Merge pull request #466 from marklogic-community/feature/173-saml

DEVEXP-173: Added support for SAML authentication

Author: rjrudin

src/main/java/com/marklogic/appdeployer/AppConfig.java

@@ -94,6 +94,7 @@ public class AppConfig {
 	private String restCertFile;
 	private String restCertPassword;
 	private String restExternalName;
+	private String restSamlToken;
 	private X509TrustManager restTrustManager;
 	private boolean restUseDefaultKeystore;
 	private String restSslProtocol;
@@ -115,6 +116,7 @@ public class AppConfig {
 	private String appServicesCertFile;
 	private String appServicesCertPassword;
 	private String appServicesExternalName;
+	private String appServicesSamlToken;
 	private X509TrustManager appServicesTrustManager;
 	private boolean appServicesUseDefaultKeystore;
 	private String appServicesSslProtocol;
@@ -384,6 +386,7 @@ public DatabaseClientConfig newRestDatabaseClientConfig(int port) {
 		config.setCertPassword(restCertPassword);
 		config.setConnectionType(restConnectionType);
 		config.setExternalName(restExternalName);
+		config.setSamlToken(restSamlToken);
 		config.setSecurityContextType(restSecurityContextType);
 		config.setCloudApiKey(cloudApiKey);
 		config.setBasePath(restBasePath);
@@ -426,6 +429,7 @@ public DatabaseClient newAppServicesDatabaseClient(String databaseName) {
 		config.setConnectionType(appServicesConnectionType);
 		config.setDatabase(databaseName);
 		config.setExternalName(appServicesExternalName);
+		config.setSamlToken(appServicesSamlToken);
 		config.setSecurityContextType(appServicesSecurityContextType);
 		config.setCloudApiKey(cloudApiKey);
 		config.setBasePath(appServicesBasePath);
@@ -1495,4 +1499,20 @@ public String getTestRestBasePath() {
 	public void setTestRestBasePath(String testRestBasePath) {
 		this.testRestBasePath = testRestBasePath;
 	}
+
+	public String getRestSamlToken() {
+		return restSamlToken;
+	}
+
+	public void setRestSamlToken(String restSamlToken) {
+		this.restSamlToken = restSamlToken;
+	}
+
+	public String getAppServicesSamlToken() {
+		return appServicesSamlToken;
+	}
+
+	public void setAppServicesSamlToken(String appServicesSamlToken) {
+		this.appServicesSamlToken = appServicesSamlToken;
+	}
 }

src/main/java/com/marklogic/appdeployer/DefaultAppConfigFactory.java

@@ -227,6 +227,10 @@ public void initialize() {
 			logger.info("App Services external name: " + prop);
 			config.setAppServicesExternalName(prop);
 		});
+		propertyConsumerMap.put("mlAppServicesSamlToken", (config, prop) -> {
+			logger.info("App Services SAML token: " + prop);
+			config.setAppServicesSamlToken(prop);
+		});
 
 		propertyConsumerMap.put("mlAppServicesSimpleSsl", (config, prop) -> {
 			if (StringUtils.hasText(prop) && !"false".equalsIgnoreCase(prop)) {
@@ -314,6 +318,10 @@ public void initialize() {
 			logger.info("REST external name: " + prop);
 			config.setRestExternalName(prop);
 		});
+		propertyConsumerMap.put("mlRestSamlToken", (config, prop) -> {
+			logger.info("REST SAML token: " + prop);
+			config.setRestSamlToken(prop);
+		});
 		propertyConsumerMap.put("mlRestBasePath", (config, prop) -> {
 			logger.info("REST base path: " + prop);
 			config.setRestBasePath(prop);

src/test/java/com/marklogic/appdeployer/DefaultAppConfigFactoryTest.java

@@ -5,7 +5,6 @@
 import com.marklogic.client.ext.SecurityContextType;
 import com.marklogic.client.ext.modulesloader.impl.PropertiesModuleManager;
 import com.marklogic.mgmt.util.SimplePropertySource;
-import static org.junit.jupiter.api.Assertions.*;
 import org.junit.jupiter.api.Test;
 
 import java.io.File;
@@ -14,7 +13,14 @@
 import java.util.Properties;
 import java.util.Set;
 
-public class DefaultAppConfigFactoryTest  {
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
+
+public class DefaultAppConfigFactoryTest {
 
 	private DefaultAppConfigFactory sut;
 
@@ -663,4 +669,29 @@ void cloudApiKeyAndBasePath() {
 		assertEquals("/app/path", config.getAppServicesBasePath());
 		assertEquals("/test/path", config.getTestRestBasePath());
 	}
+
+	@Test
+	void samlTokens() {
+		AppConfig config = new DefaultAppConfigFactory(new SimplePropertySource(
+			"mlRestAuthentication", "saml",
+			"mlRestSamlToken", "my-rest-token",
+			"mlAppServicesAuthentication", "saml",
+			"mlAppServicesSamlToken", "my-app-token"
+		)).newAppConfig();
+
+		assertEquals(SecurityContextType.SAML, config.getRestSecurityContextType());
+		assertEquals("my-rest-token", config.getRestSamlToken());
+		assertEquals(SecurityContextType.SAML, config.getAppServicesSecurityContextType());
+		assertEquals("my-app-token", config.getAppServicesSamlToken());
+
+		// It's possible to create a client with a SAML token, as no attempt is made by the Java Client to verify or
+		// use the token. So we can verify that the client is created correctly.
+		DatabaseClientFactory.SecurityContext context = config.newDatabaseClient().getSecurityContext();
+		assertTrue(context instanceof DatabaseClientFactory.SAMLAuthContext);
+		assertEquals("my-rest-token", ((DatabaseClientFactory.SAMLAuthContext) context).getToken());
+
+		context = config.newAppServicesDatabaseClient("Documents").getSecurityContext();
+		assertTrue(context instanceof DatabaseClientFactory.SAMLAuthContext);
+		assertEquals("my-app-token", ((DatabaseClientFactory.SAMLAuthContext) context).getToken());
+	}
 }