Add LDAP mail attribute to default SAML username probes.

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
index c99c13a010ce5c370d0ff728e4a3ff12fd4442f9..30d59068eab2be4ad7bcb4a0b785e39c99595b97 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
@@ -576,7 +576,9 @@ public class SecurityConfig {
                                                attemptedUsernames.addAll(candidateUsernames);
                                        }
 
-                                       String errorMessage = "No CollectionSpace account was found for " + StringUtils.join(attemptedUsernames, " / ") + ".";
+                                       String errorMessage = attemptedUsernames.size() == 0
+                                               ? "The SAML assertion did not contain a CollectionSpace username."
+                                               : "No CollectionSpace account found for " + StringUtils.join(attemptedUsernames, " / ") + ".";
 
                                        throw(new UsernameNotFoundException(errorMessage));
                                }

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
index 0c55309471069d3c7fd946e71c28370f4ad3a010..5017bbe6c3072447b4e5d9242242a83cd2dca085 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
@@ -70,7 +70,6 @@ public class SecurityUtils {
     public static final String BASE64_ENCODING = "BASE64";
     public static final String BASE16_ENCODING = "HEX";
     public static final String RFC2617_ENCODING = "RFC2617";
-    private static char MD5_HEX[] = "0123456789abcdef".toCharArray();
 
     private static final List<Object> DEFAULT_SAML_ASSERTION_USERNAME_PROBES = new ArrayList<>();
 
@@ -78,6 +77,7 @@ public class SecurityUtils {
         DEFAULT_SAML_ASSERTION_USERNAME_PROBES.add(new AssertionNameIDProbeType());
 
         String[] attributeNames = new String[]{
+            "urn:oid:0.9.2342.19200300.100.1.3",
             "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
             "email",
             "mail"

diff --git a/services/config/src/main/resources/service-config.xsd b/services/config/src/main/resources/service-config.xsd
index 7161e0c012a90bc08030c95568ee3e9d97dbfe0c..f67f4a9b1faf524ab4cbc98f78123195acff6a55 100644 (file)
--- a/services/config/src/main/resources/service-config.xsd
+++ b/services/config/src/main/resources/service-config.xsd
@@ -278,6 +278,7 @@
                         username. Defaults to:
 
                         <name-id />
+                        <attribute name="urn:oid:0.9.2342.19200300.100.1.3" />
                         <attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
                         <attribute name="email" />
                         <attribute name="mail" />