Skip to content
Snippets Groups Projects
Commit 5edf988a authored by Fabio Roberto Vitello's avatar Fabio Roberto Vitello
Browse files

initial release

parent 24b0b77b
No related branches found
No related tags found
No related merge requests found
Showing
with 1241 additions and 0 deletions
Shibboleth Authentication Plugin for Liferay
============================================
* This plugin is derived from an initial version of rsheshi@gmail.com. See: http://code.google.com/p/liferay-shibboleth-plugin/
* The first major extension was done by Ivan Novakov. https://github.com/ivan-novakov
* Further upgrades were made by Mihály Héder. https://github.com/mheder
* The latest extensions were made by Szabolcs Tenczer https://github.com/burgosz
Additional features has been added:
* auto create users using Shibboleth attributes (email, first name, last name)
* auto update user information upon login
* added options to specify the headers (Shibboleth attributes) to be used for extracting email, first name and last name
* basic attribute to role mapping
Requirements
------------
* Apache 2.x with mod_ssl and mod_proxy_ajp
* Shibboleth SP 2.x
Introduction
------------
Currently, there is no native Java Shibboleth service provider. If you need to protect your Java web
with Shibboleth, you have to run Apache with mod_shib in front of your servlet container (Tomcat, JBoss, ...).
The protected application must not be accessible directly, it must be run on a private address. Apache will intercept
requests, and after performing all authentication related tasks, it will pass the request to the backend servlet
container using AJP (Apache JServ Protocol).
Shibboleth Service Provider
---------------------------
A standard Shibboleth Service Provider instance may be used with one difference - the attribute preffix must bes
set to "AJP_", otherwise user attributes from Shibboleh will not be accessible in the application.
<ApplicationDefaults entityID="https://liferay-test/shibboleth"
REMOTE_USER="uid eppn persistent-id targeted-id"
attributePrefix="AJP_">
Apache configuration
--------------------
First, we need to set the AJP communication with the backend in our virtual host configuration:
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
Then we'll configure Shibboleth to be "activated" for the whole site:
<Location />
AuthType shibboleth
require shibboleth
</Location>
And require a Shibboleth session at the "login" location:
<Location /c/portal/login>
AuthType shibboleth
ShibRequireSession On
require valid-user
</Location>
Container's AJP connector
---------------------
Make sure, the backend servlet container has properly configured AJP connector. For example, in JBoss it is not enabled by default and you have to explicitly enable it:
# cd $JBOSS_HOME/bin
# ./jboss-cli.sh
You are disconnected at the moment. Type 'connect' to connect to the server or 'help' for the list of supported commands.
[disconnected /] connect
[standalone@localhost:9999 /] /subsystem=web:read-children-names(child-type=connector)
{
"outcome" => "success",
"result" => ["http"]
}
[standalone@localhost:9999 /] /subsystem=web/connector=ajp:add(socket-binding=ajp, protocol="AJP/1.3", enabled=true, scheme=ajp)
{"outcome" => "success"}
[standalone@localhost:9999 /] /subsystem=web:read-children-names(child-type=connector)
{
"outcome" => "success",
"result" => [
"ajp",
"http"
]
}
Plugin installation and configuration
-------------------------------------
Clone the repository and run the Maven install script:
# git clone https://github.com/mheder/liferay-shibboleth-plugin
# cd liferay-shibboleth-plugin
# mvn install
Then deploy the WAR file to your servlet container.
After a successful installation a new "Shibboleth" section appears in the Liferay's Control panel at "Portal Settings / Authentication". You can adjust Shibboleth authentication there. The most important setting is the name of the attribute from with the user identity is taken.
At the same time, in "Portal Settings --> Authentication --> General", disable all "Allow..." options.
Further steps
-------------
If you plan to use Shibboleth autehtnication only, it will be a good idea to prevent your users from changing their personal info (especially the screen name which holds the identity).
If you choose to auto-create users, you need to disable the "terms of use" page and the "security question", which appear to the new users. Add these directives to your portal-ext.properties:
