Update build.yml

.github/workflows/build.yml

@@ -37,6 +37,21 @@ jobs:
 
       - name: Build with Gradle
         run: ./gradlew build --no-build-cache
+        continue-on-error: true
+      
+      - name: Upload JUnit test results
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: junit-test-results
+          path: '**/build/test-results/test/TEST-*.xml'
+          retention-days: 7
+      
+      - name: Check for test failures
+        if: failure()
+        run: |
+          echo "Tests failed. Please check the JUnit test results artifact for details."
+          exit 1
 
   docker-compose-tests:
     # if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||

src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java

@@ -32,7 +32,6 @@ import org.springframework.security.saml2.provider.service.authentication.OpenSa
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
-import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
 import org.springframework.security.saml2.provider.service.web.authentication.Saml2WebSsoAuthenticationFilter;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -375,10 +374,6 @@ public class SecurityConfiguration {
     }
 
     @Bean
-    @ConditionalOnProperty(
-            name = "security.saml2.enabled",
-            havingValue = "true",
-            matchIfMissing = false)
     public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
 
         SAML2 samlConf = applicationProperties.getSecurity().getSaml2();
@@ -398,41 +393,17 @@ public class SecurityConfiguration {
         Saml2X509Credential verificationCredential = Saml2X509Credential.verification(idpCert);
 
         RelyingPartyRegistration rp =
-                RelyingPartyRegistrations.fromMetadataLocation(samlConf.getIdpMetadataUriString())
+                RelyingPartyRegistration.withRegistrationId(samlConf.getRegistrationId())
-                        .entityId(samlConf.getEntityId())
-                        .registrationId(samlConf.getRegistrationId())
                         .signingX509Credentials((c) -> c.add(signingCredential))
-                        .singleLogoutServiceLocation(samlConf.getIdpSingleLogoutUrl())
                         .assertingPartyDetails(
                                 (details) ->
-                                        details
+                                        details.entityId(samlConf.getIdpIssuer())
-                                                //
+                                                .singleSignOnServiceLocation(
-                                                // .entityId(samlConf.getIdpIssuer())
+                                                        samlConf.getIdpSingleLoginUrl())
-                                                //
-                                                // .singleSignOnServiceLocation(
-                                                //
-                                                //      samlConf.getIdpSingleLoginUrl())
                                                 .verificationX509Credentials(
                                                         (c) -> c.add(verificationCredential))
                                                 .wantAuthnRequestsSigned(true))
                         .build();
-
-        /*
-               RelyingPartyRegistration rp =
-                       RelyingPartyRegistration.withRegistrationId(samlConf.getRegistrationId())
-                               .entityId(samlConf.getEntityId())
-                               .signingX509Credentials((c) -> c.add(signingCredential))
-                               .assertingPartyDetails(
-                                       (details) ->
-                                               details.entityId(samlConf.getEntityId())
-                                                       .singleSignOnServiceLocation(
-                                                               samlConf.getIdpSingleLoginUrl())
-                                                       .verificationX509Credentials(
-                                                               (c) -> c.add(verificationCredential))
-                                                       .wantAuthnRequestsSigned(true))
-                               .build();
-
-        */
         return new InMemoryRelyingPartyRegistrationRepository(rp);
     }
 

src/main/java/stirling/software/SPDF/config/security/saml2/CustomSaml2ResponseAuthenticationConverter.java

@@ -70,21 +70,16 @@ public class CustomSaml2ResponseAuthenticationConverter
 
     private Map<String, List<Object>> extractAttributes(Assertion assertion) {
         Map<String, List<Object>> attributes = new HashMap<>();
-        try {
+        for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
-            for (AttributeStatement attributeStatement : assertion.getAttributeStatements()) {
+            for (Attribute attribute : attributeStatement.getAttributes()) {
-                for (Attribute attribute : attributeStatement.getAttributes()) {
+                String attributeName = attribute.getName();
-                    String attributeName = attribute.getName();
+                List<Object> values = new ArrayList<>();
-                    List<Object> values = new ArrayList<>();
+                for (XMLObject xmlObject : attribute.getAttributeValues()) {
-                    for (XMLObject xmlObject : attribute.getAttributeValues()) {
+                    log.info("BOOL: " + ((XSBoolean) xmlObject).getValue());
-                        log.info("BOOL: " + ((XSBoolean) xmlObject).getValue());
+                    values.add(((XSString) xmlObject).getValue());
-                        values.add(((XSString) xmlObject).getValue());
-                    }
-                    attributes.put(attributeName, values);
                 }
+                attributes.put(attributeName, values);
             }
-        } catch (Exception ex) {
-            log.error("Could not extract attributes. Error: " + ex.getMessage());
-            return attributes;
         }
         return attributes;
     }

src/main/java/stirling/software/SPDF/model/ApplicationProperties.java

@@ -124,7 +124,6 @@ public class ApplicationProperties {
             private Boolean enabled = false;
             private Boolean autoCreateUser = false;
             private Boolean blockRegistration = false;
-            private String entityId = "stirling";
             private String registrationId = "stirling";
             private String idpMetadataUri;
             private String idpSingleLogoutUrl;
@@ -150,10 +149,6 @@ public class ApplicationProperties {
                 }
             }
 
-            public String getIdpMetadataUriString() {
-                return this.idpMetadataUri;
-            }
-
             public Resource getSpCert() {
                 if (spCert.startsWith("classpath:")) {
                     return new ClassPathResource(spCert.substring("classpath:".length()));
@@ -177,10 +172,6 @@ public class ApplicationProperties {
                     return new FileSystemResource(privateKey);
                 }
             }
-
-            public String getEntityId() {
-                return entityId;
-            }
         }
 
         @Data

src/main/resources/application.properties

@@ -50,6 +50,4 @@ springdoc.swagger-ui.url=/v1/api-docs
 
 
 posthog.api.key=phc_fiR65u5j6qmXTYL56MNrLZSWqLaDW74OrZH0Insd2xq
-posthog.host=https://eu.i.posthog.com
+posthog.host=https://eu.i.posthog.com
-
-server.port=8090

src/main/resources/settings.yml.template

@@ -12,7 +12,7 @@
 
 
 security:
-  enableLogin: true # set to 'true' to enable login
+  enableLogin: false # set to 'true' to enable login
   csrfDisabled: true # Set to 'true' to disable CSRF protection (not recommended for production)
   loginAttemptCount: 5 # lock user account after 5 tries; when using e.g. Fail2Ban you can deactivate the function with -1
   loginResetTimeMinutes: 120 # lock account for 2 hours after x attempts
@@ -48,18 +48,17 @@ security:
     scopes: openid, profile, email # Specify the scopes for which the application will request permissions
     provider: google # Set this to your OAuth provider's name, e.g., 'google' or 'keycloak'
   saml2:
-    enabled: true
+    enabled: false
     autoCreateUser: false # set to 'true' to allow auto-creation of non-existing users
     blockRegistration: false # set to 'true' to deny login with SSO without prior registration by an admin
-    entityId: 'spring-boot-app'
+    registrationId: stirling
-    registrationId: 'keycloak'
+    idpMetadataUri: https://dev-XXXXXXXX.okta.com/app/externalKey/sso/saml/metadata
-    idpMetadataUri: 'http://localhost:8080/realms/saml-sso/protocol/saml/descriptor'
+    idpSingleLogoutUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/slo/saml
-    idpSingleLogoutUrl: 'http://localhost:8080/realms/saml-sso/protocol/saml'
+    idpSingleLoginUrl: https://dev-XXXXXXXX.okta.com/app/dev-XXXXXXXX_stirlingpdf_1/externalKey/sso/saml
-    idpSingleLoginUrl: 'http://localhost:8080/realms/saml-sso/protocol/saml'
+    idpIssuer: http://www.okta.com/externalKey
-    idpIssuer: 'http://localhost:8080/realms/saml-sso'
+    idpCert: classpath:octa.crt
-    idpCert: 'classpath:saml-public-cert.crt'
+    privateKey: classpath:saml-private-key.key
-    privateKey: 'classpath:local.key'
+    spCert: classpath:saml-public-cert.crt
-    spCert: 'classpath:local.crt'
 
 # Enterprise edition settings unused for now please ignore!
 enterpriseEdition: