guanxi saml2 release

Mon, Feb 22, 2010

This release of the Identity Provider (IdP) and Service Provider (SP) brings SAML2 Web Browser SSO support to Guanxi using HTTP-POST (default) and HTTP-Redirect bindings. You can download the new releases from the Sourceforge site.

Beans

  • v1.4.2
  • Updated xsd/guanxi_sp.xsd. Added Guard multiprofile support. Added friendlyName to attributorAttributeType. Added friendlyName to mapType
  • Updated xsd/guanxi_sp.xsd. Added KeyType to Guard
  • Updated xsd/guanxi.xsdconfig. Added Guard multiprofile support
Common
  • v2.0.6
  • Added org.guanxi.common.definitions.EduPersonOID
  • Updated org.guanxi.common.definitions.SAML, added SAML2 definitions
  • Updated org.guanxi.common.definitions.Guanxi. Added WAYF_PARAM_GUARD_BINDING
  • Updated org.guanxi.common.security.SecUtils. Updated sign. Now gets the algorithm from the private key
  • Updated org.guanxi.common.security.SecUtils. Updated createSelfSignedKeystore to take a key type parameter to handle DSA and RSA keys
  • Updated org.guanxi.common.trust.TrustUtils::getX509CertFromSignature, getX509CertFromSignature and verifySignature to handle SAML2 as well as SAML1
  • Updated org.guanxi.common.Utils. Added base64(byte[] data). Added inflate, deflate and supporting constants
  • Updated org.guanxi.common.TrustUtils. Updated setIdNode to handle SAML2 ID
Core
  • v2.0.5
  • Updated pom.xml. Added sourceEncoding and outputEncoding for UTF-8
  • Updated messages/idp.properties, added some error messages
  • Updated messages/sp.properties, added some error messages
  • Deleted all unused messages/*.properties files
IdP
  • v2.2.0
  • Updated org.guanxi.idp.service.shibboleth.SSO. Updated handleRequestInternal to stop and display an error if it can’t sign the Response
  • Updated org.guanxi.idp.service.AuthHandler. Added error checking to addRequiredParamsAsPrefixedAttributes
  • Updated org.guanxi.idp.service.shibboleth.AttributeAuthority. Updated preHandle to use a BufferedReader
  • Updated org.guanxi.idp.farm.attributors.Attributor. Removed arp and mapper and updated getAttributes to take them as params
  • Updated org.guanxi.idp.farm.attributors.FlatFileAttributor. Updated getAttributes to accept arp and mapper instead of having them injected at startup. Removed setCurrentUserAttrbiutesInMapper. Added packageAttributesForMapper
  • Updated org.guanxi.idp.farm.attributors.JDBCAttributor. Updated getAttributes to accept arp and mapper instead of having them injected at startup. Added packageAttributesForMapper
  • Updated org.guanxi.idp.farm.attributors.LDAPAttributor. Updated getAttributes to accept arp and mapper instead of having them injected at startup. Removed setCurrentUserAttrbiutesInMapper. Added packageAttributesForMapper
  • Updated org.guanxi.idp.farm.attributors.SimpleAttributor. ARP engine and mapper are not passed in instead of being injected at startup in order to support multiple attribute profiles
  • Updated org.guanxi.idp.service.shibboleth.AttributeAuthority. Now has ARP engine and mapper injected which it passes to the attributors, to allow multiple attribute profile support
  • Updated org.guanxi.idp.util.AttributeMap. map now returns a GuanxiAttribute instead of boolean. The class no longer stores mapped state. All mapped names and values are stored in the generated GuanxiAttribute.
  • Updated org.guanxi.idp.service.GenericAuthHandler. Added profile support to addRequiredParamsAsPrefixedAttributes
  • Updated org.guanxi.idp.service.AuthHandler. Added FORM_METHOD_ATTRIBUTE
  • Updated org.guanxi.idp.attribute.AttributeTest. Added arp-engine.xml and aa-service.xml to attributorConfigFiles
  • Updated org.guanxi.idp.attribute.DBAttributeTest. Now injects ARP and mapper into AttributeAuthority
  • Updated org.guanxi.idp.attribute.FlatFileAttributeTest. Now injects ARP and mapper into AttributeAuthority
  • Updated org.guanxi.idp.Paths. Added arp-engine.xml and aa-service.xml. Added saml2map.xml
  • Updated org.guanxi.idp.attribute.AttributeTestSuite. Added FlatFileAttributeSAML2Test
  • Updated org.guanxi.idp.attribute.FlatFileAttributeTest. Changed it to use the arp engine and shibboleth mapper directly
