diff --git a/pom.xml b/pom.xml index 6bd8a8f..ff9a9e8 100644 --- a/pom.xml +++ b/pom.xml @@ -105,6 +105,13 @@ pac4j-oidc ${pac4j.version} + + + + com.nimbusds + oauth2-oidc-sdk + 10.1 + org.osgi diff --git a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/config/OidcClientProvider.java b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/config/OidcClientProvider.java index 8227173..613f6dc 100644 --- a/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/config/OidcClientProvider.java +++ b/src/main/java/edu/internet2/middleware/grouper/authentication/plugin/config/OidcClientProvider.java @@ -3,12 +3,10 @@ import edu.internet2.middleware.grouper.authentication.plugin.ConfigUtils; import edu.internet2.middleware.grouper.authentication.plugin.ExternalAuthenticationServletContainerInitializer; import edu.internet2.middleware.grouper.authentication.plugin.GrouperAuthentication; -import edu.internet2.middleware.grouper.authentication.plugin.Pac4jConfigFactory; import edu.internet2.middleware.grouper.authentication.plugin.oidc.client.ClaimAsUsernameOidcClient; import edu.internet2.middleware.grouper.authentication.plugin.oidc.config.ClaimAsUsernameOidcConfiguration; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.log4j.Logger; import org.osgi.framework.BundleContext; import org.osgi.framework.FrameworkUtil; import org.osgi.framework.InvalidSyntaxException; diff --git a/src/test/docker/grouper/config/grouper-ui.properties b/src/test/docker/grouper/config/grouper-ui.properties index 319b909..c0c5d69 100644 --- a/src/test/docker/grouper/config/grouper-ui.properties +++ b/src/test/docker/grouper/config/grouper-ui.properties @@ -1,11 +1,11 @@ grouper.is.extAuth.enabled = true external.authentication.grouperContextUrl = https://grouper-ui.unicon.local/grouper -#external.authentication.provider = oidc -#external.authentication.oidc.clientId = ***** -#external.authentication.oidc.discoveryURI = https://unicon.okta.com/.well-known/openid-configuration -#external.authentication.oidc.secret = ***** -#external.authentication.oidc.claimAsUsername = preferred_username +external.authentication.provider = oidc +external.authentication.oidc.clientId = grouper +external.authentication.oidc.discoveryURI = https://idp.unicon.local/idp/profile/oidc/configuration +external.authentication.oidc.secret = thisisverysecret +external.authentication.oidc.claimAsUsername = preferred_username #external.authentication.provider = saml #external.authentication.saml.identityProviderEntityId = https://idp.unicon.local/idp/shibboleth diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-filter.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-filter.xml index e87595f..4c53130 100644 --- a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-filter.xml +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-filter.xml @@ -12,7 +12,9 @@ + xmlns:oidc="urn:mace:shibboleth:2.0:afp:oidc" + xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd + urn:mace:shibboleth:2.0:afp:oidc http://shibboleth.net/schema/oidc/shibboleth-afp-oidc.xsd"> @@ -20,5 +22,19 @@ + + + + + + + + + + + + + + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-resolver.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-resolver.xml index dd5545f..25ba1ce 100644 --- a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-resolver.xml +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/attribute-resolver.xml @@ -14,24 +14,10 @@ list of possible components and their options. --> - - - - - - - - - - + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:oidc="urn:mace:shibboleth:2.0:resolver:oidc" + xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd + urn:mace:shibboleth:2.0:resolver:oidc http://shibboleth.net/schema/oidc/shibboleth-attribute-encoder-oidc.xsd"> - - + - - - - - - + - - - - - - - - %{idp.scope} - - - member - - - diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-clientinfo-resolvers.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-clientinfo-resolvers.xml index cc8aa14..8f8fce6 100644 --- a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-clientinfo-resolvers.xml +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/oidc-clientinfo-resolvers.xml @@ -20,16 +20,8 @@ --> - - + - - - - diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/relying-party.xml b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/relying-party.xml index d3de2bf..517228c 100644 --- a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/relying-party.xml +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/conf/relying-party.xml @@ -24,6 +24,7 @@ + diff --git a/src/test/docker/shibboleth-idp/opt-shibboleth-idp/metadata/oidc-grouper.json b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/metadata/oidc-grouper.json new file mode 100644 index 0000000..bddd6ea --- /dev/null +++ b/src/test/docker/shibboleth-idp/opt-shibboleth-idp/metadata/oidc-grouper.json @@ -0,0 +1,7 @@ +{ + "client_id": "grouper", + "client_secret": "thisisverysecret", + "response_types": ["code"], + "scope": "openid info profile email address phone", + "redirect_uris": ["https://grouper-ui.unicon.local/grouper/callback?client_name=client"] +} \ No newline at end of file