BFLOWS/bflows-bandi-be
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #31 from Kitzanos/saml-configuration-prod

Browse Source 
Cherry pick (Production SAML Configuration)
This commit is contained in:
bagoraharish92
2024-10-01 18:41:44 +05:30
committed by GitHub
parent d5a2b9126f c8b738a0f2
commit 5bb46c8268
7 changed files with 76 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/main/java/net/gepafin/tendermanagement/config/SamlConfig.java
View File

@@ -49,6 +49,12 @@ public class SamlConfig {
@Value("${base-url}") @Value("${base-url}")
String baseUrl; String baseUrl;
@Value("${spid.ipd.base.url}")
String ipdBaseUrl;
@Value("${active.profile.folder}")
String activeProfileFolder;
@Bean @Bean
public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() { public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
@@ -66,8 +72,8 @@ public class SamlConfig {
} }
}) })
.assertionConsumerServiceLocation(acsUrl) .assertionConsumerServiceLocation(acsUrl)
.assertingPartyDetails(details -> details.entityId("https://federatest.umbriadigitale.it/gw/metadata") .assertingPartyDetails(details -> details.entityId(ipdBaseUrl + "/gw/metadata")
.singleSignOnServiceLocation("https://federatest.umbriadigitale.it/gw/SSOProxy/SAML2") .singleSignOnServiceLocation(ipdBaseUrl + "/gw/SSOProxy/SAML2")
.singleSignOnServiceBinding(Saml2MessageBinding.POST) .singleSignOnServiceBinding(Saml2MessageBinding.POST)
.wantAuthnRequestsSigned(true) .wantAuthnRequestsSigned(true)
.verificationX509Credentials(credentials -> { .verificationX509Credentials(credentials -> {
@@ -158,7 +164,7 @@ private RequestedAuthnContext buildRequestedAuthnContext() {
public PrivateKey readPrivateKey() throws Exception { public PrivateKey readPrivateKey() throws Exception {
// Path to your private key PEM file // Path to your private key PEM file
try (PemReader pemReader = new PemReader(new InputStreamReader(readKey("dev/saml/private-key.pem")))) { try (PemReader pemReader = new PemReader(new InputStreamReader(readKey(activeProfileFolder + "/saml/private-key.pem")))) {
// Read the PEM content // Read the PEM content
byte[] pemContent = pemReader.readPemObject().getContent(); byte[] pemContent = pemReader.readPemObject().getContent();
// Decode the PEM content // Decode the PEM content
@@ -170,7 +176,7 @@ private RequestedAuthnContext buildRequestedAuthnContext() {
} }
public X509Certificate readCertificate() throws Exception { public X509Certificate readCertificate() throws Exception {
// Path to your certificate PEM fileFile // Path to your certificate PEM fileFile
try (InputStream inStream = readKey("dev/saml/public-cert.pem")) { try (InputStream inStream = readKey(activeProfileFolder + "/saml/public-cert.pem")) {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
return (X509Certificate) certFactory.generateCertificate(inStream); return (X509Certificate) certFactory.generateCertificate(inStream);
} }
@@ -178,7 +184,7 @@ private RequestedAuthnContext buildRequestedAuthnContext() {
public X509Certificate readIdpCertificate() throws Exception { public X509Certificate readIdpCertificate() throws Exception {
// Path to your IDP public certificate PEM file // Path to your IDP public certificate PEM file
try (InputStream inStream = readKey("dev/saml/idp-certificate.pem")) { try (InputStream inStream = readKey(activeProfileFolder + "/saml/idp-certificate.pem")) {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
return (X509Certificate) certFactory.generateCertificate(inStream); return (X509Certificate) certFactory.generateCertificate(inStream);
} }

1
src/main/java/net/gepafin/tendermanagement/config/SamlSuccessHandler.java
View File

@@ -45,6 +45,7 @@ public class SamlSuccessHandler implements AuthenticationSuccessHandler {
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) throws IOException { Authentication authentication) throws IOException {
try { try {
logger.info("SAML login in Authentication Success Handler");
Saml2Authentication samlAuth = (Saml2Authentication) authentication; Saml2Authentication samlAuth = (Saml2Authentication) authentication;
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) samlAuth.getPrincipal(); Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) samlAuth.getPrincipal();

