This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 4_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/4_1_X by this push:
new 2039dce6ec [SYNCOPE-1969] Adding missing SAMLRegisteredService
configurations (#1395)
2039dce6ec is described below
commit 2039dce6ecffcc8f96e9d629476b2149fb8a053d
Author: Valerio Crescia <[email protected]>
AuthorDate: Mon May 25 14:51:22 2026 +0200
[SYNCOPE-1969] Adding missing SAMLRegisteredService configurations (#1395)
---
.../clientapps/ClientAppModalPanelBuilder.java | 115 ++++++++
.../clientapps/ClientAppDirectoryPanel.properties | 24 ++
.../ClientAppDirectoryPanel_fr_CA.properties | 24 ++
.../ClientAppDirectoryPanel_it.properties | 24 ++
.../ClientAppDirectoryPanel_ja.properties | 24 ++
.../ClientAppDirectoryPanel_pt_BR.properties | 24 ++
.../ClientAppDirectoryPanel_ru.properties | 24 ++
.../syncope/common/lib/to/SAML2SPClientAppTO.java | 299 ++++++++++++++++++++
.../lib/types/MetadataCriteriaDirection.java | 26 ++
.../common/lib/types/SigningCredentialType.java | 26 ++
.../api/entity/am/SAML2SPClientApp.java | 99 +++++++
.../jpa/entity/am/JPASAML2SPClientApp.java | 314 +++++++++++++++++++++
.../neo4j/entity/am/Neo4jSAML2SPClientApp.java | 296 +++++++++++++++++++
.../java/data/ClientAppDataBinderImpl.java | 58 ++++
.../starter/mapping/SAML2SPClientAppTOMapper.java | 26 ++
15 files changed, 1403 insertions(+)
diff --git
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
index e54ef6980a..480b9c5d50 100644
---
a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
+++
b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
@@ -64,6 +64,7 @@ import org.apache.syncope.common.lib.to.RealmTO;
import org.apache.syncope.common.lib.to.SAML2SPClientAppTO;
import org.apache.syncope.common.lib.types.ClientAppType;
import org.apache.syncope.common.lib.types.LogoutType;
+import org.apache.syncope.common.lib.types.MetadataCriteriaDirection;
import org.apache.syncope.common.lib.types.OIDCApplicationType;
import org.apache.syncope.common.lib.types.OIDCClientAuthenticationMethod;
import org.apache.syncope.common.lib.types.OIDCGrantType;
@@ -73,7 +74,9 @@ import
org.apache.syncope.common.lib.types.OIDCTokenEncryptionAlg;
import org.apache.syncope.common.lib.types.OIDCTokenEncryptionEncoding;
import org.apache.syncope.common.lib.types.OIDCTokenSigningAlg;
import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.syncope.common.lib.types.SAML2BindingType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
+import org.apache.syncope.common.lib.types.SigningCredentialType;
import org.apache.syncope.common.lib.types.XmlSecAlgorithm;
import org.apache.syncope.common.rest.api.service.SAML2IdPEntityService;
import org.apache.wicket.Component;
@@ -518,6 +521,46 @@ public class ClientAppModalPanelBuilder<T extends
ClientAppTO> extends AbstractM
"field", "metadataSignatureLocation",
new PropertyModel<>(clientAppTO,
"metadataSignatureLocation"), false));
+ AjaxDropDownChoicePanel<MetadataCriteriaDirection>
metadataCriteriaDirection =
+ new AjaxDropDownChoicePanel<>(
+ "field", "metadataCriteriaDirection",
+ new PropertyModel<>(clientAppTO,
"metadataCriteriaDirection"),
+ false);
+
metadataCriteriaDirection.setChoices(List.of(MetadataCriteriaDirection.values()));
+ fields.add(metadataCriteriaDirection);
+
+ fields.add(new AjaxTextFieldPanel(
+ "field", "metadataCriteriaPattern",
+ new PropertyModel<>(clientAppTO,
"metadataCriteriaPattern"), false));
+
+ fields.add(new AjaxTextFieldPanel(
+ "field", "subjectLocality",
+ new PropertyModel<>(clientAppTO, "subjectLocality"),
false));
+
+ AjaxDropDownChoicePanel<SigningCredentialType>
signingCredentialType =
+ new AjaxDropDownChoicePanel<>(
+ "field", "signingCredentialType",
+ new PropertyModel<>(clientAppTO,
"signingCredentialType"),
+ false);
+
signingCredentialType.setChoices(List.of(SigningCredentialType.values()));
+ fields.add(signingCredentialType);
+
+ AjaxDropDownChoicePanel<SAML2BindingType>
logoutResponseBinding =
+ new AjaxDropDownChoicePanel<>(
+ "field", "logoutResponseBinding",
+ new PropertyModel<>(clientAppTO,
"logoutResponseBinding"),
+ false);
+
logoutResponseBinding.setChoices(List.of(SAML2BindingType.values()));
+ fields.add(logoutResponseBinding);
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "logoutResponseEnabled",
+ new PropertyModel<>(clientAppTO,
"logoutResponseEnabled")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "requireSignedRoot",
+ new PropertyModel<>(clientAppTO,
"requireSignedRoot")));
+
fields.add(new AjaxCheckBoxPanel(
"field", "signAssertions", new
PropertyModel<>(clientAppTO, "signAssertions")));
@@ -530,6 +573,78 @@ public class ClientAppModalPanelBuilder<T extends
ClientAppTO> extends AbstractM
fields.add(new AjaxCheckBoxPanel(
"field", "encryptAssertions", new
PropertyModel<>(clientAppTO, "encryptAssertions")));
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "encryptAttributes",
+ new PropertyModel<>(clientAppTO,
"encryptAttributes")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingAssertionNameId",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingAssertionNameId")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
"skipGeneratingSubjectConfirmationInResponseTo",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingSubjectConfirmationInResponseTo")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingResponseInResponseTo",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingResponseInResponseTo")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
"skipGeneratingSubjectConfirmationNotOnOrAfter",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingSubjectConfirmationNotOnOrAfter")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingSubjectConfirmationRecipient",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingSubjectConfirmationRecipient")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingSubjectConfirmationRecipient",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingSubjectConfirmationRecipient")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
"skipGeneratingSubjectConfirmationAddress",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingSubjectConfirmationAddress")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingSubjectConfirmationNotBefore",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingSubjectConfirmationNotBefore")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingSubjectConfirmationNameId",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingSubjectConfirmationNameId")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingNameIdQualifiers",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingNameIdQualifiers")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingTransientNameId",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingTransientNameId")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipValidatingAuthnRequest",
+ new PropertyModel<>(clientAppTO,
"skipValidatingAuthnRequest")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field",
"skipGeneratingServiceProviderNameIdQualifier",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingServiceProviderNameIdQualifier")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingAuthenticatingAuthority",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingAuthenticatingAuthority")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingNameIdQualifier",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingNameIdQualifier")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "skipGeneratingSessionNotOnOrAfter",
+ new PropertyModel<>(clientAppTO,
"skipGeneratingSessionNotOnOrAfter")));
+
+ fields.add(new AjaxCheckBoxPanel(
+ "field", "validateMetadataCertificates",
+ new PropertyModel<>(clientAppTO,
"validateMetadataCertificates")));
+
fields.add(new AjaxTextFieldPanel(
"field", "requiredAuthenticationContextClass",
new PropertyModel<>(clientAppTO,
"requiredAuthenticationContextClass"), false));
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
index e3ba1847eb..a8f51846ac 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
@@ -29,6 +29,30 @@ signAssertions=Sign Assertions
signResponses=Sign Responses
encryptionOptional=Encryption Optional
encryptAssertions=Encrypt Assertions
+metadataCriteriaPattern=Metadata Criteria Pattern
+subjectLocality=Subject Locality
+metadataCriteriaDirection=Metadata Criteria Direction
+signingCredentialType=Signing Credential Type
+logoutResponseBinding=Logout Response Binding
+requireSignedRoot=Require Signed Root
+logoutResponseEnabled=Logout Response Enabled
+encryptAttributes=Encrypt Attributes
