Make SAML binding configurable via idp.saml_binding

OpenConext · Jul 25, 2023 · 7b834e8 · 7b834e8
1 parent c73c648
commit 7b834e8
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 3 deletions.
diff --git a/mujina-idp/src/main/java/mujina/idp/MetadataController.java b/mujina-idp/src/main/java/mujina/idp/MetadataController.java
@@ -22,7 +22,6 @@
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
 import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
 import org.opensaml.xml.util.XMLHelper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -51,6 +50,9 @@ public class MetadataController {
   @Autowired
   Environment environment;
 
+  @Value("${idp.saml_binding}")
+  String samlBinding;
+
   @Autowired
   @RequestMapping(method = RequestMethod.GET, value = "/metadata", produces = "application/xml")
   public String metadata(@Value("${idp.base_url}") String idpBaseUrl) throws SecurityException, ParserConfigurationException, SignatureException, MarshallingException, TransformerException {
@@ -78,7 +80,7 @@ public String metadata(@Value("${idp.base_url}") String idpBaseUrl) throws Secur
 
     SingleSignOnService singleSignOnService = buildSAMLObject(SingleSignOnService.class, SingleSignOnService.DEFAULT_ELEMENT_NAME);
     singleSignOnService.setLocation(idpBaseUrl + "/SingleSignOnService");
-    singleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+    singleSignOnService.setBinding(samlBinding);
 
     idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService);
 

diff --git a/mujina-idp/src/main/resources/application.yml b/mujina-idp/src/main/resources/application.yml
@@ -31,6 +31,8 @@ idp:
   expires: 300
   # Authentication method ALL for every username / password combination and USER for the configured users
   auth_method: ALL
+  # SAML binding type
+  saml_binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
   # Are endpoints compared. If so then pay notice to the base_url when behind a load balancer
   compare_endpoints: true
   # SAML configuration file. To use an external file, prefix path with "file:".

diff --git a/mujina-idp/src/test/java/mujina/idp/MetadataControllerTest.java b/mujina-idp/src/test/java/mujina/idp/MetadataControllerTest.java
@@ -26,7 +26,9 @@ public void metadata() throws Exception {
       .statusCode(SC_OK)
       .body(
         "EntityDescriptor.IDPSSODescriptor.SingleSignOnService.@Location",
-        equalTo(idpBaseUrl + "/SingleSignOnService"));
+        equalTo(idpBaseUrl + "/SingleSignOnService"))
+      .body("EntityDescriptor.IDPSSODescriptor.SingleSignOnService.@Binding",
+        equalTo("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"));
   }
 
 }