Merge branch 'stable-2.15' into stable-2.16
* stable-2.15:
Add missing dependency on opensaml-storage-impl library
Change-Id: I7af2b0841669335eaf80692447cca1904b8ff872
diff --git a/BUILD b/BUILD
index 4dfcb48..3454255 100644
--- a/BUILD
+++ b/BUILD
@@ -8,7 +8,9 @@
],
resources = glob(["src/main/resources/**"]),
deps = [
+ "@commons-collections//jar",
"@cryptacular//jar",
+ "@joda-time//jar",
"@opensaml-core//jar",
"@opensaml-messaging-api//jar",
"@opensaml-messaging-impl//jar",
@@ -31,6 +33,7 @@
"@shibboleth-xmlsectool//jar",
"@spring-core//jar",
"@stax2-api//jar",
+ "@velocity//jar",
"@woodstox-core//jar",
],
)
diff --git a/README.md b/README.md
index 13a0625..bb9c949 100644
--- a/README.md
+++ b/README.md
@@ -50,13 +50,13 @@
The output is created in
```
- bazel-genfiles/plugins/@PLUGIN@/@PLUGIN@.jar
+ bazel-bin/plugins/@PLUGIN@/@PLUGIN@.jar
```
The @PLUGIN@.jar should be deployed to `gerrit_site/lib` directory:
```
- cp bazel-genfiles/plugins/@PLUGIN@/@PLUGIN@.jar `$gerrit_site/lib`
+ cp bazel-bin/plugins/@PLUGIN@/@PLUGIN@.jar `$gerrit_site/lib`
```
__NOTE__: Even though the project is built as a Gerrit plugin, it must be loaded
@@ -182,3 +182,7 @@
**saml.serviceProviderEntityId**: Saml service provider entity id
Default is not set.
+
+**saml.useNameQualifier**: By SAML specification, the authentication request must not contain a NameQualifier, if the SP entity is in the format nameid-format:entity. However, some IdP require that information to be present. You can force a NameQualifier in the request with the useNameQualifier parameter. For ADFS 3.0 support, set this to `false`.
+
+Default is true.
diff --git a/adfs/README.md b/adfs/README.md
index 60ddb1f..693838c 100644
--- a/adfs/README.md
+++ b/adfs/README.md
@@ -25,6 +25,7 @@
keystorePassword = pac4j-demo-password
privateKeyPassword = pac4j-demo-password
metadataPath = file:///home/gerrit/FederationMetadata.xml
+ useNameQualifier = false
[ldap]
server = ldap://fs.hc.sct
username = CN=Administrator,CN=Users,DC=hc,DC=sct
@@ -55,7 +56,7 @@
![][screen01]
-Identifiers: The relying party identifier is: `https://gerrit.hc.sct/gerrit/plugins/gerrit-saml-plugin/saml`
+Identifiers: The relying party identifier is: `https://gerrit.hc.sct/gerrit/plugins/saml/callback`
![][screen02]
@@ -75,7 +76,7 @@
![][screen06]
-Endpoints: URL is `https://gerrit.hc.sct/gerrit/plugins/gerrit-saml-plugin/saml`, binding POST
+Endpoints: URL is `https://gerrit.hc.sct/gerrit/plugins/saml/callback`, binding POST
![][screen07]
@@ -125,12 +126,3 @@
[screen14]: images/13.png "screen 14"
[screen15]: images/14.png "screen 15"
[screen16]: images/15.png "screen 16"
-
-
-
-
-
-
-
-
-
diff --git a/adfs/images/1.png b/adfs/images/1.png
index a965a46..557dcc0 100644
--- a/adfs/images/1.png
+++ b/adfs/images/1.png
Binary files differ
diff --git a/adfs/images/15.png b/adfs/images/15.png
index bb86e86..afd6a19 100644
--- a/adfs/images/15.png
+++ b/adfs/images/15.png
Binary files differ
diff --git a/doc/images/1.png b/doc/images/1.png
index a965a46..557dcc0 100644
--- a/doc/images/1.png
+++ b/doc/images/1.png
Binary files differ
diff --git a/doc/images/15.png b/doc/images/15.png
index bb86e86..afd6a19 100644
--- a/doc/images/15.png
+++ b/doc/images/15.png
Binary files differ
diff --git a/external_plugin_deps.bzl b/external_plugin_deps.bzl
index f9ae990..4e2f3b9 100644
--- a/external_plugin_deps.bzl
+++ b/external_plugin_deps.bzl
@@ -7,6 +7,13 @@
PAC4J_VERSION = "3.8.0"
def external_plugin_deps():
+ # Transitive dependency of velocity
+ maven_jar(
+ name = "commons-collections",
+ artifact = "commons-collections:commons-collections:3.2.2",
+ sha1 = "8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5",
+ )
+
maven_jar(
name = "cryptacular",
artifact = "org.cryptacular:cryptacular:1.2.1",
@@ -14,6 +21,12 @@
)
maven_jar(
+ name = "joda-time",
+ artifact = "joda-time:joda-time:2.9.9",
+ sha1 = "f7b520c458572890807d143670c9b24f4de90897",
+ )
+
+ maven_jar(
name = "opensaml-core",
artifact = "org.opensaml:opensaml-core:" + OPENSAML_VERSION,
sha1 = "406eedd86ea88c1442a6b1c7625a45cf696b9f55",
@@ -163,6 +176,12 @@
)
maven_jar(
+ name = "velocity",
+ artifact = "org.apache.velocity:velocity:1.7",
+ sha1 = "2ceb567b8f3f21118ecdec129fe1271dbc09aa7a",
+ )
+
+ maven_jar(
name = "woodstox-core",
artifact = "com.fasterxml.woodstox:woodstox-core:5.0.3",
sha1 = "10aa199207fda142eff01cd61c69244877d71770",
diff --git a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlConfig.java b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlConfig.java
index 99bf71d..d5aae19 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlConfig.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlConfig.java
@@ -37,6 +37,7 @@
private final String firstNameAttr;
private final String lastNameAttr;
private final int maxAuthLifetimeDefault = 24 * 60 * 60; // 24h;
+ private final boolean useNameQualifier;
@Inject
SamlConfig(@GerritServerConfig Config cfg) {
@@ -52,6 +53,7 @@
computedDisplayName = cfg.getBoolean(SAML_SECTION, "computedDisplayName", false);
firstNameAttr = getGetStringWithDefault(cfg, "firstNameAttr", "FirstName");
lastNameAttr = getGetStringWithDefault(cfg, "lastNameAttr", "LastName");
+ useNameQualifier = cfg.getBoolean(SAML_SECTION, "useNameQualifier", true);
}
public String getMetadataPath() {
@@ -113,4 +115,8 @@
public String getServiceProviderEntityId() {
return serviceProviderEntityId;
}
+
+ public boolean useNameQualifier() {
+ return useNameQualifier;
+ }
}
diff --git a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
index f71398a..0c3d18c 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/saml/SamlWebFilter.java
@@ -86,6 +86,8 @@
samlClientConfig.setServiceProviderEntityId(samlConfig.getServiceProviderEntityId());
}
+ samlClientConfig.setUseNameQualifier(samlConfig.useNameQualifier());
+
saml2Client = new SAML2Client(samlClientConfig);
String callbackUrl = gerritConfig.getString("gerrit", null, "canonicalWebUrl") + SAML_CALLBACK;
httpUserNameHeader = getHeaderFromConfig(gerritConfig, "httpHeader");
