Add SAML providers to CORS allowed hosts for logout. (#368)

author Ray Lee <ray.lee@lyrasis.org>

Mon, 25 Sep 2023 15:50:57 +0000 (11:50 -0400)

committer GitHub <noreply@github.com>

Mon, 25 Sep 2023 15:50:57 +0000 (11:50 -0400)
author Ray Lee <ray.lee@lyrasis.org>
Mon, 25 Sep 2023 15:50:57 +0000 (11:50 -0400)
committer GitHub <noreply@github.com>
Mon, 25 Sep 2023 15:50:57 +0000 (11:50 -0400)
diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java

index 569f9f5eb2dd5f2648920d5f764d600c7550cfa1..01d1fbe8b9b2d7f7f81c39a7262c44edb9315124 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
@@ -162,7 +162,7 @@ public class SecurityConfig {
  
                 // Read explicitly configured allowed origins from service config.
  
-               List<String> allowedOrigins = ConfigUtils.getCorsAllowedOrigins(serviceConfig);
+               List<String> allowedOrigins = new ArrayList<String>(ConfigUtils.getCorsAllowedOrigins(serviceConfig));
  
                 // Automatically add UI locations as allowed origins.
  
@@ -261,6 +261,8 @@ public class SecurityConfig {
                 Map<String, CorsConfiguration> corsConfigurations = new LinkedHashMap<>();
  
                 if (relyingPartiesConfig != null) {
+                       List<String> providerOrigins = new ArrayList<>();
+
                         for (final SAMLRelyingPartyType relyingPartyConfig : relyingPartiesConfig) {
                                 String id = relyingPartyConfig.getId();
                                 RelyingPartyRegistration registration = relyingPartyRegistrationRepository.findByRegistrationId(id);
@@ -281,6 +283,8 @@ public class SecurityConfig {
                                         String responseUrl = "/login/saml2/sso/" + id;
                                         String providerOrigin = providerUrl.getProtocol() + "://" + providerUrl.getAuthority();
  
+                                       providerOrigins.add(providerOrigin);
+
                                         configuration.setAllowedOrigins(allowedOrigins);
                                         configuration.addAllowedOrigin(providerOrigin);
  
@@ -295,6 +299,27 @@ public class SecurityConfig {
                                         corsConfigurations.put(responseUrl, configuration);
                                 }
                         }
+
+                       if (ConfigUtils.isSAMLSingleLogoutEnabled(serviceConfig)) {
+                                       CorsConfiguration configuration = new CorsConfiguration();
+                                       String responseUrl = "/logout/saml2/sso";
+
+                                       configuration.setAllowedOrigins(allowedOrigins);
+
+                                       for (String providerOrigin : providerOrigins) {
+                                               configuration.addAllowedOrigin(providerOrigin);
+                                       }
+
+                                       if (maxAge != null) {
+                                               configuration.setMaxAge(maxAge);
+                                       }
+
+                                       configuration.setAllowedMethods(Arrays.asList(
+                                               HttpMethod.POST.toString()
+                                       ));
+
+                                       corsConfigurations.put(responseUrl, configuration);
+                       }
                 }
  
                 return corsConfigurations;
diff --git a/services/config/src/main/java/org/collectionspace/services/common/config/ConfigUtils.java b/services/config/src/main/java/org/collectionspace/services/common/config/ConfigUtils.java

index 121b426d61d4e69a29431ed1a56d18013b03e655..8e4c848bb935af0c213b7906d59c679253359eb7 100644 (file)
--- a/services/config/src/main/java/org/collectionspace/services/common/config/ConfigUtils.java
+++ b/services/config/src/main/java/org/collectionspace/services/common/config/ConfigUtils.java
@@ -187,6 +187,16 @@ public class ConfigUtils {
                 return null;
         }
  
+       public static boolean isSAMLSingleLogoutEnabled(ServiceConfig serviceConfig) {
+               SAMLType saml = getSAML(serviceConfig);
+
+               if (saml != null) {
+                       return (saml.getSingleLogout() != null);
+               }
+
+               return false;
+       }
+
         public static List<SAMLRelyingPartyType> getSAMLRelyingPartyRegistrations(ServiceConfig serviceConfig) {
                 SAMLType saml = getSAML(serviceConfig);
author	Ray Lee <ray.lee@lyrasis.org>
	Mon, 25 Sep 2023 15:50:57 +0000 (11:50 -0400)
committer	GitHub <noreply@github.com>
	Mon, 25 Sep 2023 15:50:57 +0000 (11:50 -0400)
services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java		patch \| blob \| history
services/config/src/main/java/org/collectionspace/services/common/config/ConfigUtils.java		patch \| blob \| history