OpenID with OpenASelect - Part 4
Finally, here's the
oa.xml
(yes, it's big, I know):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE oa-server
[
<!ENTITY server "ldap://ldapserver:389">
<!ENTITY base "OU=Institute,DC=corporate,DC=domain,DC=com">
<!ENTITY user "user@domain.com">
<!ENTITY password "changeme">
]>
<oa-server>
<!-- Server Configuration -->
<server id="openid.domain.com" friendlyname="Institute OpenID Server">
<organization id="Institute OpenID" friendlyname="Institute OpenID" />
</server>
<!-- Engine Configuration -->
<crypto>
<message_digest algorithm="SHA1" />
<random_generator algorithm="SHA1PRNG" />
</crypto>
<sessionfactory class="com.alfaariss.oa.engine.session.memory.MemorySessionFactory">
<expire>900</expire>
<interval>60</interval>
<max>100</max>
</sessionfactory>
<tgtfactory class="com.alfaariss.oa.engine.tgt.memory.MemoryTGTFactory">
<expire>3600</expire>
<interval>60</interval>
<max>100</max>
</tgtfactory>
<!-- User Provisioning -->
<userfactory class="com.alfaariss.oa.engine.user.provisioning.ProvisioningFactory">
<main>
<translator>standard</translator>
</main>
<translator id="standard" class="com.alfaariss.oa.engine.user.provisioning.translator.standard.StandardTranslator">
<main>
<externalstorage>ext_jndi</externalstorage>
<profile>jndi</profile>
</main>
<profile id="jndi" class="com.alfaariss.oa.engine.user.provisioning.translator.standard.StandardProfile">
<account>
<enabled default="true" field="userPrincipalName" converter="exist" />
<authentication>
<method id="JNDIPassword">
<registered default="true" />
</method>
</authentication>
</account>
<convertermanager>
<converter id="exist" class="com.alfaariss.oa.engine.user.provisioning.translator.standard.converter.exist.ExistConverter" />
</convertermanager>
</profile>
</translator>
<storagemanager>
<storage id="ext_jndi" class=".external.jndi.JNDIExternalStorage">
<resource>
<driver>com.sun.jndi.ldap.LdapCtxFactory</driver>
<url>&server;</url>
<ssl>false</ssl>
<security_principal>
<dn>&user;</dn>
<password>&password;</password>
</security_principal>
<dn>
<base>&base;</base>
<user>userPrincipalName</user>
</dn>
</resource>
</storage>
</storagemanager>
</userfactory>
<attributegatherer id="ax_attribgather" friendlyname="Gatherer" enabled="true">
<!-- AX axschema.org -->
<processor id="axschemaorg_jndi" friendlyname="JNDI axschema.org AX Attribute Gatherer"
class="com.alfaariss.oa.engine.attribute.gather.processor.jndi.JNDIGatherer">
<resource>
<driver>com.sun.jndi.ldap.LdapCtxFactory</driver>
<url>&server;</url>
<ssl>false</ssl>
<security_principal>
<dn>&user;</dn>
<password>&password;</password>
</security_principal>
<dn>
<base>&base;</base>
<user>userPrincipalName</user>
</dn>
</resource>
<gather>
<attribute name="c" />
<attribute name="company" />
<attribute name="description" />
<attribute name="givenName" />
<attribute name="l" />
<attribute name="mail" />
<attribute name="mobile" />
<attribute name="name" />
<attribute name="postOfficeBox" />
<attribute name="postalCode" />
<attribute name="sAMAccountName" />
<attribute name="sn" />
<attribute name="telephoneNumber" />
<attribute name="title" />
<attribute name="wWWHomePage" />
</gather>
<mapper>
<map int="http://axschema.org/namePerson/friendly" ext="sAMAccountName" />
<map int="http://axschema.org/namePerson" ext="name" />
<map int="http://axschema.org/namePerson/prefix" ext="title" />
<map int="http://axschema.org/namePerson/first" ext="givenName" />
<map int="http://axschema.org/namePerson/last" ext="sn" />
<map int="http://axschema.org/company/name" ext="company" />
<map int="http://axschema.org/company/title" ext="description" />
<map int="http://axschema.org/contact/phone/default" ext="telephoneNumber" />
<map int="http://axschema.org/contact/phone/cell" ext="mobile" />
<map int="http://axschema.org/contact/postalAddress/business" ext="postOfficeBox" />
<map int="http://axschema.org/contact/city/business" ext="l" />
<map int="http://axschema.org/contact/country/business" ext="c" />
<map int="http://axschema.org/contact/postalCode/business" ext="postalCode" />
<map int="http://axschema.org/contact/email" ext="mail" />
<map int="http://axschema.org/contact/web/default" ext="wWWHomePage" />
</mapper>
</processor>
<!-- AX openid.net/schema -->
<processor id="openidnet_jndi" friendlyname="JNDI axschema.org AX Attribute Gatherer"
class="com.alfaariss.oa.engine.attribute.gather.processor.jndi.JNDIGatherer">
