├── .gitignore ├── README.md ├── pom.xml ├── renovate.json └── src └── main ├── java └── org │ └── pac4j │ └── demo │ └── jee │ ├── Constants.java │ ├── CustomAuthorizer.java │ ├── DemoConfigFactory.java │ ├── ForceLoginFilter.java │ └── MySessionListener.java ├── resources ├── application-context.xml ├── logback.xml ├── metadata-okta.xml ├── samlKeystore.jks ├── samltest-providers.xml └── testshib-providers.xml └── webapp ├── WEB-INF └── web.xml ├── basicauth └── index.jsp ├── cas └── index.jsp ├── dba └── index.jsp ├── error401.jsp ├── error403.jsp ├── error500.jsp ├── facebook ├── index.jsp └── notprotected.jsp ├── facebookadmin └── index.jsp ├── facebookcustom └── index.jsp ├── form └── index.jsp ├── index.html ├── index.jsp ├── jwt.jsp ├── loginForm.jsp ├── oidc └── index.jsp ├── post └── index.jsp ├── protected └── index.jsp ├── rest-jwt └── index.jsp ├── saml2 └── index.jsp ├── strava └── index.jsp └── twitter └── index.jsp /.gitignore: -------------------------------------------------------------------------------- 1 | .classpath 2 | .project 3 | .settings/ 4 | target/ 5 | test-output/ 6 | bin/ 7 | j2e-pac4j-demo.iml 8 | .idea 9 | sp-metadata.xml 10 | .DS_Store 11 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 | 5 | This `jee-pac4j-demo` project is a Java web application to test the [jee-pac4j](https://github.com/pac4j/jee-pac4j) security library with various authentication mechanisms: Facebook, Twitter, form, basic auth, CAS, SAML, OpenID Connect, JWT... 6 | 7 | ## Start & test 8 | 9 | Build the project and launch the web app with jetty on [http://localhost:8080](http://localhost:8080): 10 | 11 | cd jee-pac4j-demo 12 | mvn clean package jetty:run 13 | 14 | To test, you can call a protected url by clicking on the "Protected url by **xxx**" link, which will start the authentication process with the **xxx** provider. 15 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 4.0.0 3 | org.pac4j.demo 4 | jee-pac4j-demo 5 | 8.0.0-SNAPSHOT 6 | war 7 | jee-pac4j demo 8 | 9 | 10 | 11 | sonatype-nexus-snapshots 12 | Sonatype Nexus Snapshots 13 | https://oss.sonatype.org/content/repositories/snapshots 14 | 15 | false 16 | 17 | 18 | true 19 | 20 | 21 | 22 | 23 | 24 | 6.1.3 25 | 8.0.1 26 | 17 27 | 6.2.7 28 | 29 | 30 | 31 | 32 | org.pac4j 33 | jakartaee-pac4j 34 | ${jee-pac4j.version} 35 | 36 | 37 | org.pac4j 38 | pac4j-jakartaee 39 | ${pac4jVersion} 40 | 41 | 42 | org.springframework 43 | spring-web 44 | ${spring.version} 45 | 46 | 47 | org.springframework 48 | spring-context 49 | ${spring.version} 50 | 51 | 52 | org.pac4j 53 | pac4j-oauth 54 | ${pac4jVersion} 55 | 56 | 57 | org.pac4j 58 | pac4j-cas 59 | ${pac4jVersion} 60 | 61 | 62 | org.pac4j 63 | pac4j-saml 64 | ${pac4jVersion} 65 | 66 | 67 | org.pac4j 68 | pac4j-gae 69 | ${pac4jVersion} 70 | 71 | 72 | org.pac4j 73 | pac4j-oidc 74 | ${pac4jVersion} 75 | 76 | 77 | org.pac4j 78 | pac4j-http 79 | ${pac4jVersion} 80 | 81 | 82 | org.pac4j 83 | pac4j-ldap 84 | ${pac4jVersion} 85 | 86 | 87 | org.pac4j 88 | pac4j-jwt 89 | ${pac4jVersion} 90 | 91 | 92 | org.pac4j 93 | pac4j-sql 94 | ${pac4jVersion} 95 | 96 | 97 | org.pac4j 98 | pac4j-mongo 99 | ${pac4jVersion} 100 | 101 | 102 | org.pac4j 103 | pac4j-kerberos 104 | ${pac4jVersion} 105 | 106 | 107 | org.pac4j 108 | pac4j-couch 109 | ${pac4jVersion} 110 | 111 | 112 | org.slf4j 113 | jcl-over-slf4j 114 | 2.0.17 115 | 116 | 117 | ch.qos.logback 118 | logback-classic 119 | 1.5.18 120 | 121 | 122 | jakarta.servlet 123 | jakarta.servlet-api 124 | 6.0.0 125 | provided 126 | 127 | 128 | jakarta.servlet.jsp 129 | jakarta.servlet.jsp-api 130 | 3.1.1 131 | provided 132 | 133 | 134 | org.glassfish.web 135 | jakarta.servlet.jsp.jstl 136 | 3.0.1 137 | 138 | 139 | 140 | ${project.artifactId} 141 | 142 | 143 | org.apache.maven.plugins 144 | maven-compiler-plugin 145 | 3.14.0 146 | 147 | ${java.version} 148 | UTF-8 149 | 150 | 151 | 152 | org.apache.maven.plugins 153 | maven-war-plugin 154 | 3.4.0 155 | 156 | 157 | org.eclipse.jetty 158 | jetty-maven-plugin 159 | 11.0.25 160 | 161 | 162 | / 163 | 164 | 165 | 166 | 167 | 168 | 169 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:base" 4 | ] 5 | } 6 | -------------------------------------------------------------------------------- /src/main/java/org/pac4j/demo/jee/Constants.java: -------------------------------------------------------------------------------- 1 | package org.pac4j.demo.jee; 2 | 3 | public interface Constants { 4 | 5 | String JWT_SALT = "12345678901234567890123456789012"; 6 | } 7 | -------------------------------------------------------------------------------- /src/main/java/org/pac4j/demo/jee/CustomAuthorizer.java: -------------------------------------------------------------------------------- 1 | package org.pac4j.demo.jee; 2 | 3 | import org.apache.commons.lang3.StringUtils; 4 | import org.pac4j.core.authorization.authorizer.ProfileAuthorizer; 5 | import org.pac4j.core.context.WebContext; 6 | import org.pac4j.core.context.session.SessionStore; 7 | import org.pac4j.core.profile.UserProfile; 8 | 9 | import java.util.List; 10 | 11 | public class CustomAuthorizer extends ProfileAuthorizer { 12 | 13 | @Override 14 | public