-
Notifications
You must be signed in to change notification settings - Fork 180
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SYNCOPE-1843] Support Support Azure AD authentication and attribute …
…resolution
- Loading branch information
Showing
9 changed files
with
262 additions
and
1 deletion.
There are no files selected for viewing
119 changes: 119 additions & 0 deletions
119
.../am/lib/src/main/java/org/apache/syncope/common/lib/AbstractAzureActiveDirectoryConf.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.syncope.common.lib; | ||
|
||
import java.io.Serializable; | ||
|
||
public abstract class AbstractAzureActiveDirectoryConf implements Serializable { | ||
|
||
private static final long serialVersionUID = 282571926999684266L; | ||
|
||
private String clientId; | ||
|
||
private String clientSecret; | ||
|
||
/** | ||
* This URL of the security token service that CAS goes to for acquiring tokens for resources and users. | ||
* This URL allows CAS to establish what is called an 'authority'. | ||
* You can think of the authority as the directory issuing the identities/tokens. The login URL here is then | ||
* composed of {@code https://<instance>/<tenant>}, where 'instance' is the Azure AD host | ||
* (such as {@code https://login.microsoftonline.com}) and 'tenant' is the domain name | ||
* (such as {@code contoso.onmicrosoft.com}) or tenant ID of the directory. | ||
* Examples of authority URL are: | ||
* | ||
* <ul> | ||
* <li>{@code https://login.microsoftonline.com/f31e6716-26e8-4651-b323-2563936b4163}: for a single tenant | ||
* application defined in the tenant</li> | ||
* <li>{@code https://login.microsoftonline.com/contoso.onmicrosoft.com}: This representation is like the previous | ||
* one, but uses the tenant domain name instead of the tenant Id.</li> | ||
* <li>{@code https://login.microsoftonline.de/contoso.de}: also uses a domain name, but in this case the Azure AD | ||
* tenant admins have set a custom domain for their tenant, and the | ||
* instance URL here is for the German national cloud.</li> | ||
* <li>{@code https://login.microsoftonline.com/common}: in the case of a multi-tenant application, that is an | ||
* application available in several Azure AD tenants.</li> | ||
* <li>It can finally be an Active Directory Federation Services (ADFS) URL, which is recognized | ||
* with the convention that the URL should contain adfs like {@code https://contoso.com/adfs}.</li> | ||
* </ul> | ||
*/ | ||
private String loginUrl = "https://login.microsoftonline.com/common/"; | ||
|
||
/** | ||
* Resource url for the graph API to fetch attributes. | ||
*/ | ||
private String resource = "https://graph.microsoft.com/"; | ||
|
||
/** | ||
* The microsoft tenant id. | ||
*/ | ||
private String tenant; | ||
|
||
/** | ||
* Scope used when fetching access tokens. | ||
* Multiple scopes may be separated using a comma. | ||
*/ | ||
private String scope = "openid,email,profile,address"; | ||
|
||
public String getClientId() { | ||
return clientId; | ||
} | ||
|
||
public void setClientId(final String clientId) { | ||
this.clientId = clientId; | ||
} | ||
|
||
public String getClientSecret() { | ||
return clientSecret; | ||
} | ||
|
||
public void setClientSecret(final String clientSecret) { | ||
this.clientSecret = clientSecret; | ||
} | ||
|
||
public String getLoginUrl() { | ||
return loginUrl; | ||
} | ||
|
||
public void setLoginUrl(final String loginUrl) { | ||
this.loginUrl = loginUrl; | ||
} | ||
|
||
public String getResource() { | ||
return resource; | ||
} | ||
|
||
public void setResource(final String resource) { | ||
this.resource = resource; | ||
} | ||
|
||
public String getTenant() { | ||
return tenant; | ||
} | ||
|
||
public void setTenant(final String tenant) { | ||
this.tenant = tenant; | ||
} | ||
|
||
public String getScope() { | ||
return scope; | ||
} | ||
|
||
public void setScope(final String scope) { | ||
this.scope = scope; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
...ib/src/main/java/org/apache/syncope/common/lib/attr/AzureActiveDirectoryAttrRepoConf.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.syncope.common.lib.attr; | ||
|
||
import java.util.Map; | ||
import org.apache.syncope.common.lib.AbstractAzureActiveDirectoryConf; | ||
import org.apache.syncope.common.lib.to.AttrRepoTO; | ||
|
||
public class AzureActiveDirectoryAttrRepoConf extends AbstractAzureActiveDirectoryConf implements AttrRepoConf { | ||
|
||
private static final long serialVersionUID = -2365294132437794196L; | ||
|
||
/** | ||
* Whether attribute repository should consider the underlying attribute names in a case-insensitive manner. | ||
*/ | ||
private boolean caseInsensitive; | ||
|
||
public boolean isCaseInsensitive() { | ||
return caseInsensitive; | ||
} | ||
|
||
public void setCaseInsensitive(final boolean caseInsensitive) { | ||
this.caseInsensitive = caseInsensitive; | ||
} | ||
|
||
@Override | ||
public Map<String, Object> map(final AttrRepoTO attrRepo, final Mapper mapper) { | ||
return mapper.map(attrRepo, this); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
.../src/main/java/org/apache/syncope/common/lib/auth/AzureActiveDirectoryAuthModuleConf.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.syncope.common.lib.auth; | ||
|
||
import java.util.Map; | ||
import org.apache.syncope.common.lib.AbstractAzureActiveDirectoryConf; | ||
import org.apache.syncope.common.lib.to.AuthModuleTO; | ||
|
||
public class AzureActiveDirectoryAuthModuleConf extends AbstractAzureActiveDirectoryConf implements AuthModuleConf { | ||
|
||
private static final long serialVersionUID = 6053163884651768614L; | ||
|
||
/** | ||
* A number of authentication handlers are allowed to determine whether they can operate on the provided credential | ||
* and as such lend themselves to be tried and tested during the authentication handler selection phase. | ||
* The credential criteria may be one of the following options:<ul> | ||
* <li>A regular expression pattern that is tested against the credential identifier.</li> | ||
* <li>A fully qualified class name of your own design that implements {@code Predicate}.</li> | ||
* <li>Path to an external Groovy script that implements the same interface.</li> | ||
* </ul> | ||
*/ | ||
private String credentialCriteria; | ||
|
||
public String getCredentialCriteria() { | ||
return credentialCriteria; | ||
} | ||
|
||
public void setCredentialCriteria(final String credentialCriteria) { | ||
this.credentialCriteria = credentialCriteria; | ||
} | ||
|
||
@Override | ||
public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) { | ||
return mapper.map(authModule, this); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters