diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java index e54ef6980a7..ee5a29611a0 100644 --- a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java +++ b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java @@ -64,6 +64,7 @@ import org.apache.syncope.common.lib.to.SAML2SPClientAppTO; import org.apache.syncope.common.lib.types.ClientAppType; import org.apache.syncope.common.lib.types.LogoutType; +import org.apache.syncope.common.lib.types.MetadataCriteriaDirection; import org.apache.syncope.common.lib.types.OIDCApplicationType; import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod; import org.apache.syncope.common.lib.types.OIDCGrantType; @@ -73,7 +74,9 @@ import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding; import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg; import org.apache.syncope.common.lib.types.PolicyType; +import org.apache.syncope.common.lib.types.SAML2BindingType; import org.apache.syncope.common.lib.types.SAML2SPNameId; +import org.apache.syncope.common.lib.types.SigningCredentialType; import org.apache.syncope.common.lib.types.XmlSecAlgorithm; import org.apache.syncope.common.rest.api.service.SAML2IdPEntityService; import org.apache.wicket.Component; @@ -518,6 +521,46 @@ public String getObject() { "field", "metadataSignatureLocation", new PropertyModel<>(clientAppTO, "metadataSignatureLocation"), false)); + AjaxDropDownChoicePanel metadataCriteriaDirection = + new AjaxDropDownChoicePanel<>( + "field", "metadataCriteriaDirection", + new PropertyModel<>(clientAppTO, "metadataCriteriaDirection"), + false); + metadataCriteriaDirection.setChoices(List.of(MetadataCriteriaDirection.values())); + fields.add(metadataCriteriaDirection); + + fields.add(new AjaxTextFieldPanel( + "field", "metadataCriteriaPattern", + new PropertyModel<>(clientAppTO, "metadataCriteriaPattern"), false)); + + fields.add(new AjaxTextFieldPanel( + "field", "subjectLocality", + new PropertyModel<>(clientAppTO, "subjectLocality"), false)); + + AjaxDropDownChoicePanel signingCredentialType = + new AjaxDropDownChoicePanel<>( + "field", "signingCredentialType", + new PropertyModel<>(clientAppTO, "signingCredentialType"), + false); + signingCredentialType.setChoices(List.of(SigningCredentialType.values())); + fields.add(signingCredentialType); + + AjaxDropDownChoicePanel logoutResponseBinding = + new AjaxDropDownChoicePanel<>( + "field", "logoutResponseBinding", + new PropertyModel<>(clientAppTO, "logoutResponseBinding"), + false); + logoutResponseBinding.setChoices(List.of(SAML2BindingType.values())); + fields.add(logoutResponseBinding); + + fields.add(new AjaxCheckBoxPanel( + "field", "logoutResponseEnabled", + new PropertyModel<>(clientAppTO, "logoutResponseEnabled"), false)); + + fields.add(new AjaxCheckBoxPanel( + "field", "requireSignedRoot", + new PropertyModel<>(clientAppTO, "requireSignedRoot"), false)); + fields.add(new AjaxCheckBoxPanel( "field", "signAssertions", new PropertyModel<>(clientAppTO, "signAssertions"))); @@ -530,6 +573,78 @@ public String getObject() { fields.add(new AjaxCheckBoxPanel( "field", "encryptAssertions", new PropertyModel<>(clientAppTO, "encryptAssertions"))); + fields.add(new AjaxCheckBoxPanel( + "field", "encryptAttributes", + new PropertyModel<>(clientAppTO, "encryptAttributes"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingAssertionNameId", + new PropertyModel<>(clientAppTO, "skipGeneratingAssertionNameId"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingSubjectConfirmationInResponseTo", + new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationInResponseTo"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingResponseInResponseTo", + new PropertyModel<>(clientAppTO, "skipGeneratingResponseInResponseTo"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingSubjectConfirmationNotOnOrAfter", + new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNotOnOrAfter"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingSubjectConfirmationRecipient", + new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationRecipient"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingSubjectConfirmationRecipient", + new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationRecipient"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingSubjectConfirmationAddress", + new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationAddress"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingSubjectConfirmationNotBefore", + new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNotBefore"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingSubjectConfirmationNameId", + new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNameId"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingNameIdQualifiers", + new PropertyModel<>(clientAppTO, "skipGeneratingNameIdQualifiers"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingTransientNameId", + new PropertyModel<>(clientAppTO, "skipGeneratingTransientNameId"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipValidatingAuthnRequest", + new PropertyModel<>(clientAppTO, "skipValidatingAuthnRequest"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingServiceProviderNameIdQualifier", + new PropertyModel<>(clientAppTO, "skipGeneratingServiceProviderNameIdQualifier"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingAuthenticatingAuthority", + new PropertyModel<>(clientAppTO, "skipGeneratingAuthenticatingAuthority"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingNameIdQualifier", + new PropertyModel<>(clientAppTO, "skipGeneratingNameIdQualifier"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "skipGeneratingSessionNotOnOrAfter", + new PropertyModel<>(clientAppTO, "skipGeneratingSessionNotOnOrAfter"))); + + fields.add(new AjaxCheckBoxPanel( + "field", "validateMetadataCertificates", + new PropertyModel<>(clientAppTO, "validateMetadataCertificates"))); + fields.add(new AjaxTextFieldPanel( "field", "requiredAuthenticationContextClass", new PropertyModel<>(clientAppTO, "requiredAuthenticationContextClass"), false)); diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties index e3ba1847eb2..a8f51846ac0 100644 --- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties @@ -29,6 +29,30 @@ signAssertions=Sign Assertions signResponses=Sign Responses encryptionOptional=Encryption Optional encryptAssertions=Encrypt Assertions +metadataCriteriaPattern=Metadata Criteria Pattern +subjectLocality=Subject Locality +metadataCriteriaDirection=Metadata Criteria Direction +signingCredentialType=Signing Credential Type +logoutResponseBinding=Logout Response Binding +requireSignedRoot=Require Signed Root +logoutResponseEnabled=Logout Response Enabled +encryptAttributes=Encrypt Attributes +skipGeneratingAssertionNameId=Skip Generating Assertion NameId +skipGeneratingSubjectConfirmationInResponseTo=Skip Generating SubjectConfirmation In ResponseTO +skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO +skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating SubjectConfirmationNotOnOrAfter +skipGeneratingSubjectConfirmationRecipient=Skip Generating SubjectConfirmationRecipient +skipGeneratingSubjectConfirmationAddress=Skip Generating SubjectConfirmationAddress +skipGeneratingSubjectConfirmationNotBefore=Skip Generating SubjectConfirmationNotBefore +skipGeneratingSubjectConfirmationNameId=Skip Generating SubjectConfirmationNameId +skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers +skipGeneratingTransientNameId=Skip Generating TransientNameId +skipValidatingAuthnRequest=Skip Validating AuthnRequest +skipGeneratingServiceProviderNameIdQualifier=Skip Generating ServiceProviderNameIdQualifier +skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority +skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier +skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter +validateMetadataCertificates=Validate Metadata Certificates requiredNameIdFormat=NameId Format clientSecret=Client Secret signIdToken=Sign IdToken diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties index 2bb0a441b38..2c3e428cdc6 100644 --- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties @@ -29,6 +29,30 @@ signAssertions=Sign Assertions signResponses=Sign Responses encryptionOptional=Encryption Optional encryptAssertions=Encrypt Assertions +metadataCriteriaPattern=Metadata