  • Updated org.guanxi.idp.persistence.db.JDBCPersistenceEngine. Added more logging
  • Added org.guanxi.idp.service.generic.GenericGuanxiPrincipalFactory
  • Added org.guanxi.idp.service.GenericAuthHandler
  • Added org.guanxi.idp.service.saml2.WebBrowserSSO
  • Added org.guanxi.idp.service.saml2.WebBrowserSSOAuthHandler
  • Added org.guanxi.idp.service.SSOBase
  • Added org.guanxi.idp.util.GuanxiAttribute
  • Added org.guanxi.idp.attribute.FlatFileAttributeSAML2Test
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/profiles/generic/principal-factory.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/profiles/saml2/web-browser-sso.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/profiles/saml2/web-browser-sso-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/services/saml2/web-browser-sso-auth-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/jsp/saml2/http-post.jsp
  • Added src/main/webapp/WEB-INF/guanxi_idp/jsp/saml2/http-redirect.jsp
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/shared/custom-arps/arp-bags-saml2.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/shared/saml2map.xml
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/shared/custom-maps/saml2
  • Added src/main/webapp/WEB-INF/guanxi_idp/config/spring/farm/arp.xml
  • Added src/test/resources/contextroot/WEB-INF/guanxi_idp/config/spring/farm/arp.xml
  • Added src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/custom-arps/arp-bags-saml2.xml
  • Added src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/saml2map.xml
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/services/url-rewriter.xml. Added WBSSO mapping
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/services/ui.xml. Added WBSSO to SimpleUrlHandlerMapping mappings.
  • Updated src/main/webapp/WEB-INF/web.xml. Added SAML2 endpoints
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/shared/arp.xml. Added custom-arps/arp-bags-saml2.xml
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/shared/vars.xml. Added SAML2 attribute profile definitions for eduPerson
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/farm/attributors.xml. The attributors no longer have an ARP engine and Mapper injected
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/farm/mapper.xml. Renamed attributeMapper to shibbolethAttributeMapper and added saml2AttributeMapper
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/spring/services/shibboleth/aa-service.xml. ARP engine and Mapper are now injected here instead of each attributor
  • Updated src/main/webapp/WEB-INF/guanxi_idp/config/jsp/authenticator.jsp. Form method now depends on profile
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/spring/farm/attributors.xml. The attributors no longer have an ARP engine and Mapper injected
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/spring/farm/mapper.xml. Renamed attributeMapper to shibbolethAttributeMapper and added saml2AttributeMapper
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/spring/services/shibboleth/aa-service.xml. ARP engine and Mapper are now injected here instead of each attributor
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/arp.xml. Added arp-bags-saml2.xml
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/custom-arps/arp-providers.xml. Added eduPersonSAML2Profile-eduperson and eduPersonSAML2Profile-common to protectedapp-guard
  • Updated src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/vars.xml. Added SAML2 definitions
  • Added src/test/resources/contextroot/WEB-INF/guanxi_idp/config/shared/custom-maps/saml2
Engine
  • v2.1.0
  • Updated org.guanxi.sp.engine.service.shibboleth.AuthConsumerServiceThread::processGuardConnection to send the SOAP/SAML in an explicit POST variable
  • Updated org.guanxi.sp.engine.service.shibboleth.AuthConsumerServiceThread::processAAConnection to pass the hostname to the trust engine for virtual KeyName validation
  • Updated org.guanxi.sp.engine.trust.EngineTrustTest. Now loads BC provider as PKIX path validation requires it. Now checks that PKIX path validation fails as the certs have expired.
