Skip to content

GitLab

Commit 98c91d14 authored by benjamin.ertl's avatar benjamin.ertl
Browse files
Options

scim integration

parent 6291efc1
Pipeline #3837 skipped
Hide whitespace changes
Inline Side-by-side
Showing with 1389 additions and 343 deletions
assertions/fbhcfgee deleted 100644 → 0
View file @ 6291efc1
H6GNGExp4J8vHLeTGCaV86oeLsJfYXpYHoldMn6TckgUiapgt-ctIRHdRbIKasYW8rvsZufORIw_
ylH6fLW4SH3WUNw4LrnsrLq9CwtnSpd2bNRBXgS9mDx9oMUfbCLnh28GU9JYBIObpFiPDZRBMRzB
Jtemq5e7T3EFOGReOFf8YAWYVbJ7kl10C8O65A3SXU3nTD2q8HFJgnBpl4tLdygXS5PJHjZ77I5N
cc6SI0DWgiv6AhNfs1nC1Hll7ouCC9JYebDrgGZ76yBJOEkms6v8yV1WFG4kd8QYnhmWHSOJ3ZpX
92kP9U-ywE03VvJnvSpFB4YoS6jYJBThPL0o1e4HKy9zns3LUpeH3N37JLXxWIXv_UBh6pli4Jnk
f1mDRgtEN9rRSHaILO1ACb2JbECXBTkfhN153CjO4DYkvaRFFw0KXnZqbEs_O49QfccKVuxj8JnZ
BEyYYOUY5BoiTsRc3fIhotXKlWD5QBsjXB2EcuFYBujLx6z8Xxg-fDYaFgMQXTKJxmkbg4EJHLoG
L02ar7-U_c0h2J6ewyZDg3O3vALxNuOz18rwlXm7x-3hqoIIvmice4XUnmuJTRz1At8OeBx7P2_E
uqMMUWoPW-B3JkYTUjkxom-lm7pMwWdRxBCYEpvsKswrA2HlwN3EvciU3ZkxcFw3ckhlVsdOpWCF
LxGT5x2d4Yp9TWANNIosG9gQrHTZk7FB_JHhJCiftxBkR9j51yKejWWr7zIkRQdagXlXdkzcVhUz
XrKFYTLqKZRXWUxNhc4SeX2QqVXB1XAGzmebuK4K8FvoPB-T1aDFqqDF6MuHG3OnESkIrRODQsux
h9gV1zwrSKJbhYb3q4sTz7iRkYpy7yjVF9TgDczQI8SLoW5XyOgrrKxOCbkq_1E23rLANJSVFY0X
Hfh3U5uAzgqzWLf7vc9x-22uVKkWmCa428_mjq44J1whm_GwCpznij8agEn6mKxlY6Bnnro5VQft
m-ypsnqQnUtYZr2tRBUrlUTCTG4jthlKtu1RbVahOwk8GYtcX4nEuWceOTPiz3iQB5KYylv8GoDM
EX5zrLTfWfBHoHcMpQO7QtiMfygsgop6Pf165XkTBv396Atp2Y-yWGbLcR7tvYsDBAvQ6Z5bsZSf
tKiTECQEtVp7d5_aZSVZElyT2qQtolAHygwzBQKizzCSFgDpg7asXtElR3JMmBXt8uuQ-z6mR54z
zvQgiTL4Q5l9A_NMqMtxaKw1ws6YuFbkorNZjm_c0i_eIJSbYdNqKGco2rG-z2eshdSZPyBBTfyv
MaFyR8GAGeJhdCWE9PkTq4jyHIVzs6hKc9OuzqT_oVt5fJVOhzSLrB3ptrNbJdrZt3PHJFYiaHdP
YGs3Y9GFpIYzRoLiidPVFuCWkRfZCbjKftvc_70yetgF3nx1c2_tseB_1vKV-udQMJhFbeiVOpA9
tSti_NX_q3iRAmXo5jCrZEYBt1I7SjUn3suvkkVna-UaiUeoncl8ATg22_F7lv1nKUZJ32bpKeTb
7WY-wAYYqebb_Hj-bH7BIX9sv1768buLM_XmiOBGydx1AmDHvpiboR8-9UdW02n5AnOrWh4JVcYA
e9vGhHQZjo2hPRGy2cMmzAaVxhZkJTYCcwH-yvQwIgIE1cxjDnXv9bZWrZZeRpWdaaumEyXfUZv4
_zik7-8AJuBjlczb6v63nNa1BUzMAXjXQ2G8U07EV0d_CzzU4mcgOYkeNq7IMbe6I522dq_i5eTY
a3y__zI7FQxN1KpSOSokmm9haEm0MuyxWbFn1c-QjVprnhC7YojF-p-FLGx8PgD_tappyNKP2gyQ
ba_COv3d9gGSkUh6I6rU20jgsOfD4yZ2CWu81WK3RKtlixGhJXhSO2C0Gv0HOVo1fz1Rcb25EtS0
6ra6ZlQII333k4TYBzwKH_2xgU_1chKZBqSvVHWeirOml7ETye6CD-NQ4Tj7UyO8V5WNhnu0LzZS
doiREk_lpzor7EU_MehB0aIOMVBKf5S1bvCkF61qLL0mJEVtMThsi8ObuzA0udE4cvx8LWUeaPdM
x00SZJhKu5WNJ8RifYHWvFhlo4BRImo8nOEvzDcouMIqQPj2S50Dkm0mY_V3u_6KLQi-c4kbjr8g
uFIUYhe-DFGEETpkAGV_dhGVD3OZTBS1J__hG7B5pBrTvkUvx3KKXBSSVDPFXKlBJ5boqmDHhFAK
mohYyHzja1Z2aGyS4nMdi9BYSaTyK4fr6zBlkf1XE2MDlhgBnW69dcenkx4HU_Dkf-iVf91i7NUS