Criteria Pattern +subjectLocality=Subject Locality +metadataCriteriaDirection=Metadata Criteria Direction +signingCredentialType=Signing Credential Type +logoutResponseBinding=Logout Response Binding +requireSignedRoot=Require Signed Root +logoutResponseEnabled=Logout Response Enabled +encryptAttributes=Encrypt Attributes +skipGeneratingAssertionNameId=Skip Generating Assertion NameId +skipGeneratingSubjectConfirmationInResponseTo=Skip Generating SubjectConfirmation In ResponseTO +skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO +skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating SubjectConfirmationNotOnOrAfter +skipGeneratingSubjectConfirmationRecipient=Skip Generating SubjectConfirmationRecipient +skipGeneratingSubjectConfirmationAddress=Skip Generating SubjectConfirmationAddress +skipGeneratingSubjectConfirmationNotBefore=Skip Generating SubjectConfirmationNotBefore +skipGeneratingSubjectConfirmationNameId=Skip Generating SubjectConfirmationNameId +skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers +skipGeneratingTransientNameId=Skip Generating TransientNameId +skipValidatingAuthnRequest=Skip Validating AuthnRequest +skipGeneratingServiceProviderNameIdQualifier=Skip Generating ServiceProviderNameIdQualifier +skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority +skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier +skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter +validateMetadataCertificates=Validate Metadata Certificates requiredNameIdFormat=NameId Format clientSecret=Client Secret signIdToken=Sign IdToken diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties index 2ad1b0f69bd..d4123f56c61 100644 --- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties @@ -29,6 +29,30 @@ signAssertions=Firma Assertion signResponses=Firma Response encryptionOptional=Cifratura Opzionale encryptAssertions=Cifratura Assertion +encryptAttributes=Encrypt Attributes +metadataCriteriaPattern=Metadata Criteria Pattern +subjectLocality=Subject Locality +metadataCriteriaDirection=Metadata Criteria Direction +signingCredentialType=Signing Credential Type +logoutResponseBinding=Logout Response Binding +requireSignedRoot=Require Signed Root +logoutResponseEnabled=Logout Response Enabled +skipGeneratingAssertionNameId=Salta Generazione Assertion NameId +skipGeneratingSubjectConfirmationInResponseTo=Salta Generazione SubjectConfirmation In ResponseTO +skipGeneratingResponseInResponseTo=Salta Generazione Response In ResponseTO +skipGeneratingSubjectConfirmationNotOnOrAfter=Salta Generazione SubjectConfirmationNotOnOrAfter +skipGeneratingSubjectConfirmationRecipient=Salta Generazione SubjectConfirmationRecipient +skipGeneratingSubjectConfirmationAddress=Salta Generazione SubjectConfirmationAddress +skipGeneratingSubjectConfirmationNotBefore=Salta Generazione SubjectConfirmationNotBefore +skipGeneratingSubjectConfirmationNameId=Salta Generazione SubjectConfirmationNameId +skipGeneratingNameIdQualifiers=Salta Generazione NameIdQualifiers +skipGeneratingTransientNameId=Salta Generazione TransientNameId +skipValidatingAuthnRequest=Salta Validazione AuthnRequest +skipGeneratingServiceProviderNameIdQualifier=Salta Generazione ServiceProviderNameIdQualifier +skipGeneratingAuthenticatingAuthority=Salta Generazione AuthenticatingAuthority +skipGeneratingNameIdQualifier=Salta Generazione NameIdQualifier +skipGeneratingSessionNotOnOrAfter=Salta Generazione SessionNotOnOrAfter +validateMetadataCertificates=Valida Certificati Metadata requiredNameIdFormat=Formato NameId clientSecret=Client Secret signIdToken=Firma IdToken diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties index d0868ef9f22..06aa5f2737e 100644 --- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties @@ -29,6 +29,30 @@ signAssertions=Sign Assertions signResponses=Sign Responses encryptionOptional=Encryption Optional encryptAssertions=Encrypt Assertions +metadataCriteriaPattern=Metadata Criteria Pattern +subjectLocality=Subject Locality +metadataCriteriaDirection=Metadata Criteria Direction +signingCredentialType=Signing Credential Type +logoutResponseBinding=Logout Response Binding +requireSignedRoot=Require Signed Root +logoutResponseEnabled=Logout Response Enabled +encryptAttributes=Encrypt Attributes +skipGeneratingAssertionNameId=Skip Generating Assertion NameId +skipGeneratingSubjectConfirmationInResponseTo=Skip Generating SubjectConfirmation In ResponseTO +skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO +skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating SubjectConfirmationNotOnOrAfter +skipGeneratingSubjectConfirmationRecipient=Skip Generating SubjectConfirmationRecipient +skipGeneratingSubjectConfirmationAddress=Skip Generating SubjectConfirmationAddress +skipGeneratingSubjectConfirmationNotBefore=Skip Generating SubjectConfirmationNotBefore +skipGeneratingSubjectConfirmationNameId=Skip Generating SubjectConfirmationNameId +skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers +skipGeneratingTransientNameId=Skip Generating TransientNameId +skipValidatingAuthnRequest=Skip Validating AuthnRequest +skipGeneratingServiceProviderNameIdQualifier=Skip Generating ServiceProviderNameIdQualifier +skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority +skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier +skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter +validateMetadataCertificates=Validate Metadata Certificates requiredNameIdFormat=NameId Format clientSecret=Client Secret signIdToken=Sign IdToken diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties index 1bd4e93e86b..ceaecd955c6 100644 --- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties @@ -29,6 +29,30 @@ signAssertions=Sign Assertions signResponses=Sign Responses encryptionOptional=Encryption Optional encryptAssertions=Encrypt Assertions +metadataCriteriaPattern=Metadata Criteria Pattern +subjectLocality=Subject Locality +metadataCriteriaDirection=Metadata Criteria Direction +signingCredentialType=Signing Credential Type +logoutResponseBinding=Logout Response Binding +requireSignedRoot=Require Signed Root +logoutResponseEnabled=Logout Response Enabled +encryptAttributes=Encrypt Attributes +skipGeneratingAssertionNameId=Skip Generating Assertion NameId +skipGeneratingSubjectConfirmationInResponseTo=Skip Generating SubjectConfirmation In ResponseTO +skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO +skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating SubjectConfirmationNotOnOrAfter +skipGeneratingSubjectConfirmationRecipient=Skip Generating SubjectConfirmationRecipient +skipGeneratingSubjectConfirmationAddress=Skip Generating SubjectConfirmationAddress +skipGeneratingSubjectConfirmationNotBefore=Skip Generating SubjectConfirmationNotBefore +skipGeneratingSubjectConfirmationNameId=Skip Generating SubjectConfirmationNameId +skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers +skipGeneratingTransientNameId=Skip Generating TransientNameId +skipValidatingAuthnRequest=Skip Validating AuthnRequest +skipGeneratingServiceProviderNameIdQualifier=Skip Generating ServiceProviderNameIdQualifier +skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority +skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier +skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter +validateMetadataCertificates=Validate Metadata Certificates requiredNameIdFormat=NameId Format clientSecret=Client Secret signIdToken=Sign IdToken diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties index bc0ab53d9db..1284cc96028 100644 --- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties +++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties @@ -30,6 +30,30 @@ signAssertions=Sign Assertions signResponses=Sign Responses encryptionOptional=Encryption Optional encryptAssertions=Encrypt Assertions +metadataCriteriaPattern=Metadata Criteria Pattern +subjectLocality=Subject Locality +metadataCriteriaDirection=Metadata Criteria Direction +signingCredentialType=Signing Credential Type +logoutResponseBinding=Logout Response Binding +requireSignedRoot=Require Signed Root +logoutResponseEnabled=Logout Response Enabled +encryptAttributes=Encrypt Attributes +skipGeneratingAssertionNameId=Skip Generating Assertion NameId +skipGeneratingSubjectConfirmationInResponseTo=Skip