├── .travis.yml
├── src
    ├── main
    │   ├── resources
    │   │   ├── samlKeystore.jks
    │   │   ├── logback.xml
    │   │   ├── metadata-okta.xml
    │   │   └── testshib-providers.xml
    │   ├── templates
    │   │   ├── error403.html
    │   │   ├── error404.html
    │   │   ├── jwt.html
    │   │   ├── error401.html
    │   │   ├── error500.html
    │   │   ├── protectedIndex.html
    │   │   ├── loginForm.html
    │   │   └── index.html
    │   └── java
    │   │   └── org
    │   │       └── pac4j
    │   │           └── demo
    │   │               └── ratpack
    │   │                   ├── Template.java
    │   │                   ├── TemplateRenderer.java
    │   │                   └── RatpackPac4jDemo.java
    └── test
    │   └── java
    │       └── org
    │           └── pac4j
    │               └── demo
    │                   └── ratpack
    │                       └── RatpackTest.java
├── .gitignore
├── renovate.json
├── .editorconfig
├── README.md
├── .github
    └── workflows
    │   └── build-and-test.yml
├── pom.xml
└── ci
    └── run_and_check.sh


/.travis.yml:
--------------------------------------------------------------------------------
1 | language: java
2 | 
3 | sudo: false
4 | 
5 | jdk:
6 |   - oraclejdk8
7 | 


--------------------------------------------------------------------------------
/src/main/resources/samlKeystore.jks:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pac4j/ratpack-pac4j-demo/HEAD/src/main/resources/samlKeystore.jks


--------------------------------------------------------------------------------
/src/main/templates/error403.html:
--------------------------------------------------------------------------------
1 | <html>
2 | <body>
3 | <h1>forbidden</h1>
4 | <br />
5 | <a href="/">Home</a>
6 | </body>
7 | </html>
8 | 


--------------------------------------------------------------------------------
/src/main/templates/error404.html:
--------------------------------------------------------------------------------
1 | <html>
2 | <body>
3 | <h1>not found</h1>
4 | <br />
5 | <a href="/">Home</a>
6 | </body>
7 | </html>
8 | 


--------------------------------------------------------------------------------
/src/main/templates/jwt.html:
--------------------------------------------------------------------------------
1 | <h1>Generate JWT token</h1>
2 | <a href="..">Back</a><br />
3 | <br /><br />
4 | token: ${model.token}
5 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | .classpath
 2 | .project
 3 | .settings/
 4 | target/
 5 | test-output/
 6 | bin/
 7 | .idea
 8 | *.iml
 9 | sp-metadata*.xml
10 | 


--------------------------------------------------------------------------------
/src/main/templates/error401.html:
--------------------------------------------------------------------------------
1 | <html>
2 | <body>
3 | <h1>unauthorized</h1>
4 | <br />
5 | <a href="/">Home</a>
6 | </body>
7 | </html>
8 | 


--------------------------------------------------------------------------------
/src/main/templates/error500.html:
--------------------------------------------------------------------------------
1 | <html>
2 | <body>
3 | <h1>internal error</h1>
4 | <br />
5 | <a href="/">Home</a>
6 | </body>
7 | </html>
8 | 


--------------------------------------------------------------------------------
/src/main/templates/protectedIndex.html:
--------------------------------------------------------------------------------
1 | <h1>protected area</h1>
2 | <a href="..">Back</a><br />
3 | <br /><br />
4 | profile : ${model.profile}<br />
5 | 


--------------------------------------------------------------------------------
/renovate.json:
--------------------------------------------------------------------------------
1 | {
2 |     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
3 |     "extends": [
4 |         "local>pac4j/renovate-config"
5 |     ]
6 | }
7 | 


--------------------------------------------------------------------------------
/src/main/java/org/pac4j/demo/ratpack/Template.java:
--------------------------------------------------------------------------------
1 | package org.pac4j.demo.ratpack;
2 | 
3 | import java.util.Map;
4 | 
5 | public record Template(String id, Map<String, ?> model) {
6 | 
7 | }
8 | 


--------------------------------------------------------------------------------
/src/main/templates/loginForm.html:
--------------------------------------------------------------------------------
1 | <form action="${model.callbackUrl}" method="POST">
2 | 	<input type="text" name="username" value="" />
3 | 	<p />
4 | 	<input type="password" name="password" value="" />
5 | 	<p />
6 | 	<input type="submit" name="submit" value="Submit" />
7 | </form>
8 | 


