Bug 6179 – Add identity attribute values to list of SAMLPrincipals

Bug 6179 - Add identity attribute values to list of SAMLPrincipals

Summary:

Add identity attribute values to list of SAMLPrincipals

Status:	RESOLVED FIXED

Product:	GridShib
Component:	SAML/Binding Tools
Version:	0.4.2
Platform:	All All

Importance:	P3 enhancement
Target Milestone:	beta
Assigned To:	Tom Scavo

URL:
Keywords:

Depends on:	5965
Blocks:	5966
	Show dependency tree / graph

Reported:	2008-06-22 13:22 by Tom Scavo
Modified:	2008-07-23 20:21 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Tom Scavo 2008-06-22 13:22:18

Add identity attribute values to the list of SAMLPrincipals returned by the
getSAMLPrincipals() method in SAMLSecurityContext.

- implement bootstrap property identityAttributesPath
- implement getIdentityAttributes method in BootstrapConfigLoader
- implement setIdentityAttributes method in BootstrapConfigLoader
- when a BasicAttribute becomes trusted, create a list of SAMLPrincipals

Whether or not a SAMLPrincipal is created depends on a configurable file list
of identity attributes.  For example, if the file contains the following
attributes:

urn:mace:dir:attribute-def:mail
urn:oid:0.9.2342.19200300.100.1.3

any value of a trusted 'mail' attribute automatically becomes a SAMLPrincipal. 
As a consequence, the 'mail' attribute becomes blacklistable in GS4GT.

------- Comment #1 From Tom Scavo 2008-06-23 08:26:01 -------

Made the following modifications:

- added identityAttributesPath bootstrap prop to build.properties
- created default identity-attributes.txt file in etc directory
- modified build.xml, common/java/build.xml, and BootstrapConfigLoader to
process identityAttributesPath bootstrap prop
- added setIdentityAttributes(StringSetFile) and getIdentityAttributes()
methods to BootstrapConfigLoader
- added getSAMLPrincipals() method to BasicAttribute
- changed the visibility of getSAMLPrincipal() method in SAMLIdentity (to match
the new getSAMLPrincipals() method in BasicAttribute)
- refactored getSAMLPrincipals() method in SAMLSecurityContext to include SAML
principals associated with BasicAttribute instances

------- Comment #2 From Tom Scavo 2008-06-23 08:28:38 -------

The identity-attributes.txt file in the etc directory has the following
content:

############ BEGIN LISTING
# Identity Attributes
#
# The value(s) of trusted identity attributes are 
# globally unique SAML principal names.

# FriendlyName="eduPersonPrincipalName"
urn:oid:1.3.6.1.4.1.5923.1.1.1.6

# FriendlyName="mail"
urn:mace:dir:attribute-def:mail
urn:oid:0.9.2342.19200300.100.1.3
############ END LISTING

These are the identity attributes that immediately come to mind.  If you can
think of others, let me know.

------- Comment #3 From Tom Scavo 2008-06-23 08:29:38 -------

As an aside, added a getResource() method to LoadableResource.

------- Comment #4 From Tom Scavo 2008-06-23 08:37:30 -------

Implemented unit test BasicAttributeTest.

------- Comment #5 From Tom Scavo 2008-06-23 08:41:58 -------

All files have been committed to CVS HEAD.  This new feature will be
distributed with GS-ST v0.4.3.