Generating SubjectConfirmation In ResponseTO +skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO +skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating SubjectConfirmationNotOnOrAfter +skipGeneratingSubjectConfirmationRecipient=Skip Generating SubjectConfirmationRecipient +skipGeneratingSubjectConfirmationAddress=Skip Generating SubjectConfirmationAddress +skipGeneratingSubjectConfirmationNotBefore=Skip Generating SubjectConfirmationNotBefore +skipGeneratingSubjectConfirmationNameId=Skip Generating SubjectConfirmationNameId +skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers +skipGeneratingTransientNameId=Skip Generating TransientNameId +skipValidatingAuthnRequest=Skip Validating AuthnRequest +skipGeneratingServiceProviderNameIdQualifier=Skip Generating ServiceProviderNameIdQualifier +skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority +skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier +skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter +validateMetadataCertificates=Validate Metadata Certificates requiredNameIdFormat=NameId Format clientSecret=Client Secret signIdToken=Sign IdToken diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java index 39c6b1d89f6..03b8dac97f4 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java @@ -24,7 +24,10 @@ import java.util.List; import org.apache.commons.lang3.builder.EqualsBuilder; import org.apache.commons.lang3.builder.HashCodeBuilder; +import org.apache.syncope.common.lib.types.MetadataCriteriaDirection; +import org.apache.syncope.common.lib.types.SAML2BindingType; import org.apache.syncope.common.lib.types.SAML2SPNameId; +import org.apache.syncope.common.lib.types.SigningCredentialType; import org.apache.syncope.common.lib.types.XmlSecAlgorithm; @Schema(allOf = { ClientAppTO.class }) @@ -40,6 +43,16 @@ public class SAML2SPClientAppTO extends ClientAppTO { private String metadataSignatureLocation; + private String metadataCriteriaPattern; + + private String subjectLocality; + + private MetadataCriteriaDirection metadataCriteriaDirection; + + private SigningCredentialType signingCredentialType; + + private SAML2BindingType logoutResponseBinding; + private boolean signAssertions; private boolean signResponses; @@ -48,6 +61,44 @@ public class SAML2SPClientAppTO extends ClientAppTO { private boolean encryptAssertions; + private boolean requireSignedRoot; + + private boolean logoutResponseEnabled; + + private boolean encryptAttributes; + + private boolean skipGeneratingAssertionNameId; + + private boolean skipGeneratingSubjectConfirmationInResponseTo; + + private boolean skipGeneratingResponseInResponseTo; + + private boolean skipGeneratingSubjectConfirmationNotOnOrAfter; + + private boolean skipGeneratingSubjectConfirmationRecipient; + + private boolean skipGeneratingSubjectConfirmationAddress; + + private boolean skipGeneratingSubjectConfirmationNotBefore; + + private boolean skipGeneratingSubjectConfirmationNameId; + + private boolean skipGeneratingNameIdQualifiers; + + private boolean skipGeneratingTransientNameId; + + private boolean skipValidatingAuthnRequest; + + private boolean skipGeneratingServiceProviderNameIdQualifier; + + private boolean skipGeneratingAuthenticatingAuthority; + + private boolean skipGeneratingNameIdQualifier; + + private boolean skipGeneratingSessionNotOnOrAfter; + + private boolean validateMetadataCertificates; + private String requiredAuthenticationContextClass; private SAML2SPNameId requiredNameIdFormat; @@ -112,6 +163,46 @@ public void setMetadataSignatureLocation(final String metadataSignatureLocation) this.metadataSignatureLocation = metadataSignatureLocation; } + public String getSubjectLocality() { + return subjectLocality; + } + + public void setSubjectLocality(final String subjectLocality) { + this.subjectLocality = subjectLocality; + } + + public MetadataCriteriaDirection getMetadataCriteriaDirection() { + return metadataCriteriaDirection; + } + + public void setMetadataCriteriaDirection(final MetadataCriteriaDirection metadataCriteriaDirection) { + this.metadataCriteriaDirection = metadataCriteriaDirection; + } + + public String getMetadataCriteriaPattern() { + return metadataCriteriaPattern; + } + + public void setMetadataCriteriaPattern(final String metadataCriteriaPattern) { + this.metadataCriteriaPattern = metadataCriteriaPattern; + } + + public SigningCredentialType getSigningCredentialType() { + return signingCredentialType; + } + + public void setSigningCredentialType(final SigningCredentialType signingCredentialType) { + this.signingCredentialType = signingCredentialType; + } + + public SAML2BindingType getLogoutResponseBinding() { + return logoutResponseBinding; + } + + public void setLogoutResponseBinding(final SAML2BindingType logoutResponseBinding) { + this.logoutResponseBinding = logoutResponseBinding; + } + public boolean isSignAssertions() { return signAssertions; } @@ -144,6 +235,163 @@ public void setEncryptAssertions(final boolean encryptAssertions) { this.encryptAssertions = encryptAssertions; } + public boolean isRequireSignedRoot() { + return requireSignedRoot; + } + + public void setRequireSignedRoot(final boolean requireSignedRoot) { + this.requireSignedRoot = requireSignedRoot; + } + + public boolean isLogoutResponseEnabled() { + return logoutResponseEnabled; + } + + public void setLogoutResponseEnabled(final boolean logoutResponseEnabled) { + this.logoutResponseEnabled = logoutResponseEnabled; + } + + public boolean isEncryptAttributes() { + return encryptAttributes; + } + + public void setEncryptAttributes(final boolean encryptAttributes) { + this.encryptAttributes = encryptAttributes; + } + + public boolean isSkipGeneratingAssertionNameId() { + return skipGeneratingAssertionNameId; + } + + public void setSkipGeneratingAssertionNameId(final boolean skipGeneratingAssertionNameId) { + this.skipGeneratingAssertionNameId = skipGeneratingAssertionNameId; + } + + public boolean isSkipGeneratingSubjectConfirmationInResponseTo() { + return skipGeneratingSubjectConfirmationInResponseTo; + } + + public void setSkipGeneratingSubjectConfirmationInResponseTo( + final boolean skipGeneratingSubjectConfirmationInResponseTo) { + this.skipGeneratingSubjectConfirmationInResponseTo = skipGeneratingSubjectConfirmationInResponseTo; + } + + public boolean isSkipGeneratingResponseInResponseTo() { + return skipGeneratingResponseInResponseTo; + } + + public void setSkipGeneratingResponseInResponseTo(final boolean skipGeneratingResponseInResponseTo) { + this.skipGeneratingResponseInResponseTo = skipGeneratingResponseInResponseTo; + } + + public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() { + return skipGeneratingSubjectConfirmationNotOnOrAfter; + } + + public void setSkipGeneratingSubjectConfirmationNotOnOrAfter( + final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) { + this.skipGeneratingSubjectConfirmationNotOnOrAfter = skipGeneratingSubjectConfirmationNotOnOrAfter; + } + + public boolean isSkipGeneratingSubjectConfirmationRecipient() { + return skipGeneratingSubjectConfirmationRecipient; + } + + public void setSkipGeneratingSubjectConfirmationRecipient( + final boolean skipGeneratingSubjectConfirmationRecipient) { + this.skipGeneratingSubjectConfirmationRecipient = skipGeneratingSubjectConfirmationRecipient; + } + + public boolean isSkipGeneratingSubjectConfirmationAddress() { + return skipGeneratingSubjectConfirmationAddress; + } + + public void setSkipGeneratingSubjectConfirmationAddress(final boolean skipGeneratingSubjectConfirmationAddress) { + this.skipGeneratingSubjectConfirmationAddress = skipGeneratingSubjectConfirmationAddress; + } + + public boolean isSkipGeneratingSubjectConfirmationNotBefore() { + return skipGeneratingSubjectConfirmationNotBefore; + } + + public void setSkipGeneratingSubjectConfirmationNotBefore( + final boolean skipGeneratingSubjectConfirmationNotBefore) { + this.skipGeneratingSubjectConfirmationNotBefore = skipGeneratingSubjectConfirmationNotBefore; + } + + public boolean isSkipGeneratingSubjectConfirmationNameId() { + return skipGeneratingSubjectConfirmationNameId; + } + + public void setSkipGeneratingSubjectConfirmationNameId(final boolean skipGeneratingSubjectConfirmationNameId) { + this.skipGeneratingSubjectConfirmationNameId = skipGeneratingSubjectConfirmationNameId; + } + + public