feat: Productize the addon saml-extension - EXO-69764

This addons allows to configure how exo read the assertions, in order to be able to work with persistent and transient name-id, and read username in another attribute

Author: rdenarie

README.md

@@ -100,4 +100,13 @@ To configure it, there is 2 options :
   - unspecified : then you can choose a user attribute like username as name id
 - On exo side : the property `gatein.sso.saml.nameid.format` allow to configure the wanted nameid format. By dafault, value is `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`. It can be changed to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified` if needed
 
-gatein.sso.saml.nameid.format
+#### Set username in other field than nameid
+In some installation, IDP requires that nameid is not the username but a numeric id. In this case, you can set the username in another field by setting theses properties in exo.properties
+```
+gatein.sso.saml.use.namedid=false
+gatein.sso.saml.subject.attribute=uid
+```
+
+With this configuration, the username or email will be read in the attribute provided by the assertion.
+
+

packaging/pom.xml

@@ -38,6 +38,10 @@
       <groupId>io.meeds.gatein.sso</groupId>
       <artifactId>sso-saml-plugin</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.exoplatform.addons.sso</groupId>
+      <artifactId>saml2-addon-service</artifactId>
+    </dependency>
   </dependencies>
 
   <build>

packaging/src/main/assemblies/exo-saml-addon.xml

@@ -43,6 +43,7 @@
       <outputDirectory>/lib</outputDirectory>
       <includes>
         <include>io.meeds.gatein.sso:sso-saml-plugin</include>
+        <include>org.exoplatform.addons.sso:saml2-addon-service</include>
         <include>org.apache.santuario:xmlsec</include>
       </includes>
       <outputFileNameMapping>${artifact.artifactId}.${artifact.extension}</outputFileNameMapping>

packaging/src/main/resources/exo-saml2-config/gatein/conf/saml2/picketlink-sp.xml

@@ -21,17 +21,20 @@
     <Handler
         class="org.gatein.sso.agent.saml.PortalSAML2LogOutHandler"/>
     <Handler
-        class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler">
-      <Option Key="NAMEID_FORMAT" Value="${gatein.sso.saml.nameid.format::urn:oasis:names:tc:SAML:2.0:nameid-format:persistent}"/>    </Handler>
+        class="org.exoplatform.addons.saml.extensions.SAML2ExtendedAuthenticationHandler">
+      <Option Key="NAMEID_FORMAT" Value="${gatein.sso.saml.nameid.format::urn:oasis:names:tc:SAML:2.0:nameid-format:persistent}"/>
+      <Option Key="USE_NAMEID" Value="${gatein.sso.saml.use.namedid::true}"/>
+      <Option Key="SUBJECT_ATTRIBUTE" Value="${gatein.sso.saml.subject.attribute::uid}"/>
+    </Handler>
     <Handler
         class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler"/>
 
-  <!-- <Handler 
-        class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" /> -->
-  <!-- <Handler 
-        class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" /> -->
-  <!-- <Handler 
-        class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler"/> -->
+    <!-- <Handler
+          class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" /> -->
+    <!-- <Handler
+          class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" /> -->
+    <!-- <Handler
+          class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler"/> -->
 
   </Handlers>
 

pom.xml

@@ -43,6 +43,7 @@
   </scm>
 
   <modules>
+    <module>service</module>
     <module>packaging</module>
   </modules>
 
@@ -65,6 +66,11 @@
         <type>pom</type>
         <scope>import</scope>
       </dependency>
+      <dependency>
+        <groupId>org.exoplatform.addons.sso</groupId>
+        <artifactId>saml2-addon-service</artifactId>
+        <version>${project.version}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 

service/pom.xml

@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+  Copyright (C) 2003-2023 eXo Platform SAS.
+
+  This program is free software; you can redistribute it and/or
+  modify it under the terms of the GNU Affero General Public License
+  as published by the Free Software Foundation; either version 3
+  of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, see<http://www.gnu.org/licenses />.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.exoplatform.addons.sso</groupId>
+    <artifactId>saml2-addon-parent</artifactId>
+    <version>7.1.x-SNAPSHOT</version>
+  </parent>
+  <artifactId>saml2-addon-service</artifactId>
+  <name>eXo Add-on:: SAML2 add-on Service</name>
+  <description>The SAML2 add-on Service</description>
+  <dependencies>
+    <dependency>
+      <groupId>io.meeds.gatein.sso</groupId>
+      <artifactId>sso-saml-plugin</artifactId>
+    </dependency>
+  </dependencies>
+  <build>
+    <finalName>${project.artifactId}</finalName>
+  </build>
+</project>