From 695c4ca51293db60ab576352cd856c9902b9c1a9 Mon Sep 17 00:00:00 2001 From: Dario Ghunney Ware Date: Wed, 5 Feb 2025 12:07:21 +0000 Subject: [PATCH] wip - making saml auth work --- .../controller/web/AccountWebController.java | 20 ++++++++++++++++--- .../SPDF/model/ApplicationProperties.java | 8 ++++---- src/main/resources/settings.yml.template | 6 +++--- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java index ce80b591..e9a1d228 100644 --- a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java +++ b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java @@ -4,7 +4,12 @@ import static stirling.software.SPDF.utils.validation.Validator.validateProvider import java.time.Instant; import java.time.temporal.ChronoUnit; -import java.util.*; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Optional; import java.util.stream.Collectors; import org.springframework.security.access.prepost.PreAuthorize; @@ -24,11 +29,15 @@ import jakarta.servlet.http.HttpServletRequest; import lombok.extern.slf4j.Slf4j; import stirling.software.SPDF.config.security.saml2.CustomSaml2AuthenticatedPrincipal; import stirling.software.SPDF.config.security.session.SessionPersistentRegistry; -import stirling.software.SPDF.model.*; +import stirling.software.SPDF.model.ApplicationProperties; import stirling.software.SPDF.model.ApplicationProperties.Security; import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2; import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client; import stirling.software.SPDF.model.ApplicationProperties.Security.SAML2; +import stirling.software.SPDF.model.Authority; +import stirling.software.SPDF.model.Role; +import stirling.software.SPDF.model.SessionEntity; +import stirling.software.SPDF.model.User; import stirling.software.SPDF.model.provider.GitHubProvider; import stirling.software.SPDF.model.provider.GoogleProvider; import stirling.software.SPDF.model.provider.KeycloakProvider; @@ -107,7 +116,12 @@ public class AccountWebController { if (securityProps.isSaml2Active() && applicationProperties.getSystem().getEnableAlphaFunctionality()) { - providerList.put("/saml2/authenticate/" + saml2.getRegistrationId(), "SAML 2"); + String firstChar = String.valueOf(saml2.getIdpIssuer().charAt(0)); + String idpIssuerName = + saml2.getIdpIssuer().replaceFirst(firstChar, firstChar.toUpperCase()); + providerList.put( + "/saml2/authenticate/" + saml2.getRegistrationId(), + idpIssuerName + " (SAML 2)"); } // Remove any null keys/values from the providerList diff --git a/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java b/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java index ac2e5203..050a856a 100644 --- a/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java +++ b/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java @@ -230,9 +230,7 @@ public class ApplicationProperties { public void setScopes(String scopes) { List scopesList = - Arrays.stream(scopes.split(",")) - .map(String::trim) - .toList(); + Arrays.stream(scopes.split(",")).map(String::trim).toList(); this.scopes.addAll(scopesList); } @@ -265,7 +263,9 @@ public class ApplicationProperties { case "keycloak" -> getKeycloak(); default -> throw new UnsupportedProviderException( - "Logout from the provider " + registrationId + " is not supported. " + "Logout from the provider " + + registrationId + + " is not supported. " + "Report it at https://github.com/Stirling-Tools/Stirling-PDF/issues"); }; } diff --git a/src/main/resources/settings.yml.template b/src/main/resources/settings.yml.template index 243aba7f..6add3b49 100644 --- a/src/main/resources/settings.yml.template +++ b/src/main/resources/settings.yml.template @@ -54,9 +54,9 @@ security: autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin registrationId: stirlingpdf-dario-saml - idpMetadataUri: https://authentik.dev.stirlingpdf.com/api/v3/providers/saml/5/metadata/?download - idpSingleLoginUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/sso/binding/post/ - idpSingleLogoutUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/slo/binding/post/ + idpMetadataUri: https://authentik.dev.stirlingpdf.com/api/v3/providers/saml/5/metadata/?download # todo: remove + idpSingleLoginUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/sso/binding/post/ # todo: remove + idpSingleLogoutUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/slo/binding/post/ # todo: remove idpIssuer: authentik idpCert: classpath:authentik-Self-signed_Certificate_certificate.pem privateKey: classpath:private_key.key