Merge pull request #2 from CSCfi/updatev5

Update IdP v5 support

Author: JarToi

README.md

@@ -1,18 +1,18 @@
-# Shibboleth IdP v4: Shibboleth SP authentication
+# Shibboleth IdP v5: Shibboleth SP authentication
 
 [![License](http://img.shields.io/:license-mit-blue.svg)](https://opensource.org/licenses/MIT)
 [![Build Status](https://travis-ci.org/CSCfi/shibboleth-idp-authn-shibsp.svg?branch=master)](https://travis-ci.org/CSCfi/shibboleth-idp-authn-shibsp)
 
 ## Overview
 
-This module implements an authentication flow for [Shibboleth Identity Provider v4](https://wiki.shibboleth.net/confluence/display/IDP4/Home) exploiting attributes provided by [Shibboleth Service Provider](https://shibboleth.net/products/service-provider.html). The module can be used for outsourcing the authentication to another SAML IdP instead of prompting and validating the user
+This module implements an authentication flow for [Shibboleth Identity Provider v5](https://shibboleth.atlassian.net/wiki/spaces/IDP5/overview) exploiting attributes provided by [Shibboleth Service Provider](https://shibboleth.net/products/service-provider.html). The module can be used for outsourcing the authentication to another SAML IdP instead of prompting and validating the user
 credentials itself.
 
-NOTE! The IdP v4 natively supports [SAML authentication](https://wiki.shibboleth.net/confluence/display/IDP4/SAMLAuthnConfiguration), with many additional features compared to this plugin. The main purpose of this plugin is to serve in smooth transition to V4 for the existing IdP v3 deployments.
+NOTE! The IdP v5 natively supports [SAML authentication](https://wiki.shibboleth.net/confluence/display/IDP4/SAMLAuthnConfiguration), with many additional features compared to this plugin. The main purpose of this plugin is to serve in smooth transition to V4 for the existing IdP v3 deployments.
 
 ## Prerequisities and compilation
 
-- Java 11+
+- Java 17+
 - [Apache Maven 3](https://maven.apache.org/)
 
 ```
@@ -142,7 +142,7 @@ The flow definition must also be enabled via _idp.authn.flows_ variable in _/opt
 
 The attributes provided by Shibboleth SP can be converted into IdP attributes in the following way:
 
-### 1. Enable attribute and/or header population into Subject
+### 1. Enable attribute idPAttribute and/or header population into Subject
 
 In the _/opt/shibboleth-idp/flows/authn/Shib/shib-beans.xml_, enable _populateAttributes_ and/or _populateHeaders_ settings for the bean _ValidateShibbolethAuthentication_.
 
@@ -153,7 +153,8 @@ The example above enables population of both attributes and headers:
             class="fi.csc.shibboleth.authn.impl.ValidateShibbolethAuthentication" scope="prototype"
             p:classifiedMessages-ref="shibboleth.authn.Shib.ClassifiedMessageMap"
             p:resultCachingPredicate="#{getObject('shibboleth.authn.Shib.resultCachingPredicate')}"
-            p:usernameAttribute="eppn" p:populateHeaders="true" p:populateAttributes="true" />
+            p:usernameAttribute="eppn" p:populateHeaders="true" p:populateAttributes="true"
+            p:populateIdpAttributes="true" />
 ```
 
 ### 2. Enable principal serializers

idp-authn-api-shibsp/pom.xml

@@ -25,7 +25,7 @@ THE SOFTWARE.
     <parent>
         <groupId>fi.csc.shibboleth</groupId>
         <artifactId>idp-authn-shibsp</artifactId>
-        <version>1.2.0-SNAPSHOT</version>
+        <version>1.3.0</version>
         <relativePath>..</relativePath>
     </parent>
     <artifactId>idp-authn-api-shibsp</artifactId>
@@ -63,8 +63,8 @@ THE SOFTWARE.
     <dependencies>
         <!-- Compile Dependencies -->
         <dependency>
-            <groupId>net.shibboleth.idp</groupId>
-            <artifactId>idp-attribute-api</artifactId>
+            <groupId>net.shibboleth</groupId>
+            <artifactId>shib-attribute-api</artifactId>
         </dependency>
         <dependency>
             <groupId>net.shibboleth.idp</groupId>
@@ -79,10 +79,6 @@ THE SOFTWARE.
             <artifactId>idp-profile-api</artifactId>
         </dependency>
 