XvwCnca892lWJgthskizwfe4bIZrn45HzXbjq6z-eeo5UXgilRs35JYw_9semmCzg8Z-nhIszro8
m2oQThCFGH-XHKAwRY8SpeUdNR20wxh4WrO84Wb3Ypu3xwbpmTi4VbliRiAj4v9wDOVjmkQppbds
xAaJLn8t9Vi39eJ3bGSEozm-jMxIpF6pHMfCoQOyG6WGZmftK7L-x5Asns-ZRJVXLMIV3hIZZU78
et8I9lpb30kZngE7mVQp8PEVbs0TaNbRxEp-zqKK39vjo4bS0Xg1DKRvxtvYZ_OZ1cZJHOnA8EuV
rw0Nmi8Mhc4gEwGYtK2wIc8t0U9iyxGMQelyPTwd5SStV4fy0FH8r_XpGvKqeOK13Hb63EjcgVlI
fdRQVkkmy1EnffIxCymBPaO-KUXTa1ThZ6dSRBzQi65uxFUP1stOcsLtAunG5fPawcU1GTMLszfw
UcLC1NSJ3FE-3rFV3rVRPjnp1Vy-zuXamg0z1syoxbOyNNicphmdJ_Ku6Gkdo6xcyYBIAb8Xi6mw
JR-sJftkZIsKS_dwRyg0oYRZQgr7URnzEVVJ19Tv4-bwNi7ZlhN_E_WWhQqKkpwTm9EhKR_fYOr_
Rx27X5xr48hCWYKmLbDfPaRHqkB5hOR9tbfwqdQrHIUoKdPBStRNNJuTP1_dRvY_Lc3M4yZjjO68
xJi9YevPfghj2pmYpMIMBp7tCp4jAmtLyOmdwsxMPdqNJeKbm3uXvhxCaHW6SuDQTcmicvjz0U0N
WLKFZap4_RtqWNWo3TQVTsYC2aM1nDEfzO5VPkNOB-2VDaEHoAtsPxnrwGLSJs8k1O3VzzoBM1cu
m1i8D7tEtkw3I7WSQbzL-IscBLsezP3HPL6maG0dHCf9gcl1RxceBhNOWHaE6UQrNcVzEzxaoWZI
tlP__nGmQ0iObfDi2OF433IMGlIgIL9DNWh0YCKZ13XxGtJD6FBpetJKh1sPluTfvGLjJchPdxP3
qGsEBtBwWExk39P4wnRtNO62sfAO3tHnDR_rHG6vFwkf-9FhZLL-1QkjpcFBdUpaLHlS1q1fhJmc
XtwRXriTQH4EnqQTKCYdw3l2IgU_X9chVScZoeF5Druc9aP9ffV0RIlbgHCrocfvvyX_OxYbEPYR
9WRZ_s9FpRhpkGWSXowv18O8XYhG88Au74glE8v_Dvjn6qGqYvPaqPT9-8wiXAxQubCRYqc3pAFf
LNB6YalHn2ZCp_nxKdqEJQ9gRG-sSEsvJSFsGtvH4Jsys7cjgBd0B8XyC1YEPlho0E5HpiuSmha6
sSEcfq9JDKA62rujw7wS_7hJgQvmK_hq-R26QTn8B24D8NYDRXr2JhARsGaSKW9RuzD4DplgjUS_
LdPU8Sq83x5pwUYrWxLgD2sQAlKrgtT9vgqWV67F9xvaDmrKKUL2uD3ch9FPU3ctjD33rX6yUWGt
81zGTzNJ3UVO4K4ZOknLcjCk2vl9i6Lkersk5sBm54b_s6ldobGtz-d4kV_u-D82IrPfdLMYkV72
UDwZjIJ6jaipztNlJjA
mapping 0 → 100644
View file @ 98c91d14
OIDC
{
"email": "benjamin.ertl@kit.edu",
"email_verified": true,
"family_name": "Ertl",
"groups": [
{
"id": "54e3843d-2b9d-45df-a76d-03bdf2fe46a2",
"name": "Users"
},
{
"id": "19a8dd29-2b8d-4efd-85cf-f8091037d51f",
"name": "Developers"
}
],
"name": "Benjamin",
"organisation_name": "indigo-dc",
"preferred_username": "benjamin",
"sub": "54d75bff-7ae3-4d65-81db-81c456020655"
}
SCIM
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "90001",
"externalId": "54d75bff-7ae3-4d65-81db-81c456020655",
"userName": "benjamin",
"name": {
"familyName": "Ertl",
"givenName": "Benjamin",
},
"emails": [
{
"value": "benjamin.ertl@kit.edu",
}
],
"groups": [
{
"value": "54e3843d-2b9d-45df-a76d-03bdf2fe46a2",
"$ref": "99991",
"display": "Users"
},
{
"value": "19a8dd29-2b8d-4efd-85cf-f8091037d51f",
"$ref": "99992",
"display": "Developers"
}
],
"meta": {
"organisation_name": "indigo-dc",
}
}
POSIX Account
dn: uid=benjamin,ou=users,dc=test,dc=kit,dc=edu
objectclass: extensibleObject