<resource>
<driver>com.sun.jndi.ldap.LdapCtxFactory</driver>
<url>&server;</url>
<ssl>false</ssl>
<security_principal>
<dn>&user;</dn>
<password>&password;</password>
</security_principal>
<dn>
<base>&base;</base>
<user>userPrincipalName</user>
</dn>
</resource>
<gather>
<attribute name="c" />
<attribute name="company" />
<attribute name="description" />
<attribute name="givenName" />
<attribute name="l" />
<attribute name="mail" />
<attribute name="mobile" />
<attribute name="name" />
<attribute name="postOfficeBox" />
<attribute name="postalCode" />
<attribute name="sAMAccountName" />
<attribute name="sn" />
<attribute name="telephoneNumber" />
<attribute name="title" />
<attribute name="wWWHomePage" />
</gather>
<mapper>
<map int="http://openid.net/schema/namePerson/prefix" ext="title" />
<map int="http://openid.net/schema/namePerson/first" ext="givenName" />
<map int="http://openid.net/schema/namePerson/last" ext="sn" />
<map int="http://openid.net/schema/namePerson/friendly" ext="sAMAccountName" />
<map int="http://openid.net/schema/contact/phone/default" ext="telephoneNumber" />
<map int="http://openid.net/schema/contact/postaladdress/business" ext="postOfficeBox" />
<map int="http://openid.net/schema/contact/city/business" ext="l" />
<map int="http://openid.net/schema/contact/country/business" ext="c" />
<map int="http://openid.net/schema/contact/postalcode/business" ext="postalCode" />
<map int="http://openid.net/schema/contact/internet/email" ext="mail" />
<map int="http://openid.net/schema/contact/web/default" ext="wWWHomepage" />
<map int="http://openid.net/schema/company/name" ext="company" />
<map int="http://openid.net/schema/company/title" ext="description" />
</mapper>
</processor>
<!-- AX schema.openid.net -->
<processor id="schemaopenidnet_jndi" friendlyname="JNDI axschema.org AX Attribute Gatherer"
class="com.alfaariss.oa.engine.attribute.gather.processor.jndi.JNDIGatherer">
<resource>
<driver>com.sun.jndi.ldap.LdapCtxFactory</driver>
<url>&server;</url>
<ssl>false</ssl>
<security_principal>
<dn>&user;</dn>
<password>&password;</password>
</security_principal>
<dn>
<base>&base;</base>
<user>userPrincipalName</user>
</dn>
</resource>
<gather>
<attribute name="c" />
<attribute name="company" />
<attribute name="description" />
<attribute name="givenName" />
<attribute name="l" />
<attribute name="mail" />
<attribute name="mobile" />
<attribute name="name" />
<attribute name="postOfficeBox" />
<attribute name="postalCode" />
<attribute name="sAMAccountName" />
<attribute name="sn" />
<attribute name="telephoneNumber" />
<attribute name="title" />
<attribute name="wWWHomePage" />
</gather>
<mapper>
<map int="http://schema.openid.net/namePerson/prefix" ext="title" />
<map int="http://schema.openid.net/namePerson/first" ext="givenName" />
<map int="http://schema.openid.net/namePerson/last" ext="sn" />
<map int="http://schema.openid.net/namePerson/friendly" ext="sAMAccountName" />
<map int="http://schema.openid.net/contact/phone/default" ext="telephoneNumber" />
<map int="http://schema.openid.net/contact/postaladdress/business" ext="postOfficeBox" />
<map int="http://schema.openid.net/contact/city/business" ext="l" />
<map int="http://schema.openid.net/contact/country/business" ext="c" />
<map int="http://schema.openid.net/contact/postalcode/business" ext="postalCode" />
<map int="http://schema.openid.net/contact/internet/email" ext="mail" />
<map int="http://schema.openid.net/contact/web/default" ext="wWWHomepage" />
<map int="http://schema.openid.net/company/name" ext="company" />
<map int="http://schema.openid.net/company/title" ext="description" />
</mapper>
</processor>
<!-- AX verify.sxip.com -->
<processor id="sxip_jndi" friendlyname="JNDI axschema.org AX Attribute Gatherer"
class="com.alfaariss.oa.engine.attribute.gather.processor.jndi.JNDIGatherer">
<resource>
<driver>com.sun.jndi.ldap.LdapCtxFactory</driver>
<url>&server;</url>
<ssl>false</ssl>
<security_principal>
<dn>&user;</dn>
<password>&password;</password>
</security_principal>
<dn>
<base>&base;</base>
<user>userPrincipalName</user>
</dn>
</resource>
<gather>
<attribute name="mail" />
</gather>
<mapper>
<map int="http://verify.sxip.com/schema/verifiedEmail" ext="mail" />
</mapper>
</processor>
<!-- SREG -->
<processor id="sreg_jndi" friendlyname="JNDI SREG Attribute Gatherer"