+skipGeneratingAssertionNameId=Skip Generating Assertion NameId
+skipGeneratingSubjectConfirmationInResponseTo=Skip Generating
SubjectConfirmation In ResponseTO
+skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO
+skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating
SubjectConfirmationNotOnOrAfter
+skipGeneratingSubjectConfirmationRecipient=Skip Generating
SubjectConfirmationRecipient
+skipGeneratingSubjectConfirmationAddress=Skip Generating
SubjectConfirmationAddress
+skipGeneratingSubjectConfirmationNotBefore=Skip Generating
SubjectConfirmationNotBefore
+skipGeneratingSubjectConfirmationNameId=Skip Generating
SubjectConfirmationNameId
+skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers
+skipGeneratingTransientNameId=Skip Generating TransientNameId
+skipValidatingAuthnRequest=Skip Validating AuthnRequest
+skipGeneratingServiceProviderNameIdQualifier=Skip Generating
ServiceProviderNameIdQualifier
+skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority
+skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier
+skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter
+validateMetadataCertificates=Validate Metadata Certificates
requiredNameIdFormat=NameId Format
clientSecret=Client Secret
signIdToken=Sign IdToken
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
index 2bb0a441b3..2c3e428cdc 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
@@ -29,6 +29,30 @@ signAssertions=Sign Assertions
signResponses=Sign Responses
encryptionOptional=Encryption Optional
encryptAssertions=Encrypt Assertions
+metadataCriteriaPattern=Metadata Criteria Pattern
+subjectLocality=Subject Locality
+metadataCriteriaDirection=Metadata Criteria Direction
+signingCredentialType=Signing Credential Type
+logoutResponseBinding=Logout Response Binding
+requireSignedRoot=Require Signed Root
+logoutResponseEnabled=Logout Response Enabled
+encryptAttributes=Encrypt Attributes
+skipGeneratingAssertionNameId=Skip Generating Assertion NameId
+skipGeneratingSubjectConfirmationInResponseTo=Skip Generating
SubjectConfirmation In ResponseTO
+skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO
+skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating
SubjectConfirmationNotOnOrAfter
+skipGeneratingSubjectConfirmationRecipient=Skip Generating
SubjectConfirmationRecipient
+skipGeneratingSubjectConfirmationAddress=Skip Generating
SubjectConfirmationAddress
+skipGeneratingSubjectConfirmationNotBefore=Skip Generating
SubjectConfirmationNotBefore
+skipGeneratingSubjectConfirmationNameId=Skip Generating
SubjectConfirmationNameId
+skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers
+skipGeneratingTransientNameId=Skip Generating TransientNameId
+skipValidatingAuthnRequest=Skip Validating AuthnRequest
+skipGeneratingServiceProviderNameIdQualifier=Skip Generating
ServiceProviderNameIdQualifier
+skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority
+skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier
+skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter
+validateMetadataCertificates=Validate Metadata Certificates
requiredNameIdFormat=NameId Format
clientSecret=Client Secret
signIdToken=Sign IdToken
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
index 2ad1b0f69b..d4123f56c6 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
@@ -29,6 +29,30 @@ signAssertions=Firma Assertion
signResponses=Firma Response
encryptionOptional=Cifratura Opzionale
encryptAssertions=Cifratura Assertion
+encryptAttributes=Encrypt Attributes
+metadataCriteriaPattern=Metadata Criteria Pattern
+subjectLocality=Subject Locality
+metadataCriteriaDirection=Metadata Criteria Direction
+signingCredentialType=Signing Credential Type
+logoutResponseBinding=Logout Response Binding
+requireSignedRoot=Require Signed Root
+logoutResponseEnabled=Logout Response Enabled
+skipGeneratingAssertionNameId=Salta Generazione Assertion NameId
+skipGeneratingSubjectConfirmationInResponseTo=Salta Generazione
SubjectConfirmation In ResponseTO
+skipGeneratingResponseInResponseTo=Salta Generazione Response In ResponseTO
+skipGeneratingSubjectConfirmationNotOnOrAfter=Salta Generazione
SubjectConfirmationNotOnOrAfter
+skipGeneratingSubjectConfirmationRecipient=Salta Generazione
SubjectConfirmationRecipient
+skipGeneratingSubjectConfirmationAddress=Salta Generazione
SubjectConfirmationAddress
+skipGeneratingSubjectConfirmationNotBefore=Salta Generazione
SubjectConfirmationNotBefore
+skipGeneratingSubjectConfirmationNameId=Salta Generazione
SubjectConfirmationNameId
+skipGeneratingNameIdQualifiers=Salta Generazione NameIdQualifiers
+skipGeneratingTransientNameId=Salta Generazione TransientNameId
+skipValidatingAuthnRequest=Salta Validazione AuthnRequest
+skipGeneratingServiceProviderNameIdQualifier=Salta Generazione
ServiceProviderNameIdQualifier
+skipGeneratingAuthenticatingAuthority=Salta Generazione AuthenticatingAuthority
+skipGeneratingNameIdQualifier=Salta Generazione NameIdQualifier
+skipGeneratingSessionNotOnOrAfter=Salta Generazione SessionNotOnOrAfter
+validateMetadataCertificates=Valida Certificati Metadata
requiredNameIdFormat=Formato NameId
clientSecret=Client Secret
signIdToken=Firma IdToken
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
index d0868ef9f2..06aa5f2737 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
@@ -29,6 +29,30 @@ signAssertions=Sign Assertions
signResponses=Sign Responses
encryptionOptional=Encryption Optional
encryptAssertions=Encrypt Assertions
+metadataCriteriaPattern=Metadata Criteria Pattern
+subjectLocality=Subject Locality
+metadataCriteriaDirection=Metadata Criteria Direction
+signingCredentialType=Signing Credential Type
+logoutResponseBinding=Logout Response Binding
+requireSignedRoot=Require Signed Root
+logoutResponseEnabled=Logout Response Enabled
+encryptAttributes=Encrypt Attributes
+skipGeneratingAssertionNameId=Skip Generating Assertion NameId
+skipGeneratingSubjectConfirmationInResponseTo=Skip Generating
SubjectConfirmation In ResponseTO
+skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO
+skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating
SubjectConfirmationNotOnOrAfter
+skipGeneratingSubjectConfirmationRecipient=Skip Generating
SubjectConfirmationRecipient
+skipGeneratingSubjectConfirmationAddress=Skip Generating
SubjectConfirmationAddress
+skipGeneratingSubjectConfirmationNotBefore=Skip Generating
SubjectConfirmationNotBefore
+skipGeneratingSubjectConfirmationNameId=Skip Generating
SubjectConfirmationNameId
+skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers
+skipGeneratingTransientNameId=Skip Generating TransientNameId
+skipValidatingAuthnRequest=Skip Validating AuthnRequest
+skipGeneratingServiceProviderNameIdQualifier=Skip Generating
ServiceProviderNameIdQualifier
+skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority
+skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier
+skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter
+validateMetadataCertificates=Validate Metadata Certificates
requiredNameIdFormat=NameId Format
clientSecret=Client Secret
signIdToken=Sign IdToken
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
index 1bd4e93e86..ceaecd955c 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
@@ -29,6 +29,30 @@ signAssertions=Sign Assertions
signResponses=Sign Responses
encryptionOptional=Encryption Optional
encryptAssertions=Encrypt Assertions
+metadataCriteriaPattern=Metadata Criteria Pattern
+subjectLocality=Subject Locality
+metadataCriteriaDirection=Metadata Criteria Direction
+signingCredentialType=Signing Credential Type
+logoutResponseBinding=Logout Response Binding
+requireSignedRoot=Require Signed Root
+logoutResponseEnabled=Logout Response Enabled
+encryptAttributes=Encrypt Attributes
+skipGeneratingAssertionNameId=Skip Generating Assertion NameId
+skipGeneratingSubjectConfirmationInResponseTo=Skip Generating
SubjectConfirmation In ResponseTO
+skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO
+skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating
SubjectConfirmationNotOnOrAfter
+skipGeneratingSubjectConfirmationRecipient=Skip Generating
SubjectConfirmationRecipient
+skipGeneratingSubjectConfirmationAddress=Skip Generating
SubjectConfirmationAddress
+skipGeneratingSubjectConfirmationNotBefore=Skip Generating
SubjectConfirmationNotBefore
+skipGeneratingSubjectConfirmationNameId=Skip Generating
SubjectConfirmationNameId
+skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers
+skipGeneratingTransientNameId=Skip Generating TransientNameId