--------------------------------------------------------------------------------
/src/main/resources/logback.xml:
--------------------------------------------------------------------------------
 1 | <configuration>
 2 | 
 3 |   <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
 4 |     <encoder>
 5 |       <pattern>RATPACK PAC4J DEMO %d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
 6 |     </encoder>
 7 |   </appender>
 8 | 
 9 |   <!--logger name="org.pac4j" level="DEBUG" /-->
10 |   <logger name="ratpack.pac4j" level="DEBUG" />
11 | 
12 |   <root level="INFO">
13 |     <appender-ref ref="STDOUT" />
14 |   </root>
15 | </configuration>
16 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | # EditorConfig helps developers define and maintain consistent
 2 | # coding styles between different editors and IDEs
 3 | # editorconfig.org
 4 | 
 5 | root = true
 6 | 
 7 | [*]
 8 | # Change these settings to your own preference
 9 | indent_style = space
10 | indent_size = 4
11 | 
12 | # We recommend you to keep these unchanged
13 | end_of_line = lf
14 | charset = utf-8
15 | trim_trailing_whitespace = true
16 | insert_final_newline = true
17 | 
18 | [*.md]
19 | trim_trailing_whitespace = false
20 | indent_style = space
21 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | <p align="center">
 2 |   <img src="https://pac4j.github.io/pac4j/img/logo-ratpack.png" width="300" />
 3 | </p>
 4 | 
 5 | This `ratpack-pac4j-demo` project is a Ratpack web application to test the [ratpack-pac4j](https://github.com/ratpack/ratpack/tree/master/ratpack-pac4j) security module with various authentication mechanisms: Facebook, Twitter, form, basic auth, CAS, SAML, OpenID Connect, JWT...
 6 | 
 7 | ## Start & test
 8 | 
 9 | Build the project and launch the web app on [http://localhost:8080](http://localhost:8080):
10 | 
11 |     cd ratpack-pac4j-demo
12 |     mvn clean compile exec:java
13 | 
14 | To test, you can call a protected url by clicking on the "Protected url by **xxx**" link, which will start the authentication process with the **xxx** provider.
15 | 
16 | ## Automatic build [![Build Status](https://travis-ci.org/pac4j/ratpack-pac4j-demo.png?branch=master)](https://travis-ci.org/pac4j/ratpack-pac4j-demo)
17 | 


--------------------------------------------------------------------------------
/.github/workflows/build-and-test.yml:
--------------------------------------------------------------------------------
 1 | name: Build and Test
 2 | 
 3 | on:
 4 |   push:
 5 |     branches: [ main, master ]
 6 |   pull_request:
 7 |     branches: [ main, master ]
 8 | 
 9 | jobs:
10 |   build-and-test:
11 |     runs-on: ubuntu-latest
12 |     
13 |     steps:
14 |     - name: Checkout code
15 |       uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
16 |       
17 |     - name: Set up JDK 17
18 |       uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e # v5
19 |       with:
20 |         java-version: '17'
21 |         distribution: 'temurin'
22 |         
23 |     - name: Cache Maven dependencies
24 |       uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5
25 |       with:
26 |         path: ~/.m2
27 |         key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
28 |         restore-keys: ${{ runner.os }}-m2
29 |         
30 |     - name: Run build and test
31 |       run: |
32 |         cd ci
33 |         chmod +x run_and_check.sh
34 |         ./run_and_check.sh
35 |         
36 |     - name: Upload test logs
37 |       if: failure()
38 |       uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
39 |       with:
40 |         name: server-logs
41 |         path: target/server.log
42 | 


--------------------------------------------------------------------------------
/src/main/java/org/pac4j/demo/ratpack/TemplateRenderer.java:
--------------------------------------------------------------------------------
 1 | package org.pac4j.demo.ratpack;
 2 | 
 3 | import com.google.inject.Inject;
 4 | import java.nio.file.Files;
 5 | import java.util.Optional;
 6 | import java.util.regex.Pattern;
 7 | import ratpack.file.FileSystemBinding;
 8 | import ratpack.handling.Context;
 9 | import ratpack.render.Renderer;
10 | 
11 | public class TemplateRenderer implements Renderer<Template> {
12 | 
13 |   private static Pattern REGEX = Pattern.compile("\\$\\{model.(\\w+)}");
14 | 
15 |   private final FileSystemBinding fileSystemBinding;
16 | 
17 |   @Inject
18 |   TemplateRenderer(FileSystemBinding fileSystemBinding) {
19 |     this.fileSystemBinding = fileSystemBinding;
20 |   }
21 | 
22 |   @Override
23 |   public Class<Template> getType() {
24 |     return Template.class;
25 |   }
26 | 
27 |   @Override
28 |   public void render(Context context, Template template) throws Exception {
29 |     var file = context.get(FileSystemBinding.class).file("templates/" + template.id());
30 |     var text = Files.readString(file);
31 |     var templated = REGEX.matcher(text)
32 |         .replaceAll(m -> Optional.ofNullable(template.model().get(m.group(1))).map(Object::toString).orElse("null"));
33 |     context.getResponse().contentType("text/html");
34 |     context.getResponse().send(templated);
35 |   }
36 | }
37 | 