boolean isSkipGeneratingNameIdQualifiers() { + return skipGeneratingNameIdQualifiers; + } + + public void setSkipGeneratingNameIdQualifiers(final boolean skipGeneratingNameIdQualifiers) { + this.skipGeneratingNameIdQualifiers = skipGeneratingNameIdQualifiers; + } + + public boolean isSkipGeneratingTransientNameId() { + return skipGeneratingTransientNameId; + } + + public void setSkipGeneratingTransientNameId(final boolean skipGeneratingTransientNameId) { + this.skipGeneratingTransientNameId = skipGeneratingTransientNameId; + } + + public boolean isSkipValidatingAuthnRequest() { + return skipValidatingAuthnRequest; + } + + public void setSkipValidatingAuthnRequest(final boolean skipValidatingAuthnRequest) { + this.skipValidatingAuthnRequest = skipValidatingAuthnRequest; + } + + public boolean isSkipGeneratingServiceProviderNameIdQualifier() { + return skipGeneratingServiceProviderNameIdQualifier; + } + + public void setSkipGeneratingServiceProviderNameIdQualifier( + final boolean skipGeneratingServiceProviderNameIdQualifier) { + this.skipGeneratingServiceProviderNameIdQualifier = skipGeneratingServiceProviderNameIdQualifier; + } + + public boolean isSkipGeneratingAuthenticatingAuthority() { + return skipGeneratingAuthenticatingAuthority; + } + + public void setSkipGeneratingAuthenticatingAuthority(final boolean skipGeneratingAuthenticatingAuthority) { + this.skipGeneratingAuthenticatingAuthority = skipGeneratingAuthenticatingAuthority; + } + + public boolean isSkipGeneratingNameIdQualifier() { + return skipGeneratingNameIdQualifier; + } + + public void setSkipGeneratingNameIdQualifier(final boolean skipGeneratingNameIdQualifier) { + this.skipGeneratingNameIdQualifier = skipGeneratingNameIdQualifier; + } + + public boolean isSkipGeneratingSessionNotOnOrAfter() { + return skipGeneratingSessionNotOnOrAfter; + } + + public void setSkipGeneratingSessionNotOnOrAfter(final boolean skipGeneratingSessionNotOnOrAfter) { + this.skipGeneratingSessionNotOnOrAfter = skipGeneratingSessionNotOnOrAfter; + } + + public boolean isValidateMetadataCertificates() { + return validateMetadataCertificates; + } + + public void setValidateMetadataCertificates(final boolean validateMetadataCertificates) { + this.validateMetadataCertificates = validateMetadataCertificates; + } + public String getRequiredAuthenticationContextClass() { return requiredAuthenticationContextClass; } @@ -231,7 +479,34 @@ public boolean equals(final Object obj) { .append(this.metadataSignatureLocation, rhs.metadataSignatureLocation) .append(this.signAssertions, rhs.signAssertions) .append(this.signResponses, rhs.signResponses) + .append(this.metadataCriteriaPattern, rhs.metadataCriteriaPattern) + .append(this.subjectLocality, rhs.subjectLocality) + .append(this.metadataCriteriaDirection, rhs.metadataCriteriaDirection) + .append(this.logoutResponseBinding, rhs.logoutResponseBinding) + .append(this.requireSignedRoot, rhs.requireSignedRoot) + .append(this.logoutResponseEnabled, rhs.logoutResponseEnabled) .append(this.encryptionOptional, rhs.encryptionOptional) + .append(this.signingCredentialType, rhs.signingCredentialType) + .append(this.encryptAttributes, rhs.encryptAttributes) + .append(this.skipGeneratingAssertionNameId, rhs.skipGeneratingAssertionNameId) + .append(this.skipGeneratingSubjectConfirmationInResponseTo, + rhs.skipGeneratingSubjectConfirmationInResponseTo) + .append(this.skipGeneratingResponseInResponseTo, rhs.skipGeneratingResponseInResponseTo) + .append(this.skipGeneratingSubjectConfirmationNotOnOrAfter, + rhs.skipGeneratingSubjectConfirmationNotOnOrAfter) + .append(this.skipGeneratingSubjectConfirmationRecipient, rhs.skipGeneratingSubjectConfirmationRecipient) + .append(this.skipGeneratingSubjectConfirmationAddress, rhs.skipGeneratingSubjectConfirmationAddress) + .append(this.skipGeneratingSubjectConfirmationNotBefore, rhs.skipGeneratingSubjectConfirmationNotBefore) + .append(this.skipGeneratingSubjectConfirmationNameId, rhs.skipGeneratingSubjectConfirmationNameId) + .append(this.skipGeneratingNameIdQualifiers, rhs.skipGeneratingNameIdQualifiers) + .append(this.skipGeneratingTransientNameId, rhs.skipGeneratingTransientNameId) + .append(this.skipValidatingAuthnRequest, rhs.skipValidatingAuthnRequest) + .append(this.skipGeneratingServiceProviderNameIdQualifier, + rhs.skipGeneratingServiceProviderNameIdQualifier) + .append(this.skipGeneratingAuthenticatingAuthority, rhs.skipGeneratingAuthenticatingAuthority) + .append(this.skipGeneratingNameIdQualifier, rhs.skipGeneratingNameIdQualifier) + .append(this.skipGeneratingSessionNotOnOrAfter, rhs.skipGeneratingSessionNotOnOrAfter) + .append(this.validateMetadataCertificates, rhs.validateMetadataCertificates) .append(this.encryptAssertions, rhs.encryptAssertions) .append(this.requiredAuthenticationContextClass, rhs.requiredAuthenticationContextClass) .append(this.requiredNameIdFormat, rhs.requiredNameIdFormat) @@ -258,6 +533,30 @@ public int hashCode() { .append(signAssertions) .append(signResponses) .append(encryptionOptional) + .append(metadataCriteriaPattern) + .append(subjectLocality) + .append(metadataCriteriaDirection) + .append(logoutResponseBinding) + .append(requireSignedRoot) + .append(logoutResponseEnabled) + .append(signingCredentialType) + .append(encryptAttributes) + .append(skipGeneratingAssertionNameId) + .append(skipGeneratingSubjectConfirmationInResponseTo) + .append(skipGeneratingResponseInResponseTo) + .append(skipGeneratingSubjectConfirmationNotOnOrAfter) + .append(skipGeneratingSubjectConfirmationRecipient) + .append(skipGeneratingSubjectConfirmationAddress) + .append(skipGeneratingSubjectConfirmationNotBefore) + .append(skipGeneratingSubjectConfirmationNameId) + .append(skipGeneratingNameIdQualifiers) + .append(skipGeneratingTransientNameId) + .append(skipValidatingAuthnRequest) + .append(skipGeneratingServiceProviderNameIdQualifier) + .append(skipGeneratingAuthenticatingAuthority) + .append(skipGeneratingNameIdQualifier) + .append(skipGeneratingSessionNotOnOrAfter) + .append(validateMetadataCertificates) .append(encryptAssertions) .append(requiredAuthenticationContextClass) .append(requiredNameIdFormat) diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/MetadataCriteriaDirection.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/MetadataCriteriaDirection.java new file mode 100644 index 00000000000..7a5846f8c76 --- /dev/null +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/MetadataCriteriaDirection.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.common.lib.types; + +public enum MetadataCriteriaDirection { + + INCLUDE("INCLUDE"), + + EXCLUDE("EXCLUDE"); + + private final String direction; + + MetadataCriteriaDirection(final String direction) { + this.direction = direction; + } + + public String getDirection() { + return direction; + } + +} diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SigningCredentialType.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SigningCredentialType.java new file mode 100644 index 00000000000..5b1a53ffad5 --- /dev/null +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SigningCredentialType.