+skipValidatingAuthnRequest=Skip Validating AuthnRequest
+skipGeneratingServiceProviderNameIdQualifier=Skip Generating
ServiceProviderNameIdQualifier
+skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority
+skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier
+skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter
+validateMetadataCertificates=Validate Metadata Certificates
requiredNameIdFormat=NameId Format
clientSecret=Client Secret
signIdToken=Sign IdToken
diff --git
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
index bc0ab53d9d..1284cc9602 100644
---
a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
+++
b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
@@ -30,6 +30,30 @@ signAssertions=Sign Assertions
signResponses=Sign Responses
encryptionOptional=Encryption Optional
encryptAssertions=Encrypt Assertions
+metadataCriteriaPattern=Metadata Criteria Pattern
+subjectLocality=Subject Locality
+metadataCriteriaDirection=Metadata Criteria Direction
+signingCredentialType=Signing Credential Type
+logoutResponseBinding=Logout Response Binding
+requireSignedRoot=Require Signed Root
+logoutResponseEnabled=Logout Response Enabled
+encryptAttributes=Encrypt Attributes
+skipGeneratingAssertionNameId=Skip Generating Assertion NameId
+skipGeneratingSubjectConfirmationInResponseTo=Skip Generating
SubjectConfirmation In ResponseTO
+skipGeneratingResponseInResponseTo=Skip Generating Response In ResponseTO
+skipGeneratingSubjectConfirmationNotOnOrAfter=Skip Generating
SubjectConfirmationNotOnOrAfter
+skipGeneratingSubjectConfirmationRecipient=Skip Generating
SubjectConfirmationRecipient
+skipGeneratingSubjectConfirmationAddress=Skip Generating
SubjectConfirmationAddress
+skipGeneratingSubjectConfirmationNotBefore=Skip Generating
SubjectConfirmationNotBefore
+skipGeneratingSubjectConfirmationNameId=Skip Generating
SubjectConfirmationNameId
+skipGeneratingNameIdQualifiers=Skip Generating NameIdQualifiers
+skipGeneratingTransientNameId=Skip Generating TransientNameId
+skipValidatingAuthnRequest=Skip Validating AuthnRequest
+skipGeneratingServiceProviderNameIdQualifier=Skip Generating
ServiceProviderNameIdQualifier
+skipGeneratingAuthenticatingAuthority=Skip Generating AuthenticatingAuthority
+skipGeneratingNameIdQualifier=Skip Generating NameIdQualifier
+skipGeneratingSessionNotOnOrAfter=Skip Generating SessionNotOnOrAfter
+validateMetadataCertificates=Validate Metadata Certificates
requiredNameIdFormat=NameId Format
clientSecret=Client Secret
signIdToken=Sign IdToken
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java
index 39c6b1d89f..2c3f63c230 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java
@@ -24,7 +24,10 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
+import org.apache.syncope.common.lib.types.MetadataCriteriaDirection;
+import org.apache.syncope.common.lib.types.SAML2BindingType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
+import org.apache.syncope.common.lib.types.SigningCredentialType;
import org.apache.syncope.common.lib.types.XmlSecAlgorithm;
@Schema(allOf = { ClientAppTO.class })
@@ -40,6 +43,16 @@ public class SAML2SPClientAppTO extends ClientAppTO {
private String metadataSignatureLocation;
+ private String metadataCriteriaPattern;
+
+ private String subjectLocality;
+
+ private MetadataCriteriaDirection metadataCriteriaDirection =
MetadataCriteriaDirection.INCLUDE;
+
+ private SigningCredentialType signingCredentialType;
+
+ private SAML2BindingType logoutResponseBinding;
+
private boolean signAssertions;
private boolean signResponses;
@@ -48,6 +61,44 @@ public class SAML2SPClientAppTO extends ClientAppTO {
private boolean encryptAssertions;
+ private boolean requireSignedRoot = true;
+
+ private boolean logoutResponseEnabled = true;
+
+ private boolean encryptAttributes;
+
+ private boolean skipGeneratingAssertionNameId;
+
+ private boolean skipGeneratingSubjectConfirmationInResponseTo;
+
+ private boolean skipGeneratingResponseInResponseTo;
+
+ private boolean skipGeneratingSubjectConfirmationNotOnOrAfter;
+
+ private boolean skipGeneratingSubjectConfirmationRecipient;
+
+ private boolean skipGeneratingSubjectConfirmationAddress;
+
+ private boolean skipGeneratingSubjectConfirmationNotBefore = true;
+
+ private boolean skipGeneratingSubjectConfirmationNameId = true;
+
+ private boolean skipGeneratingNameIdQualifiers;
+
+ private boolean skipGeneratingTransientNameId;
+
+ private boolean skipValidatingAuthnRequest;
+
+ private boolean skipGeneratingServiceProviderNameIdQualifier;
+
+ private boolean skipGeneratingAuthenticatingAuthority;
+
+ private boolean skipGeneratingNameIdQualifier;
+
+ private boolean skipGeneratingSessionNotOnOrAfter;
+
+ private boolean validateMetadataCertificates;
+
private String requiredAuthenticationContextClass;
private SAML2SPNameId requiredNameIdFormat;
@@ -112,6 +163,46 @@ public class SAML2SPClientAppTO extends ClientAppTO {
this.metadataSignatureLocation = metadataSignatureLocation;
}
+ public String getSubjectLocality() {
+ return subjectLocality;
+ }
+
+ public void setSubjectLocality(final String subjectLocality) {
+ this.subjectLocality = subjectLocality;
+ }
+
+ public MetadataCriteriaDirection getMetadataCriteriaDirection() {
+ return metadataCriteriaDirection;
+ }
+
+ public void setMetadataCriteriaDirection(final MetadataCriteriaDirection
metadataCriteriaDirection) {
+ this.metadataCriteriaDirection = metadataCriteriaDirection;
+ }
+
+ public String getMetadataCriteriaPattern() {
+ return metadataCriteriaPattern;
+ }
+
+ public void setMetadataCriteriaPattern(final String
metadataCriteriaPattern) {
+ this.metadataCriteriaPattern = metadataCriteriaPattern;
+ }
+
+ public SigningCredentialType getSigningCredentialType() {
+ return signingCredentialType;
+ }
+
+ public void setSigningCredentialType(final SigningCredentialType
signingCredentialType) {
+ this.signingCredentialType = signingCredentialType;
+ }
+
+ public SAML2BindingType getLogoutResponseBinding() {
+ return logoutResponseBinding;
+ }
+
+ public void setLogoutResponseBinding(final SAML2BindingType
logoutResponseBinding) {
+ this.logoutResponseBinding = logoutResponseBinding;
+ }
+
public boolean isSignAssertions() {
return signAssertions;
}
@@ -144,6 +235,163 @@ public class SAML2SPClientAppTO extends ClientAppTO {
this.encryptAssertions = encryptAssertions;
}
+ public boolean isRequireSignedRoot() {
+ return requireSignedRoot;
+ }
+
+ public void setRequireSignedRoot(final boolean requireSignedRoot) {
+ this.requireSignedRoot = requireSignedRoot;
+ }
+
+ public boolean isLogoutResponseEnabled() {
+ return logoutResponseEnabled;
+ }
+
+ public void setLogoutResponseEnabled(final boolean logoutResponseEnabled) {
+ this.logoutResponseEnabled = logoutResponseEnabled;
+ }
+
+ public boolean isEncryptAttributes() {
+ return encryptAttributes;
+ }
+
+ public void setEncryptAttributes(final boolean encryptAttributes) {
+ this.encryptAttributes = encryptAttributes;
+ }
+
+ public boolean isSkipGeneratingAssertionNameId() {
+ return skipGeneratingAssertionNameId;
+ }
+
+ public void setSkipGeneratingAssertionNameId(final boolean
skipGeneratingAssertionNameId) {
+ this.skipGeneratingAssertionNameId = skipGeneratingAssertionNameId;
+ }
+
+ public boolean isSkipGeneratingSubjectConfirmationInResponseTo() {
+ return skipGeneratingSubjectConfirmationInResponseTo;
+ }
+
+ public void setSkipGeneratingSubjectConfirmationInResponseTo(
+ final boolean skipGeneratingSubjectConfirmationInResponseTo) {
+ this.skipGeneratingSubjectConfirmationInResponseTo =
skipGeneratingSubjectConfirmationInResponseTo;
+ }
+
+ public boolean isSkipGeneratingResponseInResponseTo() {
+ return skipGeneratingResponseInResponseTo;
+ }
+
+ public void setSkipGeneratingResponseInResponseTo(final boolean
skipGeneratingResponseInResponseTo) {
+ this.skipGeneratingResponseInResponseTo =
skipGeneratingResponseInResponseTo;
+ }
+
+ public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() {
+ return skipGeneratingSubjectConfirmationNotOnOrAfter;
+ }
+
+ public void setSkipGeneratingSubjectConfirmationNotOnOrAfter(
+ final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
+ this.skipGeneratingSubjectConfirmationNotOnOrAfter =
skipGeneratingSubjectConfirmationNotOnOrAfter;
+ }
+
+ public boolean isSkipGeneratingSubjectConfirmationRecipient() {
+ return skipGeneratingSubjectConfirmationRecipient;
+ }
+
+ public void setSkipGeneratingSubjectConfirmationRecipient(
+ final boolean skipGeneratingSubjectConfirmationRecipient) {
+ this.skipGeneratingSubjectConfirmationRecipient =
skipGeneratingSubjectConfirmationRecipient;
