Merge branch 'develop' of github.com:cloudfoundry/uaa into feature/mi…

…nimal_user_lookup * 'develop' of github.com:cloudfoundry/uaa: (76 commits) Bump k8s.io/client-go from 0.21.0 to 0.21.2 in /k8s (#1586) Bump commons-io from 2.7 to 2.10.0 (#1582) Bump k8s.io/api from 0.21.0 to 0.21.2 in /k8s (#1585) Bump github.com/onsi/gomega from 1.11.0 to 1.13.0 in /k8s (#1573) Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.4 in /k8s (#1575) Bump k8s.io/apimachinery from 0.21.0 to 0.21.2 in /k8s (#1587) Github userUserInfo from local configuration (#1595) Add '-Xdebug' jvm args to application container run in cargo if '-Dxdebug=true' option is sepcified for 'gradle run'. (#1592) Bump Guava Dependencies (#1581) Document the 'userInfoUrl' property for OAuth identity provider config Bump Spring Dependencies (#1591) Fix issue 1584 Test that we redirect when client allows only SAML Backfill test cases for using refresh token value that was created with refresh_token_validity seconds specified [#178076368] Bump Spring Dependencies (#1580) fix: test token audience claim in an unordered way Bump Spring Dependencies (#1577) Bump bouncyCastleVersion from 1.68 to 1.69 Small improvements for the consent form (#1561) Use Claims class to desrialize the token string. ...
cloudfoundry · Jun 30, 2021 · 9a38407 · 9a38407
2 parents 5cc3c30 + 423adb8
commit 9a38407
Show file tree

Hide file tree

Showing 79 changed files with 1,496 additions and 303 deletions.
diff --git a/build.gradle b/build.gradle
@@ -149,6 +149,10 @@ cargo {
     containerId = "tomcat9x"
     port = applicationPort
 
+    if (JavaVersion.current() < JavaVersion.VERSION_11) {
+        throw new GradleException("This build must be run with Java version [ " + JavaVersion.VERSION_11 + " ] or greater. Your Java version is [ " + JavaVersion.current() + " ]")
+    }
+
     deployable {
         file = file("samples/api/build/libs/cloudfoundry-identity-api-" + version + ".war")
         context = "api"
@@ -176,6 +180,11 @@ cargo {
         if (System.getProperty("spring.profiles.active", "").split(',').contains("debug")) {
             jvmArgs = String.format("%s -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", jvmArgs)
         }
+        else if (Boolean.valueOf(System.getProperty("xdebug"))) {
+            jvmArgs = String.format("%s -Xdebug " +
+                    "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 " +
+                    "-Xnoagent -Djava.compiler=NONE", jvmArgs)
+        }
 
         outputFile = file("uaa/build/reports/tests/uaa-server.log")
         configFile {

diff --git a/dependencies.gradle b/dependencies.gradle
@@ -10,15 +10,15 @@ ext["flyway.version"] = "5.2.4"
 // Versions shared between multiple dependencies
 versions.aspectJVersion = "1.9.4"
 versions.apacheDsVersion = "2.0.0.AM26"
-versions.bouncyCastleVersion = "1.68"
+versions.bouncyCastleVersion = "1.69"
 versions.hamcrestVersion = "2.2"
-versions.springBootVersion = "2.4.2"
+versions.springBootVersion = "2.4.8"
 versions.springSecurityJwtVersion = "1.1.1.RELEASE"
 versions.springSecurityOAuthVersion = "2.5.0.RELEASE"
 versions.springSecuritySamlVersion = "1.0.10.RELEASE"
-versions.springVersion = "5.3.3"
+versions.springVersion = "5.3.8"
 versions.xmlBind = "2.3.0.1"
-versions.tomcatCargoVersion = "9.0.41"
+versions.tomcatCargoVersion = "9.0.48"
 