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.common.lib.types; + +public enum SigningCredentialType { + + X509("X509"), + + BASIC("BASIC"); + + private final String credentialType; + + SigningCredentialType(final String credentialType) { + this.credentialType = credentialType; + } + + public String getCredentialType() { + return credentialType; + } +} diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java index caf8d8a1435..1cde400d76a 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java @@ -21,7 +21,10 @@ import java.util.List; import java.util.Optional; import java.util.Set; +import org.apache.syncope.common.lib.types.MetadataCriteriaDirection; +import org.apache.syncope.common.lib.types.SAML2BindingType; import org.apache.syncope.common.lib.types.SAML2SPNameId; +import org.apache.syncope.common.lib.types.SigningCredentialType; import org.apache.syncope.common.lib.types.XmlSecAlgorithm; public interface SAML2SPClientApp extends ClientApp { @@ -58,6 +61,102 @@ public interface SAML2SPClientApp extends ClientApp { boolean isEncryptAssertions(); + void setMetadataCriteriaPattern(String metadataCriteriaPattern); + + String getMetadataCriteriaPattern(); + + void setSubjectLocality(String subjectLocality); + + String getSubjectLocality(); + + void setMetadataCriteriaDirection(MetadataCriteriaDirection metadataCriteriaDirection); + + MetadataCriteriaDirection getMetadataCriteriaDirection(); + + void setSigningCredentialType(SigningCredentialType signingCredentialType); + + SigningCredentialType getSigningCredentialType(); + + void setLogoutResponseBinding(SAML2BindingType logoutResponseBinding); + + SAML2BindingType getLogoutResponseBinding(); + + void setRequireSignedRoot(boolean requireSignedRoot); + + boolean isRequireSignedRoot(); + + void setLogoutResponseEnabled(boolean logoutResponseEnabled); + + boolean isLogoutResponseEnabled(); + + boolean isEncryptAttributes(); + + void setEncryptAttributes(boolean encryptAttributes); + + boolean isSkipGeneratingAssertionNameId(); + + void setSkipGeneratingAssertionNameId(boolean skipGeneratingAssertionNameId); + + boolean isSkipGeneratingSubjectConfirmationInResponseTo(); + + void setSkipGeneratingSubjectConfirmationInResponseTo(boolean skipGeneratingSubjectConfirmationInResponseTo); + + boolean isSkipGeneratingResponseInResponseTo(); + + void setSkipGeneratingResponseInResponseTo(boolean skipGeneratingResponseInResponseTo); + + boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter(); + + void setSkipGeneratingSubjectConfirmationNotOnOrAfter(boolean skipGeneratingSubjectConfirmationNotOnOrAfter); + + boolean isSkipGeneratingSubjectConfirmationRecipient(); + + void setSkipGeneratingSubjectConfirmationRecipient(boolean skipGeneratingSubjectConfirmationRecipient); + + boolean isSkipGeneratingSubjectConfirmationAddress(); + + void setSkipGeneratingSubjectConfirmationAddress(boolean skipGeneratingSubjectConfirmationAddress); + + boolean isSkipGeneratingSubjectConfirmationNotBefore(); + + void setSkipGeneratingSubjectConfirmationNotBefore(boolean skipGeneratingSubjectConfirmationNotBefore); + + boolean isSkipGeneratingSubjectConfirmationNameId(); + + void setSkipGeneratingSubjectConfirmationNameId(boolean skipGeneratingSubjectConfirmationNameId); + + boolean isSkipGeneratingNameIdQualifiers(); + + void setSkipGeneratingNameIdQualifiers(boolean skipGeneratingNameIdQualifiers); + + boolean isSkipGeneratingTransientNameId(); + + void setSkipGeneratingTransientNameId(boolean skipGeneratingTransientNameId); + + boolean isSkipValidatingAuthnRequest(); + + void setSkipValidatingAuthnRequest(boolean skipValidatingAuthnRequest); + + boolean isSkipGeneratingServiceProviderNameIdQualifier(); + + void setSkipGeneratingServiceProviderNameIdQualifier(boolean skipGeneratingServiceProviderNameIdQualifier); + + boolean isSkipGeneratingAuthenticatingAuthority(); + + void setSkipGeneratingAuthenticatingAuthority(boolean skipGeneratingAuthenticatingAuthority); + + boolean isSkipGeneratingNameIdQualifier(); + + void setSkipGeneratingNameIdQualifier(boolean skipGeneratingNameIdQualifier); + + boolean isSkipGeneratingSessionNotOnOrAfter(); + + void setSkipGeneratingSessionNotOnOrAfter(boolean skipGeneratingSessionNotOnOrAfter); + + boolean isValidateMetadataCertificates(); + + void setValidateMetadataCertificates(boolean validateMetadataCertificates); + void setRequiredAuthenticationContextClass(String location); String getRequiredAuthenticationContextClass(); diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java index af6c17c9375..0a6a6ff87c5 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java @@ -21,6 +21,8 @@ import com.fasterxml.jackson.core.type.TypeReference; import jakarta.persistence.Column; import jakarta.persistence.Entity; +import jakarta.persistence.EnumType; +import jakarta.persistence.Enumerated; import jakarta.persistence.Lob; import jakarta.persistence.PostLoad; import jakarta.persistence.PostPersist; @@ -34,7 +36,10 @@ import java.util.List; import java.util.Optional; import java.util.Set; +import org.apache.syncope.common.lib.types.MetadataCriteriaDirection; +import org.apache.syncope.common.lib.types.SAML2BindingType; import org.apache.syncope.common.lib.types.SAML2SPNameId; +import org.apache.syncope.common.lib.types.SigningCredentialType; import org.apache.syncope.common.lib.types.XmlSecAlgorithm; import org.apache.syncope.core.persistence.api.entity.am.SAML2SPClientApp; import org.apache.syncope.core.provisioning.api.serialization.POJOHelper; @@ -72,6 +77,52 @@ public class JPASAML2SPClientApp extends AbstractClientApp implements SAML2SPCli private boolean encryptAssertions; + private boolean requireSignedRoot; + + private boolean encryptAttributes; + + private boolean skipGeneratingAssertionNameId; + + @Column(name = "skipGeneSubjectConfInRespTo") + private boolean skipGeneratingSubjectConfirmationInResponseTo; + + @Column(name = "skipGeneRespInResponseTo") + private boolean skipGeneratingResponseInResponseTo; + + @Column(name = "skipGeneSubConfNotOnOrAfter") + private boolean skipGeneratingSubjectConfirmationNotOnOrAfter; + + @Column(name = "skipGeneSubConfRecipient") + private boolean skipGeneratingSubjectConfirmationRecipient; + + @Column(name = "skipGeneSubConfAddress") + private boolean skipGeneratingSubjectConfirmationAddress; + + @Column(name = "skipGeneSubConfNotBefore") + private boolean skipGeneratingSubjectConfirmationNotBefore; + + @Column(name = "skipGeneSubConfNameId") + private boolean skipGeneratingSubjectConfirmationNameId; + + private boolean skipGeneratingNameIdQualifiers; + + private boolean skipGeneratingTransientNameId; + + private boolean skipValidatingAuthnRequest; + + @Column(name = "skipGeneSerProvNameIdQualifier") + private boolean skipGeneratingServiceProviderNameIdQualifier; + + @Column(name = "skipGeneAuthAuthority") + private boolean skipGeneratingAuthenticatingAuthority; + + private boolean skipGeneratingNameIdQualifier; + + @Column(name = "skipGeneSessionNotOnOrAfter") + private boolean skipGeneratingSessionNotOnOrAfter; + + private boolean validateMetadataCertificates; + @Column(name = "reqAuthnContextClass") private String requiredAuthenticationContextClass; @@ -132,6 +183,22 @@ public class JPASAML2SPClientApp extends AbstractClientApp implements SAML2SPCli @Transient private List encryptionBlackListedAlgorithmsList = new ArrayList<>(); + private String metadataCriteriaPattern; + + private String subjectLocality; + + @Column(nullable = true) + @Enumerated(EnumType.STRING) + private MetadataCriteriaDirection metadataCriteriaDirection; + + @Column(nullable = true) + @Enumerated(EnumType.STRING) + private SigningCredentialType signingCredentialType; + + @Column(nullable = true) + @Enumerated(EnumType.STRING) + private SAML2BindingType logoutResponseBinding; + @Override public String getEntityId() { return entityId; @@ -207,11 +274,259 @@ public boolean isEncryptAssertions() { return encryptAssertions; } + @Override + public void setMetadataCriteriaPattern(final String metadataCriteriaPattern) { + this.metadataCriteriaPattern = metadataCriteriaPattern; + } + + @Override + public String getMetadataCriteriaPattern() { + return metadataCriteriaPattern; + } + + @Override + public void setSubjectLocality(final String subjectLocality) { + this.subjectLocality = subjectLocality; + + } + + @Override + public String getSubjectLocality() { + return subjectLocality; + } + + @Override + public void setMetadataCriteriaDirection(final MetadataCriteriaDirection metadataCriteriaDirection) { + this.metadataCriteriaDirection = metadataCriteriaDirection; + + } + + @Override + public MetadataCriteriaDirection getMetadataCriteriaDirection() { + return metadataCriteriaDirection; + } + + @Override + public void setSigningCredentialType(final SigningCredentialType signingCredentialType) { + this.signingCredentialType = signingCredentialType; + } + + @Override + public SigningCredentialType getSigningCredentialType() { + return signingCredentialType; + } + + @Override + public void setLogoutResponseBinding(final SAML2BindingType logoutResponseBinding) { + this.logoutResponseBinding = logoutResponseBinding; + + } + + @Override + public SAML2BindingType getLogoutResponseBinding() { + return logoutResponseBinding; + } + @Override public void setEncryptAssertions(final boolean encryptAssertions) { this.encryptAssertions = encryptAssertions; } + @Override + public boolean isRequireSignedRoot() { + return requireSignedRoot; + } + + @Override + public void setLogoutResponseEnabled(final boolean logoutResponseEnabled) { + + } + + @Override + public boolean isLogoutResponseEnabled() { + return false; + } + + @Override + public void setRequireSignedRoot(final boolean requireSignedRoot) { + this.requireSignedRoot = requireSignedRoot; + } + + @Override + public boolean isEncryptAttributes() { + return encryptAttributes; + } + + @Override + public void setEncryptAttributes(final boolean encryptAttributes) { + this.encryptAttributes = encryptAttributes; + } + + @Override + public boolean isSkipGeneratingAssertionNameId() { + return skipGeneratingAssertionNameId; + } + + @Override + public void setSkipGeneratingAssertionNameId(final boolean skipGeneratingAssertionNameId) { + this.skipGeneratingAssertionNameId = skipGeneratingAssertionNameId; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationInResponseTo() { + return skipGeneratingSubjectConfirmationInResponseTo; + } + + @Override + public void setSkipGeneratingSubjectConfirmationInResponseTo( + final boolean skipGeneratingSubjectConfirmationInResponseTo) { + this.skipGeneratingSubjectConfirmationInResponseTo = skipGeneratingSubjectConfirmationInResponseTo; + } + + @Override + public boolean isSkipGeneratingResponseInResponseTo() { + return skipGeneratingResponseInResponseTo; + } + + @Override + public void setSkipGeneratingResponseInResponseTo(final boolean skipGeneratingResponseInResponseTo) { + this.skipGeneratingResponseInResponseTo = skipGeneratingResponseInResponseTo; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() { + return skipGeneratingSubjectConfirmationNotOnOrAfter; + } + + @Override + public void setSkipGeneratingSubjectConfirmationNotOnOrAfter( + final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) { + this.skipGeneratingSubjectConfirmationNotOnOrAfter = skipGeneratingSubjectConfirmationNotOnOrAfter; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationRecipient() { + return skipGeneratingSubjectConfirmationRecipient; + } + + @Override + public void setSkipGeneratingSubjectConfirmationRecipient( + final boolean skipGeneratingSubjectConfirmationRecipient) { + this.skipGeneratingSubjectConfirmationRecipient = skipGeneratingSubjectConfirmationRecipient; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationAddress() { + return skipGeneratingSubjectConfirmationAddress; + } + + @Override + public void setSkipGeneratingSubjectConfirmationAddress(final boolean skipGeneratingSubjectConfirmationAddress) { + this.skipGeneratingSubjectConfirmationAddress = skipGeneratingSubjectConfirmationAddress; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationNotBefore() { + return skipGeneratingSubjectConfirmationNotBefore; + } + + @Override + public void setSkipGeneratingSubjectConfirmationNotBefore( + final boolean skipGeneratingSubjectConfirmationNotBefore) { + this.skipGeneratingSubjectConfirmationNotBefore = skipGeneratingSubjectConfirmationNotBefore; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationNameId() { + return skipGeneratingSubjectConfirmationNameId; + } + + @Override + public void setSkipGeneratingSubjectConfirmationNameId(final boolean skipGeneratingSubjectConfirmationNameId) { + this.skipGeneratingSubjectConfirmationNameId = skipGeneratingSubjectConfirmationNameId; + } + + @Override + public boolean isSkipGeneratingNameIdQualifiers() { + return skipGeneratingNameIdQualifiers; + } + + @Override + public void setSkipGeneratingNameIdQualifiers(final boolean skipGeneratingNameIdQualifiers) { + this.skipGeneratingNameIdQualifiers = skipGeneratingNameIdQualifiers; + } + + @Override + public boolean isSkipGeneratingTransientNameId() { + return skipGeneratingTransientNameId; + } + + @Override + public void setSkipGeneratingTransientNameId(final boolean skipGeneratingTransientNameId) { + this.skipGeneratingTransientNameId = skipGeneratingTransientNameId; + } + + @Override + public boolean isSkipValidatingAuthnRequest() { + return skipValidatingAuthnRequest; + } + + @Override + public void setSkipValidatingAuthnRequest(final boolean skipValidatingAuthnRequest) { + this.skipValidatingAuthnRequest = skipValidatingAuthnRequest; + } + + @Override + public boolean isSkipGeneratingServiceProviderNameIdQualifier() { + return skipGeneratingServiceProviderNameIdQualifier; + } + + @Override + public void setSkipGeneratingServiceProviderNameIdQualifier( + final boolean skipGeneratingServiceProviderNameIdQualifier) { + this.skipGeneratingServiceProviderNameIdQualifier = skipGeneratingServiceProviderNameIdQualifier; + } + + @Override + public boolean isSkipGeneratingAuthenticatingAuthority() { + return skipGeneratingAuthenticatingAuthority; + } + + @Override + public void setSkipGeneratingAuthenticatingAuthority(final boolean skipGeneratingAuthenticatingAuthority) { + this.skipGeneratingAuthenticatingAuthority = skipGeneratingAuthenticatingAuthority; + } + + @Override + public boolean isSkipGeneratingNameIdQualifier() { + return skipGeneratingNameIdQualifier; + } + + @Override + public void setSkipGeneratingNameIdQualifier(final boolean skipGeneratingNameIdQualifier) { + this.skipGeneratingNameIdQualifier = skipGeneratingNameIdQualifier; + } + + @Override + public boolean isSkipGeneratingSessionNotOnOrAfter() { + return skipGeneratingSessionNotOnOrAfter; + } + + @Override + public void setSkipGeneratingSessionNotOnOrAfter(final boolean skipGeneratingSessionNotOnOrAfter) { + this.skipGeneratingSessionNotOnOrAfter = skipGeneratingSessionNotOnOrAfter; + } + + @Override + public boolean isValidateMetadataCertificates() { + return validateMetadataCertificates; + } + + @Override + public void setValidateMetadataCertificates(final boolean validateMetadataCertificates) { + this.validateMetadataCertificates = validateMetadataCertificates; + } + @Override public String getRequiredAuthenticationContextClass() { return requiredAuthenticationContextClass; diff --git a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java index 3c6902bfd7e..7c7971e7684 100644 --- a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java +++ b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java @@ -25,7 +25,10 @@ import java.util.List; import java.util.Optional; import java.util.Set; +import org.apache.syncope.common.lib.types.MetadataCriteriaDirection; +import org.apache.syncope.common.lib.types.SAML2BindingType; import org.apache.syncope.common.lib.types.SAML2SPNameId; +import org.apache.syncope.common.lib.types.SigningCredentialType; import org.apache.syncope.common.lib.types.XmlSecAlgorithm; import org.apache.syncope.core.persistence.api.entity.am.SAML2SPClientApp; import org.apache.syncope.core.provisioning.api.serialization.POJOHelper; @@ -64,8 +67,50 @@ public class Neo4jSAML2SPClientApp extends AbstractClientApp implements SAML2SPC private boolean encryptAssertions; + private boolean encryptAttributes; + + private boolean skipGeneratingAssertionNameId; + + private boolean skipGeneratingSubjectConfirmationInResponseTo; + + private boolean skipGeneratingResponseInResponseTo; + + private boolean skipGeneratingSubjectConfirmationNotOnOrAfter; + + private boolean skipGeneratingSubjectConfirmationRecipient; + + private boolean skipGeneratingSubjectConfirmationAddress; + + private boolean skipGeneratingSubjectConfirmationNotBefore; + + private boolean skipGeneratingSubjectConfirmationNameId; + + private boolean skipGeneratingNameIdQualifiers; + + private boolean skipGeneratingTransientNameId; + + private boolean skipValidatingAuthnRequest; + + private boolean skipGeneratingServiceProviderNameIdQualifier; + + private boolean skipGeneratingAuthenticatingAuthority; + + private boolean skipGeneratingNameIdQualifier; + + private boolean skipGeneratingSessionNotOnOrAfter; + + private boolean validateMetadataCertificates; + + private boolean requireSignedRoot; + + private boolean logoutResponseEnabled; + private String requiredAuthenticationContextClass; + private String metadataCriteriaPattern; + + private String subjectLocality; + private SAML2SPNameId requiredNameIdFormat; private Integer skewAllowance; @@ -74,6 +119,12 @@ public class Neo4jSAML2SPClientApp extends AbstractClientApp implements SAML2SPC private String assertionAudiences; + private MetadataCriteriaDirection metadataCriteriaDirection; + + private SigningCredentialType signingCredentialType; + + private SAML2BindingType logoutResponseBinding; + @Transient