+ }
+
+ public boolean isSkipGeneratingSubjectConfirmationAddress() {
+ return skipGeneratingSubjectConfirmationAddress;
+ }
+
+ public void setSkipGeneratingSubjectConfirmationAddress(final boolean
skipGeneratingSubjectConfirmationAddress) {
+ this.skipGeneratingSubjectConfirmationAddress =
skipGeneratingSubjectConfirmationAddress;
+ }
+
+ public boolean isSkipGeneratingSubjectConfirmationNotBefore() {
+ return skipGeneratingSubjectConfirmationNotBefore;
+ }
+
+ public void setSkipGeneratingSubjectConfirmationNotBefore(
+ final boolean skipGeneratingSubjectConfirmationNotBefore) {
+ this.skipGeneratingSubjectConfirmationNotBefore =
skipGeneratingSubjectConfirmationNotBefore;
+ }
+
+ public boolean isSkipGeneratingSubjectConfirmationNameId() {
+ return skipGeneratingSubjectConfirmationNameId;
+ }
+
+ public void setSkipGeneratingSubjectConfirmationNameId(final boolean
skipGeneratingSubjectConfirmationNameId) {
+ this.skipGeneratingSubjectConfirmationNameId =
skipGeneratingSubjectConfirmationNameId;
+ }
+
+ public boolean isSkipGeneratingNameIdQualifiers() {
+ return skipGeneratingNameIdQualifiers;
+ }
+
+ public void setSkipGeneratingNameIdQualifiers(final boolean
skipGeneratingNameIdQualifiers) {
+ this.skipGeneratingNameIdQualifiers = skipGeneratingNameIdQualifiers;
+ }
+
+ public boolean isSkipGeneratingTransientNameId() {
+ return skipGeneratingTransientNameId;
+ }
+
+ public void setSkipGeneratingTransientNameId(final boolean
skipGeneratingTransientNameId) {
+ this.skipGeneratingTransientNameId = skipGeneratingTransientNameId;
+ }
+
+ public boolean isSkipValidatingAuthnRequest() {
+ return skipValidatingAuthnRequest;
+ }
+
+ public void setSkipValidatingAuthnRequest(final boolean
skipValidatingAuthnRequest) {
+ this.skipValidatingAuthnRequest = skipValidatingAuthnRequest;
+ }
+
+ public boolean isSkipGeneratingServiceProviderNameIdQualifier() {
+ return skipGeneratingServiceProviderNameIdQualifier;
+ }
+
+ public void setSkipGeneratingServiceProviderNameIdQualifier(
+ final boolean skipGeneratingServiceProviderNameIdQualifier) {
+ this.skipGeneratingServiceProviderNameIdQualifier =
skipGeneratingServiceProviderNameIdQualifier;
+ }
+
+ public boolean isSkipGeneratingAuthenticatingAuthority() {
+ return skipGeneratingAuthenticatingAuthority;
+ }
+
+ public void setSkipGeneratingAuthenticatingAuthority(final boolean
skipGeneratingAuthenticatingAuthority) {
+ this.skipGeneratingAuthenticatingAuthority =
skipGeneratingAuthenticatingAuthority;
+ }
+
+ public boolean isSkipGeneratingNameIdQualifier() {
+ return skipGeneratingNameIdQualifier;
+ }
+
+ public void setSkipGeneratingNameIdQualifier(final boolean
skipGeneratingNameIdQualifier) {
+ this.skipGeneratingNameIdQualifier = skipGeneratingNameIdQualifier;
+ }
+
+ public boolean isSkipGeneratingSessionNotOnOrAfter() {
+ return skipGeneratingSessionNotOnOrAfter;
+ }
+
+ public void setSkipGeneratingSessionNotOnOrAfter(final boolean
skipGeneratingSessionNotOnOrAfter) {
+ this.skipGeneratingSessionNotOnOrAfter =
skipGeneratingSessionNotOnOrAfter;
+ }
+
+ public boolean isValidateMetadataCertificates() {
+ return validateMetadataCertificates;
+ }
+
+ public void setValidateMetadataCertificates(final boolean
validateMetadataCertificates) {
+ this.validateMetadataCertificates = validateMetadataCertificates;
+ }
+
public String getRequiredAuthenticationContextClass() {
return requiredAuthenticationContextClass;
}
@@ -231,7 +479,34 @@ public class SAML2SPClientAppTO extends ClientAppTO {
.append(this.metadataSignatureLocation,
rhs.metadataSignatureLocation)
.append(this.signAssertions, rhs.signAssertions)
.append(this.signResponses, rhs.signResponses)
+ .append(this.metadataCriteriaPattern,
rhs.metadataCriteriaPattern)
+ .append(this.subjectLocality, rhs.subjectLocality)
+ .append(this.metadataCriteriaDirection,
rhs.metadataCriteriaDirection)
+ .append(this.logoutResponseBinding, rhs.logoutResponseBinding)
+ .append(this.requireSignedRoot, rhs.requireSignedRoot)
+ .append(this.logoutResponseEnabled, rhs.logoutResponseEnabled)
.append(this.encryptionOptional, rhs.encryptionOptional)
+ .append(this.signingCredentialType, rhs.signingCredentialType)
+ .append(this.encryptAttributes, rhs.encryptAttributes)
+ .append(this.skipGeneratingAssertionNameId,
rhs.skipGeneratingAssertionNameId)
+ .append(this.skipGeneratingSubjectConfirmationInResponseTo,
+ rhs.skipGeneratingSubjectConfirmationInResponseTo)
+ .append(this.skipGeneratingResponseInResponseTo,
rhs.skipGeneratingResponseInResponseTo)
+ .append(this.skipGeneratingSubjectConfirmationNotOnOrAfter,
+ rhs.skipGeneratingSubjectConfirmationNotOnOrAfter)
+ .append(this.skipGeneratingSubjectConfirmationRecipient,
rhs.skipGeneratingSubjectConfirmationRecipient)
+ .append(this.skipGeneratingSubjectConfirmationAddress,
rhs.skipGeneratingSubjectConfirmationAddress)
+ .append(this.skipGeneratingSubjectConfirmationNotBefore,
rhs.skipGeneratingSubjectConfirmationNotBefore)
+ .append(this.skipGeneratingSubjectConfirmationNameId,
rhs.skipGeneratingSubjectConfirmationNameId)
+ .append(this.skipGeneratingNameIdQualifiers,
rhs.skipGeneratingNameIdQualifiers)
+ .append(this.skipGeneratingTransientNameId,
rhs.skipGeneratingTransientNameId)
+ .append(this.skipValidatingAuthnRequest,
rhs.skipValidatingAuthnRequest)
+ .append(this.skipGeneratingServiceProviderNameIdQualifier,
+ rhs.skipGeneratingServiceProviderNameIdQualifier)
+ .append(this.skipGeneratingAuthenticatingAuthority,
rhs.skipGeneratingAuthenticatingAuthority)
+ .append(this.skipGeneratingNameIdQualifier,
rhs.skipGeneratingNameIdQualifier)
+ .append(this.skipGeneratingSessionNotOnOrAfter,
rhs.skipGeneratingSessionNotOnOrAfter)
+ .append(this.validateMetadataCertificates,
rhs.validateMetadataCertificates)
.append(this.encryptAssertions, rhs.encryptAssertions)
.append(this.requiredAuthenticationContextClass,
rhs.requiredAuthenticationContextClass)
.append(this.requiredNameIdFormat, rhs.requiredNameIdFormat)
@@ -258,6 +533,30 @@ public class SAML2SPClientAppTO extends ClientAppTO {
.append(signAssertions)
.append(signResponses)
.append(encryptionOptional)
+ .append(metadataCriteriaPattern)
+ .append(subjectLocality)
+ .append(metadataCriteriaDirection)
+ .append(logoutResponseBinding)
+ .append(requireSignedRoot)
+ .append(logoutResponseEnabled)
+ .append(signingCredentialType)
+ .append(encryptAttributes)
+ .append(skipGeneratingAssertionNameId)
+ .append(skipGeneratingSubjectConfirmationInResponseTo)
+ .append(skipGeneratingResponseInResponseTo)
+ .append(skipGeneratingSubjectConfirmationNotOnOrAfter)
+ .append(skipGeneratingSubjectConfirmationRecipient)
+ .append(skipGeneratingSubjectConfirmationAddress)
+ .append(skipGeneratingSubjectConfirmationNotBefore)
+ .append(skipGeneratingSubjectConfirmationNameId)
+ .append(skipGeneratingNameIdQualifiers)
+ .append(skipGeneratingTransientNameId)
+ .append(skipValidatingAuthnRequest)
+ .append(skipGeneratingServiceProviderNameIdQualifier)
+ .append(skipGeneratingAuthenticatingAuthority)
+ .append(skipGeneratingNameIdQualifier)
+ .append(skipGeneratingSessionNotOnOrAfter)
+ .append(validateMetadataCertificates)
.append(encryptAssertions)
.append(requiredAuthenticationContextClass)
.append(requiredNameIdFormat)
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/MetadataCriteriaDirection.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/MetadataCriteriaDirection.java
new file mode 100644
index 0000000000..2d46277ab8
--- /dev/null
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/MetadataCriteriaDirection.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+public enum MetadataCriteriaDirection {
+
+ INCLUDE,
+
+ EXCLUDE
+}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SigningCredentialType.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SigningCredentialType.java
new file mode 100644
index 0000000000..9dd397a240
--- /dev/null
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/types/SigningCredentialType.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+public enum SigningCredentialType {
+
+ X509,
+
+ BASIC
+}
diff --git
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java
index caf8d8a143..1cde400d76 100644
---
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java
+++
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java
@@ -21,7 +21,10 @@ package org.apache.syncope.core.persistence.api.entity.am;
import java.util.List;
import java.util.Optional;
import java.util.Set;
+import org.apache.syncope.common.lib.types.MetadataCriteriaDirection;