-        <dependency>
-            <groupId>${opensaml.groupId}</groupId>
-            <artifactId>opensaml-core</artifactId>
-        </dependency>
         <dependency>
             <groupId>${opensaml.groupId}</groupId>
             <artifactId>opensaml-profile-api</artifactId>

idp-authn-api-shibsp/src/main/java/fi/csc/shibboleth/authn/context/ShibbolethSpAuthenticationContext.java

@@ -30,7 +30,7 @@
 
 import javax.annotation.Nonnull;
 
-import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
+import net.shibboleth.shared.annotation.constraint.NotEmpty;
 
 import org.opensaml.messaging.context.BaseContext;
 
@@ -112,7 +112,7 @@ public ShibbolethSpAuthenticationContext() {
      * 
      * @param httpHeaders The Http headers.
      */
-    @Nonnull @NotEmpty public void setHeaders(Map<String, String> httpHeaders) {
+    public void setHeaders(Map<String, String> httpHeaders) {
         headers = httpHeaders;
     }
 
@@ -130,7 +130,7 @@ public ShibbolethSpAuthenticationContext() {
      * 
      * @param requestAttributes The request attributes.
      */
-    @Nonnull @NotEmpty public void setAttributes(Map<String, String> requestAttributes) {
+    public void setAttributes(Map<String, String> requestAttributes) {
         attributes = requestAttributes;
     }
 

idp-authn-api-shibsp/src/main/java/fi/csc/shibboleth/authn/principal/impl/KeyValuePrincipal.java

@@ -28,10 +28,10 @@
 import javax.annotation.Nonnull;
 
 import net.shibboleth.idp.authn.principal.CloneablePrincipal;
-import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
-import net.shibboleth.utilities.java.support.logic.Constraint;
-import net.shibboleth.utilities.java.support.logic.ConstraintViolationException;
-import net.shibboleth.utilities.java.support.primitive.StringSupport;
+import net.shibboleth.shared.annotation.constraint.NotEmpty;
+import net.shibboleth.shared.logic.Constraint;
+import net.shibboleth.shared.logic.ConstraintViolationException;
+import net.shibboleth.shared.primitive.StringSupport;
 
 import com.google.common.base.MoreObjects;
 

idp-authn-api-shibsp/src/main/java/fi/csc/shibboleth/authn/principal/impl/ShibAttributePrincipal.java

@@ -24,7 +24,7 @@
 
 import javax.annotation.Nonnull;
 
-import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
+import net.shibboleth.shared.annotation.constraint.NotEmpty;
 
 /**
  * This class is designed to carry request attribute key and value -pairs inside {@link Principal}.

idp-authn-api-shibsp/src/main/java/fi/csc/shibboleth/authn/principal/impl/ShibHeaderPrincipal.java

@@ -25,7 +25,7 @@
 
 import javax.annotation.Nonnull;
 
-import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
+import net.shibboleth.shared.annotation.constraint.NotEmpty;
 
 /**
  * This class is designed to carry HTTP header key and value -pairs inside {@link Principal}.

idp-authn-api-shibsp/src/test/java/fi/csc/shibboleth/authn/principal/impl/KeyValuePrincipalTest.java

@@ -29,8 +29,7 @@
 import org.testng.annotations.BeforeTest;
 import org.testng.annotations.Test;
 
-import fi.csc.shibboleth.authn.principal.impl.KeyValuePrincipal;
-import net.shibboleth.utilities.java.support.logic.ConstraintViolationException;
+import net.shibboleth.shared.logic.ConstraintViolationException;
 
 /**
  * Unit tests for classes extending {@link KeyValuePrincipal}.

