Updated config

2024-09-24 16:40:14 -07:00
parent 2714f646af
commit aabb7ae551
2 changed files with 33 additions and 12 deletions
--- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
@@ -263,26 +263,35 @@ public class SecurityConfig {
    
    @Bean
    public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
-    	
-         String entityId = baseUrl + "/v1/saml/gw/metadata";
-         String acsUrl = baseUrl + "/login/saml2/sso/loginumbria";
+
+        String entityId = baseUrl + "/v1/saml/gw/metadata";
+        String acsUrl = baseUrl + "/login/saml2/sso/loginumbria";
+
        RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("loginumbria")
                .entityId(entityId)
-                 .signingX509Credentials(credentials -> {
+                .signingX509Credentials(credentials -> {
+                    try {
+                        credentials.add(Saml2X509Credential.signing(readPrivateKey(), readCertificate()));
+                    } catch (Exception e) {
+                        e.printStackTrace();
+                    }
+                })
+                .assertionConsumerServiceLocation(acsUrl)
+                .assertingPartyDetails(details -> details.entityId("https://federatest.umbriadigitale.it/gw/metadata")
+                    .singleSignOnServiceLocation("https://federatest.umbriadigitale.it/gw/SSOProxy/SAML2")
+                    .singleSignOnServiceBinding(Saml2MessageBinding.POST)
+                    .wantAuthnRequestsSigned(true)
+                    .verificationX509Credentials(credentials -> {
                        try {
-                            credentials.add(Saml2X509Credential.signing(readPrivateKey(), readCertificate()));
-                           // AuthnRequest signedAuthnRequest = createSignedAuthnRequest(readPrivateKey(), readCertificate());
-                            //logger.info("Signed SAML AuthnRequest: " + SamlRequestLogger.convertSAMLObjectToString(signedAuthnRequest));
+                            // Load the IDP's public certificate for verifying the SAML response signature
+                            credentials.add(Saml2X509Credential.verification(readIdpCertificate()));
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                    })
-                .assertionConsumerServiceLocation(acsUrl)
-                .assertingPartyDetails(details -> details.entityId("https://federatest.umbriadigitale.it/gw/metadata")
-                         .singleSignOnServiceLocation("https://federatest.umbriadigitale.it/gw/SSOProxy/SAML2")
-                        .singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(true).build()
-                        )
+                )
                .build();
+
        return new InMemoryRelyingPartyRegistrationRepository(registration);
    }
    
@@ -378,6 +387,15 @@ private RequestedAuthnContext buildRequestedAuthnContext() {
        }
    }
    
+    public X509Certificate readIdpCertificate() throws Exception {
+        // Path to your IDP public certificate PEM file
+        try (InputStream inStream = readKey("dev/saml/idp-certificate.pem")) {
+            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+            return (X509Certificate) certFactory.generateCertificate(inStream);
+        }
+    }
+
+    
    public InputStream readKey(String path) throws IOException {
        ClassLoader classLoader = getClass().getClassLoader();
        InputStream inputStream = classLoader.getResourceAsStream(path);