Add in configurable nameId property

Fixes #266 #266
spring-attic · Jul 16, 2018 · 46f3dee · 46f3dee
1 parent 1e0e3e0
commit 46f3dee
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 2 deletions.
diff --git a/core/src/main/java/org/springframework/security/saml/config/LocalProviderConfiguration.java b/core/src/main/java/org/springframework/security/saml/config/LocalProviderConfiguration.java
@@ -17,6 +17,11 @@
 
 package org.springframework.security.saml.config;
 
+import java.util.List;
+
+import org.springframework.security.saml.saml2.metadata.NameId;
+
+import static java.util.Collections.emptyList;
 import static org.springframework.util.StringUtils.hasText;
 
 public class LocalProviderConfiguration<T extends LocalProviderConfiguration> {
@@ -28,6 +33,7 @@ public class LocalProviderConfiguration<T extends LocalProviderConfiguration> {
 	private RotatingKeys keys;
 	private String prefix;
 	private boolean singleLogoutEnabled = true;
+	private List<NameId> nameIds = emptyList();
 
 
 	public LocalProviderConfiguration(String prefix) {
@@ -113,4 +119,13 @@ public T setSingleLogoutEnabled(boolean singleLogoutEnabled) {
 		this.singleLogoutEnabled = singleLogoutEnabled;
 		return _this();
 	}
+
+	public List<NameId> getNameIds() {
+		return nameIds;
+	}
+
+	public T setNameIds(List<NameId> nameIds) {
+		this.nameIds = nameIds;
+		return _this();
+	}
 }
diff --git a/core/src/main/java/org/springframework/security/saml/spi/SamlDefaults.java b/core/src/main/java/org/springframework/security/saml/spi/SamlDefaults.java
@@ -116,7 +116,15 @@ public ServiceProviderMetadata serviceProviderMetadata(String baseUrl,
 
 		String aliasPath = getAliasPath(configuration);
 		String prefix = hasText(configuration.getPrefix()) ? configuration.getPrefix() : "saml/sp/";
-		return serviceProviderMetadata(baseUrl, signingKey, keys, prefix, aliasPath);
+
+		ServiceProviderMetadata metadata =
+			serviceProviderMetadata(baseUrl, signingKey, keys, prefix, aliasPath);
+
+		if (!configuration.getNameIds().isEmpty()) {
+			metadata.getServiceProvider().setNameIds(configuration.getNameIds());
+		}
+
+		return metadata;
 	}
 
 	public ServiceProviderMetadata serviceProviderMetadata(String baseUrl,
@@ -187,7 +195,11 @@ public IdentityProviderMetadata identityProviderMetadata(String baseUrl,
 
 		String prefix = hasText(configuration.getPrefix()) ? configuration.getPrefix() : "saml/idp/";
 		String aliasPath = getAliasPath(configuration);
-		return identityProviderMetadata(baseUrl, signingKey, keys, prefix, aliasPath);
+		IdentityProviderMetadata metadata = identityProviderMetadata(baseUrl, signingKey, keys, prefix, aliasPath);
+		if (!configuration.getNameIds().isEmpty()) {
+			metadata.getIdentityProvider().setNameIds(configuration.getNameIds());
+		}
+		return metadata;
 	}
 	public IdentityProviderMetadata identityProviderMetadata(String baseUrl,
 															 SimpleKey signingKey,

diff --git a/samples/boot/simple-identity-provider/src/main/resources/application.yml b/samples/boot/simple-identity-provider/src/main/resources/application.yml
@@ -27,6 +27,11 @@ spring:
         signing-algorithm: RSA_SHA256
         digest-method: SHA256
         single-logout-enabled: true
+        name-ids:
+          - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+          - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+          - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+
         keys:
           active:
             name: active-idp-key

diff --git a/...r/src/test/java/org/springframework/security/samples/SimpleIdentityProviderBootTests.java b/...r/src/test/java/org/springframework/security/samples/SimpleIdentityProviderBootTests.java
@@ -36,6 +36,7 @@
 import org.springframework.security.saml.saml2.metadata.Endpoint;
 import org.springframework.security.saml.saml2.metadata.IdentityProviderMetadata;
 import org.springframework.security.saml.saml2.metadata.Metadata;
+import org.springframework.security.saml.saml2.metadata.NameId;
 import org.springframework.security.saml.saml2.metadata.ServiceProviderMetadata;
 import org.springframework.security.saml.spi.DefaultMetadataCache;
 import org.springframework.security.saml.spi.SamlDefaults;
@@ -108,6 +109,10 @@ public void testIdentityProviderMetadata() throws Exception {
 		for (Endpoint ep : idpm.getIdentityProvider().getSingleSignOnService()) {
 			assertThat(ep.getLocation(), equalTo("http://localhost:80/saml/idp/SSO/alias/boot-sample-idp"));
 		}
+		assertThat(
+			idpm.getIdentityProvider().getNameIds(),
+			containsInAnyOrder(NameId.UNSPECIFIED, NameId.PERSISTENT, NameId.EMAIL)
+		);
 
 	}
 

diff --git a/samples/boot/simple-service-provider/src/main/resources/application.yml b/samples/boot/simple-service-provider/src/main/resources/application.yml
@@ -27,6 +27,10 @@ spring:
         sign-requests: true
         want-assertions-signed: true
         single-logout-enabled: true
+        name-ids:
+          - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+          - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+          - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
         keys:
           active:
             name: sp-signing-key-1

diff --git a/...der/src/test/java/org/springframework/security/samples/SimpleServiceProviderBootTest.java b/...der/src/test/java/org/springframework/security/samples/SimpleServiceProviderBootTest.java
@@ -133,6 +133,10 @@ public void testServiceProviderMetadata() throws Exception {
 		for (Endpoint ep : spm.getServiceProvider().getAssertionConsumerService()) {
 			assertThat(ep.getLocation(), equalTo("http://localhost:80/saml/sp/SSO/alias/boot-sample-sp"));
 		}
+		assertThat(
+			spm.getServiceProvider().getNameIds(),
+			containsInAnyOrder(NameId.UNSPECIFIED, NameId.PERSISTENT, NameId.EMAIL)
+		);
 	}
 
 	@Test