• Home
• io.fusionauth
• fusionauth-java-client
• 1.30.1
• source code
• SAMLv2IdentityProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.fusionauth.domain.provider.SAMLv2IdentityProvider Maven / Gradle / Ivy

/*
 * Copyright (c) 2019, FusionAuth, All Rights Reserved
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 * either express or implied. See the License for the specific
 * language governing permissions and limitations under the License.
 */
package io.fusionauth.domain.provider;

import java.net.URI;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.inversoft.json.ToString;
import io.fusionauth.domain.Buildable;
import io.fusionauth.domain.CORSConfiguration;
import io.fusionauth.domain.CanonicalizationMethod;
import io.fusionauth.domain.RequiresCORSConfiguration;
import io.fusionauth.domain.internal.annotation.InternalJSONColumn;
import io.fusionauth.domain.util.HTTPMethod;

/**
 * SAML v2 identity provider configuration.
 *
 * @author Brian Pontarelli
 */
public class SAMLv2IdentityProvider extends BaseIdentityProvider
    implements Buildable, DomainBasedIdentityProvider, RequiresCORSConfiguration, SupportsPostBindings {
  public final Set domains = new LinkedHashSet<>();

  @InternalJSONColumn
  public URI buttonImageURL;

  @InternalJSONColumn
  public String buttonText = "Login with SAML";

  @InternalJSONColumn
  public String emailClaim;

  @InternalJSONColumn
  public URI idpEndpoint;

  /**
   * @deprecated The 'issuer' is auto generated to be unique per configuration. Do not use this value any longer.  The 'issuer' will be equal to ${public_url}/samlv2/sp/${identityProviderId}.
   */
  @Deprecated
  @InternalJSONColumn
  public String issuer;

  /**
   * The default key used for SAML Response Signature Verification if one cannot be found in the KeyInfo XML element in the SAML response.
   */
  public UUID keyId;

  @InternalJSONColumn
  public String nameIdFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";

  @InternalJSONColumn
  public boolean postRequest;

  public UUID requestSigningKeyId;

  @InternalJSONColumn
  public boolean signRequest;

  @InternalJSONColumn
  public String uniqueIdClaim;

  @InternalJSONColumn
  public boolean useNameIdForEmail;

  @InternalJSONColumn
  public String usernameClaim;

  @InternalJSONColumn
  public CanonicalizationMethod xmlSignatureC14nMethod;

  @Override
  @JsonIgnore
  public CORSConfiguration corsConfiguration() {
    return new CORSConfiguration().with(override -> override.allowedMethods.add(HTTPMethod.POST))
                                  .with(override -> override.allowedOrigins.add(URI.create(idpEndpoint.getScheme() + "://" + idpEndpoint.getHost() + (idpEndpoint.getPort() == -1 ? "" : ":" + idpEndpoint.getPort()))));
  }

  @Override
  public boolean equals(Object o) {
    if (this == o) {
      return true;
    }
    if (!(o instanceof SAMLv2IdentityProvider)) {
      return false;
    }
    if (!super.equals(o)) {
      return false;
    }
    SAMLv2IdentityProvider that = (SAMLv2IdentityProvider) o;
    return postRequest == that.postRequest &&
           signRequest == that.signRequest &&
           useNameIdForEmail == that.useNameIdForEmail &&
           Objects.equals(domains, that.domains) &&
           Objects.equals(buttonImageURL, that.buttonImageURL) &&
           Objects.equals(buttonText, that.buttonText) &&
           Objects.equals(emailClaim, that.emailClaim) &&
           Objects.equals(idpEndpoint, that.idpEndpoint) &&
           Objects.equals(issuer, that.issuer) &&
           Objects.equals(keyId, that.keyId) &&
           Objects.equals(nameIdFormat, that.nameIdFormat) &&
           Objects.equals(requestSigningKeyId, that.requestSigningKeyId) &&
           Objects.equals(uniqueIdClaim, that.uniqueIdClaim) &&
           Objects.equals(usernameClaim, that.usernameClaim) &&
           xmlSignatureC14nMethod == that.xmlSignatureC14nMethod;
  }

  @Override
  public Set getDomains() {
    return domains;
  }

  @Override
  public IdentityProviderType getType() {
    return IdentityProviderType.SAMLv2;
  }

  @Override
  public int hashCode() {
    return Objects.hash(super.hashCode(),
                        domains,
                        buttonImageURL,
                        buttonText,
                        emailClaim,
                        idpEndpoint,
                        issuer,
                        keyId,
                        nameIdFormat,
                        postRequest,
                        requestSigningKeyId,
                        signRequest,
                        uniqueIdClaim,
                        useNameIdForEmail,
                        usernameClaim,
                        xmlSignatureC14nMethod);
  }

  public URI lookupButtonImageURL(String clientId) {
    return lookup(() -> buttonImageURL, () -> app(clientId, app -> app.buttonImageURL));
  }

  public URI lookupButtonImageURL(UUID applicationId) {
    return lookup(() -> buttonImageURL, () -> app(applicationId, app -> app.buttonImageURL));
  }

  public String lookupButtonText(String clientId) {
    return lookup(() -> buttonText, () -> app(clientId, app -> app.buttonText));
  }

  public String lookupButtonText(UUID applicationId) {
    return lookup(() -> buttonText, () -> app(applicationId, app -> app.buttonText));
  }

  @Override
  public void normalize() {
    super.normalize();
    normalizeDomains();
  }

  @Override
  public boolean postRequestEnabled() {
    return postRequest;
  }

  public SAMLv2IdentityProvider secure() {
    domains.clear();
    emailClaim = null;
    usernameClaim = null;
    return this;
  }

  @Override
  public String toString() {
    return ToString.toString(this);
  }
}