admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-07 17:38:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

SAML FIX

Browse Source
This commit is contained in:
Crystal.Sea 2020-09-23 07:41:56 +08:00
parent 119810b00d
commit 69159e46de
4 changed files with 62 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ReleaseNotes.txt
View File

@ -32,8 +32,9 @@
*(MAXKEY-200831) MySQL时间问题参见https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html *(MAXKEY-200831) MySQL时间问题参见https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html
*(MAXKEY-200832) OAuth2 Password模式修复 *(MAXKEY-200832) OAuth2 Password模式修复
*(MAXKEY-200833) MGT管理SAML上传问题、IDP元数据链接优化、主键生成修复、元数据参数配置调整 *(MAXKEY-200833) MGT管理SAML上传问题、IDP元数据链接优化、主键生成修复、元数据参数配置调整
*(MAXKEY-200834) MGT管理TOKENBASED令牌主键生成修复 *(MAXKEY-200834) SAML 2添加多种NameId的支持支持后缀的配置NameId支持大小写转换
*(MAXKEY-200835) 依赖jar升级 *(MAXKEY-200835) MGT管理TOKENBASED令牌主键生成修复
*(MAXKEY-200836) 依赖jar升级
tomcat 9.0.38 tomcat 9.0.38
passay 1.6.0 passay 1.6.0
springBootVersion 2.3.4.RELEASE springBootVersion 2.3.4.RELEASE

11
maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java
View File

@ -93,6 +93,9 @@ public class AppsSAML20Details extends Apps {
*/ */
@Column @Column
private int nameIdConvert; private int nameIdConvert;
@Column
private String nameIdSuffix;
public static final class BindingType { public static final class BindingType {
public static final String Redirect_Post = "Redirect-Post"; public static final String Redirect_Post = "Redirect-Post";
@ -326,6 +329,14 @@ public class AppsSAML20Details extends Apps {
public void setDigestMethod(String digestMethod) { public void setDigestMethod(String digestMethod) {
this.digestMethod = digestMethod; this.digestMethod = digestMethod;
} }
public String getNameIdSuffix() {
return nameIdSuffix;
}
public void setNameIdSuffix(String nameIdSuffix) {
this.nameIdSuffix = nameIdSuffix;
}
@Override @Override
public String toString() { public String toString() {

1
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java
View File

@ -85,6 +85,7 @@ public class AssertionGenerator {
Assertion assertion = new AssertionBuilder().buildObject();; Assertion assertion = new AssertionBuilder().buildObject();;
//Subject //Subject
Subject subject = subjectGenerator.generateSubject( Subject subject = subjectGenerator.generateSubject(
saml20Details,
assertionConsumerURL, assertionConsumerURL,
inResponseTo, inResponseTo,
validInSeconds); validInSeconds);

49
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java
View File

@ -19,7 +19,10 @@
package org.maxkey.authz.saml20.provider.xml; package org.maxkey.authz.saml20.provider.xml;
import org.apache.commons.lang3.StringUtils;
import org.maxkey.authz.saml.service.TimeService; import org.maxkey.authz.saml.service.TimeService;
import org.maxkey.domain.UserInfo;
import org.maxkey.domain.apps.AppsSAML20Details;
import org.maxkey.web.WebContext; import org.maxkey.web.WebContext;
import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDType; import org.opensaml.saml2.core.NameIDType;
@ -41,12 +44,54 @@ public class SubjectGenerator {
this.timeService = timeService; this.timeService = timeService;
} }
public Subject generateSubject( public Subject generateSubject( AppsSAML20Details saml20Details,
String assertionConsumerURL, String assertionConsumerURL,
String inResponseTo, String inResponseTo,
int validInSeconds) { int validInSeconds) {
UserInfo userInfo = WebContext.getUserInfo();
String nameIdValue = userInfo.getUsername();
if(saml20Details.getNameidFormat().equalsIgnoreCase("persistent")) {
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("transient")) {
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("unspecified")) {
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("emailAddress")) {
if(userInfo.getEmail()!=null && !userInfo.getEmail().equals("")) {
nameIdValue = userInfo.getEmail();
}
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("X509SubjectName")) {
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("WindowsDomainQualifiedName")) {
if(userInfo.getWindowsAccount()!=null && !userInfo.getWindowsAccount().equals("")) {
nameIdValue = userInfo.getWindowsAccount();
}
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("entity")) {
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("custom")) {
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("Mobile")) {
if(userInfo.getMobile()!=null && !userInfo.getMobile().equals("")) {
nameIdValue = userInfo.getMobile();
}
}else if(saml20Details.getNameidFormat().equalsIgnoreCase("EmployeeNumber")) {
if(userInfo.getEmployeeNumber()!=null && !userInfo.getEmployeeNumber().equals("")) {
nameIdValue = userInfo.getEmployeeNumber();
}
}
if(!StringUtils.isEmpty(saml20Details.getNameIdSuffix())) {
nameIdValue = nameIdValue + saml20Details.getNameIdSuffix();
}
if(saml20Details.getNameIdConvert()==0) {
}else if(saml20Details.getNameIdConvert()==1) {
nameIdValue = nameIdValue.toUpperCase();
}else if(saml20Details.getNameIdConvert()==1) {
nameIdValue = nameIdValue.toLowerCase();
}
String nameIdValue =WebContext.getUserInfo().getUsername();
NameID nameID =builderNameID(nameIdValue,assertionConsumerURL); NameID nameID =builderNameID(nameIdValue,assertionConsumerURL);
Subject subject =builderSubject(nameID); Subject subject =builderSubject(nameID);