[GitHub] [knox] smolnar82 opened a new pull request #348: KNOX-2390 - Let end-users configure SAML2 client configuration using Pac4J provider parameters

Thu, 18 Jun 2020 04:13:06 -0700 


smolnar82 opened a new pull request #348:
URL: https://github.com/apache/knox/pull/348


   ## What changes were proposed in this pull request?
   
   From now on, end-users can set the following SAML 2 configurations using 
provider parameters (in addition to the already supported params):
   - useNameQualifier
   - forceAuth
   - passive
   - nameIdPolicyFormat
   
   Additionally, I refactored the special `Azure AD` client handling to its own 
class (another implementation of the new interface).
   
   ## How was this patch tested?
   
   Added and executed JUnit tests:
   ```
   [INFO] 
------------------------------------------------------------------------
   [INFO] BUILD SUCCESS
   [INFO] 
------------------------------------------------------------------------
   [INFO] Total time: 18:47 min (Wall Clock)
   [INFO] Finished at: 2020-06-18T12:40:14+02:00
   [INFO] Final Memory: 432M/2028M
   [INFO] 
------------------------------------------------------------------------
   ```
   
   Manually tested with different provider parameters set. For instance:
   - `useNameQualifier = true`
   - `forceAuth = true`
   
   ```
   <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                        
AssertionConsumerServiceURL="https://www.local.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client";
                        Destination="https://$OKTA_HOST/sso/saml";
                        ForceAuthn="true"
                        ID="_cef3baeef567461aae87cd95234d2bc38862368"
                        IsPassive="false"
                        IssueInstant="2020-06-18T09:17:21.672Z"
                        
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                        ProviderName="pac4j-saml"
                        Version="2.0"
                        >
       <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
                     Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
                     
NameQualifier="https://www.local.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client";
                     
>https://www.local.com:8443/gateway/knoxsso/api/v1/websso?pac4jCallback=true&client_name=SAML2Client</saml2:Issuer>
   </saml2p:AuthnRequest>
   ```
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to