Skip to content

Commit

Permalink
Introduce JDBC based persistence for SAML
Browse files Browse the repository at this point in the history
  • Loading branch information
@Osara-B
Osara-B committed Jan 17, 2025
1 parent 413c5f0 commit 7968925
Show file tree
Hide file tree
Showing 22 changed files with 1,959 additions and 30 deletions.
5 changes: 5 additions & 0 deletions components/identity-core/org.wso2.carbon.identity.core/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,11 @@
<groupId>xml-apis</groupId>
<artifactId>xml-apis</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
Expand Down
14 changes: 5 additions & 9 deletions ...ntity.core/src/main/java/org/wso2/carbon/identity/core/SAMLSSOServiceProviderManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,21 +35,17 @@

import static org.wso2.carbon.identity.core.util.JdbcUtils.isH2DB;

import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.CERTIFICATE_PROPERTY_NAME;
import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SQLQueries.QUERY_TO_GET_APPLICATION_CERTIFICATE_ID;
import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SQLQueries.QUERY_TO_GET_APPLICATION_CERTIFICATE_ID_H2;


/**
* This class is used for managing SAML SSO providers. Adding, retrieving and removing service
* providers are supported here.
*/
public class SAMLSSOServiceProviderManager {

private static final String CERTIFICATE_PROPERTY_NAME = "CERTIFICATE";
private static final String QUERY_TO_GET_APPLICATION_CERTIFICATE_ID = "SELECT " +
"META.VALUE FROM SP_INBOUND_AUTH INBOUND, SP_APP SP, SP_METADATA META WHERE SP.ID = INBOUND.APP_ID AND " +
"SP.ID = META.SP_ID AND META.NAME = ? AND INBOUND.INBOUND_AUTH_KEY = ? AND META.TENANT_ID = ?";

private static final String QUERY_TO_GET_APPLICATION_CERTIFICATE_ID_H2 = "SELECT " +
"META.`VALUE` FROM SP_INBOUND_AUTH INBOUND, SP_APP SP, SP_METADATA META WHERE SP.ID = INBOUND.APP_ID AND " +
"SP.ID = META.SP_ID AND META.NAME = ? AND INBOUND.INBOUND_AUTH_KEY = ? AND META.TENANT_ID = ?";

SAMLServiceProviderPersistenceManagerFactory samlSSOPersistenceManagerFactory =
new SAMLServiceProviderPersistenceManagerFactory();
SAMLSSOServiceProviderDAO serviceProviderDAO =
Expand Down
416 changes: 416 additions & 0 deletions ...re/src/main/java/org/wso2/carbon/identity/core/dao/JDBCSAMLSSOServiceProviderDAOImpl.java
View file

Large diffs are not rendered by default.

206 changes: 206 additions & 0 deletions ...core/src/main/java/org/wso2/carbon/identity/core/dao/SAMLSSOServiceProviderConstants.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,206 @@
/*
* Copyright (c) 2025, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.core.dao;

/**
* Constants related to SAML service provider configurations.
*/
public class SAMLSSOServiceProviderConstants {

public static final String SAML_STORAGE_CONFIG = "DataStorageType.SAML";
public static final String SAML_SCHEMA_VERSION = "1.0.0";
public static final String BACKCHANNEL_LOGOUT_BINDING = "BackChannel";
public static final String CERTIFICATE_PROPERTY_NAME = "CERTIFICATE";

private SAMLSSOServiceProviderConstants() {

}

public enum MultiValuedPropertyKey {

ASSERTION_CONSUMER_URLS("ASSERTION_CONSUMER_URLS"),
AUDIENCES("AUDIENCES"),
RECIPIENTS("RECIPIENTS"),
SLO_RETURN_TO_URLS("SLO_RETURN_TO_URLS");

private final String value;