--------------------------------------------------------------------------------
/src/main/templates/index.html:
--------------------------------------------------------------------------------
 1 | <h1>index</h1>
 2 | <a href="facebook/index.html">Protected url by Facebook: facebook/index.html</a> (use a real account)<br />
 3 | <a href="facebookadmin/index.html">Protected url by Facebook with ROLE_ADMIN: facebookadmin/index.html</a> (use a real account)<br />
 4 | <a href="facebookcustom/index.html">Protected url by Facebook with custom authorizer (= must be a profile whose id starts with with "jle"): facebookcustom/index.html</a> (login with form or basic authentication before with jle* username)<br />
 5 | <a href="twitter/index.html">Protected url by Twitter: twitter/index.html</a> (use a real account)<br />
 6 | <a href="form/index.html">Protected url by form authentication: form/index.html</a> (use login = pwd)<br />
 7 | <a href="basicauth/index.html">Protected url by basic auth: basicauth/index.html</a> (use login = pwd)<br />
 8 | <a href="cas/index.html">Protected url by CAS: cas/index.html</a> (use jleleu/jleleu)<br />
 9 | <a href="saml2/index.html">Protected url by SAML: saml2/index.html</a> (use testpac4j@gmail.com/Pac4jtest)<br />
10 | <a href="oidc/index.html">Protected url by Google OpenID Connect: oidc/index.html</a> (use a real account)<br />
11 | <br />
12 | <a href="jwt.html">Generate a JWT token</a> (after being authenticated)<br />
13 | <a href="/dba/index.html">Protected url by DirectBasicAuthClient: /dba/index.jsp</a> (POST the <em>Authorization</em> header with value: <em>Basic amxlbGV1OmpsZWxldQ==</em>)<br />
14 | <a href="/rest-jwt/index.html">Protected url by ParameterClient: /rest-jwt/index.jsp</a> (with request parameter: token=<em>jwt_generated_token</em>)<br />
15 | <br />
16 | <a href="logout.html">logout</a>
17 | <br /><br />
18 | profile : ${model.profile}
19 | 


--------------------------------------------------------------------------------
/src/test/java/org/pac4j/demo/ratpack/RatpackTest.java:
--------------------------------------------------------------------------------
 1 | package org.pac4j.demo.ratpack;
 2 | 
 3 | import static org.junit.Assert.assertEquals;
 4 | import static org.junit.Assert.assertThat;
 5 | import static org.junit.matchers.JUnitMatchers.containsString;
 6 | 
 7 | import io.netty.handler.codec.http.HttpHeaderNames;
 8 | import org.junit.After;
 9 | import org.junit.Test;
10 | import ratpack.http.client.ReceivedResponse;
11 | import ratpack.test.CloseableApplicationUnderTest;
12 | import ratpack.test.MainClassApplicationUnderTest;
13 | import ratpack.test.http.TestHttpClient;
14 | 
15 | public class RatpackTest {
16 | 
17 |     private final CloseableApplicationUnderTest aut = new MainClassApplicationUnderTest(RatpackPac4jDemo.class);
18 |     private final TestHttpClient httpClient = aut.getHttpClient();
19 | 
20 |     @After
21 |     public void tearDown() throws Exception {
22 |         aut.close();
23 |     }
24 | 
25 |     @Test
26 |     public void redirectsToIndexHtml() {
27 |         final ReceivedResponse response = httpClient.get();
28 |         assertEquals(200, response.getStatusCode());
29 |         assertThat(response.getBody().getText(), containsString("<h1>index</h1>"));
30 |     }
31 | 
32 |     @Test
33 |     public void requiresFormAuth() {
34 |         ReceivedResponse response = httpClient.get("form/index.html");
35 |         assertEquals(200, response.getStatusCode());
36 |         assertThat(response.getBody().getText(), containsString("<form action=\"" + aut.getAddress() + "callback?client_name=FormClient\" method=\"POST\">"));
37 | 
38 |         response = httpClient
39 |             .requestSpec(r -> r
40 |                     .body(b -> b.text("username=foo&password=foo"))
41 |                     .headers(h -> h
42 |                             .set(HttpHeaderNames.CONTENT_TYPE, "application/x-www-form-urlencoded")
43 |                             .set(HttpHeaderNames.REFERER, aut.getAddress())
44 |                     )
45 |             )
46 |             .params(m -> m.put("client_name", "FormClient"))
47 |             .post("callback");
48 | 
49 |         assertThat(response.getBody().getText(), containsString("attributes: {username=foo}"));
50 |         assertEquals(200, response.getStatusCode());
51 |     }
52 | }
53 | 


