Added SAML authentication backend (w.i.p.)

Author: fmichielssen

.settings/org.eclipse.jdt.core.prefs

@@ -1,6 +1,6 @@
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate
+org.eclipse.jdt.core.compiler.codegen.methodParameters=generate
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
 org.eclipse.jdt.core.compiler.compliance=1.8

pom.xml

@@ -39,6 +39,11 @@
 			<id>clojars</id>
 			<url>http://clojars.org/repo/</url>
 		</repository>
+		<repository>
+			<!-- Currently used only for the opensaml 2.6.6 dependency -->
+			<id>alfresco</id>
+			<url>https://artifacts.alfresco.com/nexus/content/repositories/public/</url>
+		</repository>
 	</repositories>
 
 	<dependencies>
@@ -161,6 +166,13 @@
 			<version>4.7.0.Final</version>
 		</dependency>
 
+        <!-- SAML -->
+		<dependency>
+			<groupId>org.springframework.security.extensions</groupId>
+			<artifactId>spring-security-saml2-core</artifactId>
+			<version>1.0.9.RELEASE</version>
+		</dependency>
+		
         <!-- Kerberos -->
 		<dependency>
 			<groupId>org.apache.kerby</groupId>

src/main/java/eu/openanalytics/containerproxy/auth/AuthenticationBackendFactory.java

@@ -33,6 +33,7 @@
 import eu.openanalytics.containerproxy.auth.impl.LDAPAuthenticationBackend;
 import eu.openanalytics.containerproxy.auth.impl.NoAuthenticationBackend;
 import eu.openanalytics.containerproxy.auth.impl.OpenIDAuthenticationBackend;
+import eu.openanalytics.containerproxy.auth.impl.SAMLAuthenticationBackend;
 import eu.openanalytics.containerproxy.auth.impl.SimpleAuthenticationBackend;
 import eu.openanalytics.containerproxy.auth.impl.SocialAuthenticationBackend;
 import eu.openanalytics.containerproxy.auth.impl.WebServiceAuthenticationBackend;
@@ -50,10 +51,14 @@ public class AuthenticationBackendFactory extends AbstractFactoryBean<IAuthentic
 	@Inject
 	private ApplicationContext applicationContext;
 
-	// Special case for keycloak: this component registers some beans of its own.
+	// These backends register some beans of their own, so must be instantiated here.
+	
 	@Inject
 	private KeycloakAuthenticationBackend keycloakBackend;
 
+	@Inject
+	private SAMLAuthenticationBackend samlBackend;
+	
 	@Override
 	public Class<?> getObjectType() {
 		return IAuthenticationBackend.class;
@@ -88,6 +93,8 @@ protected IAuthenticationBackend createInstance() throws Exception {
 		case WebServiceAuthenticationBackend.NAME:			
 			backend = new WebServiceAuthenticationBackend();
 			break;
+		case SAMLAuthenticationBackend.NAME:
+			return samlBackend;
 		}
 		if (backend == null) throw new RuntimeException("Unknown authentication type:" + type);
 

src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java

@@ -0,0 +1,61 @@
+package eu.openanalytics.containerproxy.auth.impl;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.saml.SAMLAuthenticationProvider;
+import org.springframework.security.saml.SAMLEntryPoint;
+import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
+import org.springframework.security.web.access.channel.ChannelProcessingFilter;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.stereotype.Component;
+
+import eu.openanalytics.containerproxy.auth.IAuthenticationBackend;
+import eu.openanalytics.containerproxy.auth.impl.saml.SAMLConfiguration.SAMLFilterSet;
+
+@Component
+public class SAMLAuthenticationBackend implements IAuthenticationBackend {
+
+	public static final String NAME = "saml";
+	
+	@Autowired(required = false)
+	private SAMLEntryPoint samlEntryPoint;
+	
+	@Autowired(required = false)
+	private MetadataGeneratorFilter metadataGeneratorFilter;
+	
+	@Autowired(required = false)
+	private SAMLFilterSet samlFilter;
+	
+	@Autowired(required = false)
+	private SAMLAuthenticationProvider samlAuthenticationProvider;
+	
+	@Override
+	public String getName() {
+		return NAME;
+	}
+
+	@Override
+	public boolean hasAuthorization() {
+		return true;
+	}
+
+	@Override
+	public void configureHttpSecurity(HttpSecurity http) throws Exception {
+		http
+			.exceptionHandling().authenticationEntryPoint(samlEntryPoint)
+		.and()
+			.addFilterBefore(metadataGeneratorFilter, ChannelProcessingFilter.class)
+			.addFilterAfter(samlFilter, BasicAuthenticationFilter.class);
+	}
+
+	@Override
+	public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(samlAuthenticationProvider);
+	}
+
+	@Override
+	public String getLogoutSuccessURL() {
+		return "/";
+	}
+}