diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt index 0d4d10a0abd82e426cfd4902e57774161ce1e12d..bf5cd0acbe210f8cca219f7c6f85d2da5cea34bc 100644 --- a/ReleaseNotes.txt +++ b/ReleaseNotes.txt @@ -32,8 +32,9 @@ *(MAXKEY-200831) MySQL时间问题,参见https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html *(MAXKEY-200832) OAuth2 Password模式修复 *(MAXKEY-200833) MGT管理SAML上传问题、IDP元数据链接优化、主键生成修复、元数据参数配置调整 - *(MAXKEY-200834) MGT管理TOKENBASED令牌主键生成修复 - *(MAXKEY-200835) 依赖jar升级 + *(MAXKEY-200834) SAML 2添加多种NameId的支持,支持后缀的配置,NameId支持大小写转换 + *(MAXKEY-200835) MGT管理TOKENBASED令牌主键生成修复 + *(MAXKEY-200836) 依赖jar升级 tomcat 9.0.38 passay 1.6.0 springBootVersion 2.3.4.RELEASE diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java index b9a9dd4cfc1b355c8bad0846f90e589884b5ad1f..29a57abe2183ecf635655760a93be660050625c0 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java @@ -93,6 +93,9 @@ public class AppsSAML20Details extends Apps { */ @Column private int nameIdConvert; + + @Column + private String nameIdSuffix; public static final class BindingType { public static final String Redirect_Post = "Redirect-Post"; @@ -326,6 +329,14 @@ public class AppsSAML20Details extends Apps { public void setDigestMethod(String digestMethod) { this.digestMethod = digestMethod; } + + public String getNameIdSuffix() { + return nameIdSuffix; + } + + public void setNameIdSuffix(String nameIdSuffix) { + this.nameIdSuffix = nameIdSuffix; + } @Override public String toString() { diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java index 925c6b3d178dbddab5c5220c7a1bef7950a758e4..2a0076c2f7a28f629273fd0c7249afb8bb8179d0 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java @@ -85,6 +85,7 @@ public class AssertionGenerator { Assertion assertion = new AssertionBuilder().buildObject();; //Subject Subject subject = subjectGenerator.generateSubject( + saml20Details, assertionConsumerURL, inResponseTo, validInSeconds); diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java index 7cd02dd7ee22ae4d0e7a83ddf4bc1f5d3b64052d..cf23e5965804ab1564063e88bc38cac49cb7d383 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java @@ -19,7 +19,10 @@ package org.maxkey.authz.saml20.provider.xml; +import org.apache.commons.lang3.StringUtils; import org.maxkey.authz.saml.service.TimeService; +import org.maxkey.domain.UserInfo; +import org.maxkey.domain.apps.AppsSAML20Details; import org.maxkey.web.WebContext; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.NameIDType; @@ -41,12 +44,54 @@ public class SubjectGenerator { this.timeService = timeService; } - public Subject generateSubject( + public Subject generateSubject( AppsSAML20Details saml20Details, String assertionConsumerURL, String inResponseTo, int validInSeconds) { + UserInfo userInfo = WebContext.getUserInfo(); + String nameIdValue = userInfo.getUsername(); + if(saml20Details.getNameidFormat().equalsIgnoreCase("persistent")) { + + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("transient")) { + + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("unspecified")) { + + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("emailAddress")) { + if(userInfo.getEmail()!=null && !userInfo.getEmail().equals("")) { + nameIdValue = userInfo.getEmail(); + } + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("X509SubjectName")) { + + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("WindowsDomainQualifiedName")) { + if(userInfo.getWindowsAccount()!=null && !userInfo.getWindowsAccount().equals("")) { + nameIdValue = userInfo.getWindowsAccount(); + } + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("entity")) { + + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("custom")) { + + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("Mobile")) { + if(userInfo.getMobile()!=null && !userInfo.getMobile().equals("")) { + nameIdValue = userInfo.getMobile(); + } + }else if(saml20Details.getNameidFormat().equalsIgnoreCase("EmployeeNumber")) { + if(userInfo.getEmployeeNumber()!=null && !userInfo.getEmployeeNumber().equals("")) { + nameIdValue = userInfo.getEmployeeNumber(); + } + } + + if(!StringUtils.isEmpty(saml20Details.getNameIdSuffix())) { + nameIdValue = nameIdValue + saml20Details.getNameIdSuffix(); + } + + if(saml20Details.getNameIdConvert()==0) { + + }else if(saml20Details.getNameIdConvert()==1) { + nameIdValue = nameIdValue.toUpperCase(); + }else if(saml20Details.getNameIdConvert()==1) { + nameIdValue = nameIdValue.toLowerCase(); + } - String nameIdValue =WebContext.getUserInfo().getUsername(); NameID nameID =builderNameID(nameIdValue,assertionConsumerURL); Subject subject =builderSubject(nameID);