--------------------------------------------------------------------------------
/src/main/resources/metadata-okta.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/exk5gxols9EwZuGon0h7">
 3 |     <md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
 4 |         <md:KeyDescriptor use="signing">
 5 |             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 6 |                 <ds:X509Data>
 7 |                     <ds:X509Certificate>
 8 |                         MIIDpDCCAoygAwIBAgIGAVFtfuF5MA0GCSqGSIb3DQEBBQUAMIGSMQswCQYDVQQGEwJVUzETMBEG
 9 |                         A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
10 |                         MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi00MjU5NTQxHDAaBgkqhkiG9w0BCQEW
11 |                         DWluZm9Ab2t0YS5jb20wHhcNMTUxMjA0MTQ1NTUwWhcNMjUxMjA0MTQ1NjUwWjCBkjELMAkGA1UE
12 |                         BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
13 |                         BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNDI1OTU0MRwwGgYJ
14 |                         KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
15 |                         gtbqJHZYUwLGA9zb4OX2Xdb/2+8gIx8d9g6q3INMRxoPvElh7znRHLOpL8h0iEyhMyXfmgXkJf1U
16 |                         eUOWUZa0rFIKoY0NSqCSlX44ZuseVwUsDA/vtVq/FSZ5/RAU/iMfbvWfCITVoLsjLHKr+3cnaN/0
17 |                         6coe6mOtMJGqWoN/EeH+3lwyFDuk0vbxGqlrn/aXlHLWaSyFJ4CnMU/y0gxiF7kDXFGrj44fkDV9
18 |                         MJ8k7MjM6WDC5b9eBcfjCCSSR0DZ+0XeGi8VsewRNvmmlGvMuNJJv0TaJNBtOCP4kEClHQIyaBQZ
19 |                         X3wXi9XiQNwofQTj4qoJ1fHriGVwhS7UI8Xe3wIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQB19OcZ
20 |                         j6x0wVOhjSXTPbJtC1m1E01lgk3+kHzGAk+U5JsYDhEtEOZ2cZ7XIAYjab4RcdAd4hrRbPcupfIB
21 |                         dHLBeBnWur6C7DpN1mZbfxwvDp1d60wRi1A5PmcrewoQDuQSI3zrIhb+FcqtCewl7Ku1pNX0Nng4
22 |                         NL95pwiYkOoqfoBTz1WOFq+dsAygPoyneHIARyftdbFQpHmlN+/RRudH6WqAQJ1mXYP9+8tv+yuY
23 |                         jhy0VURe5ZkFEIO3WtxFxMBj6Z8L1edngYVj3f8t8FmuFxYCqHw0Ex98XLMd0XlL06z4qmE4uJdg
24 |                         VlDGyllCF+le88VWtD7AB+QxoA/nZxMs
25 |                     </ds:X509Certificate>
26 |                 </ds:X509Data>
27 |             </ds:KeyInfo>
28 |         </md:KeyDescriptor>
29 |         <md:NameIDFormat>
30 |             urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
31 |         </md:NameIDFormat>
32 |         <md:NameIDFormat>
33 |             urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
34 |         </md:NameIDFormat>
35 |         <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://dev-425954.oktapreview.com/app/personaldev425954_pac4jdemo_1/exk5gxols9EwZuGon0h7/sso/saml"/>
36 |         <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://dev-425954.oktapreview.com/app/personaldev425954_pac4jdemo_1/exk5gxols9EwZuGon0h7/sso/saml"/>
37 |     </md:IDPSSODescriptor>
38 | </md:EntityDescriptor>
39 | 