private Set assertionAudiencesSet = new HashSet<>(); @@ -184,10 +235,256 @@ public boolean isEncryptAssertions() { return encryptAssertions; } + @Override + public void setMetadataCriteriaPattern(final String metadataCriteriaPattern) { + this.metadataCriteriaPattern = metadataCriteriaPattern; + } + + @Override + public String getMetadataCriteriaPattern() { + return metadataCriteriaPattern; + } + + @Override + public void setSubjectLocality(final String subjectLocality) { + this.subjectLocality = subjectLocality; + } + + @Override + public String getSubjectLocality() { + return subjectLocality; + } + + @Override + public void setMetadataCriteriaDirection(final MetadataCriteriaDirection metadataCriteriaDirection) { + this.metadataCriteriaDirection = metadataCriteriaDirection; + } + + @Override + public MetadataCriteriaDirection getMetadataCriteriaDirection() { + return metadataCriteriaDirection; + } + + @Override + public void setSigningCredentialType(final SigningCredentialType signingCredentialType) { + this.signingCredentialType = signingCredentialType; + } + + @Override + public SigningCredentialType getSigningCredentialType() { + return signingCredentialType; + } + + @Override + public void setLogoutResponseBinding(final SAML2BindingType logoutResponseBinding) { + this.logoutResponseBinding = logoutResponseBinding; + } + + @Override + public SAML2BindingType getLogoutResponseBinding() { + return logoutResponseBinding; + } + + @Override + public void setRequireSignedRoot(final boolean requireSignedRoot) { + this.requireSignedRoot = requireSignedRoot; + } + + @Override + public boolean isRequireSignedRoot() { + return requireSignedRoot; + } + + @Override + public void setLogoutResponseEnabled(final boolean logoutResponseEnabled) { + this.logoutResponseEnabled = logoutResponseEnabled; + } + + @Override + public boolean isLogoutResponseEnabled() { + return logoutResponseEnabled; + } + @Override public void setEncryptAssertions(final boolean encryptAssertions) { this.encryptAssertions = encryptAssertions; } + + + + @Override + public boolean isEncryptAttributes() { + return encryptAttributes; + } + + @Override + public void setEncryptAttributes(final boolean encryptAttributes) { + this.encryptAttributes = encryptAttributes; + } + + @Override + public boolean isSkipGeneratingAssertionNameId() { + return skipGeneratingAssertionNameId; + } + + public void setSkipGeneratingAssertionNameId(final boolean skipGeneratingAssertionNameId) { + this.skipGeneratingAssertionNameId = skipGeneratingAssertionNameId; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationInResponseTo() { + return skipGeneratingSubjectConfirmationInResponseTo; + } + + @Override + public void setSkipGeneratingSubjectConfirmationInResponseTo( + final boolean skipGeneratingSubjectConfirmationInResponseTo) { + this.skipGeneratingSubjectConfirmationInResponseTo = skipGeneratingSubjectConfirmationInResponseTo; + } + + @Override + public boolean isSkipGeneratingResponseInResponseTo() { + return skipGeneratingResponseInResponseTo; + } + + @Override + public void setSkipGeneratingResponseInResponseTo(final boolean skipGeneratingResponseInResponseTo) { + this.skipGeneratingResponseInResponseTo = skipGeneratingResponseInResponseTo; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() { + return skipGeneratingSubjectConfirmationNotOnOrAfter; + } + + @Override + public void setSkipGeneratingSubjectConfirmationNotOnOrAfter( + final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) { + this.skipGeneratingSubjectConfirmationNotOnOrAfter = skipGeneratingSubjectConfirmationNotOnOrAfter; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationRecipient() { + return skipGeneratingSubjectConfirmationRecipient; + } + + @Override + public void setSkipGeneratingSubjectConfirmationRecipient( + final boolean skipGeneratingSubjectConfirmationRecipient) { + this.skipGeneratingSubjectConfirmationRecipient = skipGeneratingSubjectConfirmationRecipient; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationAddress() { + return skipGeneratingSubjectConfirmationAddress; + } + + @Override + public void setSkipGeneratingSubjectConfirmationAddress(final boolean skipGeneratingSubjectConfirmationAddress) { + this.skipGeneratingSubjectConfirmationAddress = skipGeneratingSubjectConfirmationAddress; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationNotBefore() { + return skipGeneratingSubjectConfirmationNotBefore; + } + + @Override + public void setSkipGeneratingSubjectConfirmationNotBefore( + final boolean skipGeneratingSubjectConfirmationNotBefore) { + this.skipGeneratingSubjectConfirmationNotBefore = skipGeneratingSubjectConfirmationNotBefore; + } + + @Override + public boolean isSkipGeneratingSubjectConfirmationNameId() { + return skipGeneratingSubjectConfirmationNameId; + } + + @Override + public void setSkipGeneratingSubjectConfirmationNameId(final boolean skipGeneratingSubjectConfirmationNameId) { + this.skipGeneratingSubjectConfirmationNameId = skipGeneratingSubjectConfirmationNameId; + } + + @Override + public boolean isSkipGeneratingNameIdQualifiers() { + return skipGeneratingNameIdQualifiers; + } + + @Override + public void setSkipGeneratingNameIdQualifiers(final boolean skipGeneratingNameIdQualifiers) { + this.skipGeneratingNameIdQualifiers = skipGeneratingNameIdQualifiers; + } + + @Override + public boolean isSkipGeneratingTransientNameId() { + return skipGeneratingTransientNameId; + } + + @Override + public void setSkipGeneratingTransientNameId(final boolean skipGeneratingTransientNameId) { + this.skipGeneratingTransientNameId = skipGeneratingTransientNameId; + } + + @Override + public boolean isSkipValidatingAuthnRequest() { + return skipValidatingAuthnRequest; + } + + @Override + public void setSkipValidatingAuthnRequest(final boolean skipValidatingAuthnRequest) { + this.skipValidatingAuthnRequest = skipValidatingAuthnRequest; + } + + @Override + public boolean isSkipGeneratingServiceProviderNameIdQualifier() { + return skipGeneratingServiceProviderNameIdQualifier; + } + + @Override + public void setSkipGeneratingServiceProviderNameIdQualifier( + final boolean skipGeneratingServiceProviderNameIdQualifier) { + this.skipGeneratingServiceProviderNameIdQualifier = skipGeneratingServiceProviderNameIdQualifier; + } + + @Override + public boolean isSkipGeneratingAuthenticatingAuthority() { + return skipGeneratingAuthenticatingAuthority; + } + + @Override + public void setSkipGeneratingAuthenticatingAuthority(final boolean skipGeneratingAuthenticatingAuthority) { + this.skipGeneratingAuthenticatingAuthority = skipGeneratingAuthenticatingAuthority; + } + + @Override + public boolean isSkipGeneratingNameIdQualifier() { + return skipGeneratingNameIdQualifier; + } + + @Override + public void setSkipGeneratingNameIdQualifier(final boolean skipGeneratingNameIdQualifier) { + this.skipGeneratingNameIdQualifier = skipGeneratingNameIdQualifier; + } + + @Override + public boolean isSkipGeneratingSessionNotOnOrAfter() { + return skipGeneratingSessionNotOnOrAfter; + } + + @Override + public void setSkipGeneratingSessionNotOnOrAfter(final boolean skipGeneratingSessionNotOnOrAfter) { + this.skipGeneratingSessionNotOnOrAfter = skipGeneratingSessionNotOnOrAfter; + } + + @Override + public boolean isValidateMetadataCertificates() { + return validateMetadataCertificates; + } + + @Override + public void setValidateMetadataCertificates(final boolean validateMetadataCertificates) { + this.validateMetadataCertificates = validateMetadataCertificates; + } @Override public String getRequiredAuthenticationContextClass() { diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java index 6973dbf5fc6..753c6a48044 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java @@ -134,10 +134,39 @@ protected void doUpdate(final SAML2SPClientApp clientApp, final SAML2SPClientApp } clientApp.setMetadataLocation(clientAppTO.getMetadataLocation()); clientApp.setMetadataSignatureLocation(clientAppTO.getMetadataSignatureLocation()); + clientApp.setMetadataCriteriaPattern(clientAppTO.getMetadataCriteriaPattern()); + clientApp.setSubjectLocality(clientAppTO.getSubjectLocality()); + clientApp.setMetadataCriteriaDirection(clientAppTO.getMetadataCriteriaDirection()); + clientApp.setSigningCredentialType(clientAppTO.getSigningCredentialType()); + clientApp.setLogoutResponseBinding(clientAppTO.getLogoutResponseBinding()); clientApp.setSignAssertions(clientAppTO.isSignAssertions()); clientApp.setSignResponses(clientAppTO.isSignResponses()); clientApp.setEncryptionOptional(clientAppTO.isEncryptionOptional()); clientApp.setEncryptAssertions(clientAppTO.isEncryptAssertions()); + clientApp.setRequireSignedRoot(clientAppTO.isRequireSignedRoot()); + clientApp.setLogoutResponseEnabled(clientAppTO.isLogoutResponseEnabled()); + clientApp.setEncryptAttributes(clientAppTO.isEncryptAttributes()); + clientApp.setSkipGeneratingAssertionNameId(clientAppTO.isSkipGeneratingAssertionNameId()); + clientApp.setSkipGeneratingSubjectConfirmationInResponseTo( + clientAppTO.isSkipGeneratingSubjectConfirmationInResponseTo()); + clientApp.setSkipGeneratingResponseInResponseTo(clientAppTO.isSkipGeneratingResponseInResponseTo()); + clientApp.setSkipGeneratingSubjectConfirmationNotOnOrAfter( + clientAppTO.isSkipGeneratingSubjectConfirmationNotOnOrAfter()); + clientApp.setSkipGeneratingSubjectConfirmationRecipient( + clientAppTO.isSkipGeneratingSubjectConfirmationRecipient()); + clientApp.setSkipGeneratingSubjectConfirmationAddress(clientAppTO.isSkipGeneratingSubjectConfirmationAddress()); + clientApp.setSkipGeneratingSubjectConfirmationNotBefore( + clientAppTO.isSkipGeneratingSubjectConfirmationNotBefore()); + clientApp.setSkipGeneratingSubjectConfirmationNameId(clientAppTO.isSkipGeneratingSubjectConfirmationNameId()); + clientApp.setSkipGeneratingNameIdQualifiers(clientAppTO.isSkipGeneratingNameIdQualifiers()); + clientApp.setSkipGeneratingTransientNameId(clientAppTO.isSkipGeneratingTransientNameId()); + clientApp.setSkipValidatingAuthnRequest(clientAppTO.isSkipValidatingAuthnRequest()); + clientApp.setSkipGeneratingServiceProviderNameIdQualifier( + clientAppTO.isSkipGeneratingServiceProviderNameIdQualifier()); + clientApp.setSkipGeneratingAuthenticatingAuthority(clientAppTO.isSkipGeneratingAuthenticatingAuthority()); + clientApp.setSkipGeneratingNameIdQualifier(clientAppTO.isSkipGeneratingNameIdQualifier()); + clientApp.setSkipGeneratingSessionNotOnOrAfter(clientAppTO.isSkipGeneratingSessionNotOnOrAfter()); + clientApp.setValidateMetadataCertificates(clientAppTO.isValidateMetadataCertificates()); clientApp.setRequiredAuthenticationContextClass(clientAppTO.getRequiredAuthenticationContextClass()); clientApp.setRequiredNameIdFormat(clientAppTO.getRequiredNameIdFormat()); clientApp.setSkewAllowance(clientAppTO.getSkewAllowance()); @@ -201,10 +230,39 @@ protected SAML2SPClientAppTO getSAMLClientAppTO(final SAML2SPClientApp clientApp clientAppTO.setEntityId(clientApp.getEntityId()); clientAppTO.setMetadataLocation(clientApp.getMetadataLocation()); clientAppTO.setMetadataSignatureLocation(clientApp.getMetadataSignatureLocation()); + clientAppTO.setMetadataCriteriaPattern(clientApp.getMetadataCriteriaPattern()); + clientAppTO.setSubjectLocality(clientApp.getSubjectLocality()); + clientAppTO.setMetadataCriteriaDirection(clientApp.getMetadataCriteriaDirection()); + clientAppTO.setSigningCredentialType(clientApp.getSigningCredentialType()); + clientAppTO.setLogoutResponseBinding(clientApp.getLogoutResponseBinding()); clientAppTO.setSignAssertions(clientApp.isSignAssertions()); clientAppTO.setSignResponses(clientApp.isSignResponses()); clientAppTO.setEncryptionOptional(clientApp.isEncryptionOptional()); clientAppTO.setEncryptAssertions(clientApp.isEncryptAssertions()); + clientAppTO.setRequireSignedRoot(clientApp.isRequireSignedRoot()); + clientAppTO.setLogoutResponseEnabled(clientApp.isLogoutResponseEnabled()); + clientAppTO.setEncryptAttributes(clientApp.isEncryptAttributes()); + clientAppTO.setSkipGeneratingAssertionNameId(clientApp.isSkipGeneratingAssertionNameId()); + clientAppTO.setSkipGeneratingSubjectConfirmationInResponseTo( + clientApp.isSkipGeneratingSubjectConfirmationInResponseTo()); + clientAppTO.setSkipGeneratingResponseInResponseTo(clientApp.isSkipGeneratingResponseInResponseTo()); + clientAppTO.setSkipGeneratingSubjectConfirmationNotOnOrAfter( + clientApp.isSkipGeneratingSubjectConfirmationNotOnOrAfter()); + clientAppTO.setSkipGeneratingSubjectConfirmationRecipient( + clientApp.isSkipGeneratingSubjectConfirmationRecipient()); + clientAppTO.setSkipGeneratingSubjectConfirmationAddress(clientApp.isSkipGeneratingSubjectConfirmationAddress()); + clientAppTO.setSkipGeneratingSubjectConfirmationNotBefore( + clientApp.isSkipGeneratingSubjectConfirmationNotBefore()); + clientAppTO.setSkipGeneratingSubjectConfirmationNameId(clientApp.isSkipGeneratingSubjectConfirmationNameId()); + clientAppTO.setSkipGeneratingNameIdQualifiers(clientApp.isSkipGeneratingNameIdQualifiers()); + clientAppTO.setSkipGeneratingTransientNameId(clientApp.isSkipGeneratingTransientNameId()); + clientAppTO.setSkipValidatingAuthnRequest(clientApp.isSkipValidatingAuthnRequest()); + clientAppTO.setSkipGeneratingServiceProviderNameIdQualifier( + clientApp.isSkipGeneratingServiceProviderNameIdQualifier()); + clientAppTO.setSkipGeneratingAuthenticatingAuthority(clientApp.isSkipGeneratingAuthenticatingAuthority()); + clientAppTO.setSkipGeneratingNameIdQualifier(clientApp.isSkipGeneratingNameIdQualifier()); + clientAppTO.setSkipGeneratingSessionNotOnOrAfter(clientApp.isSkipGeneratingSessionNotOnOrAfter()); + clientAppTO.setValidateMetadataCertificates(clientApp.isValidateMetadataCertificates()); clientAppTO.setRequiredAuthenticationContextClass(clientApp.getRequiredAuthenticationContextClass()); clientAppTO.setRequiredNameIdFormat(clientApp.getRequiredNameIdFormat()); clientAppTO.setSkewAllowance(clientApp.getSkewAllowance()); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java index 29ff3cda7ff..8996f647565 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java @@ -70,6 +70,30 @@ public RegisteredService map( service.setSignResponses(TriStateBoolean.fromBoolean(sp.isSignResponses())); service.setEncryptionOptional(sp.isEncryptionOptional()); service.setEncryptAssertions(sp.isEncryptAssertions()); + service.setSubjectLocality(sp.getSubjectLocality()); + service.setLogoutResponseBinding(sp.getLogoutResponseBinding().getUri()); + service.setMetadataCriteriaDirection(sp.getMetadataCriteriaDirection().getDirection()); + service.setMetadataCriteriaPattern(sp.getMetadataCriteriaPattern()); + service.setSigningCredentialType(sp.getSigningCredentialType().getCredentialType()); + service.setEncryptAttributes(sp.isEncryptAttributes()); + service.setRequireSignedRoot(sp.isRequireSignedRoot()); + service.setLogoutResponseEnabled(sp.isLogoutResponseEnabled()); + service.setSkipGeneratingAssertionNameId(sp.isSkipGeneratingAssertionNameId()); + service.setSkipGeneratingSubjectConfirmationInResponseTo(sp.isSkipGeneratingSubjectConfirmationInResponseTo()); + service.setSkipGeneratingResponseInResponseTo(sp.isSkipGeneratingResponseInResponseTo()); + service.setSkipGeneratingSubjectConfirmationNotOnOrAfter(sp.isSkipGeneratingSubjectConfirmationNotOnOrAfter()); + service.setSkipGeneratingSubjectConfirmationRecipient(sp.isSkipGeneratingSubjectConfirmationRecipient()); + service.setSkipGeneratingSubjectConfirmationAddress(sp.isSkipGeneratingSubjectConfirmationAddress()); + service.setSkipGeneratingSubjectConfirmationNotBefore(sp.isSkipGeneratingSubjectConfirmationNotBefore()); + service.setSkipGeneratingSubjectConfirmationNameId(sp.isSkipGeneratingSubjectConfirmationNameId()); + service.setSkipGeneratingNameIdQualifiers(sp.isSkipGeneratingNameIdQualifiers()); + service.setSkipGeneratingTransientNameId(sp.isSkipGeneratingTransientNameId()); + service.setSkipValidatingAuthnRequest(sp.isSkipValidatingAuthnRequest()); + service.setSkipGeneratingServiceProviderNameIdQualifier(sp.isSkipGeneratingServiceProviderNameIdQualifier()); + service.setSkipGeneratingAuthenticatingAuthority(sp.isSkipGeneratingAuthenticatingAuthority()); + service.setSkipGeneratingNameIdQualifier(sp.isSkipGeneratingNameIdQualifier()); + service.setSkipGeneratingSessionNotOnOrAfter(sp.isSkipGeneratingSessionNotOnOrAfter()); + service.setValidateMetadataCertificates(sp.isValidateMetadataCertificates()); service.setRequiredAuthenticationContextClass(sp.getRequiredAuthenticationContextClass()); service.setRequiredNameIdFormat(sp.getRequiredNameIdFormat().getNameId()); service.setSkewAllowance(Optional.ofNullable(sp.getSkewAllowance()).orElse(0));