From 1b24d8131048cd26c8db091ec3717da417bd9353 Mon Sep 17 00:00:00 2001 From: Osara-B Date: Thu, 7 Nov 2024 10:16:33 +0530 Subject: [PATCH] Add SIGN_ASSERTIONS property to IDN_SAML2_SERVICE_PROVIDER table --- .../dao/SAMLSSOServiceProviderConstants.java | 42 +++++++++---------- .../dao/SAMLSSOServiceProviderDAOImpl.java | 4 +- .../resources/dbscripts/h2.sql | 1 + 3 files changed, 23 insertions(+), 24 deletions(-) diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderConstants.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderConstants.java index 36795157f806..b26d5544113f 100644 --- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderConstants.java +++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderConstants.java @@ -40,6 +40,7 @@ private SAML2TableColumns() { public static final String CERT_ALIAS = "CERT_ALIAS"; public static final String REQ_SIG_VALIDATION = "REQ_SIG_VALIDATION"; public static final String SIGN_RESPONSE = "SIGN_RESPONSE"; + public static final String SIGN_ASSERTIONS = "SIGN_ASSERTIONS"; public static final String SIGNING_ALGO = "SIGNING_ALGO"; public static final String DIGEST_ALGO = "DIGEST_ALGO"; public static final String ENCRYPT_ASSERTION = "ENCRYPT_ASSERTION"; @@ -78,17 +79,17 @@ private SQLQueries() { public static final String ADD_SAML2_SSO_CONFIG = "INSERT INTO IDN_SAML2_SERVICE_PROVIDER " + "(ISSUER, DEFAULT_ASSERTION_CONSUMER_URL, NAME_ID_FORMAT, CERT_ALIAS, REQ_SIG_VALIDATION, " + - "SIGN_RESPONSE, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, ASSERTION_ENCRYPTION_ALGO, " + - "KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, SLO_PROFILE_ENABLED, " + - "SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, IDP_INIT_SLO_ENABLED, " + - "QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " + + "SIGN_RESPONSE, SIGN_ASSERTIONS, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, " + + "ASSERTION_ENCRYPTION_ALGO, KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, " + + "SLO_PROFILE_ENABLED, SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, " + + "IDP_INIT_SLO_ENABLED, QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " + "ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, IDP_ENTITY_ID_ALIAS, ISSUER_QUALIFIER, " + "SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, TENANT_ID) " + "VALUES (:ISSUER;, :DEFAULT_ASSERTION_CONSUMER_URL;, :NAME_ID_FORMAT;, :CERT_ALIAS;, " + - ":REQ_SIG_VALIDATION;, :SIGN_RESPONSE;, :SIGNING_ALGO;, :DIGEST_ALGO;, :ENCRYPT_ASSERTION;, " + - ":ASSERTION_ENCRYPTION_ALGO;, :KEY_ENCRYPTION_ALGO;, :ATTR_PROFILE_ENABLED;, " + - ":ATTR_SERVICE_INDEX;, :SLO_PROFILE_ENABLED;, :SLO_METHOD;, :SLO_RESPONSE_URL;, " + - ":SLO_REQUEST_URL;, :IDP_INIT_SSO_ENABLED;, :IDP_INIT_SLO_ENABLED;, " + + ":REQ_SIG_VALIDATION;, :SIGN_RESPONSE;, :SIGN_ASSERTIONS;, :SIGNING_ALGO;, :DIGEST_ALGO;, " + + ":ENCRYPT_ASSERTION;, :ASSERTION_ENCRYPTION_ALGO;, :KEY_ENCRYPTION_ALGO;, " + + ":ATTR_PROFILE_ENABLED;, :ATTR_SERVICE_INDEX;, :SLO_PROFILE_ENABLED;, :SLO_METHOD;, " + + ":SLO_RESPONSE_URL;, :SLO_REQUEST_URL;, :IDP_INIT_SSO_ENABLED;, :IDP_INIT_SLO_ENABLED;, " + ":QUERY_REQUEST_PROFILE_ENABLED;, :ECP_ENABLED;, :ARTIFACT_BINDING_ENABLED;, " + ":ARTIFACT_RESOLVE_REQ_SIG_VALIDATION;, :IDP_ENTITY_ID_ALIAS;, :ISSUER_QUALIFIER;, " + ":SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES;, :TENANT_ID;)"; @@ -98,8 +99,8 @@ private SQLQueries() { "SET ISSUER = :ISSUER;, DEFAULT_ASSERTION_CONSUMER_URL = :DEFAULT_ASSERTION_CONSUMER_URL;, " + "NAME_ID_FORMAT = :NAME_ID_FORMAT;, CERT_ALIAS = :CERT_ALIAS;, " + "REQ_SIG_VALIDATION = :REQ_SIG_VALIDATION;, SIGN_RESPONSE = :SIGN_RESPONSE;, " + - "SIGNING_ALGO = :SIGNING_ALGO;, DIGEST_ALGO = :DIGEST_ALGO;, " + - "ENCRYPT_ASSERTION = :ENCRYPT_ASSERTION;, " + + "SIGN_ASSERTIONS = :SIGN_ASSERTIONS;, SIGNING_ALGO = :SIGNING_ALGO;, " + + "DIGEST_ALGO = :DIGEST_ALGO;, ENCRYPT_ASSERTION = :ENCRYPT_ASSERTION;, " + "ASSERTION_ENCRYPTION_ALGO = :ASSERTION_ENCRYPTION_ALGO;, " + "KEY_ENCRYPTION_ALGO = :KEY_ENCRYPTION_ALGO;, ATTR_PROFILE_ENABLED = :ATTR_PROFILE_ENABLED;, " + "ATTR_SERVICE_INDEX = :ATTR_SERVICE_INDEX;, SLO_PROFILE_ENABLED = :SLO_PROFILE_ENABLED;, " + @@ -120,10 +121,10 @@ private SQLQueries() { public static final String GET_SAML2_SSO_CONFIG_BY_ISSUER = "SELECT ID, ISSUER, DEFAULT_ASSERTION_CONSUMER_URL, NAME_ID_FORMAT, CERT_ALIAS, REQ_SIG_VALIDATION, " + - "SIGN_RESPONSE, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, ASSERTION_ENCRYPTION_ALGO, " + - "KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, SLO_PROFILE_ENABLED, " + - "SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, IDP_INIT_SLO_ENABLED, " + - "QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " + + "SIGN_RESPONSE, SIGN_ASSERTIONS, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, " + + "ASSERTION_ENCRYPTION_ALGO, KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, " + + "SLO_PROFILE_ENABLED, SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, " + + "IDP_INIT_SLO_ENABLED, QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " + "ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, IDP_ENTITY_ID_ALIAS, ISSUER_QUALIFIER, " + "SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, TENANT_ID " + "FROM IDN_SAML2_SERVICE_PROVIDER " + @@ -132,10 +133,10 @@ private SQLQueries() { public static final String GET_SAML2_SSO_CONFIGS = "SELECT ID, ISSUER, DEFAULT_ASSERTION_CONSUMER_URL, NAME_ID_FORMAT, CERT_ALIAS, REQ_SIG_VALIDATION, " + - "SIGN_RESPONSE, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, ASSERTION_ENCRYPTION_ALGO, " + - "KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, SLO_PROFILE_ENABLED, " + - "SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, IDP_INIT_SLO_ENABLED, " + - "QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " + + "SIGN_RESPONSE, SIGN_ASSERTIONS, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, " + + "ASSERTION_ENCRYPTION_ALGO, KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, " + + "SLO_PROFILE_ENABLED, SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, " + + "IDP_INIT_SLO_ENABLED, QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " + "ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, IDP_ENTITY_ID_ALIAS, ISSUER_QUALIFIER, " + "SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, TENANT_ID " + "FROM IDN_SAML2_SERVICE_PROVIDER " + @@ -152,11 +153,6 @@ private SQLQueries() { "(PROPERTY_NAME, PROPERTY_VALUE, SP_ID) " + "VALUES (:PROPERTY_NAME;, :PROPERTY_VALUE;, :SP_ID;)"; - public static final String UPDATE_SAML_SSO_ATTR_BY_ID = - "UPDATE IDN_SAML2_SP_PROPERTIES " + - "SET PROPERTY_NAME = :PROPERTY_NAME;, PROPERTY_VALUE; = :PROPERTY_VALUE;, " + - "WHERE