#
# Set this to true to enable reminder queries that are used to help reset a
# user's password.
#
users.reminder.queries.enabled=false
users.reminder.queries.custom.question.enabled=false
#
# Set this to true if all users are required to agree to the terms of use.
#
terms.of.use.required=false
Logging can be enabled at "Control panel --> Server Administration --> Log Levels" by adding these categories:
com.liferay.portal.security.auth.ShibbolethAutoLogin
com.liferay.portal.servlet.filters.sso.shibboleth.ShibbolethFilter
These settings will work untill server reboot only. To make them permanent you need to create a special configuration file placed at `$JBOSS_HOME/standalone/deployments/ROOT.war/WEB-INF/classes/META-INF/portal-log4j-ext.xml`:
<?xml version="1.0"?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}:%L] %m%n" />
</layout>
</appender>
<category name="com.liferay.portal.security.auth.ShibbolethAutoLogin">
<priority value="INFO" />
</category>
<category name="com.liferay.portal.servlet.filters.sso.shibboleth.ShibbolethFilter">
<priority value="INFO" />
</category>
</log4j:configuration>
Licence
-------
[MIT Licence](http://opensource.org/licenses/mit-license.php)
Contact
-------
* homepage: https://github.com/ivan-novakov/liferay-shibboleth-plugin
pom.xml 0 → 100644
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.github.ivan-novakov.liferay-shibboleth-plugin</groupId>
<artifactId>liferay-shibboleth-plugin</artifactId>
<packaging>war</packaging>
<name>liferay-shibboleth-plugin</name>
<url>https://github.com/ivan-novakov/liferay-shibboleth-plugin</url>
<version>1.2</version>
<properties>
<liferay.auto.deploy.dir>/opt/lr/deploy</liferay.auto.deploy.dir>
<liferay.version>6.2.0-RC5</liferay.version>
</properties>
<build>
<finalName>shibboleth-plugin-hook</finalName>
<plugins>
<plugin>
<groupId>com.liferay.maven.plugins</groupId>
<artifactId>liferay-maven-plugin</artifactId>
<version>${liferay.version}</version>
<configuration>
<autoDeployDir>${liferay.auto.deploy.dir}</autoDeployDir>
<liferayVersion>${liferay.version}</liferayVersion>
<pluginType>hook</pluginType>
</configuration>
</plugin>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<encoding>UTF-8</encoding>
<source>1.6</source>
<target>1.6</target>
</configuration>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration>
<webResources>
<resource>
<filtering>true</filtering>
<directory>src/main/webapp</directory>
<includes>
<include>**/liferay-plugin-package.xml</include>
<include>**/web.xml</include>
</includes>
</resource>
</webResources>
<warSourceDirectory>src/main/webapp</warSourceDirectory>
<webXml>src/main/webapp/WEB-INF/web.xml</webXml>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>com.liferay.portal</groupId>
<artifactId>portal-service</artifactId>
<version>${liferay.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.liferay.portal</groupId>
<artifactId>util-java</artifactId>
<version>${liferay.version}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.portlet</groupId>
<artifactId>portlet-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.4</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
</dependencies>
</project>
package com.liferay.portal.security.auth;
import com.liferay.portal.NoSuchUserException;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.StringPool;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.model.CompanyConstants;
import com.liferay.portal.model.Role;
import com.liferay.portal.model.User;
import com.liferay.portal.security.ldap.PortalLDAPImporterUtil;
import com.liferay.portal.service.RoleLocalServiceUtil;
import com.liferay.portal.service.ServiceContext;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.liferay.portal.shibboleth.util.ShibbolethPropsKeys;
import com.liferay.portal.shibboleth.util.Util;
import com.liferay.portal.util.PortalUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.*;
/**
* Performs autologin based on the header values passed by Shibboleth.
*
* The Shibboleth user ID header set in the configuration must contain the user
* ID, if users are authenticated by screen name or the user email, if the users
* are authenticated by email (Portal settings --> Authentication --> General).
*
* @author Romeo Sheshi
* @author Ivan Novakov <ivan.novakov@debug.cz>
*/
public class ShibbolethAutoLogin implements AutoLogin {
private static Log _log = LogFactoryUtil.getLog(ShibbolethAutoLogin.class);
@Override
public String[] handleException(HttpServletRequest request, HttpServletResponse response, Exception e) throws AutoLoginException {
// taken from BaseAutoLogin
if (Validator.isNull(request.getAttribute(AutoLogin.AUTO_LOGIN_REDIRECT))) {
throw new AutoLoginException(e);
}
_log.error(e, e);
return null;
}
@Override
public String[] login(HttpServletRequest req, HttpServletResponse res) throws AutoLoginException {
User user;
String[] credentials = null;
HttpSession session = req.getSession(false);
long companyId = PortalUtil.getCompanyId(req);
try {
_log.info("Shibboleth Autologin [modified 2]");
if (!Util.isEnabled(companyId)) {
return credentials;
}
user = loginFromSession(companyId, session);
if (Validator.isNull(user)) {
return credentials;
}
credentials = new String[3];
credentials[0] = String.valueOf(user.getUserId());
credentials[1] = user.getPassword();
credentials[2] = Boolean.TRUE.toString();
return credentials;
} catch (NoSuchUserException e) {
logError(e);
} catch (Exception e) {
logError(e);
throw new AutoLoginException(e);
}
return credentials;
}
private User loginFromSession(long companyId, HttpSession session) throws Exception {
String login;
User user = null;
login = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_LOGIN);
if (Validator.isNull(login)) {
return null;
}
String authType = Util.getAuthType(companyId);