6
src/main/resources/application-production.properties
View File

@@ -9,4 +9,8 @@ spring.h2.console.enabled=true
base-url=http://bandi-api.gepafin.it base-url=http://bandi-api.gepafin.it
isVatCheckGloballyDisabled = false isVatCheckGloballyDisabled = false
fe.base.url=http://gepafin-production-fe.s3-website.eu-central-1.amazonaws.com fe.base.url=http://gepafin-production-fe.s3-website.eu-central-1.amazonaws.com
#SPID configuration
spid.ipd.base.url=https://login.regione.umbria.it
active.profile.folder=production

4
src/main/resources/application.properties
View File

@@ -44,3 +44,7 @@ isVatCheckGloballyDisabled = true
vatCheckNewToken: 66026bd891a51044e90e08c4 vatCheckNewToken: 66026bd891a51044e90e08c4
fe.base.url=http://gepafin-staging-fe.s3-website.eu-central-1.amazonaws.com fe.base.url=http://gepafin-staging-fe.s3-website.eu-central-1.amazonaws.com
#SPID configuration
spid.ipd.base.url=https://federatest.umbriadigitale.it
active.profile.folder=dev

3
src/main/resources/production/saml/idp-certificate.pem Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN CERTIFICATE-----
MIIHBzCCBe+gAwIBAgIQBa/5uQoACfZc0a+0cFPKaDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQG EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8w LQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFNlcnZlciBDQTAeFw0xNDAyMDMw MDAwMDBaFw0xNzAyMDcxMjAwMDBaMIGRMQswCQYDVQQGEwJJVDEOMAwGA1UECBMFSXRhbHkxEDAO BgNVBAcTB1BlcnVnaWExFzAVBgNVBAoTDlJlZ2lvbmUgVW1icmlhMSkwJwYDVQQLEyBTZXJ2aXpp byBJbmZyYXN0cnV0dHVyZSBEaWdpdGFsaTEcMBoGA1UEAwwTKi5yZWdpb25lLnVtYnJpYS5pdDCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALx+hg0/SsF+kpakHw24sO8LFawtMiILsEKS jLbqU8LjUcvDj50CVDa/jz21OwdBfCEB6SBVEKp0a61x5RZFKBUnL795y7Na56VWzqA0kyLg7QNn 73Tu0SJPRF0Hm+2ePLLypU+TkIFfC85GO5iXn82E5rb6XRA8blLj/GauQ0DSHkY3ZTQGGzN3La9a ZJ1Tl80cIATY10iuwQdVkLXRx8VriVrS4jVJOOl8vGJ4VWLVwGYUkhmwvoR/zfeNkSQe7USjHmdf Zm4lLMYZjLM0S2wJMRQbj3MscVBKaXMHc6POqMlKrgO1nRK4/1dRYtnJeMCK/uK/ms/MYpxIX2ZG G/MCAwEAAaOCA3kwggN1MB8GA1UdIwQYMBaAFFFo/5CvAgd1PMzZZWRiohK4WXI7MB0GA1UdDgQW BBShweIeUSOk3EJgXqB9164xrkURDDAxBgNVHREEKjAoghMqLnJlZ2lvbmUudW1icmlhLml0ghFy ZWdpb25lLnVtYnJpYS5pdDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMHUGA1UdHwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWhh LXNlcnZlci1nMS5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWhhLXNl cnZlci1nMS5jcmwwggHEBgNVHSAEggG7MIIBtzCCAbMGCWCGSAGG/WwBATCCAaQwOgYIKwYBBQUH AgEWLmh0dHA6Ly93d3cuZGlnaWNlcnQuY29tL3NzbC1jcHMtcmVwb3NpdG9yeS5odG0wggFkBggr BgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgAaQBzACAAQwBlAHIAdABp AGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMA ZQAgAG8AZgAgAHQAaABlACAARABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAg AHQAaABlACAAUgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA dwBoAGkAYwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEAcgBl ACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIAeQAgAHIAZQBmAGUA cgBlAG4AYwBlAC4wgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlM aWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl cnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEB CwUAA4IBAQBPWrp7uoj9qX8h+7iGwyNOB7274/GDQZSqnk52FTQ3Qi8AzM7YV/tNDZG2j1Ran7vG /q214cqsv/gtyxSBfRR4/WgGCIylw5uZv35FsEC0lyAyPJGLKsZSMALqKkeBGQlzsmkNo7TyZgQV XMzoeuQz2mocC+ShpQjn4Uug/FptmbnYKCiKFShc0IAwAj5+U3kPmOhskml2tj+BTXDKpq4m9onY C8eN928I7tkJPvCYGDwdsBkf3EHyM/AUB4oZ/zcnT/8F7SoRfexmD9Eojslzs+hEMKkKg7M/UxJt ySAVQF/BznGvWiWfZtHrtvBCKgXsvUJ3h/7M/SqtRQnpNZ0C
-----END CERTIFICATE-----

