wip

backend/build.gradle

@@ -26,7 +26,7 @@ repositories {
 configurations.all {
     resolutionStrategy {
         force 'org.cryptacular:cryptacular:1.1.3'
-        
+
         eachDependency { details ->
             if (details.requested.group == 'org.seleniumhq.selenium' && details.requested.name != 'htmlunit-driver') {
                 details.useVersion '3.141.59'
@@ -38,7 +38,7 @@ configurations.all {
 configurations {
     integrationTestCompile {
         extendsFrom compile
-        
+
     }
     integrationTestRuntime {
         extendsFrom runtime
@@ -170,6 +170,7 @@ dependencies {
     compile "com.h2database:h2"
     runtimeOnly "org.postgresql:postgresql"
     runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:2.2.0'
+    runtimeOnly 'mysql:mysql-connector-java:5.1.48'
 
     //Swagger
     compile 'io.springfox:springfox-swagger2:2.9.2'
@@ -187,7 +188,7 @@ dependencies {
     //JSON schema generator
     testCompile 'com.kjetland:mbknor-jackson-jsonschema_2.12:1.0.29'
     testCompile 'javax.validation:validation-api:2.0.1.Final'
-    
+
     //JSON schema validator
     compile 'org.sharegov:mjson:1.4.1'
 
@@ -200,7 +201,7 @@ dependencies {
     integrationTestCompile "org.springframework.security:spring-security-test"
     integrationTestCompile "org.spockframework:spock-core:1.1-groovy-2.4"
     integrationTestCompile "org.spockframework:spock-spring:1.1-groovy-2.4"
-    
+
     // CSV file support
     compile 'com.opencsv:opencsv:4.4'
 

testbed/mysql/conf/application.yml

@@ -0,0 +1,138 @@
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: mysql
+    driver-class-name: com.mysql.jdbc.Driver
+    url: jdbc:mysql://db:3306/shibui
+    username: shibui
+    password: shibui
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.MySQL5Dialect
+server:
+  port: 8443
+  ssl:
+    key-store: "/conf/keystore.p12"
+    key-store-password: "changeit"
+    keyStoreType: "PKCS12"
+    keyAlias: "tomcat"
+shibui:
+  user-bootstrap-resource: file:/conf/users.csv
+  roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY
+custom:
+  attributes:
+    # Default attributes
+    - name: eduPersonPrincipalName
+      displayName: label.attribute-eduPersonPrincipalName
+    - name: uid
+      displayName: label.attribute-uid
+    - name: mail
+      displayName: label.attribute-mail
+    - name: surname
+      displayName: label.attribute-surname
+    - name: givenName
+      displayName: label.attribute-givenName
+    - name: eduPersonAffiliation
+      displayName: label.attribute-eduPersonAffiliation
+    - name: eduPersonScopedAffiliation
+      displayName: label.attribute-eduPersonScopedAffiliation
+    - name: eduPersonPrimaryAffiliation
+      displayName: label.attribute-eduPersonPrimaryAffiliation
+    - name: eduPersonEntitlement
+      displayName: label.attribute-eduPersonEntitlement
+    - name: eduPersonAssurance
+      displayName: label.attribute-eduPersonAssurance
+    - name: eduPersonUniqueId
+      displayName: label.attribute-eduPersonUniqueId
+    - name: employeeNumber
+      displayName: label.attribute-employeeNumber
+  # Custom attributes
+  overrides:
+    # Default overrides
+    - name: signAssertion
+      displayName: label.sign-the-assertion
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.sign-assertion
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions
+      attributeFriendlyName: signAssertions
+    - name: dontSignResponse
+      displayName: label.dont-sign-the-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.dont-sign-response
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses
+      attributeFriendlyName: signResponses
+    - name: turnOffEncryption
+      displayName: label.turn-off-encryption-of-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.turn-off-encryption
+      attributeName: http://shibboleth.net/ns/profiles/encryptAssertions
+      attributeFriendlyName: encryptAssertions
+    - name: useSha
+      displayName: label.use-sha1-signing-algorithm
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.usa-sha-algorithm
+      persistType: string
+      persistValue: shibboleth.SecurityConfiguration.SHA1
+      attributeName: http://shibboleth.net/ns/profiles/securityConfiguration
+      attributeFriendlyName: securityConfiguration
+    - name: ignoreAuthenticationMethod
+      displayName: label.ignore-any-sp-requested-authentication-method
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.ignore-auth-method
+      persistType: string
+      persistValue: 0x1
+      attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures
+      attributeFriendlyName: disallowedFeatures
+    - name: omitNotBefore
+      displayName: label.omit-not-before-condition
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.omit-not-before-condition
+      attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore
+      attributeFriendlyName: includeConditionsNotBefore
+    - name: responderId
+      displayName: label.responder-id
+      displayType: string
+      defaultValue: null
+      helpText: tooltip.responder-id
+      attributeName: http://shibboleth.net/ns/profiles/responderId
+      attributeFriendlyName: responderId
+    - name: nameIdFormats
+      displayName: label.nameid-format-to-send
+      displayType: set
+      helpText: tooltip.nameid-format
+      defaultValues:
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+      attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence
+      attributeFriendlyName: nameIDFormatPrecedence
+    - name: authenticationMethods
+      displayName: label.authentication-methods-to-use
+      displayType: set
+      helpText: tooltip.authentication-methods-to-use
+      defaultValues:
+        - https://refeds.org/profile/mfa
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+      attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods
+      attributeFriendlyName: defaultAuthenticationMethods
+    - name: forceAuthn
+      displayName: label.force-authn
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.force-authn
+      attributeName: http://shibboleth.net/ns/profiles/forceAuthn
+      attributeFriendlyName: forceAuthn
+logging:
+  level:
+    org.pac4j: "TRACE"
+    org.opensaml: "INFO"

testbed/mysql/conf/users.csv

@@ -0,0 +1,2 @@
+root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
+jj,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,jj@example.org

testbed/mysql/docker-compose.yml

@@ -0,0 +1,41 @@
+version: "3.7"
+
+services:
+  db:
+    image: mysql
+    container_name: db
+    environment:
+      MYSQL_DATABASE: shibui
+      MYSQL_USER: shibui
+      MYSQL_PASSWORD: shibui
+      MYSQL_ROOT_PASSWORD: root
+
+    networks:
+      - front
+    ports:
+      - 3306:3306
+  shibui:
+    image: unicon/shibui
+    ports:
+      - 8080:8080
+      - 5005:5005
+      - 8443:8443
+    volumes:
+      - ./conf:/conf
+      - ./conf/application.yml:/application.yml
+    networks:
+      - front
+    depends_on:
+      - db
+  mailhog:
+    image: mailhog/mailhog:latest
+    ports:
+      - 1025:1025
+      - 8025:8025
+    container_name: mailhog
+    networks:
+      - front
+
+networks:
+  front:
+    driver: bridge