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
  1 | <project xmlns="http://maven.apache.org/POM/4.0.0"
  2 |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  3 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  4 |     <modelVersion>4.0.0</modelVersion>
  5 |     <groupId>org.pac4j.demo</groupId>
  6 |     <artifactId>ratpack-pac4j-demo</artifactId>
  7 |     <version>4.0.0-SNAPSHOT</version>
  8 |     <packaging>jar</packaging>
  9 |     <name>ratpack-pac4j demo</name>
 10 | 
 11 |     <repositories>
 12 |         <repository>
 13 |             <id>central</id>
 14 |             <name>Maven Central</name>
 15 |             <layout>default</layout>
 16 |             <url>https://repo1.maven.org/maven2</url>
 17 |             <releases>
 18 |                 <enabled>true</enabled>
 19 |             </releases>
 20 |             <snapshots>
 21 |                 <enabled>false</enabled>
 22 |             </snapshots>
 23 |         </repository>
 24 |         <repository>
 25 |             <id>sonatype-nexus-snapshots</id>
 26 |             <name>Sonatype Nexus Snapshots</name>
 27 |             <url>https://oss.sonatype.org/content/repositories/snapshots</url>
 28 |             <releases>
 29 |                 <enabled>false</enabled>
 30 |             </releases>
 31 |             <snapshots>
 32 |                 <enabled>true</enabled>
 33 |             </snapshots>
 34 |         </repository>
 35 |     </repositories>
 36 | 
 37 |     <properties>
 38 |         <pac4jVersion>5.7.8</pac4jVersion>
 39 |         <ratpackPac4jVersion>4.0.0</ratpackPac4jVersion>
 40 |         <ratpackVersion>1.9.0</ratpackVersion>
 41 |         <java.version>17</java.version>
 42 |     </properties>
 43 | 
 44 |     <dependencies>
 45 |         <dependency>
 46 |             <groupId>org.pac4j</groupId>
 47 |             <artifactId>ratpack-pac4j</artifactId>
 48 |             <version>${ratpackPac4jVersion}</version>
 49 |         </dependency>
 50 |         <dependency>
 51 |             <groupId>io.ratpack</groupId>
 52 |             <artifactId>ratpack-test</artifactId>
 53 |             <version>${ratpackVersion}</version>
 54 |         </dependency>
 55 |         <dependency>
 56 |             <groupId>org.pac4j</groupId>
 57 |             <artifactId>pac4j-core</artifactId>
 58 |             <version>${pac4jVersion}</version>
 59 |         </dependency>
 60 |         <dependency>
 61 |             <groupId>org.pac4j</groupId>
 62 |             <artifactId>pac4j-oauth</artifactId>
 63 |             <version>${pac4jVersion}</version>
 64 |             <exclusions>
 65 |                 <exclusion>
 66 |                     <groupId>com.fasterxml.jackson.core</groupId>
 67 |                     <artifactId>jackson-databind</artifactId>
 68 |                 </exclusion>
 69 |             </exclusions>
 70 |         </dependency>
 71 |         <dependency>
 72 |             <groupId>org.pac4j</groupId>
 73 |             <artifactId>pac4j-saml</artifactId>
 74 |             <version>${pac4jVersion}</version>
 75 |             <exclusions>
 76 |                 <exclusion>
 77 |                     <groupId>com.google.guava</groupId>
 78 |                     <artifactId>guava</artifactId>
 79 |                 </exclusion>
 80 |             </exclusions>
 81 |         </dependency>
 82 |         <dependency>
 83 |             <groupId>org.pac4j</groupId>
 84 |             <artifactId>pac4j-cas</artifactId>
 85 |             <version>${pac4jVersion}</version>
 86 |         </dependency>
 87 |         <dependency>
 88 |             <groupId>org.pac4j</groupId>
 89 |             <artifactId>pac4j-http</artifactId>
 90 |             <version>${pac4jVersion}</version>
 91 |         </dependency>
 92 |         <dependency>
 93 |             <groupId>org.pac4j</groupId>
 94 |             <artifactId>pac4j-gae</artifactId>
 95 |             <version>${pac4jVersion}</version>
 96 |         </dependency>
 97 |         <dependency>
 98 |             <groupId>org.pac4j</groupId>
 99 |             <artifactId>pac4j-oidc</artifactId>
100 |             <version>${pac4jVersion}</version>
101 |         </dependency>
102 |         <dependency>
103 |             <groupId>org.pac4j</groupId>
104 |             <artifactId>pac4j-ldap</artifactId>
105 |             <version>${pac4jVersion}</version>
106 |         </dependency>
107 |         <dependency>
108 |             <groupId>org.pac4j</groupId>
109 |             <artifactId>pac4j-sql</artifactId>
110 |             <version>${pac4jVersion}</version>
111 |         </dependency>
112 |         <dependency>
113 |             <groupId>org.pac4j</groupId>
114 |             <artifactId>pac4j-mongo</artifactId>
115 |             <version>${pac4jVersion}</version>
116 |         </dependency>
117 |         <dependency>
118 |             <groupId>org.pac4j</groupId>
119 |             <artifactId>pac4j-jwt</artifactId>
120 |             <version>${pac4jVersion}</version>
121 |         </dependency>
122 |         <dependency>
123 |             <groupId>org.pac4j</groupId>
124 |             <artifactId>pac4j-kerberos</artifactId>
125 |             <version>${pac4jVersion}</version>
126 |         </dependency>
127 |         <dependency>
128 |             <groupId>org.pac4j</groupId>
129 |             <artifactId>pac4j-couch</artifactId>
130 |             <version>${pac4jVersion}</version>
131 |         </dependency>
132 |         <dependency>
133 |             <groupId>ch.qos.logback</groupId>
134 |             <artifactId>logback-classic</artifactId>
135 |             <version>1.5.23</version>
136 |         </dependency>
137 |         <dependency>
138 |             <groupId>junit</groupId>
139 |             <artifactId>junit</artifactId>
140 |             <version>4.13.2</version>
141 |             <scope>test</scope>
142 |         </dependency>
143 |     </dependencies>
144 |     <build>
145 |         <finalName>${project.artifactId}</finalName>
146 |         <plugins>
147 |             <plugin>
148 |                 <groupId>org.apache.maven.plugins</groupId>
149 |                 <artifactId>maven-compiler-plugin</artifactId>
150 |                 <version>3.14.1</version>
151 |                 <configuration>
152 |                     <source>${java.version}</source>
153 |                     <target>${java.version}</target>
154 |                 </configuration>
155 |             </plugin>
156 |             <plugin>
157 |                 <groupId>org.codehaus.mojo</groupId>
158 |                 <artifactId>exec-maven-plugin</artifactId>
159 |                 <version>3.6.3</version>
160 |                 <executions>
161 |                     <execution>
162 |                         <goals>
163 |                             <goal>java</goal>
164 |                         </goals>
165 |                     </execution>
166 |                 </executions>
167 |                 <configuration>
168 |                     <mainClass>org.pac4j.demo.ratpack.RatpackPac4jDemo</mainClass>
169 |                 </configuration>
170 |             </plugin>
171 |             <plugin>
172 |                 <groupId>org.apache.maven.plugins</groupId>
173 |                 <artifactId>maven-surefire-plugin</artifactId>
174 |                 <version>3.5.4</version>
175 |                 <dependencies>
176 |                     <dependency>
177 |                         <groupId>org.apache.maven.surefire</groupId>
178 |                         <artifactId>surefire-junit4</artifactId>
179 |                         <version>3.5.4</version>
180 |                     </dependency>
181 |                 </dependencies>
182 |                 <configuration>
183 |                     <argLine>--add-opens=java.base/java.lang=ALL-UNNAMED</argLine>
184 |                 </configuration>
185 |             </plugin>
186 |         </plugins>
187 |     </build>
188 | </project>
189 | 