try {
if (authType.equals(CompanyConstants.AUTH_TYPE_SN)) {
_log.info("Trying to find user with screen name: " + login);
user = UserLocalServiceUtil.getUserByScreenName(companyId, login);
} else if (authType.equals(CompanyConstants.AUTH_TYPE_EA)) {
String emailAddress = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL);
if (Validator.isNull(emailAddress)) {
return null;
}
_log.info("Trying to find user with email: " + emailAddress);
user = UserLocalServiceUtil.getUserByEmailAddress(companyId, emailAddress);
} else {
throw new NoSuchUserException();
}
_log.info("User found: " + user.getScreenName() + " (" + user.getEmailAddress() + ")");
if (Util.autoUpdateUser(companyId)) {
_log.info("Auto-updating user...");
updateUserFromSession(user, session);
}
} catch (NoSuchUserException e) {
_log.error("User " + login + " not found");
if (Util.autoCreateUser(companyId)) {
_log.info("Importing user from session...");
user = createUserFromSession(companyId, session);
_log.info("Created user with ID: " + user.getUserId());
} else if (Util.importUser(companyId)) {
_log.info("Importing user from LDAP...");
user = PortalLDAPImporterUtil.importLDAPUser(companyId, StringPool.BLANK, login);
}
}
try {
updateUserRolesFromSession(companyId, user, session);
} catch (Exception e) {
_log.error("Exception while updating user roles from session: " + e.getMessage());
}
return user;
}
/**
* Create user from session
*/
protected User createUserFromSession(long companyId, HttpSession session) throws Exception {
User user = null;
String screenName = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_LOGIN);
if (Validator.isNull(screenName)) {
_log.error("Cannot create user - missing screen name");
return user;
}
String emailAddress = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL);
if (Validator.isNull(emailAddress)) {
_log.error("Cannot create user - missing email");
return user;
}
String firstname = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME);
if (Validator.isNull(firstname)) {
_log.error("Cannot create user - missing firstname");
return user;
}
String surname = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME);
if (Validator.isNull(surname)) {
_log.error("Cannot create user - missing surname");
return user;
}
_log.info("Creating user: screen name = [" + screenName + "], emailAddress = [" + emailAddress
+ "], first name = [" + firstname + "], surname = [" + surname + "]");
return addUser(companyId, screenName, emailAddress, firstname, surname);
}
/**
* Store user
*/
private User addUser(long companyId, String screenName, String emailAddress, String firstName, String lastName)
throws Exception {
long creatorUserId = 0;
boolean autoPassword = true;
String password1 = null;
String password2 = null;
boolean autoScreenName = false;
long facebookId = 0;
String openId = StringPool.BLANK;
Locale locale = Locale.US;
String middleName = StringPool.BLANK;
int prefixId = 0;
int suffixId = 0;
boolean male = true;
int birthdayMonth = Calendar.JANUARY;
int birthdayDay = 1;
int birthdayYear = 1970;
String jobTitle = StringPool.BLANK;
long[] groupIds = null;
long[] organizationIds = null;
long[] roleIds = null;
long[] userGroupIds = null;
boolean sendEmail = false;
ServiceContext serviceContext = null;
return UserLocalServiceUtil.addUser(creatorUserId, companyId, autoPassword, password1, password2,
autoScreenName, screenName, emailAddress, facebookId, openId, locale, firstName, middleName, lastName,
prefixId, suffixId, male, birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds,
organizationIds, roleIds, userGroupIds, sendEmail, serviceContext);
}
protected void updateUserFromSession(User user, HttpSession session) throws Exception {
boolean modified = false;
String emailAddress = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL);
if (Validator.isNotNull(emailAddress) && !user.getEmailAddress().equals(emailAddress)) {
_log.info("User [" + user.getScreenName() + "]: update email address [" + user.getEmailAddress()
+ "] --> [" + emailAddress + "]");
user.setEmailAddress(emailAddress);
modified = true;
}
String firstname = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME);
if (Validator.isNotNull(firstname) && !user.getFirstName().equals(firstname)) {
_log.info("User [" + user.getScreenName() + "]: update first name [" + user.getFirstName() + "] --> ["
+ firstname + "]");
user.setFirstName(firstname);
modified = true;
}
String surname = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME);
if (Validator.isNotNull(surname) && !user.getLastName().equals(surname)) {
_log.info("User [" + user.getScreenName() + "]: update last name [" + user.getLastName() + "] --> ["
+ surname + "]");
user.setLastName(surname);
modified = true;
}
if (modified) {
UserLocalServiceUtil.updateUser(user);
}
}
private void updateUserRolesFromSession(long companyId, User user, HttpSession session) throws Exception {
if (!Util.autoAssignUserRole(companyId)) {
return;
}
List<Role> currentFelRoles = getRolesFromSession(companyId, session);
long[] currentFelRoleIds = roleListToLongArray(currentFelRoles);
List<Role> felRoles = getAllRolesWithConfiguredSubtype(companyId);
long[] felRoleIds = roleListToLongArray(felRoles);
RoleLocalServiceUtil.unsetUserRoles(user.getUserId(), felRoleIds);
RoleLocalServiceUtil.addUserRoles(user.getUserId(), currentFelRoleIds);
_log.info("User '" + user.getScreenName() + "' has been assigned " + currentFelRoleIds.length + " role(s): "
+ Arrays.toString(currentFelRoleIds));
}
private long[] roleListToLongArray(List<Role> roles) {
long[] roleIds = new long[roles.size()];
for (int i = 0; i < roles.size(); i++) {
roleIds[i] = roles.get(i).getRoleId();
}
return roleIds;
}
private List<Role> getAllRolesWithConfiguredSubtype(long companyId) throws Exception {