MultiValuedPropertyKey(String value) {

this.value = value;
}

@Override
public String toString() {

return value;
}
}

public static class SAML2TableColumns {

// IDN_SAML2_SERVICE_PROVIDER table.
public static final String ID = "ID";
public static final String ISSUER = "ISSUER";
public static final String DEFAULT_ASSERTION_CONSUMER_URL = "DEFAULT_ASSERTION_CONSUMER_URL";
public static final String NAME_ID_FORMAT = "NAME_ID_FORMAT";
public static final String CERT_ALIAS = "CERT_ALIAS";
public static final String REQ_SIG_VALIDATION = "REQ_SIG_VALIDATION";
public static final String SIGN_RESPONSE = "SIGN_RESPONSE";
public static final String SIGN_ASSERTIONS = "SIGN_ASSERTIONS";
public static final String SIGNING_ALGO = "SIGNING_ALGO";
public static final String DIGEST_ALGO = "DIGEST_ALGO";
public static final String ENCRYPT_ASSERTION = "ENCRYPT_ASSERTION";
public static final String ASSERTION_ENCRYPTION_ALGO = "ASSERTION_ENCRYPTION_ALGO";
public static final String KEY_ENCRYPTION_ALGO = "KEY_ENCRYPTION_ALGO";
public static final String ATTR_PROFILE_ENABLED = "ATTR_PROFILE_ENABLED";
public static final String ATTR_SERVICE_INDEX = "ATTR_SERVICE_INDEX";
public static final String SLO_PROFILE_ENABLED = "SLO_PROFILE_ENABLED";
public static final String SLO_METHOD = "SLO_METHOD";
public static final String SLO_RESPONSE_URL = "SLO_RESPONSE_URL";
public static final String SLO_REQUEST_URL = "SLO_REQUEST_URL";
public static final String IDP_INIT_SSO_ENABLED = "IDP_INIT_SSO_ENABLED";
public static final String IDP_INIT_SLO_ENABLED = "IDP_INIT_SLO_ENABLED";
public static final String QUERY_REQUEST_PROFILE_ENABLED = "QUERY_REQUEST_PROFILE_ENABLED";
public static final String ECP_ENABLED = "ECP_ENABLED";
public static final String ARTIFACT_BINDING_ENABLED = "ARTIFACT_BINDING_ENABLED";
public static final String ARTIFACT_RESOLVE_REQ_SIG_VALIDATION = "ARTIFACT_RESOLVE_REQ_SIG_VALIDATION";
public static final String IDP_ENTITY_ID_ALIAS = "IDP_ENTITY_ID_ALIAS";
public static final String ISSUER_QUALIFIER = "ISSUER_QUALIFIER";
public static final String SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES = "SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES";
public static final String TENANT_ID = "TENANT_ID";
public static final String VERSION = "VERSION";
public static final String CREATED_AT = "CREATED_AT";
public static final String UPDATED_AT = "UPDATED_AT";

// IDN_SAML2_SP_PROPERTIES table.
public static final String PROPERTY_NAME = "PROPERTY_NAME";
public static final String PROPERTY_VALUE = "PROPERTY_VALUE";
public static final String SP_ID = "SP_ID";

private SAML2TableColumns() {

}
}

public static class SQLQueries {

public static final String ADD_SAML2_SSO_CONFIG =
"INSERT INTO IDN_SAML2_SERVICE_PROVIDER " +
"(ISSUER, DEFAULT_ASSERTION_CONSUMER_URL, NAME_ID_FORMAT, CERT_ALIAS, REQ_SIG_VALIDATION, " +
"SIGN_RESPONSE, SIGN_ASSERTIONS, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, " +
"ASSERTION_ENCRYPTION_ALGO, KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, " +
"SLO_PROFILE_ENABLED, SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, " +
"IDP_INIT_SLO_ENABLED, QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " +
"ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, IDP_ENTITY_ID_ALIAS, ISSUER_QUALIFIER, " +
"SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, TENANT_ID, VERSION, CREATED_AT, UPDATED_AT) " +
"VALUES (:ISSUER;, :DEFAULT_ASSERTION_CONSUMER_URL;, :NAME_ID_FORMAT;, :CERT_ALIAS;, " +
":REQ_SIG_VALIDATION;, :SIGN_RESPONSE;, :SIGN_ASSERTIONS;, :SIGNING_ALGO;, :DIGEST_ALGO;, " +
":ENCRYPT_ASSERTION;, :ASSERTION_ENCRYPTION_ALGO;, :KEY_ENCRYPTION_ALGO;, " +
":ATTR_PROFILE_ENABLED;, :ATTR_SERVICE_INDEX;, :SLO_PROFILE_ENABLED;, :SLO_METHOD;, " +
":SLO_RESPONSE_URL;, :SLO_REQUEST_URL;, :IDP_INIT_SSO_ENABLED;, :IDP_INIT_SLO_ENABLED;, " +
":QUERY_REQUEST_PROFILE_ENABLED;, :ECP_ENABLED;, :ARTIFACT_BINDING_ENABLED;, " +
":ARTIFACT_RESOLVE_REQ_SIG_VALIDATION;, :IDP_ENTITY_ID_ALIAS;, :ISSUER_QUALIFIER;, " +
":SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES;, :TENANT_ID;, :VERSION;, :CREATED_AT;, :UPDATED_AT;)";

public static final String UPDATE_SAML2_SSO_CONFIG =
"UPDATE IDN_SAML2_SERVICE_PROVIDER " +
"SET ISSUER = :ISSUER;, DEFAULT_ASSERTION_CONSUMER_URL = :DEFAULT_ASSERTION_CONSUMER_URL;, " +
"NAME_ID_FORMAT = :NAME_ID_FORMAT;, CERT_ALIAS = :CERT_ALIAS;, " +
"REQ_SIG_VALIDATION = :REQ_SIG_VALIDATION;, SIGN_RESPONSE = :SIGN_RESPONSE;, " +
"SIGN_ASSERTIONS = :SIGN_ASSERTIONS;, SIGNING_ALGO = :SIGNING_ALGO;, " +
"DIGEST_ALGO = :DIGEST_ALGO;, ENCRYPT_ASSERTION = :ENCRYPT_ASSERTION;, " +
"ASSERTION_ENCRYPTION_ALGO = :ASSERTION_ENCRYPTION_ALGO;, " +
"KEY_ENCRYPTION_ALGO = :KEY_ENCRYPTION_ALGO;, ATTR_PROFILE_ENABLED = :ATTR_PROFILE_ENABLED;, " +
"ATTR_SERVICE_INDEX = :ATTR_SERVICE_INDEX;, SLO_PROFILE_ENABLED = :SLO_PROFILE_ENABLED;, " +
"SLO_METHOD = :SLO_METHOD;, SLO_RESPONSE_URL = :SLO_RESPONSE_URL;, " +
"SLO_REQUEST_URL = :SLO_REQUEST_URL;, IDP_INIT_SSO_ENABLED = :IDP_INIT_SSO_ENABLED;, " +
"IDP_INIT_SLO_ENABLED = :IDP_INIT_SLO_ENABLED;, " +
"QUERY_REQUEST_PROFILE_ENABLED = :QUERY_REQUEST_PROFILE_ENABLED;, " +
"ECP_ENABLED = :ECP_ENABLED;, ARTIFACT_BINDING_ENABLED = :ARTIFACT_BINDING_ENABLED;, " +
"ARTIFACT_RESOLVE_REQ_SIG_VALIDATION = :ARTIFACT_RESOLVE_REQ_SIG_VALIDATION;, " +
"IDP_ENTITY_ID_ALIAS = :IDP_ENTITY_ID_ALIAS;, ISSUER_QUALIFIER = :ISSUER_QUALIFIER;, " +
"SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES = :SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES;, " +
"UPDATED_AT = :UPDATED_AT;" +
"WHERE ID = :ID; AND TENANT_ID = :TENANT_ID;";

public static final String DELETE_SAML2_SSO_CONFIG_BY_ISSUER =
"DELETE FROM IDN_SAML2_SERVICE_PROVIDER " +
"WHERE ISSUER = :ISSUER; AND TENANT_ID = :TENANT_ID;";

public static final String GET_SAML2_SSO_CONFIG_BY_ISSUER =
"SELECT ID, ISSUER, DEFAULT_ASSERTION_CONSUMER_URL, NAME_ID_FORMAT, CERT_ALIAS, REQ_SIG_VALIDATION, " +
"SIGN_RESPONSE, SIGN_ASSERTIONS, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, " +
"ASSERTION_ENCRYPTION_ALGO, KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, " +
"SLO_PROFILE_ENABLED, SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, " +
"IDP_INIT_SLO_ENABLED, QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " +
"ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, IDP_ENTITY_ID_ALIAS, ISSUER_QUALIFIER, " +
"SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, TENANT_ID " +
"FROM IDN_SAML2_SERVICE_PROVIDER " +
"WHERE ISSUER = :ISSUER; " +
"AND TENANT_ID = :TENANT_ID;";

public static final String GET_SAML2_SSO_CONFIGS =
"SELECT ID, ISSUER, DEFAULT_ASSERTION_CONSUMER_URL, NAME_ID_FORMAT, CERT_ALIAS, REQ_SIG_VALIDATION, " +
"SIGN_RESPONSE, SIGN_ASSERTIONS, SIGNING_ALGO, DIGEST_ALGO, ENCRYPT_ASSERTION, " +
"ASSERTION_ENCRYPTION_ALGO, KEY_ENCRYPTION_ALGO, ATTR_PROFILE_ENABLED, ATTR_SERVICE_INDEX, " +
"SLO_PROFILE_ENABLED, SLO_METHOD, SLO_RESPONSE_URL, SLO_REQUEST_URL, IDP_INIT_SSO_ENABLED, " +
"IDP_INIT_SLO_ENABLED, QUERY_REQUEST_PROFILE_ENABLED, ECP_ENABLED, ARTIFACT_BINDING_ENABLED, " +
"ARTIFACT_RESOLVE_REQ_SIG_VALIDATION, IDP_ENTITY_ID_ALIAS, ISSUER_QUALIFIER, " +
"SUPPORTED_ASSERTION_QUERY_REQUEST_TYPES, TENANT_ID " +
"FROM IDN_SAML2_SERVICE_PROVIDER " +
"WHERE TENANT_ID = :TENANT_ID;";

public static final String GET_SAML_SP_ID_BY_ISSUER =
"SELECT ID " +
"FROM IDN_SAML2_SERVICE_PROVIDER " +
"WHERE ISSUER = :ISSUER; " +
"AND TENANT_ID = :TENANT_ID;";

public static final String ADD_SAML_SSO_ATTR =
"INSERT INTO IDN_SAML2_SP_PROPERTIES " +
"(PROPERTY_NAME, PROPERTY_VALUE, SP_ID) " +
"VALUES (:PROPERTY_NAME;, :PROPERTY_VALUE;, :SP_ID;)";

public static final String DELETE_SAML_SSO_ATTR =
"DELETE FROM IDN_SAML2_SP_PROPERTIES " +
"WHERE SP_ID IN (" + GET_SAML_SP_ID_BY_ISSUER + ")";

public static final String DELETE_SAML_SSO_ATTR_BY_ID =
"DELETE FROM IDN_SAML2_SP_PROPERTIES " +
"WHERE SP_ID = :SP_ID;";

public static final String GET_SAML_SSO_ATTR_BY_ID =
"SELECT ID, PROPERTY_NAME, PROPERTY_VALUE " +
"FROM IDN_SAML2_SP_PROPERTIES " +
"WHERE SP_ID = :SP_ID;";

public static final String QUERY_TO_GET_APPLICATION_CERTIFICATE_ID = "SELECT " +
"META.VALUE FROM SP_INBOUND_AUTH INBOUND, SP_APP SP, SP_METADATA META WHERE SP.ID = INBOUND.APP_ID " +
"AND SP.ID = META.SP_ID AND META.NAME = ? AND INBOUND.INBOUND_AUTH_KEY = ? AND META.TENANT_ID = ?";

public static final String QUERY_TO_GET_APPLICATION_CERTIFICATE_ID_H2 = "SELECT " +
"META.`VALUE` FROM SP_INBOUND_AUTH INBOUND, SP_APP SP, SP_METADATA META WHERE SP.ID = INBOUND.APP_ID " +
"AND SP.ID = META.SP_ID AND META.NAME = ? AND INBOUND.INBOUND_AUTH_KEY = ? AND META.TENANT_ID = ?";

private SQLQueries() {

}
}
}
7 changes: 5 additions & 2 deletions .../java/org/wso2/carbon/identity/core/dao/SAMLServiceProviderPersistenceManagerFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,15 @@
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.core.util.IdentityUtil;

import static org.wso2.carbon.identity.core.dao.SAMLSSOServiceProviderConstants.SAML_STORAGE_CONFIG;

/**
* Factory class to create instances of SAMLSSOServiceProviderDAO based on the configured storage type.
*/
public class SAMLServiceProviderPersistenceManagerFactory {

private static final Log LOG = LogFactory.getLog(SAMLServiceProviderPersistenceManagerFactory.class);
private static String SAML_STORAGE_TYPE = IdentityUtil.getProperty("DataStorageType.SAML");
private static String SAML_STORAGE_TYPE = IdentityUtil.getProperty(SAML_STORAGE_CONFIG);
private static final String HYBRID = "hybrid";
private static final String DATABASE = "database";

Expand All @@ -39,11 +41,12 @@ public SAMLSSOServiceProviderDAO getSAMLServiceProviderPersistenceManager() {
if (StringUtils.isNotBlank(SAML_STORAGE_TYPE)) {
switch (SAML_STORAGE_TYPE) {
case HYBRID:
// Initialize hybrid SAML storage.
// Initialize Hybrid SAML storage.
LOG.info("Hybrid SAML storage initialized.");
break;
case DATABASE:
// Initialize JDBC SAML storage.
samlSSOServiceProviderDAO = new JDBCSAMLSSOServiceProviderDAOImpl();
LOG.info("JDBC based SAML storage initialized.");
break;
}
Expand Down
Loading

0 comments on commit 7968925

Please sign in to comment.