-
Notifications
You must be signed in to change notification settings - Fork 20
ESGF_Attribute_Service_Examples
Stephen Pascoe edited this page Apr 9, 2014
·
6 revisions
| Wiki Reorganisation |
|---|
| This page has been classified for reorganisation. It has been given the category REVISE. |
| This page contains useful content but needs revision. It may contain out of date or inaccurate content. |
<?xml version="1.0" encoding="UTF-8"?>
<!-- Application-specific Spring configuration file -->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd">
<!--ESG SAML-based Attribute Service stack (with example white list) -->
<bean name="attributeServiceController" class="esg.security.attr.web.SAMLAttributeServiceSoapController">
<!-- <property name="whiteListCertificateProvider" ref="whiteList"/> -->
</bean>
<bean name="samlAttributeService" class="esg.security.attr.service.impl.SAMLAttributeServiceSoapImpl" />
<!-- Example implementation that looks up user attributes in local XML file -->
<bean id="samlAttributeFactory" class="esg.security.attr.service.impl.SAMLAttributeFactoryLocalXmlImpl">
<constructor-arg index="0"><value>ESGF Attribute Service</value></constructor-arg>
<constructor-arg index="1"><value>esg/security/config/ESGFusers.xml</value></constructor-arg>
</bean>
<!-- Example white list -->
<bean name="whiteList" class="esg.security.common.WhiteListCertificateProvider">
<constructor-arg index="0">
<list>
<value>CN=https://esg-gateway.jpl.nasa.gov/myopenid/rootAdmin, OU=jpl-esg.jpl.nasa.gov, OU=ESG-JPL, O=ESG</value>
</list>
</constructor-arg>
</bean>
<!-- Test controller -->
<bean name="testController" class="esg.security.webclient.TestController" />
</beans>
<?xml version="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
<soap11:Body>
<samlp:AttributeQuery xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="9b0061a4-7102-4e21-8748-5a993b95548e"
IssueInstant="2009-08-05T19:20:09.089Z" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName">
Test SAML Client</saml:Issuer>
<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:NameID Format="urn:esg:openid">https://localhost:8443/esgf-idp/openid/testUser</saml:NameID>
</saml:Subject>
<!-- uncomment below to request specific attributes -->
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="FirstName"
Name="urn:esg:first:name" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="LastName"
Name="urn:esg:last:name" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="EmailAddress"
Name="urn:esg:email:address" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="CMIP5" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Name="NASA OBS" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
Name="Test Attribute" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole"
Name="urn:esgf:test:grouprole" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
<saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" FriendlyName="GroupRole"
Name="urn:esg:group:role" NameFormat="http://www.w3.org/2001/XMLSchema#string"/>
</samlp:AttributeQuery>
</soap11:Body>
</soap11:Envelope>
<?xml version="1.0" encoding="UTF-8"?><soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
<soap11:Body>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" ID="fce726ae-7f1d-4d7e-8de5-f8f079e3a022"
InResponseTo="9b0061a4-7102-4e21-8748-5a993b95548e" IssueInstant="2011-06-08T22:24:40.045Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
ESGF Attribute Service</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="3c79552d-e5a4-4361-8725-7d144c97b569"
IssueInstant="2011-06-08T22:24:40.045Z" Version="2.0">
<saml2:Issuer Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">ESGF Attribute Service</saml2:Issuer>
<saml2:Subject>
<saml2:NameID Format="urn:esg:openid">https://localhost:8443/esgf-idp/openid/testUser</saml2:NameID>
</saml2:Subject>
<saml2:Conditions NotBefore="2011-06-08T22:24:40.045Z" NotOnOrAfter="2011-06-09T22:24:40.045Z"/>
<saml2:AttributeStatement>
<saml2:Attribute FriendlyName="FirstName" Name="urn:esg:first:name" NameFormat="http://www.w3.org/2001/XMLSchema#string">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">test</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="LastName" Name="urn:esg:last:name" NameFormat="http://www.w3.org/2001/XMLSchema#string">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">user</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="EmailAddress" Name="urn:esg:email:address" NameFormat="http://www.w3.org/2001/XMLSchema#string">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">test@user</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="CMIP5" NameFormat="http://www.w3.org/2001/XMLSchema#string">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="NASA OBS" NameFormat="http://www.w3.org/2001/XMLSchema#string">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="Test Attribute" NameFormat="http://www.w3.org/2001/XMLSchema#string">
<saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">User</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="groupRole">
<saml2:AttributeValue>
<esg:groupRole xmlns:esg="http://www.esg.org" group="CMIP5 Commercial" role="default"/>
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute FriendlyName="GroupRole" Name="urn:esg:group:role" NameFormat="groupRole">
<saml2:AttributeValue>
<esg:groupRole xmlns:esg="http://www.esg.org" group="CMIP5 Research" role="default"/>
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>
</soap11:Body>
</soap11:Envelope>
<?xml version="1.0" encoding="ISO-8859-1"?>
<users>
<!-- esg-datanode.jpl.nasa.gov users -->
<user openid="https://esg-datanode.jpl.nasa.gov/esgf-idp/openid/testUser" first_name="test" last_name="user" email="test@user">
<attribute attribute_type="CMIP5" attribute_value="User"/>
<attribute attribute_type="NASA OBS" attribute_value="User"/>
<attribute attribute_type="Test Attribute" attribute_value="User"/>
</user>
<user openid="https://esg-datanode.jpl.nasa.gov/esgf-idp/openid/rootAdmin" first_name="root" last_name="admin" email="root@admin">
<attribute attribute_type="NASA OBS" attribute_value="Admin"/>
</user>
<!-- test-datanode.jpl.nasa.gov users -->
<user openid="https://test-datanode.jpl.nasa.gov/esgf-idp/openid/testUser" first_name="test" last_name="user" email="test@user">
<attribute attribute_type="CMIP5" attribute_value="User"/>
<attribute attribute_type="NASA OBS" attribute_value="User"/>
<attribute attribute_type="Test Attribute" attribute_value="User"/>
</user>
<user openid="https://test-datanode.jpl.nasa.gov/esgf-idp/openid/rootAdmin" first_name="root" last_name="admin" email="root@admin">
<attribute attribute_type="NASA OBS" attribute_value="Admin"/>
</user>
<!-- localhost users -->
<user openid="https://localhost:8443/esgf-idp/openid/testUser" first_name="test" last_name="user" email="test@user">
<attribute attribute_type="CMIP5" attribute_value="User"/>
<attribute attribute_type="NASA OBS" attribute_value="User"/>
<attribute attribute_type="Test Attribute" attribute_value="User"/>
<grouprole attribute_type="urn:esg:group:role" group="CMIP5 Research" role="default"/>
<grouprole attribute_type="urn:esg:group:role" group="CMIP5 Commercial" role="default"/>
</user>
<user openid="https://localhost:8443/esgf-idp/openid/rootAdmin" first_name="root" last_name="admin" email="root@admin">
<attribute attribute_type="Test Attribute" attribute_value="Admin"/>
<grouprole attribute_type="urn:esg:group:role" group="CMIP5 Research" role="default"/>
<grouprole attribute_type="urn:esg:group:role" group="CMIP5 Research" role="admin"/>
</user>
<!-- esg-test1.llnl.gov users -->
<user openid="https://esg-test1.llnl.gov/esgf-idp/openid/testUser" first_name="test" last_name="user" email="test@user">
<attribute attribute_type="CMIP5" attribute_value="User"/>
<attribute attribute_type="NASA OBS" attribute_value="User"/>
<attribute attribute_type="Test Attribute" attribute_value="User"/>
</user>
<user openid="https://esg-test1.llnl.gov/esgf-idp/openid/rootAdmin" first_name="root" last_name="admin" email="root@admin">
<attribute attribute_type="CMIP5" attribute_value="Admin"/>
</user>
<!-- esg-jpl users -->
<user openid="https://esg-gateway.jpl.nasa.gov/myopenid/rootAdmin" first_name="test" last_name="user" email="test@user">
<attribute attribute_type="CMIP5" attribute_value="User"/>
<attribute attribute_type="NASA OBS" attribute_value="User"/>
<attribute attribute_type="Test Attribute" attribute_value="User"/>
</user>
<user openid="https://esg-gateway.jpl.nasa.gov/myopenid/cinquiniluca" first_name="Luca" last_name="Cinquini" email="test@user">
<attribute attribute_type="CMIP5" attribute_value="User"/>
<attribute attribute_type="NASA OBS" attribute_value="User"/>
<attribute attribute_type="Test Attribute" attribute_value="User"/>
</user>
</users>
/*
* Copyright (c) 2011 Earth System Grid Federation
*/
package esg.security.attr.service.api;
import esg.security.common.SAMLUnknownPrincipalException;
/
* Factory to generate a {@link SAMLAttributes} object for a given system user.
* Concrete implementations of this class represent the link to a specific users domain model.
*/
public interface SAMLAttributeFactory {
/
* Factory method to lookup a user by identifier and extract the attributes into a {@link SAMLAttributes} object.
* @param identifier : system specific identifier.
* @return : object populated with user attributes.
* @throws SAMLUnknownPrincipalException
*/
SAMLAttributes newInstance(final String identifier) throws SAMLUnknownPrincipalException;
/
* Method to return the authority that is issuing the attributes.
* @return
*/
String getIssuer();
}