String roleSubtype = Util.autoAssignUserRoleSubtype(companyId);
return RoleLocalServiceUtil.getSubtypeRoles(roleSubtype);
}
private List<Role> getRolesFromSession(long companyId, HttpSession session) throws SystemException {
List<Role> currentFelRoles = new ArrayList<Role>();
String affiliation = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION);
if (Validator.isNull(affiliation)) {
return currentFelRoles;
}
String[] affiliationList = affiliation.split(";");
for (String roleName : affiliationList) {
Role role;
try {
role = RoleLocalServiceUtil.getRole(companyId, roleName);
} catch (PortalException e) {
_log.info("Exception while getting role with name '" + roleName + "': " + e.getMessage());
try{
if(Util.isCreateRoleEnabled(companyId)){
List<Role> roleList = RoleLocalServiceUtil.getRoles(companyId);
long [] roleIds = roleListToLongArray(roleList);
Arrays.sort(roleIds);
long newId = roleIds[roleIds.length-1];
newId = newId+1;
role = RoleLocalServiceUtil.createRole(newId);
long classNameId = 0;
try{
classNameId = RoleLocalServiceUtil.getRole(roleIds[roleIds.length-1]).getClassNameId();
}catch (PortalException ex){
_log.info("classname error");
}
role.setClassNameId(classNameId);
role.setCompanyId(companyId);
role.setClassPK(newId);
role.setDescription(null);
role.setTitleMap(null);
role.setName(roleName);
role.setType(1);
RoleLocalServiceUtil.addRole(role);
}else continue;
}catch (Exception exc){
continue;
}
}
currentFelRoles.add(role);
}
return currentFelRoles;
}
private void logError(Exception e) {
_log.error("Exception message = " + e.getMessage() + " cause = " + e.getCause());
if (_log.isDebugEnabled()) {
_log.error(e);
}
}
}
\ No newline at end of file
package com.liferay.portal.servlet.filters.sso.shibboleth;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.servlet.BaseFilter;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.shibboleth.util.ShibbolethPropsKeys;
import com.liferay.portal.shibboleth.util.Util;
import com.liferay.portal.util.PortalUtil;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
/**
* @author Romeo Sheshi
* @author Ivan Novakov <ivan.novakov@debug.cz>
*/
public class ShibbolethFilter extends BaseFilter {
@Override
public boolean isFilterEnabled(HttpServletRequest request, HttpServletResponse response) {
try {
long companyId = PortalUtil.getCompanyId(request);
if (Util.isEnabled(companyId)) {
return true;
}
} catch (Exception e) {
_log.error(e, e);
}
return false;
}
@Override
protected Log getLog() {
return _log;
}
@Override
protected void processFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws Exception {
_log.info("Shibboleth filter");
String pathInfo = request.getPathInfo();
HttpSession session = request.getSession();
long companyId = PortalUtil.getCompanyId(request);
if (pathInfo.contains("/portal/logout")) {
if (Util.isLogoutEnabled(companyId)) {
session.invalidate();
String logoutUrl = Util.getLogoutUrl(companyId);
response.sendRedirect(logoutUrl);
return;
}
} else {
extractData(session, companyId, request);
}
processFilter(ShibbolethFilter.class, request, response, filterChain);
}
/**
* Extracts user data from AJP or HTTP header
*
* @return true if any data is present
*/
protected boolean extractData(HttpSession session, long companyId, HttpServletRequest request) throws Exception {
String login = (String) session.getAttribute(ShibbolethPropsKeys.SHIBBOLETH_LOGIN);
if (Validator.isNull(login)) {
boolean headersEnabled = Util.isHeadersEnabled(companyId);
if (headersEnabled) {
_log.info("Using HTTP headers as source for attribute values");
} else {
_log.info("Using Environment variables as source for attribute values");
}
//String aaiProvidedLoginName = getHeader(Util.getHeaderName(companyId), request, headersEnabled);
//MODIFIED FV
String aaiProvidedLoginName = getHeader(Util.getHeaderName(companyId), request, headersEnabled);
System.out.println ("ORIGINAL: "+aaiProvidedLoginName);
aaiProvidedLoginName=aaiProvidedLoginName.split("@")[0];
System.out.println ("SPLITTED: "+aaiProvidedLoginName);
String aaiProvidedEmail = getHeader(Util.getEmailHeaderName(companyId), request, headersEnabled);
String aaiProvidedFirstname = getHeader(Util.getFirstnameHeaderName(companyId), request, headersEnabled);
String aaiProvidedSurname = getHeader(Util.getSurnameHeaderName(companyId), request, headersEnabled);
String aaiProvidedAffiliation = getHeader(Util.getAffiliationHeaderName(companyId), request, headersEnabled);
if (Validator.isNull(aaiProvidedLoginName)) {
_log.error("Required header [" + Util.getHeaderName(companyId) + "] not found");
_log.error("AAI authentication failed as login name header is empty.");
return false;
}
if (Util.isScreenNameTransformEnabled(companyId)) {
_log.info("ScreenName transform is enabled.");
//check validity of screen name
// most probably it is an eduPersonPrincipalName. Make transformations
if(aaiProvidedLoginName.contains("@")){
_log.info("The login name provided by AAI looks like an "
+ "email (or eduPersonPrincipalName): "
+ aaiProvidedLoginName
+ " It needs to be converted to be a Liferay screen name.");
aaiProvidedLoginName = aaiProvidedLoginName.replaceAll("@", ".at.");
_log.info("Login name is converted to:" + aaiProvidedLoginName);
} else _log.info("error");
//Liferay does not like underscores
if (aaiProvidedLoginName.contains("_")) {
_log.info("The login name provided by AAI contains underscores:"
+ aaiProvidedLoginName
+ "It needs to be converted to be a Liferay screen name.");
aaiProvidedLoginName = aaiProvidedLoginName.replaceAll("_", "-");
_log.info("Login name is converted to:" + aaiProvidedLoginName);
}
}
else {
_log.info("ScreenName transform is disabled.");
}
_log.info("AAI-provided screen name is:" + aaiProvidedLoginName);
session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_LOGIN, aaiProvidedLoginName);