--------------------------------------------------------------------------------
/ci/run_and_check.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Script to launch ratpack-pac4j-demo and verify it works
  4 | # Usage: ./run_and_check.sh
  5 | 
  6 | set -e  # Stop script on error
  7 | 
  8 | PORT=8080
  9 | 
 10 | echo "🚀 Starting ratpack-pac4j-demo..."
 11 | 
 12 | # Get script directory and go to project root
 13 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 14 | PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
 15 | cd "$PROJECT_ROOT"
 16 | 
 17 | echo "📁 Working in: $(pwd)"
 18 | 
 19 | # Clean and compile project
 20 | echo "📦 Compiling Ratpack project..."
 21 | mvn clean package -q
 22 | 
 23 | # Ensure target directory exists
 24 | mkdir -p target
 25 | 
 26 | # Start Ratpack application in background using mvn exec:java with Java options
 27 | echo "🌐 Starting Ratpack application..."
 28 | MAVEN_OPTS="--add-opens=java.base/java.lang=ALL-UNNAMED" mvn exec:java > target/app.log 2>&1 &
 29 | APP_PID=$!
 30 | 
 31 | # Wait for server to start (maximum 90 seconds)
 32 | echo "⏳ Waiting for server startup..."
 33 | for i in {1..90}; do
 34 |     # Check if the application is responding
 35 |     HTTP_RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:$PORT 2>/dev/null || echo "000")
 36 |     if [ "$HTTP_RESPONSE" = "200" ] || [ "$HTTP_RESPONSE" = "301" ] || [ "$HTTP_RESPONSE" = "302" ]; then
 37 |         echo "✅ Server started successfully!"
 38 |         break
 39 |     fi
 40 |     
 41 |     # Also check logs for successful startup message
 42 |     if [ -f target/app.log ] && grep -q "Ratpack started" target/app.log; then
 43 |         echo "✅ Server startup detected in logs!"
 44 |         sleep 2  # Give it a moment more to be fully ready
 45 |         break
 46 |     fi
 47 |     
 48 |     if [ $i -eq 90 ]; then
 49 |         echo "❌ Timeout: Server did not start within 90 seconds"
 50 |         echo "📋 Server logs:"
 51 |         cat target/app.log || true
 52 |         kill $APP_PID 2>/dev/null || true
 53 |         exit 1
 54 |     fi
 55 |     sleep 1
 56 | done
 57 | 
 58 | # Verify application responds correctly
 59 | echo "🔍 Verifying HTTP response..."
 60 | HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:$PORT)
 61 | 
 62 | if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "301" ] || [ "$HTTP_CODE" = "302" ]; then
 63 |     echo "✅ Application responds with HTTP $HTTP_CODE"
 64 |     echo "🌐 Application accessible at: http://localhost:$PORT"
 65 | 
 66 |     # Default flags
 67 |     CAS_AUTH_PASSED=false
 68 |     
 69 |     # Test CAS authentication
 70 |     echo "🔗 Testing CAS authentication..."
 71 |     
 72 |     # Get the CAS URL from the homepage
 73 |     CAS_URL="http://localhost:$PORT/cas/index.html"
 74 |     echo "📍 Following CAS link: $CAS_URL"
 75 |     
 76 |     # Follow redirections and capture final URL and response
 77 |     CAS_RESPONSE=$(curl -s -L -w "FINAL_URL:%{url_effective}\nHTTP_CODE:%{http_code}" "$CAS_URL")
 78 |     CAS_HTTP_CODE=$(echo "$CAS_RESPONSE" | grep "HTTP_CODE:" | cut -d: -f2)
 79 |     CAS_FINAL_URL=$(echo "$CAS_RESPONSE" | grep "FINAL_URL:" | cut -d: -f2-)
 80 |     CAS_CONTENT=$(echo "$CAS_RESPONSE" | sed '/^FINAL_URL:/d' | sed '/^HTTP_CODE:/d')
 81 |     
 82 |     echo "🌐 CAS Final URL: $CAS_FINAL_URL"
 83 |     echo "📄 CAS HTTP Code: $CAS_HTTP_CODE"
 84 |     
 85 |     # Verify we reached the CAS login page
 86 |     if [ "$CAS_HTTP_CODE" = "200" ] && echo "$CAS_CONTENT" | grep -q "Enter Username & Password"; then
 87 |         echo "✅ CAS login page test passed!"
 88 |         echo "🔐 Successfully redirected to CAS login page"
 89 |         
 90 |         # Simulate a CAS login using curl WITH cookies and follow redirects
 91 |         echo "🧪 Simulating CAS authentication via curl..."
 92 |         CAS_COOKIE_JAR="target/cas_cookies.txt"
 93 |         CAS_LOGIN_PAGE="target/cas_login.html"
 94 |         CAS_AFTER_LOGIN="target/cas_after_login.html"
 95 |         FINAL_APP_PAGE="target/final_app.html"
 96 | 
 97 |         # 1) Fetch the login page (keep cookies) and capture the execution token
 98 |         echo "⬇️  Fetching CAS login page and capturing execution token..."
 99 |         curl -s -c "$CAS_COOKIE_JAR" -b "$CAS_COOKIE_JAR" -L "$CAS_FINAL_URL" -o "$CAS_LOGIN_PAGE" -w "FINAL_URL:%{url_effective}\nHTTP_CODE:%{http_code}\n" > target/cas_login_fetch.meta
100 | 
101 |         EXECUTION=$(grep -Eo 'name=\"execution\"[^>]*value=\"[^\"]+\"' "$CAS_LOGIN_PAGE" | sed -E 's/.*value=\"([^\"]+)\".*/\1/' | head -n1 || true)