boolean isAuthorized(final WebContext context, final SessionStore sessionStore, final List profiles) { 15 | return isAnyAuthorized(context, sessionStore, profiles); 16 | } 17 | 18 | @Override 19 | public boolean isProfileAuthorized(final WebContext context, final SessionStore sessionStore, final UserProfile profile) { 20 | if (profile == null) { 21 | return false; 22 | } 23 | return StringUtils.startsWith(profile.getUsername(), "jle"); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/org/pac4j/demo/jee/DemoConfigFactory.java: -------------------------------------------------------------------------------- 1 | package org.pac4j.demo.jee; 2 | 3 | import org.pac4j.cas.client.CasClient; 4 | import org.pac4j.cas.client.CasProxyReceptor; 5 | import org.pac4j.cas.config.CasConfiguration; 6 | import org.pac4j.core.authorization.authorizer.IsAnonymousAuthorizer; 7 | import org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer; 8 | import org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer; 9 | import org.pac4j.core.client.Clients; 10 | import org.pac4j.core.client.direct.AnonymousClient; 11 | import org.pac4j.core.config.Config; 12 | import org.pac4j.core.config.ConfigFactory; 13 | import org.pac4j.core.logout.handler.DefaultSessionLogoutHandler; 14 | import org.pac4j.core.matching.matcher.PathMatcher; 15 | import org.pac4j.http.client.direct.DirectBasicAuthClient; 16 | import org.pac4j.http.client.direct.ParameterClient; 17 | import org.pac4j.http.client.indirect.FormClient; 18 | import org.pac4j.http.client.indirect.IndirectBasicAuthClient; 19 | import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator; 20 | import org.pac4j.jwt.config.signature.SecretSignatureConfiguration; 21 | import org.pac4j.jwt.config.signature.SignatureConfiguration; 22 | import org.pac4j.jwt.credentials.authenticator.JwtAuthenticator; 23 | import org.pac4j.oauth.client.FacebookClient; 24 | import org.pac4j.oauth.client.StravaClient; 25 | import org.pac4j.oauth.client.TwitterClient; 26 | import org.pac4j.oidc.client.GoogleOidcClient; 27 | import org.pac4j.oidc.config.OidcConfiguration; 28 | import org.pac4j.saml.client.SAML2Client; 29 | import org.pac4j.saml.config.SAML2Configuration; 30 | 31 | import java.io.File; 32 | import java.util.ArrayList; 33 | import java.util.List; 34 | import java.util.Optional; 35 | 36 | public class DemoConfigFactory implements ConfigFactory { 37 | 38 | public static Config CONFIG_INSTANCE; 39 | 40 | @Override 41 | public Config build(final Object... parameters) { 42 | final OidcConfiguration oidcConfiguration = new OidcConfiguration(); 43 | oidcConfiguration.setClientId("167480702619-8e1lo80dnu8bpk3k0lvvj27noin97vu9.apps.googleusercontent.com"); 44 | oidcConfiguration.setSecret("MhMme_Ik6IH2JMnAT6MFIfee"); 45 | oidcConfiguration.setUseNonce(true); 46 | //oidcClient.setPreferredJwsAlgorithm(JWSAlgorithm.RS256); 47 | oidcConfiguration.addCustomParam("prompt", "consent"); 48 | final GoogleOidcClient oidcClient = new GoogleOidcClient(oidcConfiguration); 49 | oidcClient.setAuthorizationGenerator((ctx, profile) -> { profile.addRole("ROLE_ADMIN"); return Optional.of(profile); }); 50 | 51 | final SAML2Configuration cfg = new SAML2Configuration("resource:samlKeystore.jks", 52 | "pac4j-demo-passwd", 53 | "pac4j-demo-passwd", 54 | "resource:samltest-providers.xml"); 55 | cfg.setMaximumAuthenticationLifetime(3600); 56 | cfg.setServiceProviderEntityId("http://localhost:8080/callback?client_name=SAML2Client"); 57 | cfg.setServiceProviderMetadataPath(new File("sp-metadata.xml").getAbsolutePath()); 58 | final SAML2Client saml2Client = new SAML2Client(cfg); 59 | 60 | final FacebookClient facebookClient = new FacebookClient("145278422258960", "be21409ba8f39b5dae2a7de525484da8"); 61 | facebookClient.setMultiProfile(true); 62 | final TwitterClient twitterClient = new TwitterClient("CoxUiYwQOSFDReZYdjigBA", "2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs"); 63 | // HTTP 64 | final FormClient formClient = new FormClient("http://localhost:8080/loginForm.jsp", new SimpleTestUsernamePasswordAuthenticator()); 65 | final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator()); 66 | 67 | // CAS 68 | final CasConfiguration configuration = new CasConfiguration("https://casserverpac4j.herokuapp.com/login"); 69 | //final CasConfiguration configuration = new CasConfiguration("http://localhost:8888/cas/login"); 70 | final CasProxyReceptor casProxy = new CasProxyReceptor(); 71 | //configuration.setProxyReceptor(casProxy); 72 | final CasClient casClient = new CasClient(configuration); 73 | 74 | /*final DirectCasClient casClient = new DirectCasClient(configuration); 75 | casClient.setName("CasClient");*/ 76 | 77 | // Strava 78 | final StravaClient stravaClient = new StravaClient(); 79 | stravaClient.setApprovalPrompt("auto"); 80 | // client_id 81 | stravaClient.setKey("3945"); 82 | // client_secret 83 | stravaClient.setSecret("f03df80582396cddfbe0b895a726bac27c8cf739"); 84 | stravaClient.setScope("view_private"); 85 | 86 | // REST authent with JWT for a token passed in the url as the token parameter 87 | final List signatures = new ArrayList<>(); 88 | signatures.add(new