//get the first of multi-valued email address
if (aaiProvidedEmail.contains(";")) {
_log.info("The email address string provided by AAI is multi-valued:"
+ aaiProvidedEmail
+ " Using the first value.");
String[] emails = aaiProvidedEmail.split(";");
aaiProvidedEmail = emails[0];
}
_log.info("AAI-provided email is:" + aaiProvidedEmail);
session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL, aaiProvidedEmail);
if (Validator.isNull(aaiProvidedFirstname)) {
_log.error("No First name provided in: "
+ Util.getFirstnameHeaderName(companyId)
+ " using a default value instead.");
aaiProvidedFirstname = "MissingFirstName";
}
_log.info("AAI-provided first name is:" + aaiProvidedFirstname);
session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME, aaiProvidedFirstname);
if (Validator.isNull(aaiProvidedSurname)) {
_log.error("No Surname provided in: "
+ Util.getSurnameHeaderName(companyId)
+ " using a default value instead.");
aaiProvidedSurname = "MissingSurname";
}
_log.info("AAI-provided Surname is:" + aaiProvidedSurname);
session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME, aaiProvidedSurname);
if (Validator.isNull(aaiProvidedAffiliation)) {
_log.debug("No affiliation provided");
aaiProvidedAffiliation = "";
}
if (Util.isAffiliationTruncateEnabled(companyId) && aaiProvidedAffiliation.contains(":")) {
_log.info("affiliation contains ':' characters: "
+ aaiProvidedAffiliation
+ " assuming eduPersonEntitlement format");
// AAI-provided affiliation is multi-valued
if (aaiProvidedAffiliation.contains(";")) {
_log.info("AAI-provided affiliation is multi-valued:"
+ aaiProvidedAffiliation
+ " Processing each vale");
String[] affiliations = aaiProvidedAffiliation.split(";");
aaiProvidedAffiliation = "";
for (int i = 0; i < affiliations.length; i++) {
String[] parts = affiliations[i].split(":");
aaiProvidedAffiliation += parts[parts.length - 1];
if (i < affiliations.length - 1) {
aaiProvidedAffiliation += ";";
}
}
} else {
String[] parts = aaiProvidedAffiliation.split(":");
aaiProvidedAffiliation = parts[parts.length - 1];
}
}
_log.info("AAI-provided affiliation is:" + aaiProvidedAffiliation);
session.setAttribute(ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION, aaiProvidedAffiliation);
return true;
} else {
return false;
}
}
protected String getHeader(String headerName, HttpServletRequest request, boolean headersEnabled) {
if (Validator.isNull(headerName)) {
return null;
}
String headerValue;
if (headersEnabled) {
headerValue = request.getHeader(headerName);
} else {
headerValue = (String) request.getAttribute(headerName);
}
_log.info("Header [" + headerName + "]: " + headerValue);
return headerValue;
}
private static final Log _log = LogFactoryUtil.getLog(ShibbolethFilter.class);
}
package com.liferay.portal.shibboleth.util;
/**
* @author Romeo Sheshi
* @author Ivan Novakov <ivan.novakov@debug.cz>
*/
public class ShibbolethPropsKeys {
public static final String SHIBBOLETH_ENABLED = "shibboleth.enabled";
public static final String SHIBBOLETH_HEADER = "shibboleth.header";
public static final String SHIBBOLETH_HEADER_EMAIL = "shibboleth.header.email";
public static final String SHIBBOLETH_HEADER_FIRSTNAME = "shibboleth.header.firstname";
public static final String SHIBBOLETH_HEADER_SURNAME = "shibboleth.header.surname";
public static final String SHIBBOLETH_HEADER_AFFILIATION = "shibboleth.header.affiliation";
public static final String SHIBBOLETH_USER_AUTO_CREATE = "shibboleth.user.auto.create";
public static final String SHIBBOLETH_USER_AUTO_UPDATE = "shibboleth.user.auto.update";
public static final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN = "shibboleth.user.role.auto.assign";
public static final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE = "shibboleth.user.role.auto.assign.subtype";
public static final String SHIBBOLETH_LOGIN = "shibboleth.login";
public static final String SHIBBOLETH_USER_LDAP_IMPORT = "shibboleth.user.ldap.import";
public static final String SHIBBOLETH_LOGIN_URL = "shibboleth.login.url";
public static final String SHIBBOLETH_LOGOUT_ENABLE = "shibboleth.logout.enabled";
public static final String SHIBBOLETH_LOGOUT_URL = "shibboleth.logout.url";
public static final String SHIBBOLETH_HEADERS_ENABLE = "shibboleth.headers.enabled";
public static final String SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE = "shibboleth.affiliation.truncate.enabled";
public static final String SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE = "shibboleth.screenname.transform.enabled";
public static final String SHIBBOLETH_HEADER_AFFILIATION_PREFIX = "shibboleth.header.affiliation.prefix";
public static final String SHIBBOLETH_USER_ROLE_AUTO_CREATE = "shibboleth.user.role.auto.create";
}
package com.liferay.portal.shibboleth.util;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PropsUtil;
/**
* @author Romeo Sheshi
* @author Ivan Novakov <ivan.novakov@debug.cz>
*/
public class ShibbolethPropsValues {
public static final boolean SHIBBOLETH_ENABLED = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_ENABLED));
public static final String SHIBBOLETH_HEADER = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER);
public static final String SHIBBOLETH_HEADER_EMAIL = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL);
public static final String SHIBBOLETH_HEADER_FIRSTNAME = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME);
public static final String SHIBBOLETH_HEADER_SURNAME = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME);
public static final String SHIBBOLETH_HEADER_AFFILIATION = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION);
public static final boolean SHIBBOLETH_USER_AUTO_CREATE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_AUTO_CREATE));
