search

jeffwils / grails-spring-security-saml

Grails Spring Security SAML2.0 Plugin for Grails 3
8 stars 25 forks source link

userAttributeMappings not getting configured #28

Closed ali-mansoor closed 5 years ago

ali-mansoor commented 6 years ago

I am using below configuration which is always empty

      saml:
          userAttributeMappings:
              username: 'username'
irstevenson commented 6 years ago

Hi @ali-mansoor ,

Could you please advise what version you're using? From there we can better attempt to assist.

Thanks!

ali-mansoor commented 6 years ago

I am using Grails 3.3.3 and below plugin

compile "org.grails.plugins:spring-security-core:3.2.1"
compile "org.grails.plugins:spring-security-saml:3.3.0"
compile "org.grails.plugins:spring-security-ui:3.1.2"

 saml:
      userAttributeMappings:
          username: 'username'

My Grails application is not loading userAttributeMappings config which I configured in application.yml instead it taking default value

valentingoebel commented 6 years ago

I cannot reproduce this issue. Configuring userAttributeMappings works as intended.

I have checked the source code and didn't find anything problematic. The grails 3.3.0 update didn't touch that part of the codebase.

Did you correctly configure application.yml? The hierarchy should look like this.

grails:
    plugin:
        springsecurity:
            saml:
                userAttributeMappings:
                    username: 'urn:oid:0.9.2342.19200300.100.1.1'
ali-mansoor commented 6 years ago

All the other config is loading except userAttributeMappings , it is strange for me Mine config e.g


grails:
  plugin:
      springsecurity:
          password.algorithm: 'bcrypt'
          rejectIfNoRule: false
          fii.rejectPublicInvocations: false
          successHandler.defaultTargetUrl: /account/selectAccount
          successHandler.alwaysUseDefaultTargetUrl: true
          successHandler.alwaysUseDefault: true
          userLookup:
              usernamePropertyName: 'email'
              userDomainClassName: 'com.example.mdm.User'
              authorityJoinClassName: 'com.example.mdm.UserRole'
          logout.postOnly: false
          ui.encodePassword: true
          authority:
              className: 'com.example.mdm.Role'
          debug:
              useFilter: true
          saml:
              active: false
              afterLoginUrl: '/'
              afterLogoutUrl: '/'
              responseSkew: 300
              userGroupAttribute: 'memberOf'
              autoCreate:
                 active: false
                 key: 'id'
                 assignAuthorities: false
              metadata:
                 defaultldp: 'idp'
                 url: '/saml/metadata'
                 providers:
                    idp: 'security/idp-example.xml'
                 sp:
                    file: "security/sp-example.xml"
                    defaults:
                       local: true
                       entityId: 'example'
                       alias: 'localhost'
                       securityProfile: 'metaiop'
                       signingKey: 'apollo'
                       encryptionKey: 'apollo'
                       tlsKey: 'apollo'
                       requireArtifactResolveSigned: true
                       requireLogoutRequestSigned: true
                       requireLogoutResponseSigned: true
              keyManager:
                  storeFile: "classpath:security/example.jks"
                  storePass: "example"
                  passwords:
                     apollo: 'example'
                  defaultKey: 'apollo'
valentingoebel commented 6 years ago

I don't see userAttributeMappings defined in your application.yml. It should be next to userGroupAttributes but it's not there.