Commit 58d8e322 authored by benjamin.ertl's avatar benjamin.ertl
Browse files

udpate

parent 9c6d53d2
...@@ -93,5 +93,9 @@ ...@@ -93,5 +93,9 @@
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId> <artifactId>spring-boot-starter-test</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jersey</artifactId>
</dependency>
</dependencies> </dependencies>
</project> </project>
\ No newline at end of file
...@@ -33,7 +33,7 @@ public class AuthenticationController { ...@@ -33,7 +33,7 @@ public class AuthenticationController {
@RequestMapping("/login") @RequestMapping("/login")
public String login(Model model) { public String login(Model model) {
String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", ""); String redirectUrl = oauth2AuthorizeUri.replaceAll("/$", "");
redirectUrl += "?response_type=code&scope=openid&client_id="; redirectUrl += "?response_type=code&scope=openid%20email&client_id=";
redirectUrl += oauth2ClientId; redirectUrl += oauth2ClientId;
redirectUrl += "&redirect_uri="; redirectUrl += "&redirect_uri=";
redirectUrl += oauth2RedirectUri; redirectUrl += oauth2RedirectUri;
......
...@@ -39,9 +39,9 @@ public class IdentityHarmonizer { ...@@ -39,9 +39,9 @@ public class IdentityHarmonizer {
@Autowired @Autowired
private OidcClient oidcClient; private OidcClient oidcClient;
public ScimUser harmonizeIdentities(String subject, OIDCTokens tokens) { public ScimUser harmonizeIdentities(String username, OIDCTokens tokens) {
ScimUser scimUser = new ScimUser(); ScimUser scimUser = new ScimUser();
scimUser.setUserName(subject); scimUser.setUserName(username);
// OIDC // OIDC
log.debug("Try to get OIDC user information"); log.debug("Try to get OIDC user information");
...@@ -71,13 +71,32 @@ public class IdentityHarmonizer { ...@@ -71,13 +71,32 @@ public class IdentityHarmonizer {
} }
} }
if (scimUser.getUserName() != null && !scimUser.getUserName().equals(username)) {
log.warn("provided username {} does not equal oidc username {}", username, scimUser.getUserName());
// the google case ..
if (scimUser.getEmails() != null && !scimUser.getEmails().isEmpty()) {
String emailAddress = scimUser.getEmails().get(0).getValue();
String[] scopedEmail = emailAddress.split("@");
try {
String userId = scopedEmail[0];
log.warn("overwrite username {} with {}", scimUser.getUserName(), userId);
scimUser.setUserName(userId);
} catch (Exception e) {
log.warn("ERROR parsing email {}", e.getMessage());
}
}
} else {
log.warn("provided username {} does not equal oidc subject {}", username, scimUser.getExternalId());
log.warn("overwrite username {} with {}", username, scimUser.getExternalId());
scimUser.setUserName(scimUser.getExternalId());
}
// SCIM // SCIM
log.debug("Try to get SCIM user information"); log.debug("Try to get SCIM user information");
JSONObject userJson = scimClient.getUser(scimUser.getUserName()); JSONObject userJson = scimClient.getUser(scimUser.getUserName());
if (userJson != null) { if (userJson != null) {
log.debug("SCIM user info {}", userJson.toString()); log.debug("SCIM user info {}", userJson.toString());
// TODO merge with SCIM user
} }
// LDAP // LDAP
...@@ -86,6 +105,8 @@ public class IdentityHarmonizer { ...@@ -86,6 +105,8 @@ public class IdentityHarmonizer {
// REGAPP // REGAPP
// TODO // TODO
// TODO merge
log.debug("Aggregated SCIM user information {}", scimUser.toString()); log.debug("Aggregated SCIM user information {}", scimUser.toString());
return scimUser; return scimUser;
} }
......