public static final boolean SHIBBOLETH_USER_AUTO_UPDATE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_AUTO_UPDATE));
public static final boolean SHIBBOLETH_USER_LDAP_IMPORT = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_LDAP_IMPORT));
public static final boolean SHIBBOLETH_USER_ROLE_AUTO_ASSIGN = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN));
public static final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE);
public static final boolean SHIBBOLETH_LOGOUT_ENABLE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_LOGOUT_ENABLE));
public static final boolean SHIBBOLETH_HEADERS_ENABLE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADERS_ENABLE));
public static final boolean SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE));
public static final boolean SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE));
public static final String SHIBBOLETH_LOGIN_URL = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_LOGIN_URL);
public static final String SHIBBOLETH_LOGOUT_URL = PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_LOGOUT_URL);
public static final String SHIBBOLETH_HEADER_AFFILIATION_PREFIX= PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION_PREFIX);
public static final boolean SHIBBOLETH_USER_ROLE_AUTO_CREATE = GetterUtil.getBoolean(PropsUtil.get(ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_CREATE));
}
package com.liferay.portal.shibboleth.util;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.PrefsPropsUtil;
import com.liferay.portal.kernel.util.PropsKeys;
import com.liferay.portal.model.CompanyConstants;
/**
*
* @author Romeo Sheshi
* @author Ivan Novakov <ivan.novakov@debug.cz>
*/
public final class Util {
private Util() {
}
public static boolean isEnabled(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_ENABLED),
ShibbolethPropsValues.SHIBBOLETH_ENABLED);
}
public static boolean isLogoutEnabled(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_LOGOUT_ENABLE),
ShibbolethPropsValues.SHIBBOLETH_LOGOUT_ENABLE);
}
public static boolean isHeadersEnabled(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADERS_ENABLE),
ShibbolethPropsValues.SHIBBOLETH_HEADERS_ENABLE);
}
public static boolean isAffiliationTruncateEnabled(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE),
ShibbolethPropsValues.SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE);
}
public static boolean isScreenNameTransformEnabled(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE),
ShibbolethPropsValues.SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE);
}
public static boolean importUser(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_LDAP_IMPORT),
ShibbolethPropsValues.SHIBBOLETH_USER_LDAP_IMPORT);
}
public static String getLoginUrl(long companyId) throws Exception {
return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_LOGIN_URL),
ShibbolethPropsValues.SHIBBOLETH_LOGIN_URL);
}
public static String getLogoutUrl(long companyId) throws Exception {
return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_LOGOUT_URL),
ShibbolethPropsValues.SHIBBOLETH_LOGOUT_URL);
}
public static String getHeaderName(long companyId) throws Exception {
return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER),
ShibbolethPropsValues.SHIBBOLETH_HEADER);
}
public static String getEmailHeaderName(long companyId) throws Exception {
return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_EMAIL),
ShibbolethPropsValues.SHIBBOLETH_HEADER_EMAIL);
}
public static String getFirstnameHeaderName(long companyId) throws Exception {
return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_FIRSTNAME),
ShibbolethPropsValues.SHIBBOLETH_HEADER_FIRSTNAME);
}
public static String getSurnameHeaderName(long companyId) throws Exception {
return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_SURNAME),
ShibbolethPropsValues.SHIBBOLETH_HEADER_SURNAME);
}
public static String getAffiliationHeaderName(long companyId) throws Exception {
return GetterUtil.getString(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION),
ShibbolethPropsValues.SHIBBOLETH_HEADER_AFFILIATION);
}
public static boolean autoCreateUser(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_AUTO_CREATE),
ShibbolethPropsValues.SHIBBOLETH_USER_AUTO_CREATE);
}
public static boolean autoUpdateUser(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_AUTO_UPDATE),
ShibbolethPropsValues.SHIBBOLETH_USER_AUTO_UPDATE);
}
public static boolean autoAssignUserRole(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN),
ShibbolethPropsValues.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN);
}
public static String autoAssignUserRoleSubtype(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE),
ShibbolethPropsValues.SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE);
}
public static String getAuthType(long companyId) throws Exception {
return GetterUtil.getString(getValue(companyId, PropsKeys.COMPANY_SECURITY_AUTH_TYPE),
CompanyConstants.AUTH_TYPE_EA);
}
private static String getValue(long companyId, String key) throws Exception {
return PrefsPropsUtil.getString(companyId, key);
}
public static String getAffiliationHeaderPrefix(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_HEADER_AFFILIATION_PREFIX),
ShibbolethPropsValues.SHIBBOLETH_HEADER_AFFILIATION_PREFIX);
}
public static boolean isCreateRoleEnabled(long companyId) throws Exception {
return GetterUtil.get(getValue(companyId, ShibbolethPropsKeys.SHIBBOLETH_USER_ROLE_AUTO_CREATE),
ShibbolethPropsValues.SHIBBOLETH_USER_ROLE_AUTO_CREATE);
}
}
shibboleth-logout-enable=Logout enable
shibboleth-headers-enable=Extract attributes from HTTP Headers instead of environment variables (see: https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPJavaInstall , the "AJP_" prefix part)
