Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump opensaml2 from 2.6.6 to 4.0.1 #2908

Open
wants to merge 214 commits into
base: develop
Choose a base branch
from
Open

build(deps): bump opensaml2 from 2.6.6 to 4.0.1 #2908

wants to merge 214 commits into from

Conversation

Tallicia
Copy link
Contributor

@Tallicia Tallicia commented May 30, 2024
edited by strehle
Loading

Replacing the other feature branch #2862 for new SAML library replacement effort.

Sonar
https://sonarcloud.io/summary/new_code?id=cloudfoundry-identity-parent&pullRequest=2908

@Tallicia Tallicia added in progress DO NOT MERGE Internal Test or WIP, please DO NOT MERGE labels May 30, 2024
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/187710947

The labels on this github issue will be updated when the story is started.

@Tallicia Tallicia changed the title New saml 0530 New SAML 2024.05.30 - Not to merge but just for SAML feature branch testing May 30, 2024
@Tallicia Tallicia mentioned this pull request May 30, 2024
Closed
@duanemay duanemay force-pushed the new-saml-0530 branch 5 times, most recently from 65b0d64 to e67a40a Compare June 14, 2024 22:11
@duanemay duanemay force-pushed the new-saml-0530 branch 9 times, most recently from a761b67 to 7de27a1 Compare June 24, 2024 15:54
@duanemay duanemay force-pushed the new-saml-0530 branch 2 times, most recently from 0d3a595 to f199f50 Compare July 5, 2024 22:17
@duanemay duanemay force-pushed the new-saml-0530 branch 2 times, most recently from 46248b9 to b6cb65b Compare July 9, 2024 18:49
@peterhaochen47 peterhaochen47 force-pushed the new-saml-0530 branch 2 times, most recently from a97457f to 745fff3 Compare July 10, 2024 17:04
strehle
strehle reviewed Nov 14, 2024
View reviewed changes
.../cloudfoundry/identity/uaa/provider/saml/ConfiguratorRelyingPartyRegistrationRepository.java Outdated Show resolved Hide resolved
.../cloudfoundry/identity/uaa/provider/saml/ConfiguratorRelyingPartyRegistrationRepository.java Outdated Show resolved Hide resolved
server/src/main/resources/dummy-saml-idp-metadata.xml Outdated Show resolved Hide resolved
...ava/org/cloudfoundry/identity/uaa/provider/saml/Saml2BearerGrantAuthenticationConverter.java Outdated Show resolved Hide resolved
...ava/org/cloudfoundry/identity/uaa/provider/saml/Saml2BearerGrantAuthenticationConverter.java Outdated Show resolved Hide resolved
...ava/org/cloudfoundry/identity/uaa/provider/saml/Saml2BearerGrantAuthenticationConverter.java Show resolved Hide resolved
server/src/main/java/org/cloudfoundry/identity/uaa/provider/saml/Saml2Utils.java Show resolved Hide resolved
@strehle
Copy link
Member

strehle commented Nov 14, 2024

SAML2 bearer and IdP initated flows are similar and the IdP initiated flow still is not working.
The tests work, but this is by accident because we have only one trusted IdP and the TODO in resolution of IdP.

The resolver needs to be forked / implemented on Uaa side, I assume then we can resolve from issuer to idP .
With more than 1 trusted IdP the flow is working by accident...

SAML2 bearer works now independent from amount of SAML2 trusts, #3132

strehle and others added 11 commits November 15, 2024 17:06
@strehle
Enhancements for SAML2 bearer flow (#3132)
d281b28 
* Test saml bearer

* Fixes for SAML2 bearer flow

* reverted test
@strehle
Merge remote-tracking branch 'origin/develop' into new-saml-0530
e22d1d1 
# Conflicts:
#	dependencies.gradle
@strehle @duanemay
Enhancements for SAML2 bearer and IdP initiated SSO (#3136)
e084cee 
* Test saml bearer

* Fixes for SAML2 bearer flow

* reverted test

* Implement RelyingPartyRegistrationResolver

* support resolution of SAMLResponse from request
* remove default setting

* Use standard setting of metadata

the feature with classpath is new in this PR.

* refactorings based on sonar

* Replace dummy-saml-idp-metadata

and create the data based on real key data

Until now we do not deliver any keys in uaa.war.

* Cleanup test failure

Changed, because of hack with defaults.

* Rename DefaultRelyingPartyRegistrationResolver to UaaRelyingPartyRegistrationResolver

Signed-off-by: Duane May <[email protected]>

* Refactor text blocks

Signed-off-by: Duane May <[email protected]>

---------

Signed-off-by: Duane May <[email protected]>
Co-authored-by: Duane May <[email protected]>
Co-authored-by: Duane May <[email protected]>
@strehle
sonar: unused imports
bdb80e5
@strehle
sonar: recommendation
946a6f9
@strehle
sonar: recommendation
e54b489
@strehle
sonar changes
af2c5b6
@strehle
sonar changes
f984d0d
@strehle
omit hard coded example name (#3140)
6b4e0a1
@duanemay
Merge remote-tracking branch 'origin' into new-saml-0530
d89f4f1
@strehle
Merge remote-tracking branch 'origin/develop' into new-saml-0530
dc31694 
# Conflicts:
#	dependencies.gradle
@strehle strehle added accepted Accepted the issue and removed in_review The PR is currently in review DO NOT MERGE Internal Test or WIP, please DO NOT MERGE labels Nov 20, 2024
strehle
strehle approved these changes Nov 20, 2024
View reviewed changes
Copy link
Member

@strehle strehle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After a long time LGTM

  • thanks to broadcom
  • manually tested SAML flows

@strehle strehle requested a review from a team November 20, 2024 09:23
dependabot bot and others added 5 commits November 20, 2024 16:50
@dependabot @duanemay
build(deps): bump commons-io:commons-io from 2.17.0 to 2.18.0 (#3146)
22d413c 
Bumps commons-io:commons-io from 2.17.0 to 2.18.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@hsinn0 @duanemay
feature: ingtegration test coverage
55916ad 
- Modified `cargo.local` to run with jacoco agent if a system property is set.
- Added a task to generate coverage report from the recorded jacoco data.
@duanemay
Add the kill_uaa step to ensure jacoco file is written
86ac331
@duanemay
typo
4f60570
@duanemay
Bump Gradle to 8.11.1
4f59d4a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@strehle strehle strehle approved these changes

@duanemay duanemay Awaiting requested review from duanemay

Assignees
No one assigned
Labels
accepted Accepted the issue scheduled
Projects
Foundational Infrastructure Working Group
Status: Pending Merge | Prioritized
Milestone
EOL_Removal
Development

Successfully merging this pull request may close these issues.

Spring Security SAML2 End of Life
10 participants
@Tallicia @cf-gitbot @strehle @swalchemist @peterhaochen47 @bruce-ricard @duanemay @hsinn0 @fhanik @achrinza