...@@ -11,6 +11,8 @@ package edu.kit.scc; ...@@ -11,6 +11,8 @@ package edu.kit.scc;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.net.URLDecoder; import java.net.URLDecoder;
import javax.ws.rs.FormParam;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -59,7 +61,8 @@ public class RestServiceController { ...@@ -59,7 +61,8 @@ public class RestServiceController {
@RequestMapping(path = "/ecp/regid/{regId}", method = RequestMethod.POST) @RequestMapping(path = "/ecp/regid/{regId}", method = RequestMethod.POST)
public ScimUser ecpAuthentication(@PathVariable String regId, public ScimUser ecpAuthentication(@PathVariable String regId,
@RequestHeader("Authorization") String basicAuthorization, @RequestBody String body) { @RequestHeader("Authorization") String basicAuthorization, @FormParam("username") String username,
@FormParam("password") String password, @RequestBody String body) {
verifyAuthorization(basicAuthorization); verifyAuthorization(basicAuthorization);
...@@ -76,10 +79,8 @@ public class RestServiceController { ...@@ -76,10 +79,8 @@ public class RestServiceController {
if (!regAppSuccess) { if (!regAppSuccess) {
log.debug("Try OIDC authentication"); log.debug("Try OIDC authentication");
try { try {
String token = body.split("=")[1]; log.debug("Got token {}", password);
log.debug("Got token {}", token); tokens = oidcClient.requestTokens(URLDecoder.decode(password, "UTF-8"));
token = URLDecoder.decode(token, "UTF-8");
tokens = oidcClient.requestTokens(token);
if (tokens != null) { if (tokens != null) {
log.debug("OIDC authentication success"); log.debug("OIDC authentication success");
...@@ -96,7 +97,7 @@ public class RestServiceController { ...@@ -96,7 +97,7 @@ public class RestServiceController {
log.debug("OIDC success {}", oidcSuccess); log.debug("OIDC success {}", oidcSuccess);
if (regAppSuccess || oidcSuccess) { if (regAppSuccess || oidcSuccess) {
return identityHarmonizer.harmonizeIdentities(regId, tokens); return identityHarmonizer.harmonizeIdentities(username, tokens);
} }
// if nothing succeeded, fail ... gracefully // if nothing succeeded, fail ... gracefully
......
...@@ -8,6 +8,9 @@ ...@@ -8,6 +8,9 @@
*/ */
package edu.kit.scc.scim; package edu.kit.scc.scim;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import org.json.JSONObject; import org.json.JSONObject;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -53,7 +56,11 @@ public class ScimClient { ...@@ -53,7 +56,11 @@ public class ScimClient {
JSONObject json = null; JSONObject json = null;
HttpClient client = new HttpClient(); HttpClient client = new HttpClient();
String url = userEndpoint.replaceAll("/$", ""); String url = userEndpoint.replaceAll("/$", "");
url += "?filter=userNameEq" + name; try {
url += "?filter=userNameEq" + URLEncoder.encode(name, "UTF-8");
} catch (UnsupportedEncodingException e) {
log.error("ERROR {}", e.getMessage());
}
HttpResponse response = client.makeHttpsGetRequest(user, password, url); HttpResponse response = client.makeHttpsGetRequest(user, password, url);
......
...@@ -28,7 +28,6 @@ public class ScimUserAttributeMapper { ...@@ -28,7 +28,6 @@ public class ScimUserAttributeMapper {
public ScimUser mapFromUserInfo(UserInfo userInfo) { public ScimUser mapFromUserInfo(UserInfo userInfo) {
ScimUser scimUser = new ScimUser(); ScimUser scimUser = new ScimUser();
scimUser.setName(new Name());
com.nimbusds.openid.connect.sdk.claims.Address address = userInfo.getAddress(); com.nimbusds.openid.connect.sdk.claims.Address address = userInfo.getAddress();
if (address != null) { if (address != null) {
...@@ -63,17 +62,26 @@ public class ScimUserAttributeMapper { ...@@ -63,17 +62,26 @@ public class ScimUserAttributeMapper {
scimUser.getPhoneNumbers().add(scimPhoneNumber); scimUser.getPhoneNumbers().add(scimPhoneNumber);
} }
String familyName = userInfo.getFamilyName(); String familyName = userInfo.getFamilyName();
if (familyName != null) if (familyName != null) {
if (scimUser.getName() == null)
scimUser.setName(new Name());
scimUser.getName().setFamilyName(familyName); scimUser.getName().setFamilyName(familyName);
}
String givenName = userInfo.getGivenName(); String givenName = userInfo.getGivenName();
if (givenName != null) if (givenName != null) {
if (scimUser.getName() == null)
scimUser.setName(new Name());
scimUser.getName().setGivenName(givenName); scimUser.getName().setGivenName(givenName);
}
String locale = userInfo.getLocale(); String locale = userInfo.getLocale();
if (locale != null) if (locale != null)
scimUser.setLocale(locale); scimUser.setLocale(locale);
String middleName = userInfo.getMiddleName(); String middleName = userInfo.getMiddleName();
if (middleName != null) if (middleName != null) {
if (scimUser.getName() == null)
scimUser.setName(new Name());
scimUser.getName().setMiddleName(middleName); scimUser.getName().setMiddleName(middleName);
}
String userName = userInfo.getName(); String userName = userInfo.getName();
if (userName != null) if (userName != null)
scimUser.setUserName(userName); scimUser.setUserName(userName);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment