Major Enhancements to SAML2 and OAuth2 Integration with Simplified Security Configurations (#2040)

* implement Saml2 login/logout * changed: deprecation code * relyingPartyRegistrations only enabled samle
2024-10-20 13:30:58 +02:00
parent 227d18a469
commit eff1843061
32 changed files with 1080 additions and 839 deletions
--- a/src/main/resources/settings.yml.template
+++ b/src/main/resources/settings.yml.template
@@ -47,6 +47,18 @@ security:
    useAsUsername: email # Default is 'email'; custom fields can be used as the username
    scopes: openid, profile, email # Specify the scopes for which the application will request permissions
    provider: google # Set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
+  saml2:
+    enabled: false
+    autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users
+    blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
+    registrationId: stirling
+    idpMetadataUri: https://dev-XXXXXXXX.okta.com/app/externalKey/sso/saml/metadata
+    idpSingleLogoutUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/slo/saml
+    idpSingleLoginUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/sso/saml
+    idpIssuer: http://www.okta.com/externalKey
+    idpCert: classpath:octa.crt
+    privateKey: classpath:saml-private-key.key
+    spCert: classpath:saml-public-cert.crt

 # Enterprise edition settings unused for now please ignore!
 enterpriseEdition:
--- a/src/main/resources/templates/addUsers.html
+++ b/src/main/resources/templates/addUsers.html
@@ -283,7 +283,7 @@
      </script>
      <th:block th:insert="~{fragments/footer.html :: footer}"></th:block>
    </div>
-    <div th:if="${oAuth2Enabled}" class="modal fade" id="editUserModal" tabindex="-1" role="dialog" aria-labelledby="editUserModalLabel" aria-hidden="true">
+    <div th:if="${altLogin}" class="modal fade" id="editUserModal" tabindex="-1" role="dialog" aria-labelledby="editUserModalLabel" aria-hidden="true">
      <div class="modal-dialog modal-dialog-centered" role="document">
        <div class="modal-content">
          <div class="modal-header">
--- a/src/main/resources/templates/login.html
+++ b/src/main/resources/templates/login.html
@@ -114,7 +114,7 @@
          <img class="my-4" th:src="@{'/favicon.svg'}" alt="favicon" width="144" height="144">

          <h1 class="h1 mb-3 fw-normal" th:text="${@appName}">Stirling-PDF</h1>
-          <div th:if="${oAuth2Enabled} and (${loginMethod} == 'all' or ${loginMethod} == 'oauth2')">
+          <div th:if="${altLogin} and (${loginMethod} == 'all' or ${loginMethod} == 'oauth2')">
            <a href="#" class="w-100 btn btn-lg btn-primary" data-bs-toggle="modal" data-bs-target="#loginsModal" th:text="#{login.ssoSignIn}">Login Via SSO</a>
            <br>
            <br>
@@ -168,7 +168,7 @@
      </main>
      <th:block th:insert="~{fragments/footer.html :: footer}"></th:block>
    </div>
-    <div th:if="${oAuth2Enabled}" class="modal fade" id="loginsModal" tabindex="-1" role="dialog" aria-labelledby="loginsModalLabel" aria-hidden="true">
+    <div th:if="${altLogin}" class="modal fade" id="loginsModal" tabindex="-1" role="dialog" aria-labelledby="loginsModalLabel" aria-hidden="true">
      <div class="modal-dialog modal-dialog-centered" role="document">
        <div class="modal-content">
          <div class="modal-header">
@@ -181,7 +181,7 @@
          </div>
          <div class="modal-body">
            <div class="mb-3" th:each="provider : ${providerlist}">
-              <a th:href="@{|/oauth2/authorization/${provider.key}|}" th:text="${provider.value}" class="w-100 btn btn-lg btn-primary">OpenID Connect</a>
+              <a th:href="@{|${provider.key}|}" th:text="${provider.value}" class="w-100 btn btn-lg btn-primary">Login Provider</a>
            </div>
          </div>
          <div class="modal-footer">