28
src/main/resources/production/saml/private-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCKHE1L4E95N6jG
4bED1vd7c5ZMry6J0qIqojpHAzG1YIEtfL28twxBfN9voNhFL9TD6dGsfWDwYaa7
LXyMAHLRi7pI+sH852d7sq3xRd1ynKDmt+cU+6kMlDtUPulkbzeU9Z0lGFuS9qJw
CdjYliCuwUxwJsU3tVHTHlV8nAz5RaXw31Gl6u11QpgxLPeFP5AUWHzfduTA2Wr0
5ePtx5iuMj1oIMv0o50DJaqGmCKtQAtGZMGSKIrtXhLerUAfEteH6M+6POzoKg0F
ZyfLEiuqAE1Ymt16P5PLfTPjRHz4XRBCcd6a+iAAvIpG0yQE9dS7PfNtY1akk51J
La150Ef1AgMBAAECggEAIH3MCX+58rCPekp6VIbsLhThVSUZc78j+5ey0iYEOcF8
YnEoSg9eSMHR5vcWKiC4k2act1G/zo2KphprZJxuZrHSn3yuyoq+I7HDjjF7iY0j
pWO6b4tNF/J/irBKRCCOGPM3hxSV5pszV9xZMYsQIUzEaNYWK6bymxJV1jz4KGRL
w3nPIpeu8MwMZwOzQwz980bZ2vbr67Ft3GmsflKzM5SesmsW8ZyaYbVfHExvfQxV
nsf9ya0PLQqE9Gi81xY1sVkL3V+niU+AXYZ3w/neuXPz6eaJrxlu4hFdJifWlrQV
vW7mgfOmUuR/bEXr/1c95nZQykobrMqHCRVPpfesQQKBgQDCBrlYKD1XJXfXENnG
32O3TksbxVtL0Eyw1lstp20j6txetHn3F/rx/SFy70J02r2jdFHeP/V1iLrEJ81/
5QVpsA+Au5Oxwdfee/izUFqhXwSpgvtLoVypBUNcglw/qi2tCKrL10nb0i+bocoD
PGaTIECJ0MWUxTX3SrzqC8XX2QKBgQC2OWw7gGu12eutQBHujTbaZXhjwv2QEBup
UZcVYeVn8KrPrK5621aLgQXUq5Db7GoelB09SXOoqy04WZkYy5XeF+ULRtz0M5ZD
cNgAaQXuuZZdxKWFVXbK1iliGJjcMkd9PEpx5BjM49Gq2r5n3FS5KK9A44iSPMbB
IZoYWsIbfQKBgQCeME08itI4Etw6BAsKEWeDM9oYsjdVAGcGZj3AYxigiANTU2F9
C5gVY4O56UgNbanfch6tTQga43ciJjFtbJOVL230TvqDmr8dLYX+7Cx4FLgAXEH1
z4F0bE4XRlFftqe2w7I8rzIQfrVB9g51xPD8UvdLZWMxf/gXvl93klGjQQKBgQCw
JWv5TJdR73jBPZjX50up68JndRrUwq1qjAMm2T3/roX/QCZdfl73dV4kiT/7R1oB
ex2Um8cguW959Cpo7ItPZ/uxXevCZ4eOY6t5IgxpCp9OvwNdkxLE2iagu7Qvzq6K
Ydh4pYxPqr2HkfHSxgpj/e8DI69l5TgfgxLJDhpqpQKBgAgSgck834l8lNZwVPa8
+Vi9nOtoWy7pyf8pv7sDEKcVkTmUU6+53eZoccW8AUu6ilL1PtrQ7cNPTJcUom80
IVyJsVTQjDy17mj1DU8Fw15pjFWE4zRfQo9vondblJaxs9aIIG/6x9vDQVjN0hwe
jTOz1k3Du8fEEpKQMgn97J/+
-----END PRIVATE KEY-----