class="com.alfaariss.oa.engine.attribute.gather.processor.jndi.JNDIGatherer">
<resource>
<driver>com.sun.jndi.ldap.LdapCtxFactory</driver>
<url>&server;</url>
<ssl>false</ssl>
<security_principal>
<dn>&user;</dn>
<password>&password;</password>
</security_principal>
<dn>
<base>&base;</base>
<user>userPrincipalName</user>
</dn>
</resource>
<gather>
<attribute name="c" />
<attribute name="mail" />
<attribute name="name" />
<attribute name="postalCode" />
<attribute name="sAMAccountName" />
</gather>
<mapper>
<map int="nickname" ext="sAMAccountName" />
<map int="email" ext="mail" />
<map int="fullname" ext="name" />
<map int="postcode" ext="postalCode" />
<map int="country" ext="c" />
</mapper>
</processor>
</attributegatherer>
<attributerelease class="com.alfaariss.oa.engine.attribute.release.configuration.ConfigurationFactory">
<policy id="releasepolicy.1" friendlyname="Release Policy" enabled="true">
<attribute name="*" />
</policy>
</attributerelease>
<!-- Business Logic -->
<requestorpoolfactory class="com.alfaariss.oa.engine.requestor.configuration.ConfigurationFactory">
<pool id="requestorpool.1" friendlyname="OpenID Requestor Pool" enabled="true">
<authentication forced="false">
<profile id="authentication.openid" />
</authentication>
<attributerelease policy="releasepolicy.1" />
<requestors type="sp">
<requestor id="openid" friendlyname="OpenID requestor" enabled="true" />
</requestors>
</pool>
</requestorpoolfactory>
<authentication class="com.alfaariss.oa.engine.authentication.configuration.ConfigurationFactory">
<profile id="authentication.openid" friendlyname="Login" enabled="true">
<method id="JNDIPassword" />
</profile>
</authentication>
<!-- Web SSO -->
<websso single_sign_on="true">
<cookie domain="domain.com" />
<view>
<profile_selection path="/ui/sso/select.jsp" />
<user_info path="/ui/sso/user_info.jsp" />
<logged_out path="/ui/sso/logged_out.jsp" />
</view>
<authentication always_show_select_form="false">
<methods>
<method id="JNDIPassword" friendlyname="Password Authentication"
class="com.alfaariss.oa.authentication.password.PasswordAuthenticationMethod">
<template path="/ui/sso/authn/password/password.jsp" />
<retries>3</retries>
<password_handler class="com.alfaariss.oa.authentication.password.jndi.JNDIPasswordHandler">
<resource realm="@domain.com">
<full_uid>true</full_uid>
<driver>com.sun.jndi.ldap.LdapCtxFactory</driver>
<url>&server;</url>
<ssl>false</ssl>
<security_principal>
<dn>&user;</dn>
<password>&password;</password>
</security_principal>
<dn>
<base>&base;</base>
<user>userPrincipalName</user>
</dn>
</resource>
</password_handler>
</method>
</methods>
</authentication>
</websso>
<!-- IdP Profiles -->
<profiles>
<profile id="openid" class="com.alfaariss.oa.profile.openid.OpenIDProcessor">
<privatestore>memory</privatestore>
<sharedstore>memory</sharedstore>
<usermapping>simple</usermapping>
<interval>86400</interval>
<expirytime>1800</expirytime>
<endpoint>https://openid.domain.com/openaselect/profiles/openid/</endpoint>
<confirmationpage>/ui/profiles/openid/authz_consumer.jsp</confirmationpage>
<xrdsdocument>/ui/users/xrds/xrds.jsp</xrdsdocument>
<userdocument>/ui/users/user.jsp</userdocument>
<error>
<jsp path="/ui/profiles/openid/error.jsp" />
</error>
<websso>
<path>/sso/web</path>
</websso>
<associationstores>
<associationstore id="memory" class="org.openid4java.server.InMemoryServerAssociationStore"/>
</associationstores>
<mappings>
<mapping id="simple" class="com.alfaariss.oa.profile.openid.mapping.SimpleMapping">
<config>
<idtemplate>https://openid.domain.com/[username]</idtemplate>
</config>
</mapping>
</mappings>
<extensions>
<extension id="http://openid.net/extensions/sreg/1.0"
class="com.alfaariss.oa.profile.openid.extension.sreg.SimpleRegistrationProcessor" param_signing="true" enabled="true" />
<extension id="http://openid.net/extensions/sreg/1.1"
class="com.alfaariss.oa.profile.openid.extension.sreg.SimpleRegistrationProcessor" param_signing="true" enabled="true" />
<extension id='http://openid.net/srv/ax/1.0'
class="com.alfaariss.oa.profile.openid.extension.ax.AttributeExchangeProcessor" param_signing="true" enabled="true" />
</extensions>
</profile>
</profiles>
<!-- Helpers -->
<helpers>
<helper id="stylesheet" enabled="true"
class="com.alfaariss.oa.helper.stylesheet.StyleSheetHelper">
<default location="http://openid.domain.com/css/style.css" />
</helper>
</helpers>
</oa-server>
No comments:
Post a Comment