102 | 
103 |         if [ -z "$EXECUTION" ]; then
104 |             echo "❌ Could not extract CAS execution token from login page."
105 |             CAS_AUTH_PASSED=false
106 |         else
107 |             echo "🔑 Found execution token: $EXECUTION"
108 | 
109 |             # 2) Post credentials to CAS with cookies and follow redirects
110 |             echo "📤 Posting credentials to CAS and following redirects..."
111 |             CAS_POST_RESPONSE=$(curl -s -c "$CAS_COOKIE_JAR" -b "$CAS_COOKIE_JAR" -L -o "$CAS_AFTER_LOGIN" -w "FINAL_URL:%{url_effective}\nHTTP_CODE:%{http_code}" \
112 |                 --data-urlencode "username=leleuj@gmail.com" \
113 |                 --data-urlencode "password=password" \
114 |                 --data-urlencode "execution=$EXECUTION" \
115 |                 --data-urlencode "_eventId=submit" \
116 |                 "$CAS_FINAL_URL")
117 | 
118 |             CAS_POST_HTTP_CODE=$(echo "$CAS_POST_RESPONSE" | grep "HTTP_CODE:" | cut -d: -f2)
119 |             CAS_POST_FINAL_URL=$(echo "$CAS_POST_RESPONSE" | grep "FINAL_URL:" | cut -d: -f2-)
120 | 
121 |             echo "🌐 After CAS login final URL: $CAS_POST_FINAL_URL"
122 |             echo "📄 CAS HTTP Code: $CAS_POST_HTTP_CODE"
123 | 
124 |             # 3) Fetch the final app page with cookies and show content
125 |             echo "📥 Fetching final app page content..."
126 |             FINAL_META=$(curl -s -c "$CAS_COOKIE_JAR" -b "$CAS_COOKIE_JAR" -L -o "$FINAL_APP_PAGE" -w "FINAL_URL:%{url_effective}\nHTTP_CODE:%{http_code}" "$CAS_POST_FINAL_URL")
127 |             FINAL_URL=$(echo "$FINAL_META" | grep "FINAL_URL:" | cut -d: -f2-)
128 |             FINAL_APP_CODE=$(echo "$FINAL_META" | grep "HTTP_CODE:" | cut -d: -f2)
129 | 
130 |             echo "🌐 Final app URL after CAS redirects: $FINAL_URL"
131 |             echo "📄 Final app HTTP Code: $FINAL_APP_CODE"
132 | 
133 |             if [ "$FINAL_APP_CODE" = "200" ]; then
134 |                 echo "✅ Demo reachable after CAS login (HTTP 200)"
135 |                 echo "----- Final page content (begin) -----"
136 |                 cat "$FINAL_APP_PAGE"
137 |                 echo "\n----- Final page content (end) -----"
138 | 
139 |                 # Verify that the expected authenticated email is present in the page
140 |                 if grep -q "leleuj@gmail.com" "$FINAL_APP_PAGE"; then
141 |                     echo "✅ Email 'leleuj@gmail.com' found in final page content"
142 |                     CAS_AUTH_PASSED=true
143 |                 else
144 |                     echo "❌ Email 'leleuj@gmail.com' NOT found in final page content"
145 |                     CAS_AUTH_PASSED=false
146 |                 fi
147 |             else
148 |                 echo "❌ Demo not reachable after CAS login (HTTP $FINAL_APP_CODE)"
149 |                 CAS_AUTH_PASSED=false
150 |             fi
151 |         fi
152 |         
153 |     else
154 |         echo "❌ CAS login page test failed!"
155 |         echo "🚫 Expected CAS login page but got:"
156 |         echo "   HTTP Code: $CAS_HTTP_CODE"
157 |         echo "   Final URL: $CAS_FINAL_URL"
158 |         CAS_AUTH_PASSED=false
159 |     fi
160 | else
161 |     echo "❌ Initial test failed! HTTP code received: $HTTP_CODE"
162 |     echo "📋 Server logs:"
163 |     cat target/app.log || true
164 |     CAS_AUTH_PASSED=false
165 | fi
166 | 
167 | # Always stop the server
168 | echo "🛑 Stopping server..."
169 | kill $APP_PID 2>/dev/null || true
170 | 
171 | # Wait a moment for graceful shutdown
172 | sleep 2
173 | 
174 | # Force kill if still running
175 | kill -9 $APP_PID 2>/dev/null || true
176 | 
177 | # Clean up temporary files
178 | rm -f target/cas_cookies.txt target/cas_*.html target/final_*.html target/*_fetch.meta 2>/dev/null || true
179 | 
180 | if ([ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "301" ] || [ "$HTTP_CODE" = "302" ]) && [ "$CAS_AUTH_PASSED" = "true" ]; then
181 |     echo "🎉 ratpack-pac4j-demo test completed successfully!"
182 |     echo "✅ All tests passed:"
183 |     echo "   - Application responds with HTTP $HTTP_CODE"
184 |     echo "   - CAS authentication works correctly"
185 |     exit 0
186 | else
187 |     echo "💥 ratpack-pac4j-demo test failed!"
188 |     if [ "$HTTP_CODE" != "200" ] && [ "$HTTP_CODE" != "301" ] && [ "$HTTP_CODE" != "302" ]; then
189 |         echo "❌ Application HTTP test failed (code: $HTTP_CODE)"
190 |     fi
191 |     if [ "$CAS_AUTH_PASSED" != "true" ]; then
192 |         echo "❌ CAS authentication test failed"
193 |     fi
194 |     exit 1
195 | fi
196 | 