 // Dependencies (some rely on shared versions, some are shared between projects)
 libraries.apacheCommonsRngCore = "org.apache.commons:commons-rng-core:1.3"
@@ -31,13 +31,13 @@ libraries.aspectJWeaver = "org.aspectj:aspectjweaver"
 libraries.beanutils = "commons-beanutils:commons-beanutils:1.9.4"
 libraries.bouncyCastlePkix = "org.bouncycastle:bcpkix-jdk15on:${versions.bouncyCastleVersion}"
 libraries.bouncyCastleProv = "org.bouncycastle:bcprov-jdk15on:${versions.bouncyCastleVersion}"
-libraries.commonsIo = "commons-io:commons-io:2.7"
+libraries.commonsIo = "commons-io:commons-io:2.10.0"
 libraries.dumbster = "dumbster:dumbster:1.6"
 libraries.eclipseJgit = "org.eclipse.jgit:org.eclipse.jgit:5.8.0.202006091008-r"
 libraries.flywayCore = "org.flywaydb:flyway-core"
 libraries.greenmail = "com.icegreen:greenmail:1.5.11"
 libraries.googleAuth = "com.warrenstrange:googleauth:1.5.0"
-libraries.guava = "com.google.guava:guava:30.0-jre"
+libraries.guava = "com.google.guava:guava:30.1.1-jre"
 libraries.hamcrest = "org.hamcrest:hamcrest:${versions.hamcrestVersion}"
 libraries.hibernateValidator = "org.hibernate.validator:hibernate-validator"
 libraries.hsqldb = "org.hsqldb:hsqldb"

diff --git a/docs/github-oauth2-provider.md b/docs/github-oauth2-provider.md
@@ -0,0 +1,46 @@
+# Registering Github as external OAuth provider in UAA
+
+Github can be setup as an Oauth2 provider for UAA.
+
+1. Create an OAuth “application” client in Github.
+   For example at: `https://github.com/organizations/{YOUR-ORG}/settings/applications/new`.
+
+   Add following URI in the “_Authorization callback URL_” text field:
+   `http://{UAA_HOST}/login/callback/{origin}`. Additional Github
+   documentation for achieving this can be found here:
+   [Creating an OAuth App](https://docs.github.com/en/free-pro-team@latest/developers/apps/creating-an-oauth-app)
+   [Authorizing OAuth Apps](https://docs.github.com/en/free-pro-team@latest/developers/apps/authorizing-oauth-apps)
+
+2. Make sure you have `Client ID` and `Client secret`.
+
+3. The following configuration needs to be added in login.yml.
+   Please refer to 'https://accounts.google.com/.well-known/openid-configuration' for authUrl and tokenUrl
+
+        login:
+          oauth:
+            providers:
+              github:
+                type: oauth2.0
+                providerDescription: Github OAuth provider, using the 'Authorization Code Grant' flow
+                authUrl: https://github.com/login/oauth/authorize
+                tokenUrl: https://github.com/login/oauth/access_token
+                userInfoUrl: https://api.github.com/user
+                scopes:
+                  - read:user
+                  - user:email
+                linkText: Login with Github
+                showLinkText: true
+                addShadowUserOnLogin: true # users won't need to be pre-populated into the UAA database prior to authenticating with Github
+                relyingPartyId: REPLACE_WITH_CLIENT_ID
+                relyingPartySecret: REPLACE_WITH_CLIENT_SECRET
+                skipSslValidation: false
+                clientAuthInBody: true
+                attributeMappings:
+                  given_name: login
+                  family_name: name # Github doesn't split 'given_name' and 'family_name'
+                  user_name: email
+
+4. Ensure that the scope `email` is included in the`scopes` property. Without
+   this, UAA will not be able to identify the authenticated user.
+
+5. Restart UAA. You will see `Login with github` link on your login page.
diff --git a/k8s/go.mod b/k8s/go.mod
@@ -3,10 +3,10 @@ module github.com/cloudfoundry/uaa
 go 1.15
 
 require (
-	github.com/onsi/ginkgo v1.14.2
-	github.com/onsi/gomega v1.10.4
+	github.com/onsi/ginkgo v1.16.4
+	github.com/onsi/gomega v1.13.0
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.20.2
-	k8s.io/apimachinery v0.20.2
-	k8s.io/client-go v0.20.2
+	k8s.io/api v0.21.2
+	k8s.io/apimachinery v0.21.2
+	k8s.io/client-go v0.21.2
 )