Comments (6)
For anybody running into the same problem. It seems that problem lies within the class org.pac4j.saml.client.SAML2ClientConfiguration
To fix the problem, I created a new factory for SAML only and then merge it in my getConfiguration. Not the best solution, but it works around the problem in the mean time.
config:
pac4j:
callbackUrl: auth/callback
pac4j-saml:
-
keystorePath: ...
keystorePassword: ...
privateKeyPassword: ...
identityProviderMetadataPath: ...
serviceProviderEntityId: ...
maximumAuthenticationLifetime: ...
application:
pac4j = new Pac4jBundle<ApplicationConfiguration>() {
@Override
public Pac4jFactory getPac4jFactory(ApplicationConfiguration configuration) {
Pac4jFactory pac4j = configuration.getPac4j();
for (SAML2ClientFactory saml : configuration.getSaml2Configs()) {
pac4j.getClients().add(saml.build());
}
return pac4j;
}
};
config wrapper:
import java.util.Collection;
import java.util.List;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.client.SAML2ClientConfiguration;
import com.fasterxml.jackson.annotation.JsonProperty;
public class SAML2ClientFactory {
private String name;
private String keystorePath;
private String keystorePassword;
private String privateKeyPassword;
private String identityProviderMetadataPath;
private String identityProviderEntityId;
private String serviceProviderEntityId;
private int maximumAuthenticationLifetime;
private boolean forceAuth = false;
private boolean forceSignRedirectBindingAuthnRequest;
private String comparisonType = null;
private String destinationBindingType = SAMLConstants.SAML2_POST_BINDING_URI;
private String authnContextClassRef = null;
private String nameIdPolicyFormat = null;
private Collection<String> blackListedSignatureSigningAlgorithms;
private List<String> signatureAlgorithms;
private List<String> signatureReferenceDigestMethods;
private String signatureCanonicalizationAlgorithm;
private boolean wantsAssertionsSigned = true;
private String keyStoreAlias;
private String keyStoreType;
@JsonProperty
public String getName() {
return name;
}
@JsonProperty
public void setName(String name) {
this.name = name;
}
@JsonProperty
public String getKeystorePath() {
return keystorePath;
}
@JsonProperty
public void setKeystorePath(String keystorePath) {
this.keystorePath = keystorePath;
}
@JsonProperty
public String getKeystorePassword() {
return keystorePassword;
}
@JsonProperty
public void setKeystorePassword(String keystorePassword) {
this.keystorePassword = keystorePassword;
}
@JsonProperty
public String getPrivateKeyPassword() {
return privateKeyPassword;
}
@JsonProperty
public void setPrivateKeyPassword(String privateKeyPassword) {
this.privateKeyPassword = privateKeyPassword;
}
@JsonProperty
public String getIdentityProviderMetadataPath() {
return identityProviderMetadataPath;
}
@JsonProperty
public void setIdentityProviderMetadataPath(String identityProviderMetadataPath) {
this.identityProviderMetadataPath = identityProviderMetadataPath;
}
@JsonProperty
public String getIdentityProviderEntityId() {
return identityProviderEntityId;
}
@JsonProperty
public void setIdentityProviderEntityId(String identityProviderEntityId) {
this.identityProviderEntityId = identityProviderEntityId;
}
@JsonProperty
public String getServiceProviderEntityId() {
return serviceProviderEntityId;
}
@JsonProperty
public void setServiceProviderEntityId(String serviceProviderEntityId) {
this.serviceProviderEntityId = serviceProviderEntityId;
}
@JsonProperty
public int getMaximumAuthenticationLifetime() {
return maximumAuthenticationLifetime;
}
@JsonProperty
public void setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime) {
this.maximumAuthenticationLifetime = maximumAuthenticationLifetime;
}
@JsonProperty
public boolean isForceAuth() {
return forceAuth;
}
@JsonProperty
public void setForceAuth(boolean forceAuth) {
this.forceAuth = forceAuth;
}
@JsonProperty
public boolean isForceSignRedirectBindingAuthnRequest() {
return forceSignRedirectBindingAuthnRequest;
}
@JsonProperty
public void setForceSignRedirectBindingAuthnRequest(boolean forceSignRedirectBindingAuthnRequest) {