SecretSignatureConfiguration(Constants.JWT_SALT)); 89 | ParameterClient parameterClient = new ParameterClient("token", new JwtAuthenticator(signatures)); 90 | parameterClient.setSupportGetRequest(true); 91 | parameterClient.setSupportPostRequest(false); 92 | 93 | // basic auth 94 | final DirectBasicAuthClient directBasicAuthClient = new DirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator()); 95 | /*final DirectDigestAuthClient directBasicAuthClient = new DirectDigestAuthClient((credentials, context) -> { 96 | final CommonProfile profile = new CommonProfile(); 97 | final DigestCredentials digestCredentials = (DigestCredentials) credentials; 98 | profile.setId(digestCredentials.getToken()); 99 | profile.addAttribute(Pac4jConstants.USERNAME, digestCredentials.getUsername()); 100 | credentials.setUserProfile(profile); 101 | }); 102 | directBasicAuthClient.setName("DirectBasicAuthClient");*/ 103 | 104 | final Clients clients = new Clients("http://localhost:8080/callback", oidcClient, saml2Client, facebookClient, 105 | twitterClient, formClient, indirectBasicAuthClient, casClient, stravaClient, parameterClient, 106 | directBasicAuthClient, new AnonymousClient(), casProxy); 107 | 108 | final Config config = new Config(clients); 109 | config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN")); 110 | config.addAuthorizer("custom", new CustomAuthorizer()); 111 | config.addAuthorizer("mustBeAnon", new IsAnonymousAuthorizer("/?mustBeAnon")); 112 | config.addAuthorizer("mustBeAuth", new IsAuthenticatedAuthorizer("/?mustBeAuth")); 113 | config.addMatcher("excludedPath", new PathMatcher().excludeRegex("^/facebook/notprotected\\.jsp$")); 114 | 115 | final DefaultSessionLogoutHandler defaultCasLogoutHandler = new DefaultSessionLogoutHandler(); 116 | defaultCasLogoutHandler.setDestroySession(true); 117 | config.setSessionLogoutHandler(defaultCasLogoutHandler); 118 | 119 | CONFIG_INSTANCE = config; 120 | 121 | return config; 122 | } 123 | } 124 | -------------------------------------------------------------------------------- /src/main/java/org/pac4j/demo/jee/ForceLoginFilter.java: -------------------------------------------------------------------------------- 1 | package org.pac4j.demo.jee; 2 | 3 | import jakarta.servlet.FilterChain; 4 | import jakarta.servlet.FilterConfig; 5 | import jakarta.servlet.ServletException; 6 | import jakarta.servlet.http.HttpServletRequest; 7 | import jakarta.servlet.http.HttpServletResponse; 8 | import org.pac4j.core.client.Client; 9 | import org.pac4j.core.context.CallContext; 10 | import org.pac4j.core.exception.TechnicalException; 11 | import org.pac4j.core.exception.http.HttpAction; 12 | import org.pac4j.core.util.Pac4jConstants; 13 | import org.pac4j.jee.config.AbstractConfigFilter; 14 | import org.pac4j.jee.context.JEEContext; 15 | import org.pac4j.jee.context.session.JEESessionStore; 16 | import org.pac4j.jee.http.adapter.JEEHttpActionAdapter; 17 | 18 | import java.io.IOException; 19 | 20 | public class ForceLoginFilter extends AbstractConfigFilter { 21 | 22 | @Override 23 | public void init(final FilterConfig filterConfig) throws ServletException { 24 | } 25 | 26 | @Override 27 | protected void internalFilter(final HttpServletRequest request, final HttpServletResponse response, 28 | final FilterChain chain) throws IOException, ServletException { 29 | 30 | final JEEContext context = new JEEContext(request, response); 31 | final Client client = getSharedConfig().getClients().findClient(request.getParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER)).orElseThrow(() -> new TechnicalException("No client found")); 32 | HttpAction action; 33 | try { 34 | action = client.getRedirectionAction(new CallContext(context, new JEESessionStore())).get(); 35 | } catch (final HttpAction e) { 36 | action = e; 37 | } 38 | JEEHttpActionAdapter.INSTANCE.adapt(action, context); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /src/main/java/org/pac4j/demo/jee/MySessionListener.java: -------------------------------------------------------------------------------- 1 | package org.pac4j.demo.jee; 2 | 3 | import jakarta.servlet.http.HttpSessionEvent; 4 | import jakarta.servlet.http.HttpSessionListener; 5 | import org.slf4j.Logger; 6 | import org.slf4j.LoggerFactory; 7 | 8 | public class MySessionListener implements HttpSessionListener { 9 | 10 | private static final Logger logger = LoggerFactory.getLogger(MySessionListener.class); 11 | 12 | @Override 13 | public void sessionCreated(final HttpSessionEvent event) { 14 | logger.debug("Session created"); 15 | } 16 | 17 | @Override 18 | public void sessionDestroyed(HttpSessionEvent var1) { 19 | logger.debug("Session destroyed"); 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /src/main/resources/application-context.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /src/main/resources/logback.