From: Ray Lee <ray.lee@lyrasis.org>
Date: Mon, 27 Nov 2023 23:11:54 +0000 (-0500)
Subject: Add LDAP mail attribute to default SAML username probes.
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=a82b7f47b5e0c98ceca4dbfdcd54d6c31be13ad1;p=tmp%2Fjakarta-migration.git

Add LDAP mail attribute to default SAML username probes.
---

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
index c99c13a01..30d59068e 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityConfig.java
@@ -576,7 +576,9 @@ public class SecurityConfig {
 						attemptedUsernames.addAll(candidateUsernames);
 					}
 
-					String errorMessage = "No CollectionSpace account was found for " + StringUtils.join(attemptedUsernames, " / ") + ".";
+					String errorMessage = attemptedUsernames.size() == 0
+						? "The SAML assertion did not contain a CollectionSpace username."
+						: "No CollectionSpace account found for " + StringUtils.join(attemptedUsernames, " / ") + ".";
 
 					throw(new UsernameNotFoundException(errorMessage));
 				}
diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
index 0c5530947..5017bbe6c 100644
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
@@ -70,7 +70,6 @@ public class SecurityUtils {
     public static final String BASE64_ENCODING = "BASE64";
     public static final String BASE16_ENCODING = "HEX";
     public static final String RFC2617_ENCODING = "RFC2617";
-    private static char MD5_HEX[] = "0123456789abcdef".toCharArray();
 
     private static final List<Object> DEFAULT_SAML_ASSERTION_USERNAME_PROBES = new ArrayList<>();
 
@@ -78,6 +77,7 @@ public class SecurityUtils {
         DEFAULT_SAML_ASSERTION_USERNAME_PROBES.add(new AssertionNameIDProbeType());
 
         String[] attributeNames = new String[]{
+            "urn:oid:0.9.2342.19200300.100.1.3",
             "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
             "email",
             "mail"
diff --git a/services/config/src/main/resources/service-config.xsd b/services/config/src/main/resources/service-config.xsd
index 7161e0c01..f67f4a9b1 100644
--- a/services/config/src/main/resources/service-config.xsd
+++ b/services/config/src/main/resources/service-config.xsd
@@ -278,6 +278,7 @@
                         username. Defaults to:
 
                         <name-id />
+                        <attribute name="urn:oid:0.9.2342.19200300.100.1.3" />
                         <attribute name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />
                         <attribute name="email" />
                         <attribute name="mail" />