diff --git a/backend/build.gradle b/backend/build.gradle index 21c508193..64f8a7e10 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -26,7 +26,7 @@ repositories { configurations.all { resolutionStrategy { force 'org.cryptacular:cryptacular:1.1.3' - + eachDependency { details -> if (details.requested.group == 'org.seleniumhq.selenium' && details.requested.name != 'htmlunit-driver') { details.useVersion '3.141.59' @@ -38,7 +38,7 @@ configurations.all { configurations { integrationTestCompile { extendsFrom compile - + } integrationTestRuntime { extendsFrom runtime @@ -170,6 +170,7 @@ dependencies { compile "com.h2database:h2" runtimeOnly "org.postgresql:postgresql" runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:2.2.0' + runtimeOnly 'mysql:mysql-connector-java:5.1.48' //Swagger compile 'io.springfox:springfox-swagger2:2.9.2' @@ -187,7 +188,7 @@ dependencies { //JSON schema generator testCompile 'com.kjetland:mbknor-jackson-jsonschema_2.12:1.0.29' testCompile 'javax.validation:validation-api:2.0.1.Final' - + //JSON schema validator compile 'org.sharegov:mjson:1.4.1' @@ -200,7 +201,7 @@ dependencies { integrationTestCompile "org.springframework.security:spring-security-test" integrationTestCompile "org.spockframework:spock-core:1.1-groovy-2.4" integrationTestCompile "org.spockframework:spock-spring:1.1-groovy-2.4" - + // CSV file support compile 'com.opencsv:opencsv:4.4' diff --git a/testbed/mysql/conf/application.yml b/testbed/mysql/conf/application.yml new file mode 100644 index 000000000..2f6774d17 --- /dev/null +++ b/testbed/mysql/conf/application.yml @@ -0,0 +1,138 @@ +spring: + profiles: + include: + datasource: + platform: mysql + driver-class-name: com.mysql.jdbc.Driver + url: jdbc:mysql://db:3306/shibui + username: shibui + password: shibui + jpa: + properties: + hibernate: + dialect: org.hibernate.dialect.MySQL5Dialect +server: + port: 8443 + ssl: + key-store: "/conf/keystore.p12" + key-store-password: "changeit" + keyStoreType: "PKCS12" + keyAlias: "tomcat" +shibui: + user-bootstrap-resource: file:/conf/users.csv + roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY +custom: + attributes: + # Default attributes + - name: eduPersonPrincipalName + displayName: label.attribute-eduPersonPrincipalName + - name: uid + displayName: label.attribute-uid + - name: mail + displayName: label.attribute-mail + - name: surname + displayName: label.attribute-surname + - name: givenName + displayName: label.attribute-givenName + - name: eduPersonAffiliation + displayName: label.attribute-eduPersonAffiliation + - name: eduPersonScopedAffiliation + displayName: label.attribute-eduPersonScopedAffiliation + - name: eduPersonPrimaryAffiliation + displayName: label.attribute-eduPersonPrimaryAffiliation + - name: eduPersonEntitlement + displayName: label.attribute-eduPersonEntitlement + - name: eduPersonAssurance + displayName: label.attribute-eduPersonAssurance + - name: eduPersonUniqueId + displayName: label.attribute-eduPersonUniqueId + - name: employeeNumber + displayName: label.attribute-employeeNumber + # Custom attributes + overrides: + # Default overrides + - name: signAssertion + displayName: label.sign-the-assertion + displayType: boolean + defaultValue: false + helpText: tooltip.sign-assertion + attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions + attributeFriendlyName: signAssertions + - name: dontSignResponse + displayName: label.dont-sign-the-response + displayType: boolean + defaultValue: false + helpText: tooltip.dont-sign-response + attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses + attributeFriendlyName: signResponses + - name: turnOffEncryption + displayName: label.turn-off-encryption-of-response + displayType: boolean + defaultValue: false + helpText: tooltip.turn-off-encryption + attributeName: http://shibboleth.net/ns/profiles/encryptAssertions + attributeFriendlyName: encryptAssertions + - name: useSha + displayName: label.use-sha1-signing-algorithm + displayType: boolean + defaultValue: false + helpText: tooltip.usa-sha-algorithm + persistType: string + persistValue: shibboleth.SecurityConfiguration.SHA1 + attributeName: http://shibboleth.net/ns/profiles/securityConfiguration + attributeFriendlyName: securityConfiguration + - name: ignoreAuthenticationMethod + displayName: label.ignore-any-sp-requested-authentication-method + displayType: boolean + defaultValue: false + helpText: tooltip.ignore-auth-method + persistType: string + persistValue: 0x1 + attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures + attributeFriendlyName: disallowedFeatures + - name: omitNotBefore + displayName: label.omit-not-before-condition + displayType: boolean + defaultValue: false + helpText: tooltip.omit-not-before-condition + attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore + attributeFriendlyName: includeConditionsNotBefore + - name: responderId + displayName: label.responder-id + displayType: string + defaultValue: null + helpText: tooltip.responder-id + attributeName: http://shibboleth.net/ns/profiles/responderId + attributeFriendlyName: responderId + - name: nameIdFormats + displayName: label.nameid-format-to-send + displayType: set + helpText: tooltip.nameid-format + defaultValues: + - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + - urn:oasis:names:tc:SAML:2.0:nameid-format:transient + attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence + attributeFriendlyName: nameIDFormatPrecedence + - name: authenticationMethods + displayName: label.authentication-methods-to-use + displayType: set + helpText: tooltip.authentication-methods-to-use + defaultValues: + - https://refeds.org/profile/mfa + - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken + - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport + attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods + attributeFriendlyName: defaultAuthenticationMethods + - name: forceAuthn + displayName: label.force-authn + displayType: boolean + defaultValue: false + helpText: tooltip.force-authn + attributeName: http://shibboleth.net/ns/profiles/forceAuthn + attributeFriendlyName: forceAuthn +logging: + level: + org.pac4j: "TRACE" + org.opensaml: "INFO" diff --git a/testbed/mysql/conf/keystore.p12 b/testbed/mysql/conf/keystore.p12 new file mode 100644 index 000000000..57f9c162a Binary files /dev/null and b/testbed/mysql/conf/keystore.p12 differ diff --git a/testbed/mysql/conf/users.csv b/testbed/mysql/conf/users.csv new file mode 100644 index 000000000..db290662e --- /dev/null +++ b/testbed/mysql/conf/users.csv @@ -0,0 +1,2 @@ +root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org +jj,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,jj@example.org \ No newline at end of file diff --git a/testbed/mysql/docker-compose.yml b/testbed/mysql/docker-compose.yml new file mode 100644 index 000000000..92d41f1a5 --- /dev/null +++ b/testbed/mysql/docker-compose.yml @@ -0,0 +1,41 @@ +version: "3.7" + +services: + db: + image: mysql + container_name: db + environment: + MYSQL_DATABASE: shibui + MYSQL_USER: shibui + MYSQL_PASSWORD: shibui + MYSQL_ROOT_PASSWORD: root + + networks: + - front + ports: + - 3306:3306 + shibui: + image: unicon/shibui + ports: + - 8080:8080 + - 5005:5005 + - 8443:8443 + volumes: + - ./conf:/conf + - ./conf/application.yml:/application.yml + networks: + - front + depends_on: + - db + mailhog: + image: mailhog/mailhog:latest + ports: + - 1025:1025 + - 8025:8025 + container_name: mailhog + networks: + - front + +networks: + front: + driver: bridge