1.x

.gitignore

@@ -0,0 +1,2 @@
+.idea
+target

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.1/apache-maven-3.8.1-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar

DEVNOTES.adoc

@@ -0,0 +1,14 @@
+= Developer Notes
+
+* When building, there will be warnings about `Bundle edu.internet2.middleware.grouper.plugins:grouper-authentication-plugin:bundle:0.0.1-SNAPSHOT : Classes found in the wrong directory`. This can be safely ignored
+
+* During tests, there will be log messages like
++
+----
+2023-12-01T10:30:12,364: [main] WARN  ConfigUtils.checkConfig(93) - [] - you are using the config key `external.authentication.saml.keyStoreAlias`; this should be changed to `external.authentication.saml.keystoreAlias`
+2023-12-01T10:30:12,368: [main] WARN  ConfigUtils.checkConfig(93) - [] - you are using the config key `external.authentication.saml.keyStoreType`; this should be changed to `external.authentication.saml.keystoreType`
+----
++
+These can usually be safely ignored.
++
+* SPIs will not work properly if the jar is built with inline; this should be considered if this configuration is changed. Some of the included libraries/frameworks depend on this, notably opensaml.

README.adoc

@@ -0,0 +1,86 @@
+= Grouper External Authentication Plugin
+
+Grouper plugin that provides configurable authentication. Features include
+
+* Authentication for UI, without requiring a separate process or container
+* Supports SAML2, OIDC, and CAS
+
+== Usage
+
+=== Grouper Version 4.x
+
+NOTE: For a fully integrated sample configuration, see the docker-compose setup in the `src/test/docker` folder of the Git
+repository. The environment includes sample Grouper configurations for SAML2, OIDC, or CAS, along with a Shibboleth IDP
+that can authenticate Grouper using any of these methods.
+
+. Add plugin to Grouper image (latest versions can be downloaded from https://github.internet2.edu/internet2/grouper-ext-auth/releases[])
++
+[source, dockerfile]
+----
+COPY grouper-authentication-plugin.jar /opt/grouper/plugins
+----
+
+. Enable Plugins
++
+In `grouper.properties`, add properties
++
+[source, properties]
+----
+grouper.osgi.enable = true
+grouper.osgi.jar.dir = /opt/grouper/plugins
+grouper.osgi.framework.boot.delegation=org.osgi.*,javax.*,org.apache.commons.logging,edu.internet2.middleware.grouperClient.*,edu.internet2.middleware.grouper.*,org.w3c.*,org.xml.*,sun.*
+
+grouperOsgiPlugin.0.jarName = grouper-authentication-plugin.jar
+----
++
+`grouper.osgi.jar.dir` should point to the directory you copied the file to in your image build file
++
+`grouperOsgiPlugin.0.jarName` should be the name of the file you copied in
+
+. Configure UI
++
+In `grouper-ui.properties, add properties appropriate for desired authentication. Note that only one can be used.
++
+Most of the configuration for the underlying authentication library is exposed to the Grouper configuration. Any field in the Java classes can be directly set using the field name or a setter used by using a related property (setting `attribute=value` will call `setAttribute(value)` )
+
+.. SAML2
++
+For SAML2, for example:
++
+[source,properties]
+----
+external.authentication.provider = saml
+external.authentication.saml.identityProviderEntityId = https://idp.unicon.local/idp/shibboleth
+external.authentication.saml.serviceProviderEntityId = http://localhost:8080/grouper
+external.authentication.saml.serviceProviderMetadataPath = file:/opt/grouper/sp-metadata.xml
+external.authentication.saml.identityProviderMetadataPath = file:/opt/grouper/idp-metadata.xml
+external.authentication.saml.keystorePath = file:/opt/grouper/here.key
+external.authentication.saml.keystorePassword = testme
+external.authentication.saml.privateKeyPassword = testme
+external.authentication.saml.attributeAsId = urn:oid:0.9.2342.19200300.100.1.1
+----
++
+For more information and more options, see https://www.pac4j.org/5.7.x/docs/clients/saml.html[] and https://github.com/pac4j/pac4j/blob/5.7.x/pac4j-saml/src/main/java/org/pac4j/saml/config/SAML2Configuration.java[]
+
+.. OIDC
++
+For OIDC, for example:
++
+[source,properties]
+----
+external.authentication.provider = oidc
+external.authentication.oidc.clientId = *****
+external.authentication.oidc.discoveryURI = https://unicon.okta.com/.well-known/openid-configuration
+external.authentication.oidc.secret = *****
+external.authentication.oidc.claimAsUsername = preferred_username
+----
++
+For more information and more options, see https://www.pac4j.org/5.7.x/docs/clients/openid-connect.html[] and https://github.com/pac4j/pac4j/blob/5.7.x/pac4j-oidc/src/main/java/org/pac4j/oidc/config/OidcConfiguration.java[]
+
+=== Version 5.x+
+
+TODO
+
+== More Information
+
+If assistance is needed (e.g., bugs, errors, configuration samples), feel free to open a ticket in the github repository or ask on the Slack channel