- Jul 07, 2016
-
-
Nicholas Blair authored
-
Nicholas Blair authored
fix: clone constructor now properly copies first/last name Tiny bug fix. @cknuth @paul.erickson @andrew-summers @bjsousa @apatwary See merge request !17
-
Nicholas Blair authored
-
- Jun 28, 2016
-
-
Benjamin Sousa authored
-
Benjamin Sousa authored
-
Benjamin Sousa authored
Define userName variable distinct from eppn in federated mapper This change is motivated by the need to set userName to a value other than default value of eppn for federated preauthenticated users. The intended use case is UW Digital ID, where we plan to use SPVI as the username for the purposes of the RequestOnBehalfOfFilter. @paul.erickson @bkeen @npblair See merge request !16
-
Benjamin Sousa authored
-
Benjamin Sousa authored
-
- Jun 24, 2016
-
-
Benjamin Sousa authored
-
- Jun 08, 2016
-
-
Nicholas Blair authored
-
Nicholas Blair authored
-
Nicholas Blair authored
fix: correct configuration to activate federation attributemapper We can't just decorate the `FederatedPreauthenticatedUserDetailsAttributesMapper` with @Component, because the package edu.wisc.uwss.preauth isn't @ComponentScan'ned (edu.wisc.uwss.configuration.preauth is, by design). Corrected the logger for the Federated attributesmapper, it was incorrectly using the Default implementation (so you couldn't tell which class was lgogging). Added a Maven profile to help test: combined-simulate-federation. Ping: @paul.erickson @ahoffmann @cknuth See merge request !15
-
Nicholas Blair authored
-
- Jun 07, 2016
-
-
Nicholas Blair authored
We can't just decorate with @Component, because the package edu.wisc.uwss.preauth isn't @ComponentScan'ned (edu.wisc.uwss.configuration.preauth is). Corrected the logger for the Federated attributesmapper, it was incorrectly using the Default implementation (so you couldn't tell which class was lgogging). Added a Maven profile to help test: combined-simulate-federation.
-
- Jun 06, 2016
-
-
Benjamin Sousa authored
-
Benjamin Sousa authored
-
Benjamin Sousa authored
Add preauth mapper for UW System authenticated user. Bump to version 1.3.0 Creates an alternative to the default Preauth attributes mapper (which is UW-Madison focused) that is specific to the common attributes for an authenticated UW System user. Note that in the System context eppn replaces uid as the response for usernameHeader, because uid is no longer a meaningful identifier in a federated context where the bare uid might not be unique unless it's scoped to an individual campus. The more the merrier: @paul.erickson @ahoffmann See merge request !14
-
Benjamin Sousa authored
-
Benjamin Sousa authored
-
- May 24, 2016
-
-
Nicholas Blair authored
-
Nicholas Blair authored
-
Nicholas Blair authored
Add support for deprecated mapping To add backwards compatibility, additional mappings were added in the Attribute mapping. Unit tests confirmed successful mapping. Please review: @npblair @paul.erickson @ahoffmann See merge request !13
-
Andrew Lundholm authored
-
- May 23, 2016
-
-
Andrew Lundholm authored
-
- May 19, 2016
-
-
Andrew Lundholm authored
-
- May 18, 2016
-
-
Nicholas Blair authored
-
Nicholas Blair authored
-
Nicholas Blair authored
feat: Add optional REST Controller to simulate Shibboleth's session handler This pull requests adds an optional REST Controller to simulate a response that matches the exact JSON format of Shibboleth's session handler. Example: log in to https://test.my.wisc.edu. After completing login, visit https://test.my.wisc.edu/Shibboleth.sso/Session.json. This controller is not active by default; in order to add it, activate the Spring Profile named `edu.wisc.uwss.simulated-shibboleth`. Sample response for Amy Administrator: ``` { expiration: 480, client_address: "0:0:0:0:0:0:0:1", protocol: "urn:oasis:names:tc:SAML:2.0:protocol", identity_provider: "https://logintest.wisc.edu/idp/shibboleth", authn_instant: "2016-05-16T17:40:37.762", authncontext_class: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", attributes: [ { name: "persistent-id", values: [ "https://logintest.wisc.edu/idp/shibboleth!https://fake.wisc.edu/shibboleth!thisis/fake/PE=" ] }, { name: "uid", values: [ "admin" ] }, { name: "pubcookie-user", values: [ "admin" ] }, { name: "wiscEduPVI", values: [ "UW000A000" ] } ] } ``` The idea for this came from a discussion with @levett. Also notify @timothy-vertein @andrew-petro See merge request !11
