Domů Procházet Nápověda
Přihlásit se
dromara
/
MaxKey
zrcadlo https://gitee.com/dromara/MaxKey.git
2
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Procházet zdrojové kódy

SAML FIX

Crystal.Sea před 4 roky
rodič
119810b00d
revize
69159e46de
4 změnil soubory, kde provedl 62 přidání a 4 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 3 2
      ReleaseNotes.txt
  2. 11 0
      maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java
  3. 1 0
      maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java
  4. 47 2
      maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java

+ 3 - 2
ReleaseNotes.txt
Zobrazit soubor 

@@ -32,8 +32,9 @@
 
 	*(MAXKEY-200831)  MySQL时间问题,参见https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html
 
 	*(MAXKEY-200832)  OAuth2 Password模式修复
 
 	*(MAXKEY-200833)  MGT管理SAML上传问题、IDP元数据链接优化、主键生成修复、元数据参数配置调整
 
-	*(MAXKEY-200834)  MGT管理TOKENBASED令牌主键生成修复
 
-	*(MAXKEY-200835)  依赖jar升级
 
+	*(MAXKEY-200834)  SAML 2添加多种NameId的支持,支持后缀的配置,NameId支持大小写转换
 
+	*(MAXKEY-200835)  MGT管理TOKENBASED令牌主键生成修复
 
+	*(MAXKEY-200836)  依赖jar升级
 
 						tomcat 9.0.38
 
 						passay 1.6.0
 
 						springBootVersion  2.3.4.RELEASE

+ 11 - 0
maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java
Zobrazit soubor 

@@ -93,6 +93,9 @@ public class AppsSAML20Details extends Apps {
 
      */
 
     @Column
 
     private int nameIdConvert;
 
+    
+    @Column
 
+    private String nameIdSuffix;
 
 
     public static final class BindingType {
 
         public static final  String Redirect_Post = "Redirect-Post";
 
@@ -326,6 +329,14 @@ public class AppsSAML20Details extends Apps {
 
     public void setDigestMethod(String digestMethod) {
 
         this.digestMethod = digestMethod;
 
     }
 
+    
+    public String getNameIdSuffix() {
 
+        return nameIdSuffix;
 
+    }
 
+
 
+    public void setNameIdSuffix(String nameIdSuffix) {
 
+        this.nameIdSuffix = nameIdSuffix;
 
+    }
 
 
     @Override
 
     public String toString() {

+ 1 - 0
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java
Zobrazit soubor 

@@ -85,6 +85,7 @@ public class AssertionGenerator {
 
 		Assertion assertion = new AssertionBuilder().buildObject();;
 
 		//Subject
 
 		Subject subject = subjectGenerator.generateSubject(
 
+		                saml20Details,
 
 						assertionConsumerURL,
 
 						inResponseTo,
 
 						validInSeconds);

+ 47 - 2
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java
Zobrazit soubor 

@@ -19,7 +19,10 @@
 
 package org.maxkey.authz.saml20.provider.xml;
 
 
 
+import org.apache.commons.lang3.StringUtils;
 
 import org.maxkey.authz.saml.service.TimeService;
 
+import org.maxkey.domain.UserInfo;
 
+import org.maxkey.domain.apps.AppsSAML20Details;
 
 import org.maxkey.web.WebContext;
 
 import org.opensaml.saml2.core.NameID;
 
 import org.opensaml.saml2.core.NameIDType;
 
@@ -41,12 +44,54 @@ public class SubjectGenerator {
 
 		this.timeService = timeService;
 
 	}
 
 
-	public Subject generateSubject( 
+	public Subject generateSubject( AppsSAML20Details saml20Details,
 
 							String assertionConsumerURL, 
 							String inResponseTo, 
 							int validInSeconds) {
 
+		UserInfo userInfo = WebContext.getUserInfo();
 
+		String nameIdValue = userInfo.getUsername();
 
+		if(saml20Details.getNameidFormat().equalsIgnoreCase("persistent")) {
 
+		    
+		}else if(saml20Details.getNameidFormat().equalsIgnoreCase("transient")) {
 
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("unspecified")) {
 
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("emailAddress")) {
 
+            if(userInfo.getEmail()!=null && !userInfo.getEmail().equals("")) {
 
+                nameIdValue = userInfo.getEmail();
 
+            }
 
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("X509SubjectName")) {
 
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("WindowsDomainQualifiedName")) {
 
+            if(userInfo.getWindowsAccount()!=null && !userInfo.getWindowsAccount().equals("")) {
 
+                nameIdValue = userInfo.getWindowsAccount();
 
+            }
 
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("entity")) {
 
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("custom")) {
 
+            
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("Mobile")) {
 
+            if(userInfo.getMobile()!=null && !userInfo.getMobile().equals("")) {
 
+                nameIdValue = userInfo.getMobile();
 
+            }
 
+        }else if(saml20Details.getNameidFormat().equalsIgnoreCase("EmployeeNumber")) {
 
+            if(userInfo.getEmployeeNumber()!=null && !userInfo.getEmployeeNumber().equals("")) {
 
+                nameIdValue = userInfo.getEmployeeNumber();
 
+            }
 
+        }
 
+		
+		if(!StringUtils.isEmpty(saml20Details.getNameIdSuffix())) {
 
+		    nameIdValue = nameIdValue + saml20Details.getNameIdSuffix();
 
+		}
 
+		
+		if(saml20Details.getNameIdConvert()==0) {
 
+		    
+		}else if(saml20Details.getNameIdConvert()==1) {
 
+		    nameIdValue = nameIdValue.toUpperCase();
 
+        }else if(saml20Details.getNameIdConvert()==1) {
 
+            nameIdValue = nameIdValue.toLowerCase();
 
+        }
 
 		
-		String nameIdValue =WebContext.getUserInfo().getUsername();
 
 		NameID nameID =builderNameID(nameIdValue,assertionConsumerURL);
 
 		Subject subject =builderSubject(nameID);