this.forceSignRedirectBindingAuthnRequest = forceSignRedirectBindingAuthnRequest;
}
@JsonProperty
public String getComparisonType() {
return comparisonType;
}
@JsonProperty
public void setComparisonType(String comparisonType) {
this.comparisonType = comparisonType;
}
@JsonProperty
public String getDestinationBindingType() {
return destinationBindingType;
}
@JsonProperty
public void setDestinationBindingType(String destinationBindingType) {
this.destinationBindingType = destinationBindingType;
}
@JsonProperty
public String getAuthnContextClassRef() {
return authnContextClassRef;
}
@JsonProperty
public void setAuthnContextClassRef(String authnContextClassRef) {
this.authnContextClassRef = authnContextClassRef;
}
@JsonProperty
public String getNameIdPolicyFormat() {
return nameIdPolicyFormat;
}
@JsonProperty
public void setNameIdPolicyFormat(String nameIdPolicyFormat) {
this.nameIdPolicyFormat = nameIdPolicyFormat;
}
@JsonProperty
public Collection<String> getBlackListedSignatureSigningAlgorithms() {
return blackListedSignatureSigningAlgorithms;
}
@JsonProperty
public void setBlackListedSignatureSigningAlgorithms(Collection<String> blackListedSignatureSigningAlgorithms) {
this.blackListedSignatureSigningAlgorithms = blackListedSignatureSigningAlgorithms;
}
@JsonProperty
public List<String> getSignatureAlgorithms() {
return signatureAlgorithms;
}
@JsonProperty
public void setSignatureAlgorithms(List<String> signatureAlgorithms) {
this.signatureAlgorithms = signatureAlgorithms;
}
@JsonProperty
public List<String> getSignatureReferenceDigestMethods() {
return signatureReferenceDigestMethods;
}
@JsonProperty
public void setSignatureReferenceDigestMethods(List<String> signatureReferenceDigestMethods) {
this.signatureReferenceDigestMethods = signatureReferenceDigestMethods;
}
@JsonProperty
public String getSignatureCanonicalizationAlgorithm() {
return signatureCanonicalizationAlgorithm;
}
@JsonProperty
public void setSignatureCanonicalizationAlgorithm(String signatureCanonicalizationAlgorithm) {
this.signatureCanonicalizationAlgorithm = signatureCanonicalizationAlgorithm;
}
@JsonProperty
public boolean isWantsAssertionsSigned() {
return wantsAssertionsSigned;
}
@JsonProperty
public void setWantsAssertionsSigned(boolean wantsAssertionsSigned) {
this.wantsAssertionsSigned = wantsAssertionsSigned;
}
@JsonProperty
public String getKeyStoreAlias() {
return keyStoreAlias;
}
@JsonProperty
public void setKeyStoreAlias(String keyStoreAlias) {
this.keyStoreAlias = keyStoreAlias;
}
@JsonProperty
public String getKeyStoreType() {
return keyStoreType;
}
@JsonProperty
public void setKeyStoreType(String keyStoreType) {
this.keyStoreType = keyStoreType;
}
public SAML2Client build() {
SAML2ClientConfiguration samlConfig = new SAML2ClientConfiguration(getKeystorePath(),
getKeystorePassword(),
getPrivateKeyPassword(),
getIdentityProviderMetadataPath());
samlConfig.setIdentityProviderEntityId(identityProviderEntityId);
samlConfig.setServiceProviderEntityId(serviceProviderEntityId);
samlConfig.setMaximumAuthenticationLifetime(maximumAuthenticationLifetime);
samlConfig.setForceAuth(forceAuth);
samlConfig.setForceSignRedirectBindingAuthnRequest(forceSignRedirectBindingAuthnRequest);
samlConfig.setComparisonType(comparisonType);
samlConfig.setDestinationBindingType(destinationBindingType);
samlConfig.setAuthnContextClassRef(authnContextClassRef);
samlConfig.setNameIdPolicyFormat(nameIdPolicyFormat);
samlConfig.setBlackListedSignatureSigningAlgorithms(blackListedSignatureSigningAlgorithms);
samlConfig.setSignatureAlgorithms(signatureAlgorithms);
samlConfig.setSignatureReferenceDigestMethods(signatureReferenceDigestMethods);
samlConfig.setSignatureCanonicalizationAlgorithm(signatureCanonicalizationAlgorithm);
samlConfig.setWantsAssertionsSigned(wantsAssertionsSigned);
samlConfig.setKeystoreAlias(keyStoreAlias);
samlConfig.setKeystoreType(keyStoreType);
SAML2Client client = new SAML2Client(samlConfig);
client.setName(name);
return client;
}
}
from dropwizard-pac4j.
