swedenconnect / swedish-eid-idp Goto Github PK
View Code? Open in Web Editor NEWReference Identity Provider for the Swedish eID Framework
License: Apache License 2.0
Reference Identity Provider for the Swedish eID Framework
License: Apache License 2.0
Hi Martin
I have built and installed swedish-eid-opensaml,opensaml-ext,swedish-eid-shibboleth-base from github. But have some trouble building swedish-eid-idp, seems to be shibboleth-base references to 1.6.2-snapshot.
Changeing to 1.6.1 brings me further, but stops with:
[ERROR] ..eid/swedish-eid-idp/idp/src/main/java/se/e,legnamnden/eid/idp/authn/controller/SimulatedAuthenticationController.java:[54,62] package se.litsec.swedisheid.opensaml.saml2.authentication.psc does not exist
[ERROR] ..eid/swedish-eid-idp/idp/src/main/java/se/elegnamnden/eid/idp/authn/controller/SimulatedAuthenticationController.java:[55,62] package se.litsec.swedisheid.opensaml.saml2.authentication.psc does not exist
even though I have installed opensaml3-ext (1.3/1.4)in my repo.
Maybe it is just me doing wrong.
Keep up the good work, it is very much appreciated
Magnus
The cookie paths for selectedUser and savedUsers are hardwired to /idp. It would be better to have them configurable for the cases where we extend the swedish-eid-idp to build other demo IdPs.
Not sure if this is a bug or an issue with our enviroment settings, but in the SAML request the relay state is 'MA==' (base64 of 0)
But in the response is XML encoded to: MA==
. Proper URL encoding should be : 'MA%3D%3D'
This makes our SP behave strangely and can not URL decode. Any idea how to make Shibb encode url in propper way or turn off xml encodning in response?
I am trying to build the current version but get some dependency issue. Any idea what could be the problem?
[user@dev-disp elegnamnden]$ git clone https://github.com/elegnamnden/swedish-eid-idp.git swedish-eid-idp-2
Cloning into 'swedish-eid-idp-2'...
remote: Counting objects: 194, done.
remote: Compressing objects: 100% (74/74), done.
remote: Total 194 (delta 15), reused 94 (delta 13), pack-reused 93
Receiving objects: 100% (194/194), 384.74 KiB | 622.00 KiB/s, done.
Resolving deltas: 100% (22/22), done.
[user@dev-disp elegnamnden]$ cd swedish-eid-idp-2/
[user@dev-disp swedish-eid-idp-2]$ less README.md
[user@dev-disp swedish-eid-idp-2]$ cd idp/
[user@dev-disp idp]$ mvn clean install
[INFO] Scanning for projects...
Downloading: https://build.shibboleth.net/nexus/content/repositories/releases/se/litsec/sweid/idp/shibboleth-base-bom/1.3/shibboleth-base-bom-1.3.pom
Downloading: https://repo.maven.apache.org/maven2/se/litsec/sweid/idp/shibboleth-base-bom/1.3/shibboleth-base-bom-1.3.pom
Downloaded: https://repo.maven.apache.org/maven2/se/litsec/sweid/idp/shibboleth-base-bom/1.3/shibboleth-base-bom-1.3.pom (3 KB at 10.2 KB/sec)
Downloading: https://build.shibboleth.net/nexus/content/repositories/releases/se/litsec/sweid/idp/shibboleth-base-parent/1.3/shibboleth-base-parent-1.3.pom
Downloading: https://repo.maven.apache.org/maven2/se/litsec/sweid/idp/shibboleth-base-parent/1.3/shibboleth-base-parent-1.3.pom
Downloaded: https://repo.maven.apache.org/maven2/se/litsec/sweid/idp/shibboleth-base-parent/1.3/shibboleth-base-parent-1.3.pom (11 KB at 66.5 KB/sec)
Downloading: https://build.shibboleth.net/nexus/content/repositories/releases/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3-SNAPSHOT/maven-metadata.xml
Downloading: https://repo1.maven.org/maven2/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3-SNAPSHOT/maven-metadata.xml
Downloading: http://repo.spring.io/release/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3-SNAPSHOT/maven-metadata.xml