idp-authn-impl-shibsp/pom.xml

@@ -25,7 +25,7 @@ THE SOFTWARE.
     <parent>
         <groupId>fi.csc.shibboleth</groupId>
         <artifactId>idp-authn-shibsp</artifactId>
-        <version>1.2.0-SNAPSHOT</version>
+        <version>1.3.0</version>
         <relativePath>..</relativePath>
     </parent>
     <artifactId>idp-authn-impl-shibsp</artifactId>
@@ -67,8 +67,8 @@ THE SOFTWARE.
             <artifactId>idp-authn-api-shibsp</artifactId>
         </dependency>
         <dependency>
-            <groupId>net.shibboleth.idp</groupId>
-            <artifactId>idp-attribute-api</artifactId>
+            <groupId>net.shibboleth</groupId>
+            <artifactId>shib-attribute-api</artifactId>
         </dependency>
         <dependency>
             <groupId>net.shibboleth.idp</groupId>
@@ -86,10 +86,7 @@ THE SOFTWARE.
             <groupId>net.shibboleth.idp</groupId>
             <artifactId>idp-saml-api</artifactId>
         </dependency>
-        <dependency>
-            <groupId>${opensaml.groupId}</groupId>
-            <artifactId>opensaml-core</artifactId>
-        </dependency>
+
         <dependency>
             <groupId>${opensaml.groupId}</groupId>
             <artifactId>opensaml-profile-api</artifactId>
@@ -127,6 +124,11 @@ THE SOFTWARE.
             <artifactId>jakarta.json-api</artifactId>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+			<groupId>jakarta.servlet</groupId>
+			<artifactId>jakarta.servlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
 
         <!-- Runtime Dependencies -->
 
@@ -171,6 +173,21 @@ THE SOFTWARE.
             <scope>test</scope>
         </dependency>
 
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-testing</artifactId>
+            <version>${shib.idp.version}</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>net.shibboleth.idp</groupId>
+            <artifactId>idp-saml-impl</artifactId>
+            <version>${shib.idp.version}</version>
+            <scope>test</scope>
+            <type>test-jar</type>
+        </dependency>
+
         <dependency>
             <groupId>net.shibboleth.idp</groupId>
             <artifactId>idp-authn-impl</artifactId>
@@ -186,9 +203,8 @@ THE SOFTWARE.
 
         <dependency>
             <groupId>${opensaml.groupId}</groupId>
-            <artifactId>opensaml-core</artifactId>
+            <artifactId>opensaml-testing</artifactId>
             <scope>test</scope>
-            <type>test-jar</type>
         </dependency>
 
         <dependency>

idp-authn-impl-shibsp/src/main/java/fi/csc/shibboleth/authn/impl/AbstractShibbolethSpContextPredicate.java

@@ -34,7 +34,7 @@
 
 import fi.csc.shibboleth.authn.context.ShibbolethSpAuthenticationContext;
 import net.shibboleth.idp.authn.context.AuthenticationContext;
-import net.shibboleth.utilities.java.support.logic.Constraint;
+import net.shibboleth.shared.logic.Constraint;
 
 /**
  * An abstract class for {@link Predicate}s dealing with {@link ShibbolethSpAuthenticationContext}.

idp-authn-impl-shibsp/src/main/java/fi/csc/shibboleth/authn/impl/ExtractShibbolethAttributesFromRequest.java

@@ -29,14 +29,14 @@
 
 import javax.annotation.Nonnull;
 import javax.security.auth.Subject;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
 
 import net.shibboleth.idp.authn.AbstractExtractionAction;
 import net.shibboleth.idp.authn.AuthnEventIds;
 import net.shibboleth.idp.authn.context.AuthenticationContext;
 import net.shibboleth.idp.authn.context.ExternalAuthenticationContext;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
-import net.shibboleth.utilities.java.support.primitive.StringSupport;
+import net.shibboleth.shared.component.ComponentInitializationException;
+import net.shibboleth.shared.primitive.StringSupport;
 
 import org.opensaml.profile.action.ActionSupport;
 import org.opensaml.profile.context.ProfileRequestContext;