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | JEE PAC4J DEMO %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /src/main/resources/metadata-okta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | MIIDpDCCAoygAwIBAgIGAVFtfuF5MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYDVQQGEwJVUzETMBEG 9 | A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU 10 | MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00MjU5NTQxHDAaBgkqhkiG9w0BCQEW 11 | DWluZm9Ab2t0YS5jb20wHhcNMTUxMjA0MTQ1NTUwWhcNMjUxMjA0MTQ1NjUwWjCBkjELMAkGA1UE 12 | BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV 13 | BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDI1OTU0MRwwGgYJ 14 | KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 15 | gtbqJHZYUwLGA9zb4OX2Xdb/2+8gIx8d9g6q3INMRxoPvElh7znRHLOpL8h0iEyhMyXfmgXkJf1U 16 | eUOWUZa0rFIKoY0NSqCSlX44ZuseVwUsDA/vtVq/FSZ5/RAU/iMfbvWfCITVoLsjLHKr+3cnaN/0 17 | 6coe6mOtMJGqWoN/EeH+3lwyFDuk0vbxGqlrn/aXlHLWaSyFJ4CnMU/y0gxiF7kDXFGrj44fkDV9 18 | MJ8k7MjM6WDC5b9eBcfjCCSSR0DZ+0XeGi8VsewRNvmmlGvMuNJJv0TaJNBtOCP4kEClHQIyaBQZ 19 | X3wXi9XiQNwofQTj4qoJ1fHriGVwhS7UI8Xe3wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQB19OcZ 20 | j6x0wVOhjSXTPbJtC1m1E01lgk3+kHzGAk+U5JsYDhEtEOZ2cZ7XIAYjab4RcdAd4hrRbPcupfIB 21 | dHLBeBnWur6C7DpN1mZbfxwvDp1d60wRi1A5PmcrewoQDuQSI3zrIhb+FcqtCewl7Ku1pNX0Nng4 22 | NL95pwiYkOoqfoBTz1WOFq+dsAygPoyneHIARyftdbFQpHmlN+/RRudH6WqAQJ1mXYP9+8tv+yuY 23 | jhy0VURe5ZkFEIO3WtxFxMBj6Z8L1edngYVj3f8t8FmuFxYCqHw0Ex98XLMd0XlL06z4qmE4uJdg 24 | VlDGyllCF+le88VWtD7AB+QxoA/nZxMs 25 | 26 | 27 | 28 | 29 | 30 | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress 31 | 32 | 33 | urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified 34 | 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /src/main/resources/samlKeystore.jks: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pac4j/jee-pac4j-demo/06a2100a360369cf7deaab277f24fc92ee696e44/src/main/resources/samlKeystore.jks -------------------------------------------------------------------------------- /src/main/resources/samltest-providers.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 16 | samltest.id 17 | 18 | 20 | 21 | SAMLtest IdP 22 | A free and basic IdP for testing SAML deployments 23 | https://samltest.id/saml/logo.png 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | MIIDETCCAfmgAwIBAgIUZRpDhkNKl5eWtJqk0Bu1BgTTargwDQYJKoZIhvcNAQEL 32 | BQAwFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwHhcNMTgwODI0MjExNDEwWhcNMzgw 33 | ODI0MjExNDEwWjAWMRQwEgYDVQQDDAtzYW1sdGVzdC5pZDCCASIwDQYJKoZIhvcN 34 | AQEBBQADggEPADCCAQoCggEBAJrh9/PcDsiv3UeL8Iv9rf4WfLPxuOm9W6aCntEA 35 | 8l6c1LQ1Zyrz+Xa/40ZgP29ENf3oKKbPCzDcc6zooHMji2fBmgXp6Li3fQUzu7yd 36 | +nIC2teejijVtrNLjn1WUTwmqjLtuzrKC/ePoZyIRjpoUxyEMJopAd4dJmAcCq/K 37 | k2eYX9GYRlqvIjLFoGNgy2R4dWwAKwljyh6pdnPUgyO/WjRDrqUBRFrLQJorR2kD 38 | c4seZUbmpZZfp4MjmWMDgyGM1ZnR0XvNLtYeWAyt0KkSvFoOMjZUeVK/4xR74F8e 39 | 8ToPqLmZEg9ZUx+4z2KjVK00LpdRkH9Uxhh03RQ0FabHW6UCAwEAAaNXMFUwHQYD 40 | VR0OBBYEFJDbe6uSmYQScxpVJhmt7PsCG4IeMDQGA1UdEQQtMCuCC3NhbWx0ZXN0 41 | LmlkhhxodHRwczovL3NhbWx0ZXN0LmlkL3NhbWwvaWRwMA0GCSqGSIb3DQEBCwUA 42 | A4IBAQBNcF3zkw/g51q26uxgyuy4gQwnSr01Mhvix3Dj/Gak4tc4XwvxUdLQq+jC 43 | cxr2Pie96klWhY/v/JiHDU2FJo9/VWxmc/YOk83whvNd7mWaNMUsX3xGv6AlZtCO 44 | L3JhCpHjiN+kBcMgS5jrtGgV1Lz3/1zpGxykdvS0B4sPnFOcaCwHe2B9SOCWbDAN 45 | JXpTjz1DmJO4ImyWPJpN1xsYKtm67Pefxmn0ax0uE2uuzq25h0xbTkqIQgJzyoE/ 46 | DPkBFK1vDkMfAW11dQ0BXatEnW7Gtkc0lh2/PIbHWj4AzxYMyBf5Gy6HSVOftwjC 47 | voQR2qr2xJBixsg+MIORKtmKHLfU 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEB 58 | CwUAMBYxFDASBgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4 59 | MDgyNDIxMTQwOVowFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3 60 | DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFKs71ufbQwoQoW7qkNAJRIANGA4iM0 61 | ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyjxj0uJ4lArgkr4AOE 62 | jj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVNc1kl 63 | bN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF 64 | /cL5fOpdVa54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8n 65 | spXiH/MZW8o2cqWRkrw3MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0G 66 | A1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE4k2ZNTA0BgNVHREELTArggtzYW1sdGVz 67 | dC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lkcDANBgkqhkiG9w0BAQsF 68 | AAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3YaMb2RSn 69 | 7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHT 70 | TNiLArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nbl 71 | D1JJKSQ3AdhxK/weP3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcU 72 | ZOpx4swtgGdeoSpeRyrtMvRwdcciNBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu 73 | 3kXPjhSfj1AJGR1l9JGvJrHki1iHTA== 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | MIIDEjCCAfqgAwIBAgIVAPVbodo8Su7/BaHXUHykx0Pi5CFaMA0GCSqGSIb3DQEB 84 | CwUAMBYxFDASBgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4 85 | MDgyNDIxMTQwOVowFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3 86 | DQEBAQUAA4IBDwAwggEKAoIBAQCQb+1a7uDdTTBBFfwOUun3IQ9nEuKM98SmJDWa 87 | MwM877elswKUTIBVh5gB2RIXAPZt7J/KGqypmgw9UNXFnoslpeZbA9fcAqqu28Z4 88 | sSb2YSajV1ZgEYPUKvXwQEmLWN6aDhkn8HnEZNrmeXihTFdyr7wjsLj0JpQ+VUlc 89 | 4/J+hNuU7rGYZ1rKY8AA34qDVd4DiJ+DXW2PESfOu8lJSOteEaNtbmnvH8KlwkDs 90 | 1NvPTsI0W/m4SK0UdXo6LLaV8saIpJfnkVC/FwpBolBrRC/Em64UlBsRZm2T89ca 91 | uzDee2yPUvbBd5kLErw+sC7i4xXa2rGmsQLYcBPhsRwnmBmlAgMBAAGjVzBVMB0G 92 | A1UdDgQWBBRZ3exEu6rCwRe5C7f5QrPcAKRPUjA0BgNVHREELTArggtzYW1sdGVz 