shibboleth-affiliation-truncate-enable=Truncate affiliation values and keep only the last segment after ':'. Useful for standard eduPersonEntilement values. ('foo:bar:baz:qux:RoleName' becomes 'RoleName')
shibboleth-screenname-transform-enable=Transform login ID to make it valid screen name. Replace '@' to '.at.' and '_' to '-'. ('foo_bar@baz.org' becomes 'foo-bar.at.baz.org')
import-shibboleth-users-from-ldap=Import from LDAP
shibboleth-user-header=Shibboleth header name
shibboleth-user-id-header=Shibboleth user ID header
shibboleth-user-header-email=Shibboleth user email header
shibboleth-user-header-firstname=Shibboleth user first name header
shibboleth-user-header-surname=Shibboleth user surname header
shibboleth-user-header-affiliation=Shibboleth user affiliation header
auto-create-users=Auto-create users
auto-update-users=Auto-update users
auto-assign-user-role=Auto-assign roles to users (based on the affiliation)
auto-assign-user-role-subtype=Role subtype for auto-assign roles
shibboleth=Shibboleth
shibboleth-user-header-affiliation-prefix=Shibboleth user affiliation header prefix
auto.login.hooks=com.liferay.portal.security.auth.ShibbolethAutoLogin
shibboleth.enabled=true
shibboleth.header=eppn
shibboleth.header.email=eppn
shibboleth.header.firstname=givenName
shibboleth.header.surname=sn
shibboleth.user.auto.create=true
shibboleth.user.auto.update=true
shibboleth.user.ldap.import=false
shibboleth.logout.enabled=true
shibboleth.headers.enabled=false
shibboleth.affiliation.truncate.enabled=false
shibboleth.screenname.transform.enabled=true
shibboleth.login.url=/c/portal/login/shibboleth
shibboleth.logout.url=/Shibboleth.sso/Logout?return=/
company.settings.form.authentication=shibboleth
login.form.navigation.pre=shibboleth
\ No newline at end of file
<%@ include file="/html/portlet/login/init.jsp"%>
<%
final String SHIBBOLETH_ENABLED = "shibboleth.enabled";
final String SHIBBOLETH_LOGIN_URL = "shibboleth.login.url";
boolean shibbolethEnabled = GetterUtil.getBoolean(PrefsPropsUtil.getString(PortalUtil.getCompanyId(renderRequest), SHIBBOLETH_ENABLED));
String shibbolethLoginUrl = PrefsPropsUtil.getString(company.getCompanyId(), "shibboleth.login.url", "");
%>
<c:if test="<%=shibbolethEnabled%>">
<liferay-ui:icon
src="/liferay-shibboleth-plugin-hook/images/shibboleth.png"
url="<%= shibbolethLoginUrl %>" message="shibboleth" />
</c:if>
<%@ include file="/html/portlet/portal_settings/init.jsp" %>
<%
final String SHIBBOLETH_ENABLED = "shibboleth.enabled";
final String SHIBBOLETH_HEADER = "shibboleth.header";
final String SHIBBOLETH_USER_LDAP_IMPORT = "shibboleth.user.ldap.import";
final String SHIBBOLETH_LOGOUT_ENABLE = "shibboleth.logout.enabled";
final String SHIBBOLETH_LOGOUT_URL = "shibboleth.logout.url";
final String SHIBBOLETH_LOGIN_URL = "shibboleth.login.url";
final String SHIBBOLETH_HEADERS_ENABLE = "shibboleth.headers.enabled";
final String SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE = "shibboleth.affiliation.truncate.enabled";
final String SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE = "shibboleth.screenname.transform.enabled";
final String SHIBBOLETH_HEADER_EMAIL = "shibboleth.header.email";
final String SHIBBOLETH_HEADER_FIRSTNAME = "shibboleth.header.firstname";
final String SHIBBOLETH_HEADER_SURNAME = "shibboleth.header.surname";
final String SHIBBOLETH_HEADER_AFFILIATION = "shibboleth.header.affiliation";
final String SHIBBOLETH_USER_AUTO_CREATE = "shibboleth.user.auto.create";
final String SHIBBOLETH_USER_AUTO_UPDATE = "shibboleth.user.auto.update";
final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN = "shibboleth.user.role.auto.assign";
final String SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE = "shibboleth.user.role.auto.assign.subtype";
final String SHIBBOLETH_HEADER_AFFILIATION_PREFIX = "shibboleth.header.affiliation.prefix";
final String SHIBBOLETH_USER_ROLE_AUTO_CREATE = "shibboleth.user.role.auto.create";
String shibbolethEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_ENABLED, "false");
String shibbolethHeader = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER, "");
String shibbolethUserLdapImport = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_LDAP_IMPORT, "false");
String shibbolethLogoutEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGOUT_ENABLE, "false");
String shibbolethLogoutUrl = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGOUT_URL, "");
String shibbolethLoginUrl = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_LOGIN_URL, "");
String shibbolethHeadersEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADERS_ENABLE, "false");
String shibbolethAffiliationTruncateEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE, "false");
String shibbolethScreenNameTransformEnabled = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE, "false");
String shibbolethHeaderEmail = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_EMAIL, "mail");
String shibbolethHeaderFirtsname = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_FIRSTNAME, "givenname");
String shibbolethHeaderSurname = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_SURNAME, "sn");
String shibbolethHeaderAffiliation = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_AFFILIATION, "affiliation");
String shibbolethUserAutoCreate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_AUTO_CREATE, "false");
String shibbolethUserAutoUpdate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_AUTO_UPDATE, "false");
String shibbolethUserRoleAutoAssign = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_ASSIGN, "false");
String shibbolethUserRoleAutoAssignSubtype = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE, "");
String shibbolethHeaderAffiliationPrefix = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_HEADER_AFFILIATION_PREFIX, "");