Downloading: https://repo1.maven.org/maven2/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3-SNAPSHOT/shibboleth-base-dependency-bom-1.3-SNAPSHOT.pom
Downloading: https://build.shibboleth.net/nexus/content/repositories/releases/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3-SNAPSHOT/shibboleth-base-dependency-bom-1.3-SNAPSHOT.pom
Downloading: http://repo.spring.io/release/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3-SNAPSHOT/shibboleth-base-dependency-bom-1.3-SNAPSHOT.pom
Downloading: https://build.shibboleth.net/nexus/content/repositories/releases/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3/shibboleth-base-dependency-bom-1.3.pom
Downloading: https://repo.maven.apache.org/maven2/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3/shibboleth-base-dependency-bom-1.3.pom
Downloaded: https://repo.maven.apache.org/maven2/se/litsec/sweid/idp/shibboleth-base-dependency-bom/1.3/shibboleth-base-dependency-bom-1.3.pom (22 KB at 46.0 KB/sec)
[ERROR] [ERROR] Some problems were encountered while processing the POMs:
[ERROR] Non-resolvable import POM: Could not find artifact se.litsec.sweid.idp:shibboleth-base-dependency-bom:pom:1.3-SNAPSHOT in central (https://repo1.maven.org/maven2/) @ se.litsec.sweid.idp:shibboleth-base-parent:1.3, /home/user/.m2/repository/se/litsec/sweid/idp/shibboleth-base-parent/1.3/shibboleth-base-parent-1.3.pom, line 90, column 19
[ERROR] 'dependencies.dependency.version' for se.litsec.sweid.idp:shibboleth-authn-support:jar is missing. @ line 90, column 17
[ERROR] 'dependencies.dependency.version' for se.litsec.sweid.idp:shibboleth-attribute-support:jar is missing. @ line 95, column 17
@
[ERROR] The build could not read 1 project -> [Help 1]
[ERROR]
[ERROR] The project se.elegnamnden.eid.idp:swedish-eid-idp:1.0.0-SNAPSHOT (/home/user/VersionControlled/github/elegnamnden/swedish-eid-idp-2/idp/pom.xml) has 3 errors
[ERROR] Non-resolvable import POM: Could not find artifact se.litsec.sweid.idp:shibboleth-base-dependency-bom:pom:1.3-SNAPSHOT in central (https://repo1.maven.org/maven2/) @ se.litsec.sweid.idp:shibboleth-base-parent:1.3, /home/user/.m2/repository/se/litsec/sweid/idp/shibboleth-base-parent/1.3/shibboleth-base-parent-1.3.pom, line 90, column 19 -> [Help 2]
[ERROR] 'dependencies.dependency.version' for se.litsec.sweid.idp:shibboleth-authn-support:jar is missing. @ line 90, column 17
[ERROR] 'dependencies.dependency.version' for se.litsec.sweid.idp:shibboleth-attribute-support:jar is missing. @ line 95, column 17
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException
[ERROR] [Help 2] http://cwiki.apache.org/confluence/display/MAVEN/UnresolvableModelException
[user@dev-disp idp]$
Hi Martin
Just want to mention that the certificates in the test-credentials folder expired 2019-05-25.
kind regards Magnus
For testing it would be nice to be able to simulate different SAML errors. We should add that feature.
Since E-legitimationsnämnden is no more, and we have started working with Sweden Connect, we should re-factor the reference IdP to use se.swedenconnect for package name root and also change the groupId for the artifacts.
Port to Spring Boot 3
Add support for handling requests sent from signature services.
Add a Dockerfile and scripts associated with running the IdP in a Docker image.
If a Signature Service send an AuthnRequest
with ForceAuthn=false
and no SignMessage
extension, the IdP will issue an assertion without displaying the authn-UI. No SSO for signature services. Ever.
Add support for the User Message Extension in SAML Authentication Requests.
