wip - making saml auth work

2025-02-07 00:17:07 +01:00 · 2025-02-05 12:07:21 +00:00 · 2025-02-05 12:07:21 +00:00 · 695c4ca512
commit 695c4ca512
parent 4f3e54f206
3 changed files with 24 additions and 10 deletions
--- a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java
+++ b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java
@ -4,7 +4,12 @@ import static stirling.software.SPDF.utils.validation.Validator.validateProvider

 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
-import java.util.*;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
 import java.util.stream.Collectors;

 import org.springframework.security.access.prepost.PreAuthorize;
@ -24,11 +29,15 @@ import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import stirling.software.SPDF.config.security.saml2.CustomSaml2AuthenticatedPrincipal;
 import stirling.software.SPDF.config.security.session.SessionPersistentRegistry;
-import stirling.software.SPDF.model.*;
+import stirling.software.SPDF.model.ApplicationProperties;
 import stirling.software.SPDF.model.ApplicationProperties.Security;
 import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2;
 import stirling.software.SPDF.model.ApplicationProperties.Security.OAUTH2.Client;
 import stirling.software.SPDF.model.ApplicationProperties.Security.SAML2;
+import stirling.software.SPDF.model.Authority;
+import stirling.software.SPDF.model.Role;
+import stirling.software.SPDF.model.SessionEntity;
+import stirling.software.SPDF.model.User;
 import stirling.software.SPDF.model.provider.GitHubProvider;
 import stirling.software.SPDF.model.provider.GoogleProvider;
 import stirling.software.SPDF.model.provider.KeycloakProvider;
@ -107,7 +116,12 @@ public class AccountWebController {

        if (securityProps.isSaml2Active()
                && applicationProperties.getSystem().getEnableAlphaFunctionality()) {
-            providerList.put("/saml2/authenticate/" + saml2.getRegistrationId(), "SAML 2");
+            String firstChar = String.valueOf(saml2.getIdpIssuer().charAt(0));
+            String idpIssuerName =
+                    saml2.getIdpIssuer().replaceFirst(firstChar, firstChar.toUpperCase());
+            providerList.put(
+                    "/saml2/authenticate/" + saml2.getRegistrationId(),
+                    idpIssuerName + " (SAML 2)");
        }

        // Remove any null keys/values from the providerList
--- a/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java
+++ b/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java
@ -230,9 +230,7 @@ public class ApplicationProperties {

            public void setScopes(String scopes) {
                List<String> scopesList =
-                        Arrays.stream(scopes.split(","))
-                                .map(String::trim)
-                                .toList();
+                        Arrays.stream(scopes.split(",")).map(String::trim).toList();
                this.scopes.addAll(scopesList);
            }

@ -265,7 +263,9 @@ public class ApplicationProperties {
                        case "keycloak" -> getKeycloak();
                        default ->
                                throw new UnsupportedProviderException(
-                                        "Logout from the provider " + registrationId + " is not supported. "
+                                        "Logout from the provider "
+                                                + registrationId
+                                                + " is not supported. "
                                                + "Report it at https://github.com/Stirling-Tools/Stirling-PDF/issues");
                    };
                }
--- a/src/main/resources/settings.yml.template
+++ b/src/main/resources/settings.yml.template
@ -54,9 +54,9 @@ security:
    autoCreateUser: true # set to 'true' to allow auto-creation of non-existing users
    blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
    registrationId: stirlingpdf-dario-saml
-    idpMetadataUri: https://authentik.dev.stirlingpdf.com/api/v3/providers/saml/5/metadata/?download
-    idpSingleLoginUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/sso/binding/post/
-    idpSingleLogoutUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/slo/binding/post/
+    idpMetadataUri: https://authentik.dev.stirlingpdf.com/api/v3/providers/saml/5/metadata/?download # todo: remove
+    idpSingleLoginUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/sso/binding/post/ # todo: remove
+    idpSingleLogoutUrl: https://authentik.dev.stirlingpdf.com/application/saml/stirlingpdf-dario-saml/slo/binding/post/ # todo: remove
    idpIssuer: authentik
    idpCert: classpath:authentik-Self-signed_Certificate_certificate.pem
    privateKey: classpath:private_key.key