objectclass: top
objectclass: posixAccount
objectclass: person
cn: benjamin.ertl@kit.edu
gidNumber: 99991
homeDirectory: /home/benjamin
sn: Ertl
uid: benjamin
uidNumber: 90001
description: indigo-dc
uniqueIdentifier: 54d75bff-7ae3-4d65-81db-81c456020655
givenName: Benjamin
mail: benjamin.ertl@kit.edu
POSIX Group
dn: cn=Users,ou=groups,dc=test,dc=kit,dc=edu
objectClass: top
objectClass: posixGroup
cn: Users
gidNumber: 99991
memberUid: benjamin
pom.xml
View file @ 98c91d14
......@@ -22,7 +22,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<skipTests>true</skipTests>
<skipTests>false</skipTests>
<includes>
<include>edu.kit.scc.test.TestSuite</include>
</includes>
</configuration>
</plugin>
<plugin>
......@@ -55,7 +58,7 @@
<version>1.3.1.RELEASE</version>
</parent>
<dependencies>
<!-- Spring -->
<!-- tag::Spring[] -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
......@@ -68,22 +71,57 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-redis</artifactId>
</dependency>
<!-- end::Spring[] -->
<!-- LDAP -->
<!-- tag::Test[] -->
<dependency>
<groupId>com.jayway.restassured</groupId>
<artifactId>rest-assured</artifactId>
<version>2.9.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<dependency>
<groupId>com.github.kstyrc</groupId>
<artifactId>embedded-redis</artifactId>
<version>0.6</version>
</dependency>
<dependency>
<groupId>com.unboundid</groupId>
<artifactId>unboundid-ldapsdk</artifactId>
<version>3.1.1</version>
</dependency>
<!-- end::Test[] -->
<!-- tag::LDAP[] -->
<dependency>
<groupId>org.springframework.ldap</groupId>
<artifactId>spring-ldap-core</artifactId>
<version>2.0.4.RELEASE</version>
</dependency>
<!-- end::LDAP[] -->
<!-- OpenID Connect -->
<!-- tag::OpenID Connect[] -->
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>oauth2-oidc-sdk</artifactId>
<version>5.1</version>
</dependency>
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>4.16.2</version>
</dependency>
<!-- end::OpenID Connect[] -->
<!-- SAML -->
<!-- tag::SAML[] -->
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
......@@ -95,25 +133,23 @@
</exclusion>
</exclusions>
</dependency>
<!-- end::SAML[] -->
<!-- Utils -->
<!-- tag::Utils[] -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>18.0</version>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.54</version>
</dependency>
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<dependency>
<groupId>org.jdom</groupId>
<artifactId>jdom</artifactId>
<version>2.0.2</version>
</dependency>
<!-- end::Utils[] -->
</dependencies>
</project>
\ No newline at end of file
src/main/java/edu/kit/scc/DevelopmentConfiguration.java 0 → 100644