93 | dC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lkcDANBgkqhkiG9w0BAQsF 94 | AAOCAQEABZDFRNtcbvIRmblnZItoWCFhVUlq81ceSQddLYs8DqK340//hWNAbYdj 95 | WcP85HhIZnrw6NGCO4bUipxZXhiqTA/A9d1BUll0vYB8qckYDEdPDduYCOYemKkD 96 | dmnHMQWs9Y6zWiYuNKEJ9mf3+1N8knN/PK0TYVjVjXAf2CnOETDbLtlj6Nqb8La3 97 | sQkYmU+aUdopbjd5JFFwbZRaj6KiHXHtnIRgu8sUXNPrgipUgZUOVhP0C0N5OfE4 98 | JW8ZBrKgQC/6vJ2rSa9TlzI6JAa5Ww7gMXMP9M+cJUNQklcq+SBnTK8G+uBHgPKR 99 | zBDsMIEzRtQZm4GIoHJae4zmnCekkQ== 100 | 101 | 102 | 103 | 104 | 105 | 106 | 108 | 109 | 110 | 111 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | SAMLtest SP 161 | A free and basic SP for testing SAML deployments 162 | https://samltest.id/saml/logo.png 163 | 164 | 165 | 166 | 170 | 171 | 172 | 173 | 174 | MIIERTCCAq2gAwIBAgIJAKmtzjCD1+tqMA0GCSqGSIb3DQEBCwUAMDUxMzAxBgNV 175 | BAMTKmlwLTE3Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDAe 176 | Fw0xODA4MTgyMzI0MjNaFw0yODA4MTUyMzI0MjNaMDUxMzAxBgNVBAMTKmlwLTE3 177 | Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDCCAaIwDQYJKoZI 178 | hvcNAQEBBQADggGPADCCAYoCggGBALhUlY3SkIOze+l8y6dBzM6p7B8OykJWlwiz 179 | szU16Lih8D7KLhNJfahoVxbPxB3YFM/81PJLOeK2krvJ5zY6CJyQY3sPQAkZKI7I 180 | 8qq9lmZ2g4QPqybNstXS6YUXJNUt/ixbbK/N97+LKTiSutbD1J7AoFnouMuLjlhN 181 | 5VRZ43jez4xLSHVZaYuUFKn01Y9oLKbj46LQnZnJCAGpTgPqEQJr6GpVGw43bKyU 182 | pGoaPrdDRgRgtPMUWgFDkgcI3QiV1lsKfBs1t1E2UA7ACFnlJZpEuBtwgivzo3Ve 183 | itiSaF3Jxh25EY5/vABpcgQQRz3RH2l8MMKdRsxb8VT3yh2S+CX55s+cN67LiCPr 184 | 6f2u+KS1iKfB9mWN6o2S4lcmo82HIBbsuXJV0oA1HrGMyyc4Y9nng/I8iuAp8or1 185 | JrWRHQ+8NzO85DWK0rtvtLPxkvw0HK32glyuOP/9F05Z7+tiVIgn67buC0EdoUm1 186 | RSpibqmB1ST2PikslOlVbJuy4Ah93wIDAQABo1gwVjA1BgNVHREELjAsgippcC0x 187 | NzItMzEtMjgtNjQudXMtd2VzdC0yLmNvbXB1dGUuaW50ZXJuYWwwHQYDVR0OBBYE 188 | FAdsTxYfulJ5yunYtgYJHC9IcevzMA0GCSqGSIb3DQEBCwUAA4IBgQB3J6i7Krei 189 | HL8NPMglfWLHk1PZOgvIEEpKL+GRebvcbyqgcuc3VVPylq70VvGqhJxp1q/mzLfr 190 | aUiypzfWFGm9zfwIg0H5TqRZYEPTvgIhIICjaDWRwZBDJG8D5G/KoV60DlUG0crP 191 | BlIuCCr/SRa5ZoDQqvucTfr3Rx4Ha6koXFSjoSXllR+jn4GnInhm/WH137a+v35P 192 | UcffNxfuehoGn6i4YeXF3cwJK4e35cOFW+dLbnaLk+Ty7HOGvpw86h979C6mJ9qE 193 | HYgq9rQyzlSPbLZGZSgVcIezunOaOsWm81BsXRNNJjzHGCqKf8RMhd8oZP55+2/S 194 | VRBwnkGyUNCuDPrJcymC95ZT2NW/KeWkz28HF2i31xQmecT2r3lQRSM8acvOXQsN 195 | EDCDvJvCzJT9c2AnsnO24r6arPXs/UWAxOI+MjclXPLkLD6uTHV+Oo8XZ7bOjegD 196 | 5hL6/bKUWnNMurQNGrmi/jvqsCFLDKftl7ajuxKjtodnSuwhoY7NQy8= 197 | 198 | 199 | 200 | 201 | 204 | 205 | 206 | 207 | 208 | MIIERTCCAq2gAwIBAgIJAKGA/tV7hXUvMA0GCSqGSIb3DQEBCwUAMDUxMzAxBgNV 209 | BAMTKmlwLTE3Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDAe 210 | Fw0xODA4MTgyMzI0MjVaFw0yODA4MTUyMzI0MjVaMDUxMzAxBgNVBAMTKmlwLTE3 211 | Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDCCAaIwDQYJKoZI 212 | hvcNAQEBBQADggGPADCCAYoCggGBANoi7TtbPz5DD5b+pGj2bWHUWcOm135Dl+kf 213 | KWcJV6x4Z4VRMa33nwSfFg6U0DhPaA6rYr8BfcmCIY4V4cGlJkLNsYbgbZNnrLh2 214 | 3mj7jkaUeyv/DlGtLBcqr0gP6eDtcOf3MMGAkhROcicMj6i+uF6hqLDh4eNcpqEV 215 | DVn+ADBsosIPiAx+RkcyZkfAF3UeGEV5WTSiQw7qYpI7x+c4ViiBzV4waBgXjvNN 216 | 72Dqlc01AylpmMKaUPfxIpPC+Ctr0bHu5xn7NxMS8Zt5NDWsP9T15qrpYatW68sX 217 | VyE5nJRYpiRiRbo8i7QpUEya+TkXEI8PVD3KBw9UwhqL8qPPe0T+EeaawF6BVRTE 218 | Pc+Mn4lGBr4cCFcGk/PLHeyksgPdjNmO1g7y5TWQzu21WzkXRTWJq7wGwWeW6Nrc 219 | NqweYPLbXEo0JlmHqunkUs+NsLQAFqSPX02P2xzkA/eOU2o/jN4jAPNpzqxJouvm 220 | iWGXl8Qy4U7vQZ0tGvlTDSltATOQ/QIDAQABo1gwVjA1BgNVHREELjAsgippcC0x 221 | NzItMzEtMjgtNjQudXMtd2VzdC0yLmNvbXB1dGUuaW50ZXJuYWwwHQYDVR0OBBYE 222 | FBBtS9YNKSIwViH37GJCTxjNBzLAMA0GCSqGSIb3DQEBCwUAA4IBgQDWXcaI7zMn 223 | hGsLVTUA6dgzZCa88QkN/Z6n7lCY2oaKj1neBAWA1Mxg7GBJsmLOrHN8ie0D/uKA 224 | F+7NqKCXYqd0PpTX7c1NICL92DvbugG/Ow50j5Dw6rU4Y8dPS7Y/T1ddbT2F9/5l 225 | HCIWP/O2E9HREJ0JAIbu/Mi0CE1qui2aSJMDWKuiGK63M/7fvP51m6xSJOfZBhmj 226 | gllIwEhIzfh4hVPhH0C7iqVls34UyLCZ8IZOCuGPJyTaJN6Pi3Uo1Otkz/1igN5M 227 | pQhVaeYG7SMgha6skTLrVXTt4CuMVsOZ6cG3kHqw8XZoRld+I50iyHqansf5qwzm 228 | NoPeXyjGRFQzV/EH3SUu8eAISTt9pfirwjKsVNHrmMRnQEB/hJYYbTWSsvdS8ghw 229 | 7a/A0EKQPVaZGCP/hcpt9JMMb66y2L8VgBbb6aTsR+Uabf6aiMnj1UBMUz9yaMka 230 | kKM7e66uHdXUDZ/s8F5rPOGCK+O8O6EsLRf8XetRWLa1TXRDkJZVPX4= 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | -------------------------------------------------------------------------------- /src/main/resources/testshib-providers.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 26 | 27 | testshib.org 28 | 29 | TestShib Test IdP 30 | TestShib IdP. Use this as a source of attributes 31 | for your test SP. 32 | https://www.testshib.org/testshibtwo.jpg 34 | 35 | 36 | 37 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEB 82 | CwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0 83 | WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIB 84 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryh 85 | m3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEm 86 | lGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBn 87 | xoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB 88 | 3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTH 89 | ot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQID 90 | AQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQw 91 | EoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzR 92 | OZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QP 93 | dRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS 94 | 80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOT 95 | MVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhO 96 | RkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqX 97 | MLRKhDgdmA== 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 112 | 115 | 116 | urn:mace:shibboleth:1.0:nameIdentifier 117 | urn:oasis:names:tc:SAML:2.0:nameid-format:transient 118 | 119 | 121 | 123 | 125 | 127 | 128 | 129 | 130 | 132 | 133 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | MIIDAzCCAeugAwIBAgIVAPX0G6LuoXnKS0Muei006mVSBXbvMA0GCSqGSIb3DQEB 178 | CwUAMBsxGTAXBgNVBAMMEGlkcC50ZXN0c2hpYi5vcmcwHhcNMTYwODIzMjEyMDU0 179 | WhcNMzYwODIzMjEyMDU0WjAbMRkwFwYDVQQDDBBpZHAudGVzdHNoaWIub3JnMIIB 180 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9C4J2DiRTEhJAWzPt1S3ryh 181 | m3M2P3hPpwJwvt2q948vdTUxhhvNMuc3M3S4WNh6JYBs53R+YmjqJAII4ShMGNEm 182 | lGnSVfHorex7IxikpuDPKV3SNf28mCAZbQrX+hWA+ann/uifVzqXktOjs6DdzdBn 183 | xoVhniXgC8WCJwKcx6JO/hHsH1rG/0DSDeZFpTTcZHj4S9MlLNUtt5JxRzV/MmmB 184 | 3ObaX0CMqsSWUOQeE4nylSlp5RWHCnx70cs9kwz5WrflnbnzCeHU2sdbNotBEeTH 185 | ot6a2cj/pXlRJIgPsrL/4VSicPZcGYMJMPoLTJ8mdy6mpR6nbCmP7dVbCIm/DQID 186 | AQABoz4wPDAdBgNVHQ4EFgQUUfaDa2mPi24x09yWp1OFXmZ2GPswGwYDVR0RBBQw 187 | EoIQaWRwLnRlc3RzaGliLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEASKKgqTxhqBzR 188 | OZ1eVy++si+eTTUQZU4+8UywSKLia2RattaAPMAcXUjO+3cYOQXLVASdlJtt+8QP 189 | dRkfp8SiJemHPXC8BES83pogJPYEGJsKo19l4XFJHPnPy+Dsn3mlJyOfAa8RyWBS 190 | 80u5lrvAcr2TJXt9fXgkYs7BOCigxtZoR8flceGRlAZ4p5FPPxQR6NDYb645jtOT 191 | MVr3zgfjP6Wh2dt+2p04LG7ENJn8/gEwtXVuXCsPoSCDx9Y0QmyXTJNdV1aB0AhO 192 | RkWPlFYwp+zOyOIR+3m1+pqWFpn0eT/HrxpdKa74FA3R2kq4R7dXe4G0kUgXTdqX 193 | MLRKhDgdmA== 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 207 | 209 | 210 | urn:mace:shibboleth:1.0:nameIdentifier 211 | urn:oasis:names:tc:SAML:2.0:nameid-format:transient 212 | 213 | 214 | 215 | 216 | TestShib Two Identity Provider 217 | TestShib Two 218 | http://www.testshib.org/testshib-two/ 219 | 220 | 221 | Nate 222 | Klingenstein 223 | ndk@internet2.edu 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 247 | 248 | 249 | 250 | 251 | 252 | 253 | 254 | 256 | 257 | 258 | 259 | 260 | 261 | 262 | TestShib Test SP 263 | TestShib SP. Log into this to test your machine. 264 | Once logged in check that all attributes that you expected have been 265 | released. 266 | https://www.testshib.org/testshibtwo.jpg 267 | 268 | 269 | 270 | 271 | 272 | 273 | 274 | MIIEPjCCAyagAwIBAgIBADANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEV 275 | MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYD 276 | VQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0 277 | c2hpYi5vcmcwHhcNMDYwODMwMjEyNDM5WhcNMTYwODI3MjEyNDM5WjB3MQswCQYD 278 | VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1 279 | cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQD 280 | Ew9zcC50ZXN0c2hpYi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB 281 | AQDJyR6ZP6MXkQ9z6RRziT0AuCabDd3x1m7nLO9ZRPbr0v1LsU+nnC363jO8nGEq 282 | sqkgiZ/bSsO5lvjEt4ehff57ERio2Qk9cYw8XCgmYccVXKH9M+QVO1MQwErNobWb 283 | AjiVkuhWcwLWQwTDBowfKXI87SA7KR7sFUymNx5z1aoRvk3GM++tiPY6u4shy8c7 284 | vpWbVfisfTfvef/y+galxjPUQYHmegu7vCbjYP3On0V7/Ivzr+r2aPhp8egxt00Q 285 | XpilNai12LBYV3Nv/lMsUzBeB7+CdXRVjZOHGuQ8mGqEbsj8MBXvcxIKbcpeK5Zi 286 | JCVXPfarzuriM1G5y5QkKW+LAgMBAAGjgdQwgdEwHQYDVR0OBBYEFKB6wPDxwYrY 287 | StNjU5P4b4AjBVQVMIGhBgNVHSMEgZkwgZaAFKB6wPDxwYrYStNjU5P4b4AjBVQV 288 | oXukeTB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYD 289 | VQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3Zp 290 | ZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN 291 | BgkqhkiG9w0BAQUFAAOCAQEAc06Kgt7ZP6g2TIZgMbFxg6vKwvDL0+2dzF11Onpl 292 | 5sbtkPaNIcj24lQ4vajCrrGKdzHXo9m54BzrdRJ7xDYtw0dbu37l1IZVmiZr12eE 293 | Iay/5YMU+aWP1z70h867ZQ7/7Y4HW345rdiS6EW663oH732wSYNt9kr7/0Uer3KD 294 | 9CuPuOidBacospDaFyfsaJruE99Kd6Eu/w5KLAGG+m0iqENCziDGzVA47TngKz2v 295 | PVA+aokoOyoz3b53qeti77ijatSEoKjxheBWpO+eoJeGq/e49Um3M2ogIX/JAlMa 296 | Inh+vYSYngQB2sx9LGkR9KHaMKNIGCDehk93Xla4pWJx1w== 297 | 298 | 299 | 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | 312 | 313 | 315 | 317 | 319 | 321 | 322 | 323 | 324 | urn:oasis:names:tc:SAML:2.0:nameid-format:transient 325 | urn:mace:shibboleth:1.0:nameIdentifier 326 | 327 | 333 | 334 | 337 | 340 | 343 | 346 | 349 | 352 | 353 | 354 | 355 | 358 | 361 | 362 | 363 | 364 | 365 | 366 | TestShib Two Service Provider 367 | TestShib Two 368 | http://www.testshib.org/testshib-two/ 369 | 370 | 371 | Nate 372 | Klingenstein 373 | ndk@internet2.edu 374 | 375 | 376 | 377 | 378 | 379 | 380 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | jee-pac4j-demo 7 | 8 | 9 | 10 | 11 | org.pac4j.demo.jee.MySessionListener 12 | 13 | 14 | 15 | org.springframework.web.context.ContextLoaderListener 16 | 17 | 18 | contextConfigLocation 19 | classpath:application-context.xml 20 | 21 | 22 | 23 | indexFilter 24 | org.pac4j.jee.filter.SecurityFilter 25 | 26 | clients 27 | AnonymousClient 28 | 29 | 30 | 31 | indexFilter 32 | / 33 | REQUEST 34 | 35 | 36 | indexFilter 37 | /index.jsp 38 | REQUEST 39 | 40 | 41 | 42 | mustBeAnonFilter 43 | org.pac4j.jee.filter.SecurityFilter 44 | 45 | clients 46 | AnonymousClient 47 | 48 | 49 | authorizers 50 | mustBeAnon 51 | 52 | 53 | 54 | mustBeAnonFilter 55 | /loginForm.jsp 56 | REQUEST 57 | 58 | 59 | 63 | 64 | callbackFilter 65 | org.pac4j.jee.filter.CallbackFilter 66 | 67 | defaultUrl 68 | / 69 | 70 | 71 | renewSession 72 | true 73 | 74 | 75 | 76 | callbackFilter 77 | /callback 78 | REQUEST 79 | 80 | 81 | 82 | JwtParameterFilter 83 | org.pac4j.jee.filter.SecurityFilter 84 | 85 | configFactory 86 | org.pac4j.demo.jee.DemoConfigFactory 87 | 88 | 89 | clients 90 | ParameterClient 91 | 92 | 93 | 94 | JwtParameterFilter 95 | /rest-jwt/* 96 | REQUEST 97 | 98 | 99 | 100 | DirectBasicAuthFilter 101 | org.pac4j.jee.filter.SecurityFilter 102 | 103 | clients 104 | DirectBasicAuthClient,ParameterClient 105 | 106 | 107 | 108 | DirectBasicAuthFilter 109 | /dba/* 110 | REQUEST 111 | 112 | 113 | 114 | OidcFilter 115 | org.pac4j.jee.filter.SecurityFilter 116 | 117 | clients 118 | GoogleOidcClient 119 | 120 | 121 | 122 | OidcFilter 123 | /oidc/* 124 | REQUEST 125 | 126 | 127 | 128 | ForceLoginFilter 129 | org.pac4j.demo.jee.ForceLoginFilter 130 | 131 | 132 | ForceLoginFilter 133 | /forceLogin 134 | REQUEST 135 | 136 | 137 | 138 | Saml2Filter 139 | org.pac4j.jee.filter.SecurityFilter 140 | 141 | clients 142 | SAML2Client 143 | 144 | 145 | 146 | Saml2Filter 147 | /saml2/* 148 | REQUEST 149 | 150 | 151 | Saml2MetadataFilter 152 | org.pac4j.jee.saml.metadata.Saml2MetadataFilter 153 | 154 | clientName 155 | SAML2Client 156 | 157 | 158 | 159 | Saml2MetadataFilter 160 | /saml2-metadata 161 | REQUEST 162 | 163 | 164 | 165 | FacebookFilter 166 | org.pac4j.jee.filter.SecurityFilter 167 | 168 | clients 169 | FacebookClient 170 | 171 | 172 | matchers 173 | excludedPath 174 | 175 | 176 | 177 | FacebookFilter 178 | /facebook/* 179 | REQUEST 180 | 181 | 182 | 183 | PostFilter 184 | org.pac4j.jee.filter.SecurityFilter 185 | 186 | clients 187 | FormClient 188 | 189 | 190 | 191 | PostFilter 192 | /post/* 193 | REQUEST 194 | 195 | 196 | 197 | ProtectedFilter 198 | org.pac4j.jee.filter.SecurityFilter 199 | 200 | 201 | ProtectedFilter 202 | /protected/* 203 | REQUEST 204 | 205 | 206 | 207 | FacebookAdminFilter 208 | org.pac4j.jee.filter.SecurityFilter 209 | 210 | clients 211 | FacebookClient 212 | 213 | 214 | authorizers 215 | admin 216 | 217 | 218 | 219 | FacebookAdminFilter 220 | /facebookadmin/* 221 | REQUEST 222 | 223 | 224 | 228 | 229 | facebookCustomFilter 230 | org.pac4j.jee.filter.SecurityFilter 231 | 232 | clients 233 | FacebookClient 234 | 235 | 236 | authorizers 237 | custom 238 | 239 | 240 | 241 | facebookCustomFilter 242 | /facebookcustom/* 243 | REQUEST 244 | 245 | 246 | 247 | TwitterFilter 248 | org.pac4j.jee.filter.SecurityFilter 249 | 250 | clients 251 | TwitterClient,FacebookClient 252 | 253 | 254 | 255 | TwitterFilter 256 | /twitter/* 257 | REQUEST 258 | 259 | 260 | 261 | FormFilter 262 | org.pac4j.jee.filter.SecurityFilter 263 | 264 | clients 265 | FormClient 266 | 267 | 268 | 269 | FormFilter 270 | /form/* 271 | REQUEST 272 | 273 | 274 | 275 | IndirectBasicAuthFilter 276 | org.pac4j.jee.filter.SecurityFilter 277 | 278 | clients 279 | IndirectBasicAuthClient 280 | 281 | 282 | 283 | IndirectBasicAuthFilter 284 | /basicauth/* 285 | REQUEST 286 | 287 | 288 | 289 | CasFilter 290 | org.pac4j.jee.filter.SecurityFilter 291 | 292 | clients 293 | CasClient 294 | 295 | 296 | 297 | CasFilter 298 | /cas/* 299 | REQUEST 300 | 301 | 302 | 303 | StravaFilter 304 | org.pac4j.jee.filter.SecurityFilter 305 | 306 | clients 307 | StravaClient 308 | 309 | 310 | 311 | StravaFilter 312 | /strava/* 313 | REQUEST 314 | 315 | 316 | 317 | mustBeAuthFilter 318 | org.pac4j.jee.filter.SecurityFilter 319 | 320 | clients 321 | AnonymousClient 322 | 323 | 324 | authorizers 325 | mustBeAuth 326 | 327 | 328 | 329 | mustBeAuthFilter 330 | /logout 331 | REQUEST 332 | 333 | 334 | 335 | logoutFilter 336 | org.pac4j.jee.filter.LogoutFilter 337 | 338 | defaultUrl 339 | /?defaulturlafterlogout 340 | 341 | 342 | destroySession 343 | true 344 | 345 | 346 | 347 | logoutFilter 348 | /logout 349 | REQUEST 350 | 351 | 352 | 353 | centralLogoutFilter 354 | org.pac4j.jee.filter.LogoutFilter 355 | 356 | defaultUrl 357 | http://localhost:8080/?defaulturlafterlogoutafteridp 358 | 359 | 360 | localLogout 361 | false 362 | 363 | 364 | centralLogout 365 | true 366 | 367 | 368 | logoutUrlPattern 369 | http://localhost:8080/.* 370 | 371 | 372 | 373 | centralLogoutFilter 374 | /centralLogout 375 | REQUEST 376 | 377 | 378 | 379 | 401 380 | /error401.jsp 381 | 382 | 383 | 384 | 403 385 | /error403.jsp 386 | 387 | 388 | 389 | 500 390 | /error500.jsp 391 | 392 | 393 | 394 | java.lang.Exception 395 | /error500.jsp 396 | 397 | 398 | 399 | -------------------------------------------------------------------------------- /src/main/webapp/basicauth/index.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | <%@page import="org.pac4j.core.profile.ProfileManager"%> 3 | <%@ page import="org.pac4j.jee.context.JEEContext" %> 4 | <%@ page import="org.pac4j.jee.context.session.JEESessionStore" %> 5 |