Thanks for the report, which version of dropwizard-pac4j and pac4j is concerned? If it's 1.x, have you tried with latest snapshot of 2.x in case this is solved by the various refactor that happened in it…
I'm not totally clear where is the problem exactly… did you find the specific property that causes the problem?
Normally this kind of problem can be solved by changing the interface of the class to instantiate (here it is SAML2ClientConfiguration or SAML2Client, or maybe another class…). In that case it could be done in pac4j itself since we are close to releasing a new major version.
from dropwizard-pac4j.
@Wattos any feedback on this?
from dropwizard-pac4j.
@victornoel Terribly sorry, it seems like somehow I missed your comment from the 20th of March.
I first tried getting a SAML2Client
, but this has a direct reference to SAML2ClientConfiguration
(with bean style, so it would be picked up by the de-serializer). Then I wanted to use SAML2ClientConfiguration
but that was a failure as well.
I am not sure how I would change the class as this is the only client which implements SAML2. My initial workaround was to just try to configure the saml2 configuration, but that failed as well. I think the problem is because SAML2ClientConfiguration
has a getter/setter for java.security.KeyStore
, which then has a java.security.Provider
. That is the class it ultimately complained about.
Right now I cannot use a non-released (snapshot) version of a security library.
from dropwizard-pac4j.
Your problem might be solved by #28
from dropwizard-pac4j.
I will consider this fixed by #28, @Wattos please reopen if you can't make it work with it, I don't think it is really possible to have jackson deserialization (responsible of transforming the yml file into a fully instantiated object) be able to handle such advanced cases.
from dropwizard-pac4j.
Related Issues (20)
- Dependency Dashboard
- Introduce healthchecks for external runtime dependencies such as identity providers HOT 3
- Usage with ResourceTestRule HOT 10
- version number (2.0.1 -> 2.1.0) HOT 1
- Stateless session handling? HOT 1
- Unable to configure DbProfileService as authenticator HOT 8
- Authorizer Headers are not carried through to Response HOT 10
- saml.keyStoreAlias seems to be ignored HOT 2
- Publishing 3.0-RC1 HOT 16
- Dropwizard 3 support HOT 7
- Dropwizard Application doesn't start when used with Guice HOT 8
- Applying AlwaysUseSessionProfileStorageDecision for direct client HOT 2
- Cannot inject "Pac4jProfile" in a "@ScopedRequest" ressource HOT 1
- excludePath example uses deprecated class HOT 1
- Pac4j-SAML with Dropwizard-pac4j version compatibility HOT 9
- Not compatible with dropwizard 2 HOT 15
- Not redirecting to IDP HOT 2
- What's the correct format for excludedPaths? HOT 1
- NoClassDefFoundError: org/glassfish/jersey/server/internal/inject/AbstractContainerRequestValueFactory HOT 1
- Can no longer use regex strings for ExcludedPaths HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dropwizard-pac4j.