forked from benmccann/jenkins-saml-plugin
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[JENKINS-38971] Add support SAML ForceAuthn, AuthnContextClassRef, cu…
…stom EntityId, and session timeout (#20) * added expirationTime to SamlAuthenticationToken * added advanced configuration support * integrated advanced configuration * Now passing the session to SamlAuthenticationToken * removing -SNAPSHOT for testing * Add support SAML ForceAuthn, AuthnContextClassRef, custom EntityId, and session timeout * configuration tests
- Loading branch information
1 parent
d47d2c1
commit 8232c21
Showing
16 changed files
with
331 additions
and
41 deletions.
There are no files selected for viewing
69 changes: 69 additions & 0 deletions
69
src/main/java/org/jenkinsci/plugins/saml/SamlAdvancedConfiguration.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
/* Licensed to Jenkins CI under one or more contributor license | ||
agreements. See the NOTICE file distributed with this work | ||
for additional information regarding copyright ownership. | ||
Jenkins CI licenses this file to you under the Apache License, | ||
Version 2.0 (the "License"); you may not use this file except | ||
in compliance with the License. You may obtain a copy of the | ||
License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, | ||
software distributed under the License is distributed on an | ||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
KIND, either express or implied. See the License for the | ||
specific language governing permissions and limitations | ||
under the License. */ | ||
|
||
package org.jenkinsci.plugins.saml; | ||
|
||
import hudson.Util; | ||
|
||
import org.apache.commons.lang.StringUtils; | ||
import org.kohsuke.stapler.DataBoundConstructor; | ||
|
||
/** | ||
* Simple immutable data class to hold the optional advanced configuration data section | ||
* of the plugin's configuration page | ||
*/ | ||
public class SamlAdvancedConfiguration { | ||
private final Boolean forceAuthn; | ||
private final String authnContextClassRef; | ||
private final String spEntityId; | ||
private final Integer maximumSessionLifetime; | ||
|
||
@DataBoundConstructor | ||
public SamlAdvancedConfiguration(Boolean forceAuthn, String authnContextClassRef, String spEntityId, Integer maximumSessionLifetime) { | ||
this.forceAuthn = (forceAuthn != null) ? forceAuthn : false; | ||
this.authnContextClassRef = Util.fixEmptyAndTrim(authnContextClassRef); | ||
this.spEntityId = Util.fixEmptyAndTrim(spEntityId); | ||
this.maximumSessionLifetime = maximumSessionLifetime; | ||
} | ||
|
||
public Boolean getForceAuthn() { | ||
return forceAuthn; | ||
} | ||
|
||
public String getAuthnContextClassRef() { | ||
return authnContextClassRef; | ||
} | ||
|
||
public String getSpEntityId() { | ||
return spEntityId; | ||
} | ||
|
||
public Integer getMaximumSessionLifetime() { | ||
return maximumSessionLifetime; | ||
} | ||
|
||
@Override | ||
public String toString() { | ||
final StringBuffer sb = new StringBuffer("SamlAdvancedConfiguration{"); | ||
sb.append("forceAuthn=").append(forceAuthn); | ||
sb.append(", authnContextClassRef='").append(StringUtils.defaultIfBlank(authnContextClassRef,"none")).append('\''); | ||
sb.append(", spEntityId='").append(StringUtils.defaultIfBlank(spEntityId,"none")).append('\''); | ||
sb.append(", maximumSessionLifetime=").append(maximumSessionLifetime != null ? maximumSessionLifetime : "none"); | ||
sb.append('}'); | ||
return sb.toString(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
<div> | ||
You could enable this options to use SAML ForceAuthn to force logins at our IdP, | ||
AuthnContextClassRef to override the default authentication mechanism, | ||
and force multi-factor authentication; | ||
you also could set the sessions on Jenkins to be shorter than those on your IdP. | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
<div> | ||
If this field is not empty, request that the SAML IdP uses a specific | ||
authentication context, rather than its default. Check with the IdP | ||
administrators to find out which authentication contexts are available. | ||
</div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
<div> | ||
Whether to request the SAML IdP to force (re)authentication of the user, rather than allowing an existing session with the IdP to be reused. Off by default. | ||
</div> |
Oops, something went wrong.