24
src/main/resources/production/saml/public-cert.pem Normal file
View File

@@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIID7TCCAtWgAwIBAgIUQ2G093CKO3nbHlyw68f5998BIjkwDQYJKoZIhvcNAQEL
BQAwgYUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTEQMA4GA1UEBwwHUGVy
dWdpYTEQMA4GA1UECgwHR2VwYWZpbjELMAkGA1UECwwCSVQxEDAOBgNVBAMMB0dl
cGFmaW4xIzAhBgkqhkiG9w0BCQEWFGMubW9yZXR0aUBnZXBhZmluLml0MB4XDTI0
MTAwMTA5MjIwMloXDTI1MTAwMTA5MjIwMlowgYUxCzAJBgNVBAYTAklUMQ4wDAYD
VQQIDAVJdGFseTEQMA4GA1UEBwwHUGVydWdpYTEQMA4GA1UECgwHR2VwYWZpbjEL
MAkGA1UECwwCSVQxEDAOBgNVBAMMB0dlcGFmaW4xIzAhBgkqhkiG9w0BCQEWFGMu
bW9yZXR0aUBnZXBhZmluLml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAihxNS+BPeTeoxuGxA9b3e3OWTK8uidKiKqI6RwMxtWCBLXy9vLcMQXzfb6DY
RS/Uw+nRrH1g8GGmuy18jABy0Yu6SPrB/Odne7Kt8UXdcpyg5rfnFPupDJQ7VD7p
ZG83lPWdJRhbkvaicAnY2JYgrsFMcCbFN7VR0x5VfJwM+UWl8N9RpertdUKYMSz3
hT+QFFh833bkwNlq9OXj7ceYrjI9aCDL9KOdAyWqhpgirUALRmTBkiiK7V4S3q1A
HxLXh+jPujzs6CoNBWcnyxIrqgBNWJrdej+Ty30z40R8+F0QQnHemvogALyKRtMk
BPXUuz3zbWNWpJOdSS2tedBH9QIDAQABo1MwUTAdBgNVHQ4EFgQUQ+GP6sby5ZQX
KTgq0/MsCWfdcHcwHwYDVR0jBBgwFoAUQ+GP6sby5ZQXKTgq0/MsCWfdcHcwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAWnzvIOhK4Z/GQA2H0jb+
tkpPiwXucybEEOwQyb6+ErNGLjM7aj/HXJv70zibchmuPN5yd6C9dmrlajf/qLFz
T+Dfy6zl3r0mNErcT/bgaJzVA87u0z2/DRP77XqwV23zDGK56bp8G2C1nZGq6x2k
zswESJYBquXtBWNEJnreDKOLic9AucSyf8T0C9aeWhC8L0Hz4Bd825J2n54L4YZD
ShkCDSdCOZVdaZNikRv+KyD1SI6HM3KeUNNknW6z7g2jb5PG4dn5U9+lpzOsfoYD
QEBrNG8qFZ7k9DYzh8l1dTo9izSNmudaiyjhgFw+5DZ0pcrhti6h3hnPPysSA8q/
Mg==
-----END CERTIFICATE-----