Giter VIP home page Giter VIP logo

Comments (6)

Wattos avatar Wattos commented on September 20, 2024

For anybody running into the same problem. It seems that problem lies within the class org.pac4j.saml.client.SAML2ClientConfiguration

To fix the problem, I created a new factory for SAML only and then merge it in my getConfiguration. Not the best solution, but it works around the problem in the mean time.

config:

pac4j:
  callbackUrl: auth/callback

pac4j-saml:
    -
      keystorePath: ...
      keystorePassword: ...
      privateKeyPassword: ...
      identityProviderMetadataPath: ...
      serviceProviderEntityId: ...
      maximumAuthenticationLifetime: ...

application:

pac4j = new Pac4jBundle<ApplicationConfiguration>() {
            @Override
            public Pac4jFactory getPac4jFactory(ApplicationConfiguration configuration) {
                Pac4jFactory pac4j = configuration.getPac4j();
                for (SAML2ClientFactory saml : configuration.getSaml2Configs()) {
                    pac4j.getClients().add(saml.build());
                }
                return pac4j;
            }
        };

config wrapper:

import java.util.Collection;
import java.util.List;

import org.opensaml.saml.common.xml.SAMLConstants;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.client.SAML2ClientConfiguration;

import com.fasterxml.jackson.annotation.JsonProperty;

public class SAML2ClientFactory {

    private String name;

    private String keystorePath;
    private String keystorePassword;
    private String privateKeyPassword;
    private String identityProviderMetadataPath;

    private String identityProviderEntityId;
    private String serviceProviderEntityId;
    private int maximumAuthenticationLifetime;
    private boolean forceAuth = false;
    private boolean forceSignRedirectBindingAuthnRequest;
    private String comparisonType = null;
    private String destinationBindingType = SAMLConstants.SAML2_POST_BINDING_URI;
    private String authnContextClassRef = null;
    private String nameIdPolicyFormat = null;
    private Collection<String> blackListedSignatureSigningAlgorithms;
    private List<String> signatureAlgorithms;
    private List<String> signatureReferenceDigestMethods;
    private String signatureCanonicalizationAlgorithm;
    private boolean wantsAssertionsSigned = true;
    private String keyStoreAlias;
    private String keyStoreType;


    @JsonProperty
    public String getName() {
        return name;
    }

    @JsonProperty
    public void setName(String name) {
        this.name = name;
    }

    @JsonProperty
    public String getKeystorePath() {
        return keystorePath;
    }

    @JsonProperty
    public void setKeystorePath(String keystorePath) {
        this.keystorePath = keystorePath;
    }

    @JsonProperty
    public String getKeystorePassword() {
        return keystorePassword;
    }

    @JsonProperty
    public void setKeystorePassword(String keystorePassword) {
        this.keystorePassword = keystorePassword;
    }

    @JsonProperty
    public String getPrivateKeyPassword() {
        return privateKeyPassword;
    }

    @JsonProperty
    public void setPrivateKeyPassword(String privateKeyPassword) {
        this.privateKeyPassword = privateKeyPassword;
    }

    @JsonProperty
    public String getIdentityProviderMetadataPath() {
        return identityProviderMetadataPath;
    }

    @JsonProperty
    public void setIdentityProviderMetadataPath(String identityProviderMetadataPath) {
        this.identityProviderMetadataPath = identityProviderMetadataPath;
    }

    @JsonProperty
    public String getIdentityProviderEntityId() {
        return identityProviderEntityId;
    }

    @JsonProperty
    public void setIdentityProviderEntityId(String identityProviderEntityId) {
        this.identityProviderEntityId = identityProviderEntityId;
    }

    @JsonProperty
    public String getServiceProviderEntityId() {
        return serviceProviderEntityId;
    }

    @JsonProperty
    public void setServiceProviderEntityId(String serviceProviderEntityId) {
        this.serviceProviderEntityId = serviceProviderEntityId;
    }

    @JsonProperty
    public int getMaximumAuthenticationLifetime() {
        return maximumAuthenticationLifetime;
    }

    @JsonProperty
    public void setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime) {
        this.maximumAuthenticationLifetime = maximumAuthenticationLifetime;
    }

    @JsonProperty
    public boolean isForceAuth() {
        return forceAuth;
    }

    @JsonProperty
    public void setForceAuth(boolean forceAuth) {
        this.forceAuth = forceAuth;
    }

    @JsonProperty
    public boolean isForceSignRedirectBindingAuthnRequest() {
        return forceSignRedirectBindingAuthnRequest;
    }

    @JsonProperty
    public void setForceSignRedirectBindingAuthnRequest(boolean forceSignRedirectBindingAuthnRequest) {
        this.forceSignRedirectBindingAuthnRequest = forceSignRedirectBindingAuthnRequest;
    }

    @JsonProperty
    public String getComparisonType() {
        return comparisonType;
    }

    @JsonProperty
    public void setComparisonType(String comparisonType) {
        this.comparisonType = comparisonType;
    }

    @JsonProperty
    public String getDestinationBindingType() {
        return destinationBindingType;
    }

    @JsonProperty
    public void setDestinationBindingType(String destinationBindingType) {
        this.destinationBindingType = destinationBindingType;
    }

    @JsonProperty
    public String getAuthnContextClassRef() {
        return authnContextClassRef;
    }

    @JsonProperty
    public void setAuthnContextClassRef(String authnContextClassRef) {
        this.authnContextClassRef = authnContextClassRef;
    }

    @JsonProperty
    public String getNameIdPolicyFormat() {
        return nameIdPolicyFormat;
    }

    @JsonProperty
    public void setNameIdPolicyFormat(String nameIdPolicyFormat) {
        this.nameIdPolicyFormat = nameIdPolicyFormat;
    }

