cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject git commit: updated refs/heads/saml2 to 5463fbb
Date Tue, 12 Aug 2014 11:12:45 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/saml2 [created] 5463fbb62


SAML2: add saml sso and slo apicmds skeleton, add classes to AuthManager

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/5463fbb6
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/5463fbb6
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/5463fbb6

Branch: refs/heads/saml2
Commit: 5463fbb6269cd94c79ac6e5a496b9b164dcb2b76
Parents: ae207be
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Tue Aug 12 13:10:05 2014 +0200
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Tue Aug 12 13:11:14 2014 +0200

----------------------------------------------------------------------
 .../org/apache/cloudstack/api/ApiConstants.java |  1 +
 .../api/auth/APIAuthenticationManagerImpl.java  |  2 +
 .../api/auth/SAML2LoginAPIAuthenticatorCmd.java | 94 ++++++++++++++++++++
 .../auth/SAML2LogoutAPIAuthenticatorCmd.java    | 71 +++++++++++++++
 4 files changed, 168 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5463fbb6/api/src/org/apache/cloudstack/api/ApiConstants.java
----------------------------------------------------------------------
diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java
index f89aa14..6baa95c 100755
--- a/api/src/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/org/apache/cloudstack/api/ApiConstants.java
@@ -514,6 +514,7 @@ public class ApiConstants {
     public static final String VMPROFILE_ID = "vmprofileid";
     public static final String VMGROUP_ID = "vmgroupid";
     public static final String CS_URL = "csurl";
+    public static final String IDP_URL = "idpurl";
     public static final String SCALEUP_POLICY_IDS = "scaleuppolicyids";
     public static final String SCALEDOWN_POLICY_IDS = "scaledownpolicyids";
     public static final String SCALEUP_POLICIES = "scaleuppolicies";

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5463fbb6/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
index 886d277..ece2e03 100644
--- a/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
+++ b/server/src/com/cloud/api/auth/APIAuthenticationManagerImpl.java
@@ -57,6 +57,8 @@ public class APIAuthenticationManagerImpl extends ManagerBase implements
APIAuth
             s_commandList = new ArrayList<Class<?>>();
             s_commandList.add(DefaultLoginAPIAuthenticatorCmd.class);
             s_commandList.add(DefaultLogoutAPIAuthenticatorCmd.class);
+            s_commandList.add(SAML2LoginAPIAuthenticatorCmd.class);
+            s_commandList.add(SAML2LogoutAPIAuthenticatorCmd.class);
         }
         return s_commandList;
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5463fbb6/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
new file mode 100644
index 0000000..beba4f1
--- /dev/null
+++ b/server/src/com/cloud/api/auth/SAML2LoginAPIAuthenticatorCmd.java
@@ -0,0 +1,94 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package com.cloud.api.auth;
+
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.LoginCmdResponse;
+import org.apache.log4j.Logger;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.util.Map;
+
+@APICommand(name = "samlsso", description = "SP initiated SAML Single Sign On", requestHasSensitiveInfo
= true, responseObject = LoginCmdResponse.class, entityType = {})
+public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements APIAuthenticator {
+    public static final Logger s_logger = Logger.getLogger(SAML2LoginAPIAuthenticatorCmd.class.getName());
+    private static final String s_name = "loginresponse";
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+    @Parameter(name = ApiConstants.IDP_URL, type = CommandType.STRING, description = "Identity
Provider SSO HTTP-Redirect binding URL", required = true)
+    private String idpUrl;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public String getIdpUrl() {
+        return idpUrl;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return Account.ACCOUNT_TYPE_NORMAL;
+    }
+
+    @Override
+    public void execute() throws ServerApiException {
+        // We should never reach here
+        throw new ServerApiException(ApiErrorCode.METHOD_NOT_ALLOWED, "This is an authentication
api, cannot be used directly");
+    }
+
+    @Override
+    public String authenticate(String command, Map<String, Object[]> params, HttpSession
session, String remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse
resp) throws ServerApiException {
+
+        String response = null;
+        try {
+            resp.sendRedirect(getIdpUrl());
+
+            // TODO: create and send assertion with the URL as GET params
+
+        } catch (IOException e) {
+            auditTrailSb.append("SP initiated SAML authentication using HTTP redirection
failed:");
+            auditTrailSb.append(e.getMessage());
+        }
+        return response;
+    }
+
+    @Override
+    public APIAuthenticationType getAPIType() {
+        return APIAuthenticationType.LOGIN_API;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/5463fbb6/server/src/com/cloud/api/auth/SAML2LogoutAPIAuthenticatorCmd.java
----------------------------------------------------------------------
diff --git a/server/src/com/cloud/api/auth/SAML2LogoutAPIAuthenticatorCmd.java b/server/src/com/cloud/api/auth/SAML2LogoutAPIAuthenticatorCmd.java
new file mode 100644
index 0000000..9119588
--- /dev/null
+++ b/server/src/com/cloud/api/auth/SAML2LogoutAPIAuthenticatorCmd.java
@@ -0,0 +1,71 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.api.auth;
+
+import com.cloud.api.response.ApiResponseSerializer;
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.LogoutCmdResponse;
+import org.apache.log4j.Logger;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.util.Map;
+
+@APICommand(name = "samlslo", description = "SAML Single Log Out API", responseObject = LogoutCmdResponse.class,
entityType = {})
+public class SAML2LogoutAPIAuthenticatorCmd extends BaseCmd implements APIAuthenticator {
+    public static final Logger s_logger = Logger.getLogger(SAML2LogoutAPIAuthenticatorCmd.class.getName());
+    private static final String s_name = "logoutresponse";
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public String getCommandName() {
+        return s_name;
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return Account.ACCOUNT_TYPE_NORMAL;
+    }
+
+    @Override
+    public void execute() throws ServerApiException {
+        // We should never reach here
+        throw new ServerApiException(ApiErrorCode.METHOD_NOT_ALLOWED, "This is an authentication
api, cannot be used directly");
+    }
+
+    @Override
+    public String authenticate(String command, Map<String, Object[]> params, HttpSession
session, String remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletResponse
resp) throws ServerApiException {
+        auditTrailSb.append("=== Logging out ===");
+        // TODO: check global config and do either local or global log out
+        LogoutCmdResponse response = new LogoutCmdResponse();
+        response.setDescription("success");
+        response.setResponseName(getCommandName());
+        return ApiResponseSerializer.toSerializedString(response, responseType);
+    }
+
+    @Override
+    public APIAuthenticationType getAPIType() {
+        return APIAuthenticationType.LOGOUT_API;
+    }
+}


Mime
View raw message