View file @ 98c91d14
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import com.unboundid.ldap.listener.InMemoryDirectoryServer;
import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
import com.unboundid.ldap.listener.InMemoryListenerConfig;
import com.unboundid.ldap.sdk.LDAPException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import redis.embedded.RedisServer;
import java.io.IOException;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
@Configuration
@Profile("development")
public class DevelopmentConfiguration {
private static final Logger log = LoggerFactory.getLogger(DevelopmentConfiguration.class);
@Value("${spring.redis.port}")
private int port;
private static InMemoryDirectoryServer ds;
private static RedisServer redisServer;
/**
* Initializes in-memory LDAP and redis.
*
* @throws LDAPException in case in-memory LDAP couldn't be created
* @throws IOException in case in-memory redis couldn't be created
*/
@PostConstruct
public void init() throws LDAPException, IOException {
log.debug("Set-up in-memory LDAP...");
// set-up in-memory LDAP
InMemoryDirectoryServerConfig config =
new InMemoryDirectoryServerConfig("dc=springframework,dc=org");
// schema config only necessary if the standard
// schema provided by the library doesn't suit your needs
config.setSchema(null);
// listener config only necessary if you want to make sure that the
// server listens on port 33389, otherwise a free random port will
// be picked at runtime - which might be even better for tests btw
config.addAdditionalBindCredentials("cn=admin", "password");
config.setListenerConfigs(
new InMemoryListenerConfig("myListener", null, 33389, null, null, null));
ds = new InMemoryDirectoryServer(config);
ds.startListening();
// import your test data from ldif files
ds.importFromLDIF(true, "src/test/resources/test-server.ldif");
log.debug("Set-up in-memory redis...");
redisServer = new RedisServer(port);
redisServer.start();
}
/**
* Cleans up in-memory LDAP and redis.
*
*/
@PreDestroy
public void cleanUp() {
if (ds != null) {
log.debug("Shutdown in-memory LDAP");
ds.shutDown(true);
}
if (redisServer != null) {
log.debug("Shutdown in-memory redis");
redisServer.stop();
}
}
}
src/main/java/edu/kit/scc/Application.java src/main/java/edu/kit/scc/IdentityHarmonizationService.java
View file @ 98c91d14
......@@ -11,9 +11,10 @@ package edu.kit.scc;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.core.env.AbstractEnvironment;
@SpringBootApplication
public class Application {
public class IdentityHarmonizationService {
/**
* Spring Boot Application Runner.