String shibbolethUserRoleAutoCreate = PrefsPropsUtil.getString(company.getCompanyId(), SHIBBOLETH_USER_ROLE_AUTO_CREATE, "false");
%>
<aui:fieldset>
<aui:input label="enabled" name='<%="settings--" + SHIBBOLETH_ENABLED + "--" %>' type="checkbox"
value="<%= shibbolethEnabled %>"/>
<aui:input cssCLass="lfr-input-text-container" label="login-url"
name='<%= "settings--" + SHIBBOLETH_LOGIN_URL + "--" %>' type="text"
value="<%= shibbolethLoginUrl %>"/>
<aui:input cssClass="lfr-input-text-container" label="shibboleth-user-id-header"
name='<%= "settings--" + SHIBBOLETH_HEADER + "--" %>' type="text" value="<%= shibbolethHeader %>"/>
<aui:input label="shibboleth-screenname-transform-enable" name='<%= "settings--" + SHIBBOLETH_SCREENNAME_TRANSFORM_ENABLE + "--" %>'
type="checkbox" value="<%= shibbolethScreenNameTransformEnabled %>"/>
<aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-email"
name='<%= "settings--" + SHIBBOLETH_HEADER_EMAIL + "--" %>' type="text" value="<%= shibbolethHeaderEmail %>"/>
<aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-firstname"
name='<%= "settings--" + SHIBBOLETH_HEADER_FIRSTNAME + "--" %>' type="text" value="<%= shibbolethHeaderFirtsname %>"/>
<aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-surname"
name='<%= "settings--" + SHIBBOLETH_HEADER_SURNAME + "--" %>' type="text" value="<%= shibbolethHeaderSurname %>"/>
<aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-affiliation"
name='<%= "settings--" + SHIBBOLETH_HEADER_AFFILIATION + "--" %>' type="text" value="<%= shibbolethHeaderAffiliation %>"/>
<aui:input label="shibboleth-affiliation-truncate-enable" name='<%= "settings--" + SHIBBOLETH_AFFILIATION_TRUNCATE_ENABLE + "--" %>'
type="checkbox" value="<%= shibbolethAffiliationTruncateEnabled %>"/>
<aui:input label="auto-create-users"
name='<%= "settings--" + SHIBBOLETH_USER_AUTO_CREATE + "--" %>' type="checkbox"
value="<%= shibbolethUserAutoCreate %>"/>
<aui:input label="auto-update-users"
name='<%= "settings--" + SHIBBOLETH_USER_AUTO_UPDATE + "--" %>' type="checkbox"
value="<%= shibbolethUserAutoUpdate %>"/>
<aui:input label="import-shibboleth-users-from-ldap"
name='<%= "settings--" + SHIBBOLETH_USER_LDAP_IMPORT + "--" %>' type="checkbox"
value="<%= shibbolethUserLdapImport %>"/>
<aui:input label="auto-create-user-role"
name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_CREATE + "--" %>' type="checkbox"
value="<%= shibbolethUserRoleAutoCreate %>"/>
<aui:input label="auto-assign-user-role"
name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_ASSIGN + "--" %>' type="checkbox"
value="<%= shibbolethUserRoleAutoAssign %>"/>
<aui:input cssClass="lfr-input-text-container" label="auto-assign-user-role-subtype"
name='<%= "settings--" + SHIBBOLETH_USER_ROLE_AUTO_ASSIGN_SUBTYPE + "--" %>' type="text"
value="<%= shibbolethUserRoleAutoAssignSubtype %>"/>
<aui:input label="shibboleth-logout-enable" name='<%= "settings--" + SHIBBOLETH_LOGOUT_ENABLE + "--" %>'
type="checkbox" value="<%= shibbolethLogoutEnabled %>"/>
<aui:input cssClass="lfr-input-text-container" label="logout-url"
name='<%= "settings--" + SHIBBOLETH_LOGOUT_URL + "--" %>' type="text"
value="<%= shibbolethLogoutUrl %>"/>
<aui:input cssClass="lfr-input-text-container" label="shibboleth-user-header-affiliation-prefix"
name='<%= "settings--" + SHIBBOLETH_HEADER_AFFILIATION_PREFIX + "--" %>' type="text"
value="<%= shibbolethHeaderAffiliationPrefix %>"/>
<aui:input label="shibboleth-headers-enable" name='<%= "settings--" + SHIBBOLETH_HEADERS_ENABLE + "--" %>'
type="checkbox" value="<%= shibbolethHeadersEnabled %>"/>
</aui:fieldset>
<?xml version="1.0"?>
<!DOCTYPE hook PUBLIC "-//Liferay//DTD Hook 6.2.0//EN" "http://www.liferay.com/dtd/liferay-hook_6_2_0.dtd">
<hook>
<portal-properties>portal.properties</portal-properties>
<language-properties>language.properties</language-properties>
<custom-jsp-dir>/WEB-INF/jsps</custom-jsp-dir>
<servlet-filter>
<servlet-filter-name>shibboleth</servlet-filter-name>
<servlet-filter-impl>com.liferay.portal.servlet.filters.sso.shibboleth.ShibbolethFilter</servlet-filter-impl>
</servlet-filter>
<servlet-filter-mapping>
<servlet-filter-name>shibboleth</servlet-filter-name>
<after-filter>Auto Login Filter</after-filter>
<url-pattern>/c/portal/login</url-pattern>
<url-pattern>/c/portal/logout</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</servlet-filter-mapping>
</hook>
\ No newline at end of file
name=Shibboleth Plugin
module-group-id=liferay 7.1.1
module-incremental-version=1
tags=
short-description=
change-log=
page-url=https://github.com/ivan-novakov/liferay-shibboleth-plugin
author=Ivan Novakov ivan.novakov@debug.cz
page-url=http://code.google.com/p/liferay-shibboleth-plugin/
author=Romeo Sheshi rsheshi@gmail.com
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plugin-package PUBLIC "-//Liferay//DTD Plugin Package 6.2.0//EN"
"http://www.liferay.com/dtd/liferay-plugin-package_6_2_0.dtd">
<plugin-package>
<name>Shibboleth Plugin</name>
<module-id>${project.groupId}/${project.artifactId}/${project.version}/${project.packaging}</module-id>
<types>
<type>portlets</type>
</types>
<tags>
<tag>shibboleth</tag>
</tags>
<short-description/>
<change-log/>
<page-url>https://github.com/ivan-novakov/liferay-shibboleth-plugin</page-url>
<author>Ivan Novakov ivan.novakov@debug.cz</author>
<licenses>
<license osi-approved="true">LGPL</license>
</licenses>
<liferay-versions>
<liferay-version>6.2.0+</liferay-version>
</liferay-versions>
</plugin-package>
\ No newline at end of file
<?xml version="1.0"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
</web-app>
\ No newline at end of file
src/main/webapp/images/shibboleth.png

3.43 KiB

File added
File added
File added
File added
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment