Skip to content

Commit

Permalink
SYNCOPE-1775: logoutType can now be set to CAS services (#513)
Browse files Browse the repository at this point in the history
  • Loading branch information
CapozXVII authored and ilgrosso committed Sep 6, 2023
1 parent 6d50077 commit 6a7b597
Show file tree
Hide file tree
Showing 16 changed files with 86 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@
import org.apache.syncope.common.lib.to.ClientAppTO;
import org.apache.syncope.common.lib.to.RealmTO;
import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.LogoutType;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCScope;
Expand Down Expand Up @@ -254,6 +255,11 @@ protected Iterator<String> getChoices(final String input) {
((AbstractSingleSelectChoice<?>) ticketExpirationPolicy.getField()).setNullValid(true);
fields.add(ticketExpirationPolicy);

AjaxDropDownChoicePanel<LogoutType> logoutType = new AjaxDropDownChoicePanel<>(
"field", "logoutType", new PropertyModel<>(clientAppTO, "logoutType"), false);
logoutType.setChoices(List.of(LogoutType.values()));
fields.add(logoutType.setRequired(true));

switch (type) {
case CASSP:
fields.add(new AjaxTextFieldPanel(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,4 @@ compose.title=username attribute provider
usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=Configuration history
logoutType=Logout Type
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,4 @@ compose.title=username attribute provider
usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=Historique de configuration
logoutType=Logout Type
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,4 @@ compose.title=username attribute provider
usernameAttributeProviderConf.title=Username Attribute Provider per ${name}
ticketExpirationPolicy=Politica Ticket Expiration
auditHistory.title=Storico delle configurazioni
logoutType=Tipo Logout
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,4 @@ compose.title=username attribute provider
usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=\u8a2d\u5b9a\u5c65\u6b74
logoutType=Logout Type
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,4 @@ compose.title=username attribute provider
usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=Hist\u00f3rico de configura\u00e7\u00e3o
logoutType=Logout Type
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,4 @@ compose.title=username attribute provider
usernameAttributeProviderConf.title=Username Attribute Provider for ${name}
ticketExpirationPolicy=Ticket Expiration Policy
auditHistory.title=\u0418\u0441\u0442\u043e\u0440\u0438\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438
logoutType=Logout Type
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.clientapps.UsernameAttributeProviderConf;
import org.apache.syncope.common.lib.types.LogoutType;

@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.EXISTING_PROPERTY, property = "_class")
@JsonPropertyOrder(value = { "_class", "key", "description" })
Expand Down Expand Up @@ -74,6 +75,8 @@ public abstract class ClientAppTO implements NamedEntityTO {

private final List<Attr> properties = new ArrayList<>();

private LogoutType logoutType = LogoutType.NONE;

@Schema(name = "_class", requiredMode = Schema.RequiredMode.REQUIRED)
public abstract String getDiscriminator();

Expand Down Expand Up @@ -204,6 +207,14 @@ public List<Attr> getProperties() {
return properties;
}

public LogoutType getLogoutType() {
return logoutType;
}

public void setLogoutType(final LogoutType logoutType) {
this.logoutType = logoutType;
}

@Override
public int hashCode() {
return new HashCodeBuilder()
Expand All @@ -223,6 +234,7 @@ public int hashCode() {
.append(attrReleasePolicy)
.append(ticketExpirationPolicy)
.append(properties)
.append(logoutType)
.toHashCode();
}

Expand Down Expand Up @@ -255,6 +267,7 @@ public boolean equals(final Object obj) {
.append(this.attrReleasePolicy, rhs.attrReleasePolicy)
.append(this.ticketExpirationPolicy, rhs.ticketExpirationPolicy)
.append(this.properties, rhs.properties)
.append(this.logoutType, rhs.logoutType)
.isEquals();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.syncope.common.lib.types;

public enum LogoutType {
NONE,
BACK_CHANNEL,
FRONT_CHANNEL

}
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import java.util.List;
import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.clientapps.UsernameAttributeProviderConf;
import org.apache.syncope.common.lib.types.LogoutType;
import org.apache.syncope.core.persistence.api.entity.Entity;
import org.apache.syncope.core.persistence.api.entity.Realm;
import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
Expand Down Expand Up @@ -85,4 +86,8 @@ public interface ClientApp extends Entity {
List<Attr> getProperties();

void setProperties(List<Attr> properties);

LogoutType getLogoutType();

void setLogoutType(LogoutType logoutType);
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@

import com.fasterxml.jackson.core.type.TypeReference;
import jakarta.persistence.Column;
import jakarta.persistence.EnumType;
import jakarta.persistence.Enumerated;
import jakarta.persistence.FetchType;
import jakarta.persistence.Lob;
import jakarta.persistence.ManyToOne;
Expand All @@ -29,6 +31,7 @@
import java.util.Optional;
import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.clientapps.UsernameAttributeProviderConf;
import org.apache.syncope.common.lib.types.LogoutType;
import org.apache.syncope.core.persistence.api.entity.Realm;
import org.apache.syncope.core.persistence.api.entity.am.ClientApp;
import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
Expand Down Expand Up @@ -88,6 +91,9 @@ public class AbstractClientApp extends AbstractGeneratedKeyEntity implements Cli
@Lob
private String properties;

@Enumerated(EnumType.STRING)
private LogoutType logoutType;

@Override
public Long getClientAppId() {
return clientAppId;
Expand Down Expand Up @@ -235,4 +241,14 @@ public List<Attr> getProperties() {
public void setProperties(final List<Attr> properties) {
this.properties = POJOHelper.serialize(properties);
}

@Override
public LogoutType getLogoutType() {
return this.logoutType;
}

@Override
public void setLogoutType(final LogoutType logoutType) {
this.logoutType = logoutType;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ ConnInstance buildConnInstanceOverride(
/**
* Removes the Spring bean for the given resource from the context.
*
* @param id Spring bean id
* @param resource external resource
*/
void unregisterConnector(ExternalResource resource);
}
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ protected void copyToTO(final ClientApp clientApp, final ClientAppTO clientAppTO
map(TicketExpirationPolicy::getKey).orElse(null));

clientAppTO.getProperties().addAll(clientApp.getProperties());
clientAppTO.setLogoutType(clientApp.getLogoutType());
}

protected SAML2SPClientAppTO getSAMLClientAppTO(final SAML2SPClientApp clientApp) {
Expand Down Expand Up @@ -343,5 +344,6 @@ protected void copyToEntity(final ClientApp clientApp, final ClientAppTO clientA
}

clientApp.setProperties(clientAppTO.getProperties());
clientApp.setLogoutType(clientAppTO.getLogoutType());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ https://apereo.github.io/cas/6.6.x/integration/Attribute-Release-PrincipalId-Att
. <<policies-attribute-release,attribute release policy>>
. <<policies-ticket-expiration,ticket expiration policy>>
. additional properties
. logout type, mapping to
https://apereo.github.io/cas/6.6.x/installation/Logout-Single-Signout.html#slo-requests[the equivalent CAS setting^]

More parameters are required to be specified depending on the actual client application type.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
import org.apereo.cas.services.RegisteredServiceLogoutType;
import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
import org.apereo.cas.services.RegisteredServiceProperty;
import org.apereo.cas.services.RegisteredServiceProxyGrantingTicketExpirationPolicy;
Expand Down Expand Up @@ -57,6 +58,8 @@ protected void setCommon(final BaseWebBasedRegisteredService service, final Clie
(existing, replacement) -> existing));
service.setProperties(properties);
}

service.setLogoutType(RegisteredServiceLogoutType.valueOf(clientApp.getLogoutType().name()));
}

protected void setPolicies(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import org.apache.syncope.common.lib.to.AuthModuleTO;
import org.apache.syncope.common.lib.to.OIDCRPClientAppTO;
import org.apache.syncope.common.lib.to.SAML2SPClientAppTO;
import org.apache.syncope.common.lib.types.LogoutType;
import org.apache.syncope.common.lib.types.OIDCGrantType;
import org.apache.syncope.common.lib.types.OIDCResponseType;
import org.apache.syncope.common.lib.types.OIDCSubjectType;
Expand All @@ -55,6 +56,7 @@
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
import org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy;
import org.apereo.cas.services.RegisteredServiceLogoutType;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.support.saml.services.SamlRegisteredService;
import org.apereo.cas.util.RandomUtils;
Expand All @@ -76,6 +78,7 @@ private static OIDCRPClientAppTO buildOIDCRP() {
oidcrpTO.setSubjectType(OIDCSubjectType.PUBLIC);
oidcrpTO.getSupportedGrantTypes().add(OIDCGrantType.password);
oidcrpTO.getSupportedResponseTypes().add(OIDCResponseType.CODE);
oidcrpTO.setLogoutType(LogoutType.BACK_CHANNEL);

return oidcrpTO;
}
Expand All @@ -90,7 +93,7 @@ private static SAML2SPClientAppTO buildSAML2SP() {
saml2spto.setRequiredNameIdFormat(SAML2SPNameId.EMAIL_ADDRESS);
saml2spto.setEncryptionOptional(true);
saml2spto.setEncryptAssertions(true);

saml2spto.setLogoutType(LogoutType.BACK_CHANNEL);
return saml2spto;
}

Expand Down Expand Up @@ -186,6 +189,7 @@ public void addClientApp() {
assertTrue(((AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria) oidc.
getAuthenticationPolicy().getCriteria()).isTryAll());
assertTrue(oidc.getAttributeReleasePolicy() instanceof ReturnAllowedAttributeReleasePolicy);
assertEquals(RegisteredServiceLogoutType.valueOf(oidcrpto.getLogoutType().name()), oidc.getLogoutType());

// 5. more client with different attributes
waClientApp = new WAClientApp();
Expand All @@ -209,6 +213,7 @@ public void addClientApp() {
assertTrue(saml.getAuthenticationPolicy().getRequiredAuthenticationHandlers().contains("TestAuthModule"));
assertNotNull(found.getAccessStrategy());
assertTrue(saml.getAttributeReleasePolicy() instanceof ChainingAttributeReleasePolicy);
assertEquals(RegisteredServiceLogoutType.valueOf(samlspto.getLogoutType().name()), saml.getLogoutType());

waClientApp = new WAClientApp();
waClientApp.setClientAppTO(buildSAML2SP());
Expand Down

0 comments on commit 6a7b597

Please sign in to comment.