-
Nicholas Blair authored
feature: a callback interface allowing customization of UserDetailsService#loadUserByUsername This pull request adds a callback interface that allows downstream projects to participate in one of the core Spring Security components of the `local-users` profile: the UserDetailsService. During an authentication attempt, `UserDetailsService#loadUserByUsername` is used by Spring Security to first check if a User object exists for the username in the credentials. If no User object is found, no further credential check takes place; if a User object is found, other Spring Security components go about comparing the provided credentials in the authentication attempt to that object. We have a use case in DoIT Number that is driving the need for this. DoIT Number has a custom `UWUserDetails` class that has some additional fields stored behind a DAO. If we didn't have this customization, DoIT Number would need to sub-class `LocalUserDetailsManagerImpl`, then somehow exclude that bean from the UWSpringSecurityConfiguration - not trivially possible. The existing `LocalUserDetailsAttributesMapper` interface has a lifecycle that's not conducive to this type of request. Implementations of that interface are executed during application startup - and it is possible that the DAO may not be fully constructed at the time it's queried. We need a callback that fires at time of authentication attempt - not startup. With this pull request, DoIT Number will simply have to register a Spring Bean as follows to query that DAO and attach the necessary data to their custom `UWUserDetails` class as part of `UserDetailsService#loadUserByUsername`: ``` @Component class DNumberLocalUWUserDetailsCallback implements LocalUWUserDetailsCallback<DNumberUserDetailsImpl> { @Autowired private ControlDao controlDao; public void success(DNumberUserDetailsImpl userDetails) { userDetails.setControls(controlDao.getControls(userDetails.getUsername())); } } ``` This type of feature is only needed for `local-users` and not for `preauth`. The `PreauthenticatedUserDetailsAttributeMapper` interface has a lifecycle already similar to LocalUWUserDetailsCallback (firing on authentication attempt, not startup). Notify @alundholm See merge request !12
-
Nicholas Blair authored
-
Nicholas Blair authored
-
- May 17, 2016
-
-
Nicholas Blair authored
Allows downstream projects to mutate the UWUserDetails instance returned by that core method.
-
Nicholas Blair authored
New feature: simulated shibboleth session handler.
-
- May 16, 2016
-
-
Nicholas Blair authored
New feature: simulated shibboleth session handler.
-
Nicholas Blair authored
Backed with current authenticated UWUserDetails.
-
Nicholas Blair authored
-
Nicholas Blair authored
-
Nicholas Blair authored
Incorrectly had 1.0.3-SNAPSHOT hardcoded, should just match project.version
-
Nicholas Blair authored
feature: Add uw-frame compatible REST API for /profile This pull request adds a REST resource under `/profile` that transforms the current `UWUserDetails` into a format matching [uw-frame's session.json feed](https://github.com/UW-Madison-DoIT/uw-frame/blob/master/uw-frame-components/staticFeeds/session.json). With this feature in place, uw-frame apps will be able to have the user attributes from the UW Spring Security principal display in the frame header. Here's the familiar Amy Administrator, as output from `GET /profile/uw-frame`: ``` { username: "admin", displayName: "Amy Administrator", firstName: "Amy", lastName: "Administrator", serverName: "", version: "", sessionKey: "" } ``` To configure this feature in a uw-frame app, one needs to create a file named `src/main/webapp/js/override.js` (if not already present) with the following contents: ``` define(['angular'], function(angular) { var config = angular.module('override', []); config .constant('OVERRIDE', { 'SERVICE_LOC': { 'sessionInfo' : 'profile/uw-frame', } }) ; return config; }); ``` Notify @andrew-petro @levett @ahoffmann @paul.erickson @bjsousa @andrew-summers @alundholm To assignee @dwitter2 - the plan is to use this for capital-equipment and iaa-diagnostic-tool, among others, then we no longer have the mismatch in our demos (with frame defaulting to showing one logged in as 'Bucky'). See merge request !10
-
Nicholas Blair authored
Now matches uw-frame format exactly.
-