    @JsonProperty
    public Collection<String> getBlackListedSignatureSigningAlgorithms() {
        return blackListedSignatureSigningAlgorithms;
    }

    @JsonProperty
    public void setBlackListedSignatureSigningAlgorithms(Collection<String> blackListedSignatureSigningAlgorithms) {
        this.blackListedSignatureSigningAlgorithms = blackListedSignatureSigningAlgorithms;
    }

    @JsonProperty
    public List<String> getSignatureAlgorithms() {
        return signatureAlgorithms;
    }

    @JsonProperty
    public void setSignatureAlgorithms(List<String> signatureAlgorithms) {
        this.signatureAlgorithms = signatureAlgorithms;
    }

    @JsonProperty
    public List<String> getSignatureReferenceDigestMethods() {
        return signatureReferenceDigestMethods;
    }

    @JsonProperty
    public void setSignatureReferenceDigestMethods(List<String> signatureReferenceDigestMethods) {
        this.signatureReferenceDigestMethods = signatureReferenceDigestMethods;
    }

    @JsonProperty
    public String getSignatureCanonicalizationAlgorithm() {
        return signatureCanonicalizationAlgorithm;
    }

    @JsonProperty
    public void setSignatureCanonicalizationAlgorithm(String signatureCanonicalizationAlgorithm) {
        this.signatureCanonicalizationAlgorithm = signatureCanonicalizationAlgorithm;
    }

    @JsonProperty
    public boolean isWantsAssertionsSigned() {
        return wantsAssertionsSigned;
    }

    @JsonProperty
    public void setWantsAssertionsSigned(boolean wantsAssertionsSigned) {
        this.wantsAssertionsSigned = wantsAssertionsSigned;
    }

    @JsonProperty
    public String getKeyStoreAlias() {
        return keyStoreAlias;
    }

    @JsonProperty
    public void setKeyStoreAlias(String keyStoreAlias) {
        this.keyStoreAlias = keyStoreAlias;
    }

    @JsonProperty
    public String getKeyStoreType() {
        return keyStoreType;
    }

    @JsonProperty
    public void setKeyStoreType(String keyStoreType) {
        this.keyStoreType = keyStoreType;
    }

    public SAML2Client build() {
        SAML2ClientConfiguration samlConfig = new SAML2ClientConfiguration(getKeystorePath(),
                                                                           getKeystorePassword(),
                                                                           getPrivateKeyPassword(),
                                                                           getIdentityProviderMetadataPath());

        samlConfig.setIdentityProviderEntityId(identityProviderEntityId);
        samlConfig.setServiceProviderEntityId(serviceProviderEntityId);
        samlConfig.setMaximumAuthenticationLifetime(maximumAuthenticationLifetime);
        samlConfig.setForceAuth(forceAuth);
        samlConfig.setForceSignRedirectBindingAuthnRequest(forceSignRedirectBindingAuthnRequest);
        samlConfig.setComparisonType(comparisonType);
        samlConfig.setDestinationBindingType(destinationBindingType);
        samlConfig.setAuthnContextClassRef(authnContextClassRef);
        samlConfig.setNameIdPolicyFormat(nameIdPolicyFormat);
        samlConfig.setBlackListedSignatureSigningAlgorithms(blackListedSignatureSigningAlgorithms);
        samlConfig.setSignatureAlgorithms(signatureAlgorithms);
        samlConfig.setSignatureReferenceDigestMethods(signatureReferenceDigestMethods);
        samlConfig.setSignatureCanonicalizationAlgorithm(signatureCanonicalizationAlgorithm);
        samlConfig.setWantsAssertionsSigned(wantsAssertionsSigned);
        samlConfig.setKeystoreAlias(keyStoreAlias);
        samlConfig.setKeystoreType(keyStoreType);

        SAML2Client client = new SAML2Client(samlConfig);
        client.setName(name);

        return client;
    }
}

from dropwizard-pac4j.

victornoel avatar victornoel commented on September 20, 2024

Thanks for the report, which version of dropwizard-pac4j and pac4j is concerned? If it's 1.x, have you tried with latest snapshot of 2.x in case this is solved by the various refactor that happened in it…

I'm not totally clear where is the problem exactly… did you find the specific property that causes the problem?

Normally this kind of problem can be solved by changing the interface of the class to instantiate (here it is SAML2ClientConfiguration or SAML2Client, or maybe another class…). In that case it could be done in pac4j itself since we are close to releasing a new major version.

from dropwizard-pac4j.

victornoel avatar victornoel commented on September 20, 2024

@Wattos any feedback on this?

from dropwizard-pac4j.

Wattos avatar Wattos commented on September 20, 2024

@victornoel Terribly sorry, it seems like somehow I missed your comment from the 20th of March.

I first tried getting a SAML2Client, but this has a direct reference to SAML2ClientConfiguration (with bean style, so it would be picked up by the de-serializer). Then I wanted to use SAML2ClientConfiguration but that was a failure as well.

I am not sure how I would change the class as this is the only client which implements SAML2. My initial workaround was to just try to configure the saml2 configuration, but that failed as well. I think the problem is because SAML2ClientConfiguration has a getter/setter for java.security.KeyStore, which then has a java.security.Provider. That is the class it ultimately complained about.

Right now I cannot use a non-released (snapshot) version of a security library.

from dropwizard-pac4j.

leleuj avatar leleuj commented on September 20, 2024

Your problem might be solved by #28

from dropwizard-pac4j.

victornoel avatar victornoel commented on September 20, 2024

I will consider this fixed by #28, @Wattos please reopen if you can't make it work with it, I don't think it is really possible to have jackson deserialization (responsible of transforming the yml file into a fully instantiated object) be able to handle such advanced cases.

from dropwizard-pac4j.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.