  • Updated org.guanxi.sp.engine.Bootstrap. Now passes the key type to createSelfSignedKeystore
  • Updated org.guanxi.sp.engine.form.RegisterGuardFormController. Updated createGuardMetadataFile to create SAML2 metadata with embedded signing and encryption certs
  • Updated src/main/resources/log4j.properties. Fixed bug with GuardVerifier. Added WebBrowserSSOService and WebBrowserSSOAuthConsumerService
  • Updated src/main/webapp/WEB-INF/web.xml. Added SAML2 endpoints.
  • Updated src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/application/config.xml. Changed keyType to RSA to support encryption
  • Added org.guanxi.sp.engine.security.GuardVerifier
  • Added org.guanxi.sp.engine.service.saml2.WebBrowserSSOAuthConsumerService
  • Added org.guanxi.sp.engine.service.saml2.WebBrowserSSOService
  • Updated org.guanxi.sp.engine.service.shibboleth.AuthConsumerService. Added getPodderURL. Updated () to use getPodderURL() (targetconnect)
  • Updated org.guanxi.sp.engine.service.shibboleth.WAYFLocationService. Added getLookupGuardId. Updated handleRequestInternal() to use getLookupGuardId() (targetconnect)
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/profiles/saml2/web-browser-sso.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/security/guard-verifier.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/services/saml2/web-browser-sso-auth-consumer-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/config/spring/services/saml2/web-browser-sso-service.xml
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/jsp/saml2/http-post.jsp
  • Added src/main/webapp/WEB-INF/guanxi_sp_engine/jsp/saml2/http-redirect.jsp
Guard
  • v2.1.0
  • Updated org.guanxi.sp.guard.Guard to URL encode the WAYF URL and parameters
  • Updated org.guanxi.sp.guard.AttributeConsumer::process to read the SOAP/SAML from the Engine from an explicit request parameter instead of reading from the InputStream. This fixes problems when running in Blackboard.
  • Updated org.guanxi.sp.guard.AttributeConsumer. Refactored process() to make it more efficient for handling SAML1 and SAML2 attributes. Added processSAML1Response, processSAML2Response
  • Updated org.guanxi.sp.guard.Guard. Now extends GuardBase. Added multiprofile support with explicit support for SAML2 Web Browser SSO Profile.
  • Updated org.guanxi.sp.guard.Guard. Updated doFilter to dynamically work out cookie name based on postProcessGetGuardId. Also calls preSuccessFilterChain before finishing the chain (targetconnect)
  • Updated org.guanxi.sp.guard.Guard. Now adds the cookie name to the GuardRequest to let applications logout by destroying the Pod.
  • Updated org.guanxi.sp.guard.GuardRequest. Added setGuardCookieName
  • Added org.guanxi.sp.guard.GuardBase
  • Updated org.guanxi.sp.guard.GuardBase. Added getLogoutPage, checkSkipFilter, preSuccessFilterChain, postProcessGetGuardId. Updated initEngineComms to use postProcessGetGuardId. Updated gotoWAYF to use postProcessGetGuardId. Updated passthru to use checkSkipFilter (targetconnect)
  • Added org.guanxi.sp.guard.Profile
  • Updated org.guanxi.sp.guard.GuardRequest. Added headersContain (targetconnect)
  • Updated org.guanxi.sp.guard.Logout. Added logging. Added postProcessGetGuardId, getLogoutMessageAttributeName, getLogoutSuccessMessage, getLogoutErrorMessage, getLogoutResource (targetconnect)
  • Updated org.guanxi.sp.guard.Podder. Added postProcessGetGuardId. process() now lets the Guard ID be handled dynamically (targetconnect)
  • Updated org.guanxi.sp.guard.SessionVerifier. Added processExtendedVerificationAttributes. Updated process() to allow extended attributes (targetconnect)
  • Added src/main/webapp/free/index.html
  • Added src/main/webapp/s2wbsso/headers.jsp
  • Added src/main/webapp/s2wbsso-redirect/headers.jsp
  • Updated src/main/resources/log4j.properties. Fixed bug with Podder configuration.
  • Updated src/main/webapp/protected/headers.jsp. Changed logout URLs to https
  • Updated src/main/webapp/WEB-INF/guanxi_sp_guard/config/guanxi-sp-guard.xml. Added EngineInfo/SAML2WBSSOService. Added Profiles. Added KeyType.
  • Updated src/main/webapp/WEB-INF/web.xml. Guanxi Resource Guard now hooks all URLs.

comments powered by Disqus