......@@ -21,8 +22,10 @@ public class Application {
* @param args command line arguments
*/
public static void main(String[] args) {
// set development environment
//System.setProperty(AbstractEnvironment.ACTIVE_PROFILES_PROPERTY_NAME, "development");
SpringApplication.run(Application.class, args);
SpringApplication.run(IdentityHarmonizationService.class, args);
}
}
src/main/java/edu/kit/scc/IdentityHarmonizer.java
View file @ 98c91d14
......@@ -9,9 +9,9 @@
package edu.kit.scc;
import edu.kit.scc.dto.PosixGroup;
import edu.kit.scc.dto.PosixUser;
import edu.kit.scc.ldap.LdapClient;
import edu.kit.scc.ldap.PosixGroup;
import edu.kit.scc.ldap.PosixUser;
import edu.kit.scc.scim.ScimGroup;
import edu.kit.scc.scim.ScimUser;
import edu.kit.scc.scim.ScimUser.Meta;
......@@ -153,7 +153,7 @@ public class IdentityHarmonizer {
if (!user.isActive() && user.getMeta() != null) {
posixUser.setHomeDirectory(user.getMeta().get("homeDirectory"));
posixUser.setUidNumber(Integer.valueOf(user.getMeta().get("uidNumber")));
posixUser.setUidNumber(user.getMeta().get("uidNumber"));
ldapClient.updatePosixUser(posixUser);
......
src/main/java/edu/kit/scc/PosixUserGenerator.java 0 → 100644
View file @ 98c91d14
/*
* Copyright 2016 Karlsruhe Institute of Technology (KIT)
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*/
package edu.kit.scc;
import edu.kit.scc.ldap.LdapClient;
import edu.kit.scc.ldap.PosixGroup;
import edu.kit.scc.ldap.PosixUser;
import edu.kit.scc.redis.RedisClient;
import edu.kit.scc.scim.ScimGroup;
import edu.kit.scc.scim.ScimUser;
import edu.kit.scc.scim.ScimUser.Email;
import edu.kit.scc.scim.ScimUser.Meta;
import edu.kit.scc.scim.ScimUser.Name;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
@Component
public class PosixUserGenerator implements UserGenerator {
private static final Logger log = LoggerFactory.getLogger(PosixUserGenerator.class);
@Value("${ldap.default.gidNumber}")
String defaultGidNumber;
@Autowired
private RedisClient redisClient;
@Autowired
private LdapClient ldapClient;
private String generateUid(String uidNumber) {
return "user" + uidNumber;
}
@Override
public ScimUser createUser(ScimUser scimUser) {
// check if default group exists
PosixGroup defaultGroup = ldapClient.getPosixGroupByGidNumber(defaultGidNumber);
if (defaultGroup == null) {
log.error("default group {} does not exists", defaultGidNumber);
return null;
}
String uniqueIdentifier = scimUser.getExternalId();
// if no unique identifier provided generate a random one
if (uniqueIdentifier == null) {
uniqueIdentifier = UUID.randomUUID().toString();
}
// create a new user id number
String uidNumber = redisClient.createUser(uniqueIdentifier);
if (uidNumber == null) {
log.error("user {} already exists", uniqueIdentifier);
return null;
}
// create a default user id
String uid = generateUid(uidNumber);
// populate user with default values
PosixUser localUser = new PosixUser();
localUser.setCommonName(uid);
localUser.setDescription("user created by IdH");
localUser.setGidNumber(defaultGidNumber);
localUser.setHomeDirectory("/home/" + uid);
localUser.setSurName(uid);
localUser.setUid(uid);
localUser.setUidNumber(uidNumber);
localUser.setUniqueIdentifier(uniqueIdentifier);
log.debug("User defaults to {}", localUser.toString());
// overwrite with provided values
if (scimUser.getUserName() != null) {
// check for conflicting uid
if (ldapClient.getPosixUser(scimUser.getUserName()) == null) {
localUser.setUid(scimUser.getUserName());
} else {
log.warn("user {} already exists, use default uid", scimUser.getUserName());
}
}
List<Email> emails = scimUser.getEmails();
