
+        def xsAny = builder.buildObject('namespace', 'localname', 'prefix')
+        def expectedTextContent = 'expectedTextContent'
+        xsAny.setTextContent(expectedTextContent)
+
+        when:
+        def result = service.getValueFromXMLObject(xsAny)
+
+        then:
+        result == expectedTextContent
+    }
+
+    def "SHIBUI-1220 getValueFromXMLObject handles XSString"() {
+        given:
+        def builder = new XSStringBuilder()
+        def xsString = builder.buildObject('namespace', 'localname', 'prefix')
+        def expectedValue = 'expectedValue'
+        xsString.setValue(expectedValue)
+
+        when:
+        def result = service.getValueFromXMLObject(xsString)
+
+        then:
+        result == expectedValue
+    }
+
+    def "SHIBUI-1220 getValueFromXMLObject handles XSBoolean"() {
+        given:
+        def builder = new XSBooleanBuilder()
+        def xsBoolean = builder.buildObject('namespace', 'localname', 'prefix')
+        def expectedValue = 'true'
+        xsBoolean.setStoredValue(expectedValue)
+
+        when:
+        def result = service.getValueFromXMLObject(xsBoolean)
+
+        then:
+        result == expectedValue
+    }
+
+    def "SHIBUI-1220 getValueFromXMLObject throws RuntimeException for unhandled object type"() {
+        given:
+        def unhandledObject = new Object()
+
+        when:
+        service.getValueFromXMLObject(unhandledObject)
+
+        then:
+        thrown RuntimeException
+    }
+
     EntityDescriptor generateRandomEntityDescriptor() {
         EntityDescriptor ed = new EntityDescriptor()
 

pac4j-module/src/test/docker/conf/application.yml

@@ -26,6 +26,117 @@ shibui:
       firstName: urn:oid:2.5.4.42
       lastName: urn:oid:2.5.4.4
       email: urn:oid:0.9.2342.19200300.100.1.3
+custom:
+  attributes:
+    # Default attributes
+    - name: eduPersonPrincipalName
+      displayName: label.attribute-eduPersonPrincipalName
+    - name: uid
+      displayName: label.attribute-uid
+    - name: mail
+      displayName: label.attribute-mail
+    - name: surname
+      displayName: label.attribute-surname
+    - name: givenName
+      displayName: label.attribute-givenName
+    - name: eduPersonAffiliation
+      displayName: label.attribute-eduPersonAffiliation
+    - name: eduPersonScopedAffiliation
+      displayName: label.attribute-eduPersonScopedAffiliation
+    - name: eduPersonPrimaryAffiliation
+      displayName: label.attribute-eduPersonPrimaryAffiliation
+    - name: eduPersonEntitlement
+      displayName: label.attribute-eduPersonEntitlement
+    - name: eduPersonAssurance
+      displayName: label.attribute-eduPersonAssurance
+    - name: eduPersonUniqueId
+      displayName: label.attribute-eduPersonUniqueId
+    - name: employeeNumber
+      displayName: label.attribute-employeeNumber
+  # Custom attributes
+  overrides:
+    # Default overrides
+    - name: signAssertion
+      displayName: label.sign-the-assertion
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.sign-assertion
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions
+      attributeFriendlyName: signAssertions
+    - name: dontSignResponse
+      displayName: label.dont-sign-the-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.dont-sign-response
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses
+      attributeFriendlyName: signResponses
+    - name: turnOffEncryption
+      displayName: label.turn-off-encryption-of-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.turn-off-encryption
+      attributeName: http://shibboleth.net/ns/profiles/encryptAssertions
+      attributeFriendlyName: encryptAssertions
+    - name: useSha
+      displayName: label.use-sha1-signing-algorithm
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.usa-sha-algorithm
+      persistType: string
+      persistValue: shibboleth.SecurityConfiguration.SHA1
+      attributeName: http://shibboleth.net/ns/profiles/securityConfiguration
+      attributeFriendlyName: securityConfiguration
+    - name: ignoreAuthenticationMethod
+      displayName: label.ignore-any-sp-requested-authentication-method
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.ignore-auth-method
+      persistType: string
+      persistValue: 0x1
+      attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures
+      attributeFriendlyName: disallowedFeatures
+    - name: omitNotBefore
+      displayName: label.omit-not-before-condition
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.omit-not-before-condition
+      attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore
+      attributeFriendlyName: includeConditionsNotBefore
+    - name: responderId
+      displayName: label.responder-id
+      displayType: string
+      defaultValue: null
+      helpText: tooltip.responder-id
+      attributeName: http://shibboleth.net/ns/profiles/responderId
+      attributeFriendlyName: responderId
+    - name: nameIdFormats
+      displayName: label.nameid-format-to-send
+      displayType: set
+      helpText: tooltip.nameid-format
+      defaultValues:
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+      attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence
+      attributeFriendlyName: nameIDFormatPrecedence
+    - name: authenticationMethods
+      displayName: label.authentication-methods-to-use
+      displayType: set
+      helpText: tooltip.authentication-methods-to-use
+      defaultValues:
+        - https://refeds.org/profile/mfa
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+      attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods
+      attributeFriendlyName: defaultAuthenticationMethods
+    - name: forceAuthn
+      displayName: label.force-authn
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.force-authn
+      attributeName: http://shibboleth.net/ns/profiles/forceAuthn
+      attributeFriendlyName: forceAuthn
 logging:
   level:
     org.pac4j: "TRACE"

pac4j-module/src/test/docker/conf/users.csv

@@ -0,0 +1 @@
+shibui-admin1,{bcrypt}$2a$10$ssM2LpFqceRQ/ta0JehGcu0BawFQDbxjQGSyVmKS6qa09hHLigtAO,test,test,ROLE_ADMIN,test@example.com