+import org.apache.syncope.common.lib.types.SAML2BindingType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
+import org.apache.syncope.common.lib.types.SigningCredentialType;
import org.apache.syncope.common.lib.types.XmlSecAlgorithm;
public interface SAML2SPClientApp extends ClientApp {
@@ -58,6 +61,102 @@ public interface SAML2SPClientApp extends ClientApp {
boolean isEncryptAssertions();
+ void setMetadataCriteriaPattern(String metadataCriteriaPattern);
+
+ String getMetadataCriteriaPattern();
+
+ void setSubjectLocality(String subjectLocality);
+
+ String getSubjectLocality();
+
+ void setMetadataCriteriaDirection(MetadataCriteriaDirection
metadataCriteriaDirection);
+
+ MetadataCriteriaDirection getMetadataCriteriaDirection();
+
+ void setSigningCredentialType(SigningCredentialType signingCredentialType);
+
+ SigningCredentialType getSigningCredentialType();
+
+ void setLogoutResponseBinding(SAML2BindingType logoutResponseBinding);
+
+ SAML2BindingType getLogoutResponseBinding();
+
+ void setRequireSignedRoot(boolean requireSignedRoot);
+
+ boolean isRequireSignedRoot();
+
+ void setLogoutResponseEnabled(boolean logoutResponseEnabled);
+
+ boolean isLogoutResponseEnabled();
+
+ boolean isEncryptAttributes();
+
+ void setEncryptAttributes(boolean encryptAttributes);
+
+ boolean isSkipGeneratingAssertionNameId();
+
+ void setSkipGeneratingAssertionNameId(boolean
skipGeneratingAssertionNameId);
+
+ boolean isSkipGeneratingSubjectConfirmationInResponseTo();
+
+ void setSkipGeneratingSubjectConfirmationInResponseTo(boolean
skipGeneratingSubjectConfirmationInResponseTo);
+
+ boolean isSkipGeneratingResponseInResponseTo();
+
+ void setSkipGeneratingResponseInResponseTo(boolean
skipGeneratingResponseInResponseTo);
+
+ boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter();
+
+ void setSkipGeneratingSubjectConfirmationNotOnOrAfter(boolean
skipGeneratingSubjectConfirmationNotOnOrAfter);
+
+ boolean isSkipGeneratingSubjectConfirmationRecipient();
+
+ void setSkipGeneratingSubjectConfirmationRecipient(boolean
skipGeneratingSubjectConfirmationRecipient);
+
+ boolean isSkipGeneratingSubjectConfirmationAddress();
+
+ void setSkipGeneratingSubjectConfirmationAddress(boolean
skipGeneratingSubjectConfirmationAddress);
+
+ boolean isSkipGeneratingSubjectConfirmationNotBefore();
+
+ void setSkipGeneratingSubjectConfirmationNotBefore(boolean
skipGeneratingSubjectConfirmationNotBefore);
+
+ boolean isSkipGeneratingSubjectConfirmationNameId();
+
+ void setSkipGeneratingSubjectConfirmationNameId(boolean
skipGeneratingSubjectConfirmationNameId);
+
+ boolean isSkipGeneratingNameIdQualifiers();
+
+ void setSkipGeneratingNameIdQualifiers(boolean
skipGeneratingNameIdQualifiers);
+
+ boolean isSkipGeneratingTransientNameId();
+
+ void setSkipGeneratingTransientNameId(boolean
skipGeneratingTransientNameId);
+
+ boolean isSkipValidatingAuthnRequest();
+
+ void setSkipValidatingAuthnRequest(boolean skipValidatingAuthnRequest);
+
+ boolean isSkipGeneratingServiceProviderNameIdQualifier();
+
+ void setSkipGeneratingServiceProviderNameIdQualifier(boolean
skipGeneratingServiceProviderNameIdQualifier);
+
+ boolean isSkipGeneratingAuthenticatingAuthority();
+
+ void setSkipGeneratingAuthenticatingAuthority(boolean
skipGeneratingAuthenticatingAuthority);
+
+ boolean isSkipGeneratingNameIdQualifier();
+
+ void setSkipGeneratingNameIdQualifier(boolean
skipGeneratingNameIdQualifier);
+
+ boolean isSkipGeneratingSessionNotOnOrAfter();
+
+ void setSkipGeneratingSessionNotOnOrAfter(boolean
skipGeneratingSessionNotOnOrAfter);
+
+ boolean isValidateMetadataCertificates();
+
+ void setValidateMetadataCertificates(boolean validateMetadataCertificates);
+
void setRequiredAuthenticationContextClass(String location);
String getRequiredAuthenticationContextClass();
diff --git
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java
index af6c17c937..b1c3391799 100644
---
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java
+++
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java
@@ -21,6 +21,8 @@ package org.apache.syncope.core.persistence.jpa.entity.am;
import com.fasterxml.jackson.core.type.TypeReference;
import jakarta.persistence.Column;
import jakarta.persistence.Entity;
+import jakarta.persistence.EnumType;
+import jakarta.persistence.Enumerated;
import jakarta.persistence.Lob;
import jakarta.persistence.PostLoad;
import jakarta.persistence.PostPersist;
@@ -34,7 +36,10 @@ import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
+import org.apache.syncope.common.lib.types.MetadataCriteriaDirection;
+import org.apache.syncope.common.lib.types.SAML2BindingType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
+import org.apache.syncope.common.lib.types.SigningCredentialType;
import org.apache.syncope.common.lib.types.XmlSecAlgorithm;
import org.apache.syncope.core.persistence.api.entity.am.SAML2SPClientApp;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
@@ -72,6 +77,54 @@ public class JPASAML2SPClientApp extends AbstractClientApp
implements SAML2SPCli
private boolean encryptAssertions;
+ private boolean requireSignedRoot;
+
+ private boolean encryptAttributes;
+
+ private boolean skipGeneratingAssertionNameId;
+
+ private boolean logoutResponseEnable;
+
+ @Column(name = "skipGeneSubjectConfInRespTo")
+ private boolean skipGeneratingSubjectConfirmationInResponseTo;
+
+ @Column(name = "skipGeneRespInResponseTo")
+ private boolean skipGeneratingResponseInResponseTo;
+
+ @Column(name = "skipGeneSubConfNotOnOrAfter")
+ private boolean skipGeneratingSubjectConfirmationNotOnOrAfter;
+
+ @Column(name = "skipGeneSubConfRecipient")
+ private boolean skipGeneratingSubjectConfirmationRecipient;
+
+ @Column(name = "skipGeneSubConfAddress")
+ private boolean skipGeneratingSubjectConfirmationAddress;
+
+ @Column(name = "skipGeneSubConfNotBefore")
+ private boolean skipGeneratingSubjectConfirmationNotBefore;
+
+ @Column(name = "skipGeneSubConfNameId")
+ private boolean skipGeneratingSubjectConfirmationNameId;
+
+ private boolean skipGeneratingNameIdQualifiers;
+
+ private boolean skipGeneratingTransientNameId;
+
+ private boolean skipValidatingAuthnRequest;
+
+ @Column(name = "skipGeneSerProvNameIdQualifier")
+ private boolean skipGeneratingServiceProviderNameIdQualifier;
+
+ @Column(name = "skipGeneAuthAuthority")
+ private boolean skipGeneratingAuthenticatingAuthority;
+
+ private boolean skipGeneratingNameIdQualifier;
+
+ @Column(name = "skipGeneSessionNotOnOrAfter")
+ private boolean skipGeneratingSessionNotOnOrAfter;
+
+ private boolean validateMetadataCertificates;
+
@Column(name = "reqAuthnContextClass")
private String requiredAuthenticationContextClass;
@@ -132,6 +185,22 @@ public class JPASAML2SPClientApp extends AbstractClientApp
implements SAML2SPCli
@Transient
private List<XmlSecAlgorithm> encryptionBlackListedAlgorithmsList = new
ArrayList<>();
+ private String metadataCriteriaPattern;
+
+ private String subjectLocality;
+
+ @Column(nullable = true)
+ @Enumerated(EnumType.STRING)
+ private MetadataCriteriaDirection metadataCriteriaDirection;
+
+ @Column(nullable = true)
+ @Enumerated(EnumType.STRING)
+ private SigningCredentialType signingCredentialType;
+
+ @Column(nullable = true)
+ @Enumerated(EnumType.STRING)
+ private SAML2BindingType logoutResponseBinding;
+
@Override
public String getEntityId() {
return entityId;
@@ -207,11 +276,256 @@ public class JPASAML2SPClientApp extends
AbstractClientApp implements SAML2SPCli
return encryptAssertions;
}
+ @Override
+ public void setMetadataCriteriaPattern(final String
metadataCriteriaPattern) {
+ this.metadataCriteriaPattern = metadataCriteriaPattern;
+ }
+
+ @Override
+ public String getMetadataCriteriaPattern() {
+ return metadataCriteriaPattern;
+ }
+
+ @Override
+ public void setSubjectLocality(final String subjectLocality) {
+ this.subjectLocality = subjectLocality;
+ }
+
+ @Override
+ public String getSubjectLocality() {
+ return subjectLocality;
+ }
+
+ @Override
+ public void setMetadataCriteriaDirection(final MetadataCriteriaDirection
metadataCriteriaDirection) {
+ this.metadataCriteriaDirection = metadataCriteriaDirection;
+ }
+
+ @Override
+ public MetadataCriteriaDirection getMetadataCriteriaDirection() {
+ return metadataCriteriaDirection;
+ }
+
+ @Override
+ public void setSigningCredentialType(final SigningCredentialType
signingCredentialType) {
+ this.signingCredentialType = signingCredentialType;
+ }
+
+ @Override
+ public SigningCredentialType getSigningCredentialType() {
+ return signingCredentialType;
+ }
+
+ @Override
+ public void setLogoutResponseBinding(final SAML2BindingType
logoutResponseBinding) {
+ this.logoutResponseBinding = logoutResponseBinding;
+ }
+
+ @Override
+ public SAML2BindingType getLogoutResponseBinding() {
+ return logoutResponseBinding;
+ }
+
@Override
public void setEncryptAssertions(final boolean encryptAssertions) {
this.encryptAssertions = encryptAssertions;
}
+ @Override
+ public void setRequireSignedRoot(final boolean requireSignedRoot) {
+ this.requireSignedRoot = requireSignedRoot;
+ }
+
+ @Override
+ public boolean isRequireSignedRoot() {
+ return requireSignedRoot;
+ }
+
+ @Override
+ public void setLogoutResponseEnabled(final boolean logoutResponseEnabled) {
+ this.logoutResponseEnable = logoutResponseEnabled;
+ }
+
+ @Override
+ public boolean isLogoutResponseEnabled() {
+ return logoutResponseEnable;
+ }
+
+ @Override
+ public boolean isEncryptAttributes() {
+ return encryptAttributes;
+ }
+
+ @Override
+ public void setEncryptAttributes(final boolean encryptAttributes) {
+ this.encryptAttributes = encryptAttributes;
+ }
+
+ @Override
+ public boolean isSkipGeneratingAssertionNameId() {
+ return skipGeneratingAssertionNameId;
+ }
+
+ @Override
+ public void setSkipGeneratingAssertionNameId(final boolean
skipGeneratingAssertionNameId) {
+ this.skipGeneratingAssertionNameId = skipGeneratingAssertionNameId;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationInResponseTo() {
+ return skipGeneratingSubjectConfirmationInResponseTo;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationInResponseTo(
+ final boolean skipGeneratingSubjectConfirmationInResponseTo) {
+ this.skipGeneratingSubjectConfirmationInResponseTo =
skipGeneratingSubjectConfirmationInResponseTo;
+ }
+
+ @Override
+ public boolean isSkipGeneratingResponseInResponseTo() {
+ return skipGeneratingResponseInResponseTo;
+ }
+
+ @Override
+ public void setSkipGeneratingResponseInResponseTo(final boolean
skipGeneratingResponseInResponseTo) {
+ this.skipGeneratingResponseInResponseTo =
skipGeneratingResponseInResponseTo;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() {
+ return skipGeneratingSubjectConfirmationNotOnOrAfter;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationNotOnOrAfter(
+ final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
+ this.skipGeneratingSubjectConfirmationNotOnOrAfter =
skipGeneratingSubjectConfirmationNotOnOrAfter;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationRecipient() {
+ return skipGeneratingSubjectConfirmationRecipient;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationRecipient(
+ final boolean skipGeneratingSubjectConfirmationRecipient) {
+ this.skipGeneratingSubjectConfirmationRecipient =
skipGeneratingSubjectConfirmationRecipient;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationAddress() {
+ return skipGeneratingSubjectConfirmationAddress;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationAddress(final boolean
skipGeneratingSubjectConfirmationAddress) {
+ this.skipGeneratingSubjectConfirmationAddress =
skipGeneratingSubjectConfirmationAddress;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationNotBefore() {
+ return skipGeneratingSubjectConfirmationNotBefore;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationNotBefore(
+ final boolean skipGeneratingSubjectConfirmationNotBefore) {
+ this.skipGeneratingSubjectConfirmationNotBefore =
skipGeneratingSubjectConfirmationNotBefore;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationNameId() {
+ return skipGeneratingSubjectConfirmationNameId;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationNameId(final boolean
skipGeneratingSubjectConfirmationNameId) {
+ this.skipGeneratingSubjectConfirmationNameId =
skipGeneratingSubjectConfirmationNameId;
+ }
+
+ @Override
+ public boolean isSkipGeneratingNameIdQualifiers() {
+ return skipGeneratingNameIdQualifiers;
+ }
+
+ @Override
+ public void setSkipGeneratingNameIdQualifiers(final boolean
skipGeneratingNameIdQualifiers) {
+ this.skipGeneratingNameIdQualifiers = skipGeneratingNameIdQualifiers;
+ }
+
+ @Override
+ public boolean isSkipGeneratingTransientNameId() {
+ return skipGeneratingTransientNameId;
+ }
+
+ @Override
+ public void setSkipGeneratingTransientNameId(final boolean
skipGeneratingTransientNameId) {
+ this.skipGeneratingTransientNameId = skipGeneratingTransientNameId;
+ }
+
+ @Override
+ public boolean isSkipValidatingAuthnRequest() {
+ return skipValidatingAuthnRequest;
+ }
+
+ @Override
+ public void setSkipValidatingAuthnRequest(final boolean
skipValidatingAuthnRequest) {
+ this.skipValidatingAuthnRequest = skipValidatingAuthnRequest;
+ }
+
+ @Override
+ public boolean isSkipGeneratingServiceProviderNameIdQualifier() {
+ return skipGeneratingServiceProviderNameIdQualifier;
+ }
+
+ @Override
+ public void setSkipGeneratingServiceProviderNameIdQualifier(
+ final boolean skipGeneratingServiceProviderNameIdQualifier) {
+ this.skipGeneratingServiceProviderNameIdQualifier =
skipGeneratingServiceProviderNameIdQualifier;
+ }
+
+ @Override
+ public boolean isSkipGeneratingAuthenticatingAuthority() {
+ return skipGeneratingAuthenticatingAuthority;
+ }
+
+ @Override
+ public void setSkipGeneratingAuthenticatingAuthority(final boolean
skipGeneratingAuthenticatingAuthority) {
+ this.skipGeneratingAuthenticatingAuthority =
skipGeneratingAuthenticatingAuthority;
+ }
+
+ @Override
+ public boolean isSkipGeneratingNameIdQualifier() {
+ return skipGeneratingNameIdQualifier;
+ }
+
+ @Override
+ public void setSkipGeneratingNameIdQualifier(final boolean
skipGeneratingNameIdQualifier) {
+ this.skipGeneratingNameIdQualifier = skipGeneratingNameIdQualifier;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSessionNotOnOrAfter() {
+ return skipGeneratingSessionNotOnOrAfter;
+ }
+
+ @Override
+ public void setSkipGeneratingSessionNotOnOrAfter(final boolean
skipGeneratingSessionNotOnOrAfter) {
+ this.skipGeneratingSessionNotOnOrAfter =
skipGeneratingSessionNotOnOrAfter;
+ }
+
+ @Override
+ public boolean isValidateMetadataCertificates() {
+ return validateMetadataCertificates;
+ }
+
+ @Override
+ public void setValidateMetadataCertificates(final boolean
validateMetadataCertificates) {
+ this.validateMetadataCertificates = validateMetadataCertificates;
+ }
+
@Override
public String getRequiredAuthenticationContextClass() {
return requiredAuthenticationContextClass;
diff --git
a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java
b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java
index 3c6902bfd7..9beffad741 100644
---
a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java
+++
b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java
@@ -25,7 +25,10 @@ import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
+import org.apache.syncope.common.lib.types.MetadataCriteriaDirection;
+import org.apache.syncope.common.lib.types.SAML2BindingType;
import org.apache.syncope.common.lib.types.SAML2SPNameId;
+import org.apache.syncope.common.lib.types.SigningCredentialType;
import org.apache.syncope.common.lib.types.XmlSecAlgorithm;
import org.apache.syncope.core.persistence.api.entity.am.SAML2SPClientApp;
import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
@@ -64,8 +67,50 @@ public class Neo4jSAML2SPClientApp extends AbstractClientApp
implements SAML2SPC
private boolean encryptAssertions;
+ private boolean encryptAttributes;
+
+ private boolean skipGeneratingAssertionNameId;
+
+ private boolean skipGeneratingSubjectConfirmationInResponseTo;
+
+ private boolean skipGeneratingResponseInResponseTo;
+
+ private boolean skipGeneratingSubjectConfirmationNotOnOrAfter;
+
+ private boolean skipGeneratingSubjectConfirmationRecipient;
+
+ private boolean skipGeneratingSubjectConfirmationAddress;
+
+ private boolean skipGeneratingSubjectConfirmationNotBefore;
+
+ private boolean skipGeneratingSubjectConfirmationNameId;
+
+ private boolean skipGeneratingNameIdQualifiers;
+
+ private boolean skipGeneratingTransientNameId;
+
+ private boolean skipValidatingAuthnRequest;
+
+ private boolean skipGeneratingServiceProviderNameIdQualifier;
+
+ private boolean skipGeneratingAuthenticatingAuthority;
+
+ private boolean skipGeneratingNameIdQualifier;
+
+ private boolean skipGeneratingSessionNotOnOrAfter;
+
+ private boolean validateMetadataCertificates;
+
+ private boolean requireSignedRoot;
+
+ private boolean logoutResponseEnabled;
+
private String requiredAuthenticationContextClass;
+ private String metadataCriteriaPattern;
+
+ private String subjectLocality;
+
private SAML2SPNameId requiredNameIdFormat;
private Integer skewAllowance;
@@ -74,6 +119,12 @@ public class Neo4jSAML2SPClientApp extends
AbstractClientApp implements SAML2SPC
private String assertionAudiences;
+ private MetadataCriteriaDirection metadataCriteriaDirection;
+
+ private SigningCredentialType signingCredentialType;
+
+ private SAML2BindingType logoutResponseBinding;
+
@Transient
private Set<String> assertionAudiencesSet = new HashSet<>();
@@ -184,11 +235,256 @@ public class Neo4jSAML2SPClientApp extends
AbstractClientApp implements SAML2SPC
return encryptAssertions;
}
+ @Override
+ public void setMetadataCriteriaPattern(final String
metadataCriteriaPattern) {
+ this.metadataCriteriaPattern = metadataCriteriaPattern;
+ }
+
+ @Override
+ public String getMetadataCriteriaPattern() {
+ return metadataCriteriaPattern;
+ }
+
+ @Override
+ public void setSubjectLocality(final String subjectLocality) {
+ this.subjectLocality = subjectLocality;
+ }
+
+ @Override
+ public String getSubjectLocality() {
+ return subjectLocality;
+ }
+
+ @Override
+ public void setMetadataCriteriaDirection(final MetadataCriteriaDirection
metadataCriteriaDirection) {
+ this.metadataCriteriaDirection = metadataCriteriaDirection;
+ }
+
+ @Override
+ public MetadataCriteriaDirection getMetadataCriteriaDirection() {
+ return metadataCriteriaDirection;
+ }
+
+ @Override
+ public void setSigningCredentialType(final SigningCredentialType
signingCredentialType) {
+ this.signingCredentialType = signingCredentialType;
+ }
+
+ @Override
+ public SigningCredentialType getSigningCredentialType() {
+ return signingCredentialType;
+ }
+
+ @Override
+ public void setLogoutResponseBinding(final SAML2BindingType
logoutResponseBinding) {
+ this.logoutResponseBinding = logoutResponseBinding;
+ }
+
+ @Override
+ public SAML2BindingType getLogoutResponseBinding() {
+ return logoutResponseBinding;
+ }
+
+ @Override
+ public void setRequireSignedRoot(final boolean requireSignedRoot) {
+ this.requireSignedRoot = requireSignedRoot;
+ }
+
+ @Override
+ public boolean isRequireSignedRoot() {
+ return requireSignedRoot;
+ }
+
+ @Override
+ public void setLogoutResponseEnabled(final boolean logoutResponseEnabled) {
+ this.logoutResponseEnabled = logoutResponseEnabled;
+ }
+
+ @Override
+ public boolean isLogoutResponseEnabled() {
+ return logoutResponseEnabled;
+ }
+
@Override
public void setEncryptAssertions(final boolean encryptAssertions) {
this.encryptAssertions = encryptAssertions;
}
+ @Override
+ public boolean isEncryptAttributes() {
+ return encryptAttributes;
+ }
+
+ @Override
+ public void setEncryptAttributes(final boolean encryptAttributes) {
+ this.encryptAttributes = encryptAttributes;
+ }
+
+ @Override
+ public boolean isSkipGeneratingAssertionNameId() {
+ return skipGeneratingAssertionNameId;
+ }
+
+ @Override
+ public void setSkipGeneratingAssertionNameId(final boolean
skipGeneratingAssertionNameId) {
+ this.skipGeneratingAssertionNameId = skipGeneratingAssertionNameId;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationInResponseTo() {
+ return skipGeneratingSubjectConfirmationInResponseTo;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationInResponseTo(
+ final boolean skipGeneratingSubjectConfirmationInResponseTo) {
+ this.skipGeneratingSubjectConfirmationInResponseTo =
skipGeneratingSubjectConfirmationInResponseTo;
+ }
+
+ @Override
+ public boolean isSkipGeneratingResponseInResponseTo() {
+ return skipGeneratingResponseInResponseTo;
+ }
+
+ @Override
+ public void setSkipGeneratingResponseInResponseTo(final boolean
skipGeneratingResponseInResponseTo) {
+ this.skipGeneratingResponseInResponseTo =
skipGeneratingResponseInResponseTo;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() {
+ return skipGeneratingSubjectConfirmationNotOnOrAfter;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationNotOnOrAfter(
+ final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
+ this.skipGeneratingSubjectConfirmationNotOnOrAfter =
skipGeneratingSubjectConfirmationNotOnOrAfter;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationRecipient() {
+ return skipGeneratingSubjectConfirmationRecipient;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationRecipient(
+ final boolean skipGeneratingSubjectConfirmationRecipient) {
+ this.skipGeneratingSubjectConfirmationRecipient =
skipGeneratingSubjectConfirmationRecipient;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationAddress() {
+ return skipGeneratingSubjectConfirmationAddress;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationAddress(final boolean
skipGeneratingSubjectConfirmationAddress) {
+ this.skipGeneratingSubjectConfirmationAddress =
skipGeneratingSubjectConfirmationAddress;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationNotBefore() {
+ return skipGeneratingSubjectConfirmationNotBefore;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationNotBefore(
+ final boolean skipGeneratingSubjectConfirmationNotBefore) {
+ this.skipGeneratingSubjectConfirmationNotBefore =
skipGeneratingSubjectConfirmationNotBefore;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSubjectConfirmationNameId() {
+ return skipGeneratingSubjectConfirmationNameId;
+ }
+
+ @Override
+ public void setSkipGeneratingSubjectConfirmationNameId(final boolean
skipGeneratingSubjectConfirmationNameId) {
+ this.skipGeneratingSubjectConfirmationNameId =
skipGeneratingSubjectConfirmationNameId;
+ }
+
+ @Override
+ public boolean isSkipGeneratingNameIdQualifiers() {
+ return skipGeneratingNameIdQualifiers;
+ }
+
+ @Override
+ public void setSkipGeneratingNameIdQualifiers(final boolean
skipGeneratingNameIdQualifiers) {
+ this.skipGeneratingNameIdQualifiers = skipGeneratingNameIdQualifiers;
+ }
+
+ @Override
+ public boolean isSkipGeneratingTransientNameId() {
+ return skipGeneratingTransientNameId;
+ }
+
+ @Override
+ public void setSkipGeneratingTransientNameId(final boolean
skipGeneratingTransientNameId) {
+ this.skipGeneratingTransientNameId = skipGeneratingTransientNameId;
+ }
+
+ @Override
+ public boolean isSkipValidatingAuthnRequest() {
+ return skipValidatingAuthnRequest;
+ }
+
+ @Override
+ public void setSkipValidatingAuthnRequest(final boolean
skipValidatingAuthnRequest) {
+ this.skipValidatingAuthnRequest = skipValidatingAuthnRequest;
+ }
+
+ @Override
+ public boolean isSkipGeneratingServiceProviderNameIdQualifier() {
+ return skipGeneratingServiceProviderNameIdQualifier;
+ }
+
+ @Override
+ public void setSkipGeneratingServiceProviderNameIdQualifier(
+ final boolean skipGeneratingServiceProviderNameIdQualifier) {
+ this.skipGeneratingServiceProviderNameIdQualifier =
skipGeneratingServiceProviderNameIdQualifier;
+ }
+
+ @Override
+ public boolean isSkipGeneratingAuthenticatingAuthority() {
+ return skipGeneratingAuthenticatingAuthority;
+ }
+
+ @Override
+ public void setSkipGeneratingAuthenticatingAuthority(final boolean
skipGeneratingAuthenticatingAuthority) {
+ this.skipGeneratingAuthenticatingAuthority =
skipGeneratingAuthenticatingAuthority;
+ }
+
+ @Override
+ public boolean isSkipGeneratingNameIdQualifier() {
+ return skipGeneratingNameIdQualifier;
+ }
+
+ @Override
+ public void setSkipGeneratingNameIdQualifier(final boolean
skipGeneratingNameIdQualifier) {
+ this.skipGeneratingNameIdQualifier = skipGeneratingNameIdQualifier;
+ }
+
+ @Override
+ public boolean isSkipGeneratingSessionNotOnOrAfter() {
+ return skipGeneratingSessionNotOnOrAfter;
+ }
+
+ @Override
+ public void setSkipGeneratingSessionNotOnOrAfter(final boolean
skipGeneratingSessionNotOnOrAfter) {
+ this.skipGeneratingSessionNotOnOrAfter =
skipGeneratingSessionNotOnOrAfter;
+ }
+
+ @Override
+ public boolean isValidateMetadataCertificates() {
+ return validateMetadataCertificates;
+ }
+
+ @Override
+ public void setValidateMetadataCertificates(final boolean
validateMetadataCertificates) {
+ this.validateMetadataCertificates = validateMetadataCertificates;
+ }
+
@Override
public String getRequiredAuthenticationContextClass() {
return requiredAuthenticationContextClass;
diff --git
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
index 6973dbf5fc..753c6a4804 100644
---
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
+++
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
@@ -134,10 +134,39 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
}
clientApp.setMetadataLocation(clientAppTO.getMetadataLocation());
clientApp.setMetadataSignatureLocation(clientAppTO.getMetadataSignatureLocation());
+
clientApp.setMetadataCriteriaPattern(clientAppTO.getMetadataCriteriaPattern());
+ clientApp.setSubjectLocality(clientAppTO.getSubjectLocality());
+
clientApp.setMetadataCriteriaDirection(clientAppTO.getMetadataCriteriaDirection());