if (emails != null && !emails.isEmpty()) {
if (emails.get(0).getValue() != null) {
localUser.setMail(emails.get(0).getValue());
localUser.setCommonName(emails.get(0).getValue());
}
}
Name name = scimUser.getName();
if (name != null) {
if (name.getFamilyName() != null) {
localUser.setSurName(name.getFamilyName());
}
if (name.getGivenName() != null) {
localUser.setGivenName(name.getGivenName());
}
}
// create the user locally
PosixUser posixUser = ldapClient.createPosixUser(localUser);
if (posixUser == null) {
log.error("could not create user in the LDAP directory");
return null;
}
log.debug("User created {}", posixUser.toString());
// add user to default group
ldapClient.addGroupMember(defaultGroup.getCommonName(), localUser.getUid());
ScimGroup defaultScimGroup = new ScimGroup();
defaultScimGroup.setDisplay(defaultGroup.getCommonName());
defaultScimGroup.setRef(defaultGroup.getGidNumber());
ScimUser createdUser = scimUserFromPosixUser(posixUser);
createdUser.getGroups().add(defaultScimGroup);
// TODO group unique identifiers
// create local groups, add user
if (scimUser.getGroups() != null) {
for (ScimGroup group : scimUser.getGroups()) {
if (group.getValue() != null && group.getDisplay() != null) {
// check if group already exists
PosixGroup localGroup = ldapClient.getPosixGroupByCn(group.getDisplay());
// create group
if (localGroup == null) {
String groupNumber = redisClient.createGroup(group.getValue());
localGroup = new PosixGroup();
localGroup.setGidNumber(groupNumber);
localGroup.setCommonName(group.getDisplay());
localGroup.setDescription("group created by IdH");
localGroup = ldapClient.createPosixGroup(localGroup);
if (localGroup == null) {
log.error("could not create group in the LDAP directory");
break;
} else {
log.debug("Created group {}", localGroup.toString());
}
} else {
log.debug("Found existing group {}", localGroup.toString());;
}
// add user
boolean userAdded =
ldapClient.addGroupMember(localGroup.getCommonName(), localUser.getUid());
if (userAdded) {
ScimGroup scimGroup = new ScimGroup();
scimGroup.setDisplay(localGroup.getCommonName());
scimGroup.setValue(group.getValue());
scimGroup.setRef(localGroup.getGidNumber());
createdUser.getGroups().add(scimGroup);
log.debug("Added user {} to group {}", localUser.getUid(), localGroup.getCommonName());
}
}
}
}
return createdUser;
}
private ScimUser scimUserFromPosixUser(PosixUser posixUser) {
ScimUser scimUser = new ScimUser();
scimUser.setSchemas(Arrays.asList(ScimUser.USER_SCHEMA_2_0));
scimUser.setExternalId(posixUser.getUniqueIdentifier());
scimUser.setId(posixUser.getUidNumber());
scimUser.setUserName(posixUser.getUid());
Email email = new Email();
email.setValue(posixUser.getMail());
scimUser.setEmails(Arrays.asList(email));
Meta meta = new Meta();
meta.put("description", posixUser.getDescription());
meta.put("homeDirectory", posixUser.getHomeDirectory());
meta.put("gecos", posixUser.getGecos());
meta.put("loginShell", posixUser.getLoginShell());
scimUser.setMeta(meta);
scimUser.setGroups(new ArrayList<ScimGroup>());
Name name = new Name();
name.setFamilyName(posixUser.getSurName());
name.setGivenName(posixUser.getGivenName());
// scimUser.setPassword(posixUser.getUserPassword());
scimUser.setActive(true);
return scimUser;
}
}
src/main/java/edu/kit/scc/RestServiceController.java
View file @ 98c91d14
......@@ -9,6 +9,7 @@
package edu.kit.scc;
import edu.kit.scc.scim.ScimGroup;
import edu.kit.scc.scim.ScimUser;
import org.apache.commons.codec.binary.Base64;
......@@ -18,18 +19,20 @@ import org.springframework.beans.factory.annotation.Autowired;