search

GluuFederation / community-edition-setup

Scripts and templates to automate deployment and configuration of the Gluu Server Community Edition
https://gluu.org/docs/ce
MIT License
188 stars 58 forks source link

Enable IDP installation with Couchbase #537

Closed yurem closed 5 years ago

yurem commented 5 years ago

Here are list of steps which we need to implement:

I have something to try:

1. Add following bean’s definition in /opt/shibboleth-idp/conf/global.xml

 <bean id="siteDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close"
     p:driverClassName="%{idp.attribute.resolver.datasource.driverClass}"
     p:url="%{idp.attribute.resolver.datasource.jdbcUrl}" p:username="%{idp.attribute.resolver.datasource.user}" p:password="%{idp.attribute.resolver.datasource.password}"
     p:maxActive="10" p:maxIdle="5" p:maxWait="2000" p:testOnBorrow="true"
     p:validationQuery="select 1" p:validationQueryTimeout="5">
     <property name="connectionProperties">
         <value>EnableSSL=true</value>
     </property>
</bean>

2. Add /opt/shibboleth-idp/conf/datasource.properties
Put context like this:
idp.attribute.resolver.datasource.driverClass=com.couchbase.jdbc.CBDriver
idp.attribute.resolver.datasource.jdbcUrl=jdbc:couchbase://localhost:18093
idp.attribute.resolver.datasource.user=admin
idp.attribute.resolver.datasource.password=xyz
idp.attribute.resolver.N1QL.searchFilter=select doc.* from `gluu_user` doc where ((uid = "$requestContext.principalName") OR ("$requestContext.principalName" IN uid)) OR ((mail = "$requestContext.principalName") OR ("$requestContext.principalName" IN mail))

3. Modify /opt/shibboleth-idp/conf/idp.properties
Add to idp.additionalProperties /conf/datosource.properties

4. Update /opt/shibboleth-idp/conf/attribute-resolver.xml
<resolver:DataConnector id="siteDataConnector" xsi:type="dc:RelationalDatabase">
<dc:BeanManagedConnection>siteDataSource</dc:BeanManagedConnection>

 <dc:QueryTemplate>

 <![CDATA[
         %{idp.attribute.resolver.N1QL.searchFilter}
     ]]>
    </dc:QueryTemplate>
</resolver:DataConnector>
yurem commented 5 years ago

Also we need to update next velocity template: https://github.com/GluuFederation/oxTrust/blob/a22c5b96c998327f63b88fd4705b994b8dff2839/configuration/template/shibboleth3/idp/attribute-resolver.xml.vm#L51

We can use next pattern for example:

#if($resovlerParams.persistenceType.equals('couchbase'))
<resolver:DataConnector id="siteLDAP" xsi:type="dc:RelationalDatabase">
<dc:BeanManagedConnection>DbDataSource</dc:BeanManagedConnection>

 <dc:QueryTemplate>

 <![CDATA[
         %{idp.attribute.resolver.N1QL.searchFilter}
     ]]>
    </dc:QueryTemplate>
</resolver:DataConnector>
#else
<resolver:DataConnector id="siteLDAP" xsi:type="dc:LDAPDirectory"
...
#end
yurem commented 5 years ago

@mbaser let me know when you will finidh this. I will update oxTrust to set resovlerParams.persistenceType

yurem commented 5 years ago

I've updated oxTrust: https://github.com/GluuFederation/oxTrust/commit/655da52204074140519671d8de967704cd2ec59f