protected area

9 | Back
10 |

11 | <% 12 | JEEContext context = new JEEContext(request, response); 13 | ProfileManager manager = new ProfileManager(context, new JEESessionStore()); 14 | Optional optProfile = manager.getProfile(); 15 | String pt = null; 16 | if (optProfile.isPresent()) { 17 | UserProfile profile = optProfile.get(); 18 | if (profile instanceof CasProxyProfile) { 19 | CasProxyProfile casProxyProfile = (CasProxyProfile) profile; 20 | pt = casProxyProfile.getProxyTicketFor("http://test"); 21 | } 22 | } 23 | %> 24 | profiles: <%=manager.getProfiles()%>
25 | proxy ticket: <%=pt%> 26 | -------------------------------------------------------------------------------- /src/main/webapp/dba/index.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | <%@page import="org.pac4j.core.profile.ProfileManager"%> 3 | <%@ page import="org.pac4j.jee.context.JEEContext" %> 4 | <%@ page import="org.pac4j.jee.context.session.JEESessionStore" %> 5 |

protected area

unauthorized

5 |
6 | Home 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/main/webapp/error403.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | 3 | 4 |

forbidden

5 |
6 | Home 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/main/webapp/error500.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | 3 | 4 |

internal error

5 |
6 | Home 7 | 8 | 9 | -------------------------------------------------------------------------------- /src/main/webapp/facebook/index.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | <%@page import="org.pac4j.core.profile.ProfileManager"%> 3 | <%@ page import="org.pac4j.jee.context.JEEContext" %> 4 | <%@ page import="org.pac4j.jee.context.session.JEESessionStore" %> 5 |

protected area

Not protected page

protected area

6 | Back
7 |

8 | <% 9 | JEEContext context = new JEEContext(request, response); 10 | ProfileManager manager = new ProfileManager(context, new JEESessionStore()); 11 | %> 12 | profiles: <%=manager.getProfiles()%>
13 | -------------------------------------------------------------------------------- /src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /src/main/webapp/index.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> 3 | <%@ page import="org.pac4j.jee.context.JEEContext" %> 4 | <%@ page import="org.pac4j.core.profile.ProfileManager" %> 5 | <%@ page import="org.pac4j.core.util.Pac4jConstants" %> 6 | <%@ page import="org.pac4j.jee.context.session.JEESessionStore" %> 7 | <% 8 | JEEContext context = new JEEContext(request, response); 9 | ProfileManager manager = new ProfileManager(context, new JEESessionStore()); 10 | String sessionId = null; 11 | HttpSession httpSession = request.getSession(false); 12 | if (httpSession != null) { 13 | sessionId = httpSession.getId(); 14 | } 15 | %> 16 |

index

17 | Protected url by Facebook: facebook/index.jsp (use a real account)
18 | Not protected page: facebook/notprotected.jsp (no authentication required)
19 | Protected url by Facebook with ROLE_ADMIN: facebookadmin/index.jsp (use a real account)
20 | Protected url by Facebook with custom authorizer (= must be a CommonProfile where the username starts with "jle"): facebookcustom/index.jsp (login with form or basic authentication before with jle* username)
21 | Protected url by Twitter: twitter/index.jsp or by Facebook: twitter/index.jsp?force_client=FacebookClient (use a real account)
22 | Protected url by form authentication: form/index.jsp (use login = pwd)
23 | Protected url by indirect basic auth: basicauth/index.jsp (use login = pwd)
24 | Protected url by CAS: cas/index.jsp (use login = pwd)
25 | Protected url by SAML2: saml2/index.jsp (use one of test accounts listed on IDP)
26 | Protected url by Google OpenID Connect: oidc/index.jsp (use a real account)
27 | Protected url by Strava: strava/index.jsp (use a real account)
28 | Protected url: protected/index.jsp (won't start any login process)
29 |
30 | Generate a JWT token (after being authenticated)
31 | Protected url by DirectBasicAuthClient: /dba/index.jsp (POST the Authorization header with value: Basic amxlbGV1OmpsZWxldQ==) then by ParameterClient: /dba/index.jsp (with request parameter: token=jwt_generated_token)
32 | Protected url by ParameterClient: /rest-jwt/index.jsp (with request parameter: token=jwt_generated_token)
33 |
34 | Force Facebook login (even if already authenticated)
35 |
36 | 41 | ">local logout 42 |

43 | ">central logout 44 |

45 | profiles: <%=manager.getProfiles()%>
46 |
47 | sessionId: <%=sessionId%> 48 | -------------------------------------------------------------------------------- /src/main/webapp/jwt.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | <%@page import="org.pac4j.core.profile.ProfileManager"%> 3 | <%@ page import="org.pac4j.jee.context.JEEContext" %> 4 | <%@ page import="org.pac4j.jwt.profile.JwtGenerator" %> 5 | <%@ page import="org.pac4j.demo.jee.Constants" %> 6 | <%@ page import="java.util.Optional" %> 7 | <%@ page import="org.pac4j.jwt.config.signature.SecretSignatureConfiguration" %> 8 | <%@ page import="org.pac4j.core.profile.UserProfile" %> 9 | <%@ page import="org.pac4j.jee.context.session.JEESessionStore" %> 10 |

Generate JWT token

11 | Back
12 |

13 | <% 14 | JEEContext context = new JEEContext(request, response); 15 | ProfileManager manager = new ProfileManager(context, new JEESessionStore()); 16 | Optional profile = manager.getProfile(); 17 | JwtGenerator generator = new JwtGenerator(new SecretSignatureConfiguration(Constants.JWT_SALT)); 18 | String token = ""; 19 | if (profile.isPresent()) { 20 | token = generator.generate(profile.get()); 21 | } 22 | %> 23 | token: <%=token%>
24 | -------------------------------------------------------------------------------- /src/main/webapp/loginForm.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | <%@page import="org.pac4j.core.config.*"%> 3 | <%@ page import="org.pac4j.http.client.indirect.FormClient" %> 4 | <%@ page import="org.pac4j.demo.jee.DemoConfigFactory" %> 5 | <% 6 | FormClient formClient = (FormClient) DemoConfigFactory.CONFIG_INSTANCE.getClients().findClient("FormClient").get(); 7 | %> 8 | 15 | -------------------------------------------------------------------------------- /src/main/webapp/oidc/index.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | <%@page import="org.pac4j.core.profile.ProfileManager"%> 3 | <%@ page import="org.pac4j.jee.context.JEEContext" %> 4 | <%@ page import="org.pac4j.jee.context.session.JEESessionStore" %> 5 |

protected area

6 | Back
7 |

8 | <% 9 | JEEContext context = new JEEContext(request, response); 10 | ProfileManager manager = new ProfileManager(context, new JEESessionStore()); 11 | %> 12 | profiles: <%=manager.getProfiles()%>
13 |
14 | data1: <%=request.getParameter("data1")%>
15 | data2: <%=request.getParameter("data2")%>
16 | -------------------------------------------------------------------------------- /src/main/webapp/protected/index.jsp: -------------------------------------------------------------------------------- 1 | <%@page session="false" %> 2 | <%@page import="org.pac4j.core.profile.ProfileManager"%> 3 | <%@ page import="org.pac4j.jee.context.JEEContext" %> 4 | <%@ page import="org.pac4j.jee.context.session.JEESessionStore" %> 5 |