Loading…
Tilbage
×

Info

Der findes en nyere version af resourcen her

oiosaml.java 2.2.0

11-02-2020 07:28:00
Version: 2.2.0

OIOSAML for Java release 2.2.0 has been made available. This release contains the following changes

  • Support for OIOSAML 3.0 profile
  • Support for OIO-BPP 1.2 profile

Code repository

The SVN repository on Softwarebørsen has been closed, and the code has been moved to Github. The code can now be located here

https://github.com/digst/OIOSAML.Java

Maven repository

The binary artifacts are distributed as Maven dependencies, and can be located here

https://mvnrepository.com/artifact/dk.digst/oiosaml2.java

Note about OIOSAML 3.0 profile

The OIOSAML.java 2.2.0 release is compatible with both the old OIOSAML 2.0.9 profile, and the new OIOSAML 3.0 profile, and can be configured to in either a hybrid-mode, or a specific profile-mode. Please consult the documentation found here

https://github.com/digst/OIOSAML.Java/tree/master/docs

Note about required Java version

This release of OIOSAML.java requires Java 8 or higher to use.

Profilbillede

Hybrid mode

Jakob Kruse
16. april 2020, 11:01

I have searched the documentation, but failed to find details about configuring in hybrid-mode. Can you provide a direct link to that part of the documentation?

Profilbillede

Brian Graversen
23. april 2020, 8:03

Hi Jakob.

 

Not sure how to get github to display HTML as actual HTML, but if you just ignore the HTML tags and look at this document

 

https://raw.githubusercontent.com/digst/OIOSAML.Java/master/docs/assurancelevel.html

 

Note the following

 

It is possible to configure a requirement for one or both of these attributes, but note that the issued assertion only has to pass one of the requirements if both are configured (e.g. if both NSIS level "High" and AssuranceLevel "4" are required, and the IdP issues a token with AssuranceLevel "4", then it passes validation).

So if you are running in a hybrid-mode, where you accept both types of claims, you can just configure it to accept both type of values.

ændret af Brian Graversen (23.04.2020)
Profilbillede

Jakob Kruse
23. april 2020, 9:28

Hi Brian,

Thank you for your response. I understand the ability to accept both types of values. What I don't understand is how to configure for hybrid-mode. Is that just setting both "oiosaml-sp.assurancelevel" and "oiosaml-sp.nsislevel", or is there something else I need to set to enable hybrid-mode?

Profilbillede

Brian Graversen
23. april 2020, 11:44

Hi Jakob,

 

it is just setting both values, then you are in hybrid-mode

Profilbillede

UserAssertion

Jakob Kruse
16. april 2020, 10:58

Am I correct in observing that, even though version 2.2.0 is OIOSAML 3.0 compliant, the UserAssertion supplied on login does not contain methods to retrieve the replacement attributes for PID and RID?

Also, in OIOSAML 3.0, the PID and RID attributes are named "https://data.gov.dk/model/core/eid/person/pid" and "https://data.gov.dk/model/core/eid/professional/rid" respectively, but the getPIDNumber and getRIDNumber methods retrieve attributes named "dk:gov:saml:attribute:PidNumberIdentifier" and "dk:gov:saml:attribute:RidNumberIdentifier". Does that mean that those methods do not work with an OIOSAML 3.0 assertion?

Profilbillede

Brian Graversen
23. april 2020, 8:07

Hi Jakob.

 

All attributes can still be retrieved by using the getAllAttributes() method, but you are right that the convenience methods for retrieving PID and RID are still pointing to the old attributes.

 

As we need to support both OIOSAML 2.0.9 and 3.0, I'll update the methods to attempt to retrieve both attributes, and return whichever is available. It will prefer 3.0 attributes if both are available.

Expect an updates release later today.

Profilbillede

Brian Graversen
23. april 2020, 8:13

I might have been a bit to fast there - it seems that both of these attributes

https://data.gov.dk/model/core/eid/person/pid
https://data.gov.dk/model/core/eid/professional/rid

are deprecated in the OIOSAML 3.0 profile. I'll still make the change, as it seems these attributes will still be issued for some period of time (I'm guessing here, so don't rely on that bit of information for any kind of planning).

I'll also add convenience methods for the new UUID attributes

https://data.gov.dk/model/core/eid/professional/uuid/persistent
https://data.gov.dk/model/core/eid/cprUuid

 

Profilbillede

Build and test

Mac Wendelboe
18. februar 2020, 15:04

Actually building the included IdP requires Java 11.

And the IdP must be built and running in order to execute the unit tests. So it seems like the bootstrap build process is now as complicated as:

1. mvn -Dmaven.test.skip=true package

2. Fire up up the IdP

3. mvn package

Unfortunately I haven't verified all of this process, since I got stuck on missing Java 11.

Profilbillede

Brian Graversen
18. februar 2020, 15:14

True, the IdP is a Java 11 application, but you do not need to actually compile the source, nor run the tests, to use OIOSAML. It is available as a maven dependency.

 

You also do not need to run the tests to compile the application, so if your step 1 is enough, as that will create the package.