+
clientApp.setSigningCredentialType(clientAppTO.getSigningCredentialType());
+
clientApp.setLogoutResponseBinding(clientAppTO.getLogoutResponseBinding());
clientApp.setSignAssertions(clientAppTO.isSignAssertions());
clientApp.setSignResponses(clientAppTO.isSignResponses());
clientApp.setEncryptionOptional(clientAppTO.isEncryptionOptional());
clientApp.setEncryptAssertions(clientAppTO.isEncryptAssertions());
+ clientApp.setRequireSignedRoot(clientAppTO.isRequireSignedRoot());
+
clientApp.setLogoutResponseEnabled(clientAppTO.isLogoutResponseEnabled());
+ clientApp.setEncryptAttributes(clientAppTO.isEncryptAttributes());
+
clientApp.setSkipGeneratingAssertionNameId(clientAppTO.isSkipGeneratingAssertionNameId());
+ clientApp.setSkipGeneratingSubjectConfirmationInResponseTo(
+ clientAppTO.isSkipGeneratingSubjectConfirmationInResponseTo());
+
clientApp.setSkipGeneratingResponseInResponseTo(clientAppTO.isSkipGeneratingResponseInResponseTo());
+ clientApp.setSkipGeneratingSubjectConfirmationNotOnOrAfter(
+ clientAppTO.isSkipGeneratingSubjectConfirmationNotOnOrAfter());
+ clientApp.setSkipGeneratingSubjectConfirmationRecipient(
+ clientAppTO.isSkipGeneratingSubjectConfirmationRecipient());
+
clientApp.setSkipGeneratingSubjectConfirmationAddress(clientAppTO.isSkipGeneratingSubjectConfirmationAddress());
+ clientApp.setSkipGeneratingSubjectConfirmationNotBefore(
+ clientAppTO.isSkipGeneratingSubjectConfirmationNotBefore());
+
clientApp.setSkipGeneratingSubjectConfirmationNameId(clientAppTO.isSkipGeneratingSubjectConfirmationNameId());
+
clientApp.setSkipGeneratingNameIdQualifiers(clientAppTO.isSkipGeneratingNameIdQualifiers());
+
clientApp.setSkipGeneratingTransientNameId(clientAppTO.isSkipGeneratingTransientNameId());
+
clientApp.setSkipValidatingAuthnRequest(clientAppTO.isSkipValidatingAuthnRequest());
+ clientApp.setSkipGeneratingServiceProviderNameIdQualifier(
+ clientAppTO.isSkipGeneratingServiceProviderNameIdQualifier());
+
clientApp.setSkipGeneratingAuthenticatingAuthority(clientAppTO.isSkipGeneratingAuthenticatingAuthority());
+
clientApp.setSkipGeneratingNameIdQualifier(clientAppTO.isSkipGeneratingNameIdQualifier());
+
clientApp.setSkipGeneratingSessionNotOnOrAfter(clientAppTO.isSkipGeneratingSessionNotOnOrAfter());
+
clientApp.setValidateMetadataCertificates(clientAppTO.isValidateMetadataCertificates());
clientApp.setRequiredAuthenticationContextClass(clientAppTO.getRequiredAuthenticationContextClass());
clientApp.setRequiredNameIdFormat(clientAppTO.getRequiredNameIdFormat());
clientApp.setSkewAllowance(clientAppTO.getSkewAllowance());
@@ -201,10 +230,39 @@ public class ClientAppDataBinderImpl implements
ClientAppDataBinder {
clientAppTO.setEntityId(clientApp.getEntityId());
clientAppTO.setMetadataLocation(clientApp.getMetadataLocation());
clientAppTO.setMetadataSignatureLocation(clientApp.getMetadataSignatureLocation());
+
clientAppTO.setMetadataCriteriaPattern(clientApp.getMetadataCriteriaPattern());
+ clientAppTO.setSubjectLocality(clientApp.getSubjectLocality());
+
clientAppTO.setMetadataCriteriaDirection(clientApp.getMetadataCriteriaDirection());
+
clientAppTO.setSigningCredentialType(clientApp.getSigningCredentialType());
+
clientAppTO.setLogoutResponseBinding(clientApp.getLogoutResponseBinding());
clientAppTO.setSignAssertions(clientApp.isSignAssertions());
clientAppTO.setSignResponses(clientApp.isSignResponses());
clientAppTO.setEncryptionOptional(clientApp.isEncryptionOptional());
clientAppTO.setEncryptAssertions(clientApp.isEncryptAssertions());
+ clientAppTO.setRequireSignedRoot(clientApp.isRequireSignedRoot());
+
clientAppTO.setLogoutResponseEnabled(clientApp.isLogoutResponseEnabled());
+ clientAppTO.setEncryptAttributes(clientApp.isEncryptAttributes());
+
clientAppTO.setSkipGeneratingAssertionNameId(clientApp.isSkipGeneratingAssertionNameId());
+ clientAppTO.setSkipGeneratingSubjectConfirmationInResponseTo(
+ clientApp.isSkipGeneratingSubjectConfirmationInResponseTo());
+
clientAppTO.setSkipGeneratingResponseInResponseTo(clientApp.isSkipGeneratingResponseInResponseTo());
+ clientAppTO.setSkipGeneratingSubjectConfirmationNotOnOrAfter(
+ clientApp.isSkipGeneratingSubjectConfirmationNotOnOrAfter());
+ clientAppTO.setSkipGeneratingSubjectConfirmationRecipient(
+ clientApp.isSkipGeneratingSubjectConfirmationRecipient());
+
clientAppTO.setSkipGeneratingSubjectConfirmationAddress(clientApp.isSkipGeneratingSubjectConfirmationAddress());
+ clientAppTO.setSkipGeneratingSubjectConfirmationNotBefore(
+ clientApp.isSkipGeneratingSubjectConfirmationNotBefore());
+
clientAppTO.setSkipGeneratingSubjectConfirmationNameId(clientApp.isSkipGeneratingSubjectConfirmationNameId());
+
clientAppTO.setSkipGeneratingNameIdQualifiers(clientApp.isSkipGeneratingNameIdQualifiers());
+
clientAppTO.setSkipGeneratingTransientNameId(clientApp.isSkipGeneratingTransientNameId());
+
clientAppTO.setSkipValidatingAuthnRequest(clientApp.isSkipValidatingAuthnRequest());
+ clientAppTO.setSkipGeneratingServiceProviderNameIdQualifier(
+ clientApp.isSkipGeneratingServiceProviderNameIdQualifier());
+
clientAppTO.setSkipGeneratingAuthenticatingAuthority(clientApp.isSkipGeneratingAuthenticatingAuthority());
+
clientAppTO.setSkipGeneratingNameIdQualifier(clientApp.isSkipGeneratingNameIdQualifier());
+
clientAppTO.setSkipGeneratingSessionNotOnOrAfter(clientApp.isSkipGeneratingSessionNotOnOrAfter());
+
clientAppTO.setValidateMetadataCertificates(clientApp.isValidateMetadataCertificates());
clientAppTO.setRequiredAuthenticationContextClass(clientApp.getRequiredAuthenticationContextClass());
clientAppTO.setRequiredNameIdFormat(clientApp.getRequiredNameIdFormat());
clientAppTO.setSkewAllowance(clientApp.getSkewAllowance());
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
index 29ff3cda7f..2a8a1636a8 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
@@ -70,6 +70,32 @@ public class SAML2SPClientAppTOMapper extends
AbstractClientAppMapper {
service.setSignResponses(TriStateBoolean.fromBoolean(sp.isSignResponses()));
service.setEncryptionOptional(sp.isEncryptionOptional());
service.setEncryptAssertions(sp.isEncryptAssertions());
+ service.setSubjectLocality(sp.getSubjectLocality());
+ service.setLogoutResponseBinding(
+
Optional.ofNullable(sp.getLogoutResponseBinding()).map(Enum::name).orElse(null));
+
service.setMetadataCriteriaDirection(sp.getMetadataCriteriaDirection().name());
+ service.setMetadataCriteriaPattern(sp.getMetadataCriteriaPattern());
+ service.setSigningCredentialType(
+
Optional.ofNullable(sp.getSigningCredentialType()).map(Enum::name).orElse(null));
+ service.setEncryptAttributes(sp.isEncryptAttributes());
+ service.setRequireSignedRoot(sp.isRequireSignedRoot());
+ service.setLogoutResponseEnabled(sp.isLogoutResponseEnabled());
+
service.setSkipGeneratingAssertionNameId(sp.isSkipGeneratingAssertionNameId());
+
service.setSkipGeneratingSubjectConfirmationInResponseTo(sp.isSkipGeneratingSubjectConfirmationInResponseTo());
+
service.setSkipGeneratingResponseInResponseTo(sp.isSkipGeneratingResponseInResponseTo());
+
service.setSkipGeneratingSubjectConfirmationNotOnOrAfter(sp.isSkipGeneratingSubjectConfirmationNotOnOrAfter());
+
service.setSkipGeneratingSubjectConfirmationRecipient(sp.isSkipGeneratingSubjectConfirmationRecipient());
+
service.setSkipGeneratingSubjectConfirmationAddress(sp.isSkipGeneratingSubjectConfirmationAddress());
+
service.setSkipGeneratingSubjectConfirmationNotBefore(sp.isSkipGeneratingSubjectConfirmationNotBefore());
+
service.setSkipGeneratingSubjectConfirmationNameId(sp.isSkipGeneratingSubjectConfirmationNameId());
+
service.setSkipGeneratingNameIdQualifiers(sp.isSkipGeneratingNameIdQualifiers());
+
service.setSkipGeneratingTransientNameId(sp.isSkipGeneratingTransientNameId());
+
service.setSkipValidatingAuthnRequest(sp.isSkipValidatingAuthnRequest());
+
service.setSkipGeneratingServiceProviderNameIdQualifier(sp.isSkipGeneratingServiceProviderNameIdQualifier());
+
service.setSkipGeneratingAuthenticatingAuthority(sp.isSkipGeneratingAuthenticatingAuthority());
+
service.setSkipGeneratingNameIdQualifier(sp.isSkipGeneratingNameIdQualifier());
+
service.setSkipGeneratingSessionNotOnOrAfter(sp.isSkipGeneratingSessionNotOnOrAfter());
+
service.setValidateMetadataCertificates(sp.isValidateMetadataCertificates());
service.setRequiredAuthenticationContextClass(sp.getRequiredAuthenticationContextClass());
service.setRequiredNameIdFormat(sp.getRequiredNameIdFormat().getNameId());
service.setSkewAllowance(Optional.ofNullable(sp.getSkewAllowance()).orElse(0));