Snyk reports the following vulnerability for JSTL v 1.2:
High severity vulnerability found in jstl:jstl
Description: XML External Entity (XXE) Injection
Info: https://snyk.io/vuln/SNYK-JAVA-JSTL-30453
Introduced through: jstl:[email protected]
From: jstl:[email protected]
We need to fix this (through update of swedish-eid-shibboleth-base).
Hi!
Multiple vulnerabilities in your dependencies have been detected by Snyk[1]. For example:
Arbitrary Code Execution:
Vulnerable module: ch.qos.logback:logback-core
Introduced through: net.shibboleth.idp:[email protected], net.shibboleth.idp:[email protected] and others
Vulnerable module: ch.qos.logback:logback-classic
Introduced through: net.shibboleth.idp:[email protected], net.shibboleth.idp:[email protected] and others
Vulnerable module: commons-collections:commons-collections
Introduced through: net.shibboleth.idp:[email protected], net.shibboleth.idp:[email protected] and others
Deserialization of Untrusted Data
Directory Traversal
Elliptic Curve Key Disclosure
Invalid Elliptic Curve Attack
XML External Entity (XXE) Injection
Start using jib for Docker image builds
Add documentation for how to configure the IdP.
Hi, I can't build the project with mvn clean install. It says that the Shibboleth bin file does not exist.
Here's the error:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.8:run (run-shibboleth-build) on project swedish-eid-idp: An Ant BuildException has occured: The directory /home/vakho/Desktop/swedish-eid-idp-1.2.0-release/idp/target/shibboleth/bin does not exist [ERROR] around Ant part ...<exec dir="/home/vakho/Desktop/swedish-eid-idp-1.2.0-release/idp/target/shibboleth/bin/" executable="./build.sh" osfamily="unix">... @ 34:132 in /home/vakho/Desktop/swedish-eid-idp-1.2.0-release/idp/target/antrun/build-main.xml
During startup of the Docker container there are errors printed:
2018-04-07 12:06:55,051 - ERROR [org.opensaml.saml.metadata.resolver.impl.FileBackedHTTPMetadataResolver:240] - Metadata Resolver FileBackedHTTPMetadataResolver FederationMetadata: Unable to create backup file /opt/swedish-eid-idp/shibboleth/metadata/cache/cached-metadata.xml
java.io.IOException: No such file or directory
at java.io.UnixFileSystem.createFileExclusively(Native Method)
2018-04-07 12:06:55,059 - ERROR [org.opensaml.saml.metadata.resolver.impl.FileBackedHTTPMetadataResolver:342] - Metadata Resolver FileBackedHTTPMetadataResolver FederationMetadata: Unable to write metadata to backup file: /opt/swedish-eid-idp/shibboleth/metadata/cache/cached-metadata.xml
net.shibboleth.utilities.java.support.resolver.ResolverException: Unable to create backup file /opt/swedish-eid-idp/shibboleth/metadata/cache/cached-metadata.xml
at org.opensaml.saml.metadata.resolver.impl.FileBackedHTTPMetadataResolver.validateBackupFile(FileBackedHTTPMetadataResolver.java:241)
Caused by: java.io.IOException: No such file or directory
at java.io.UnixFileSystem.createFileExclusively(Native Method)
Opening a shell in the container and creating the folder /opt/swedish-eid-idp/shibboleth/metadata/cache
and the error is not printed on the next start.
The reference IdP should be extended so that we extend the authentication UI so that a user can enter his or hers own identity for the user that should authenticate.
The reference IdP is configured for deliverance of assertions to the Swedish eIDAS Proxy Service. But the eIDAS Proxy Service will never request a "authentication for signature". Therefore, we should not support of declare any sigmessage eIDAS LoA:s.
We should look into a re-make of the UI. In cases where we use a Test-SP, and even worse, when the eIDAS Proxy Service invokes the IdP we display the same Sweden Connect-logo both to the left of the header and to the right.
Upgrade functionality to the latest November 2021 specs (docs.swedenconnect.se).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.