ID = :ID; AND SP_ID = :SP_ID;"; - public static final String DELETE_SAML_SSO_ATTR = "DELETE FROM IDN_SAML2_SP_PROPERTIES " + "WHERE SP_ID IN (" + GET_SAML_SP_ID_BY_ISSUER + ")"; diff --git a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java index 8f763eb080be..8a913d5a56f5 100644 --- a/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java +++ b/components/identity-core/org.wso2.carbon.identity.core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderDAOImpl.java @@ -52,6 +52,7 @@ import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SAML2TableColumns.CERT_ALIAS; import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SAML2TableColumns.REQ_SIG_VALIDATION; import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SAML2TableColumns.SIGN_RESPONSE; +import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SAML2TableColumns.SIGN_ASSERTIONS; import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SAML2TableColumns.SIGNING_ALGO; import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SAML2TableColumns.DIGEST_ALGO; import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SAML2TableColumns.ENCRYPT_ASSERTION; @@ -308,6 +309,7 @@ private SAMLSSOServiceProviderDO resourceToObject(ResultSet resultSet) throws SQ serviceProviderDO.setCertAlias(resultSet.getString(CERT_ALIAS)); serviceProviderDO.setDoValidateSignatureInRequests(resultSet.getBoolean(REQ_SIG_VALIDATION)); serviceProviderDO.setDoSignResponse(resultSet.getBoolean(SIGN_RESPONSE)); + serviceProviderDO.setDoSignAssertions(resultSet.getBoolean(SIGN_ASSERTIONS)); serviceProviderDO.setSigningAlgorithmUri(resultSet.getString(SIGNING_ALGO)); serviceProviderDO.setDigestAlgorithmUri(resultSet.getString(DIGEST_ALGO)); serviceProviderDO.setDoEnableEncryptedAssertion(resultSet.getBoolean(ENCRYPT_ASSERTION)); @@ -333,7 +335,6 @@ private SAMLSSOServiceProviderDO resourceToObject(ResultSet resultSet) throws SQ if (serviceProviderDO.isDoFrontChannelLogout()) { serviceProviderDO.setFrontChannelLogoutBinding(resultSet.getString(SLO_METHOD)); } - serviceProviderDO.setDoSignAssertions(Boolean.TRUE); return serviceProviderDO; } @@ -360,6 +361,7 @@ private void setServiceProviderParameters(NamedPreparedStatement statement, statement.setString(CERT_ALIAS, serviceProviderDO.getCertAlias()); statement.setBoolean(REQ_SIG_VALIDATION, serviceProviderDO.isDoValidateSignatureInRequests()); statement.setBoolean(SIGN_RESPONSE, serviceProviderDO.isDoSignResponse()); + statement.setBoolean(SIGN_ASSERTIONS, serviceProviderDO.isDoSignAssertions()); statement.setString(SIGNING_ALGO, serviceProviderDO.getSigningAlgorithmUri()); statement.setString(DIGEST_ALGO, serviceProviderDO.getDigestAlgorithmUri()); statement.setBoolean(ENCRYPT_ASSERTION, serviceProviderDO.isDoEnableEncryptedAssertion()); diff --git a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql index 83c6bcfe65f9..56efa70a1507 100644 --- a/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql +++ b/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/h2.sql @@ -1228,6 +1228,7 @@ CREATE TABLE IF NOT EXISTS IDN_SAML2_SERVICE_PROVIDER ( CERT_ALIAS VARCHAR(255), REQ_SIG_VALIDATION BOOLEAN, SIGN_RESPONSE BOOLEAN NOT NULL, + SIGN_ASSERTIONS BOOLEAN NOT NULL, SIGNING_ALGO VARCHAR(255) NOT NULL, DIGEST_ALGO VARCHAR(255) NOT NULL, ENCRYPT_ASSERTION BOOLEAN,