--------------------------------------------------------------------------------
/src/main/java/org/pac4j/demo/ratpack/RatpackPac4jDemo.java:
--------------------------------------------------------------------------------
  1 | package org.pac4j.demo.ratpack;
  2 | 
  3 | import static java.util.Collections.singletonMap;
  4 | import static ratpack.handling.Handlers.redirect;
  5 | 
  6 | import java.util.HashMap;
  7 | import java.util.Collections;
  8 | import com.google.inject.AbstractModule;
  9 | import java.io.File;
 10 | import java.util.Arrays;
 11 | import java.util.List;
 12 | import java.util.Map;
 13 | import java.util.Optional;
 14 | import org.apache.commons.lang3.StringUtils;
 15 | import org.pac4j.cas.client.CasClient;
 16 | import org.pac4j.cas.config.CasConfiguration;
 17 | import org.pac4j.core.authorization.authorizer.Authorizer;
 18 | import org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer;
 19 | import org.pac4j.core.context.WebContext;
 20 | import org.pac4j.core.context.session.SessionStore;
 21 | import org.pac4j.core.profile.UserProfile;
 22 | import org.pac4j.http.client.direct.DirectBasicAuthClient;
 23 | import org.pac4j.http.client.direct.ParameterClient;
 24 | import org.pac4j.http.client.indirect.FormClient;
 25 | import org.pac4j.http.client.indirect.IndirectBasicAuthClient;
 26 | import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator;
 27 | import org.pac4j.jwt.config.encryption.EncryptionConfiguration;
 28 | import org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration;
 29 | import org.pac4j.jwt.config.signature.SecretSignatureConfiguration;
 30 | import org.pac4j.jwt.config.signature.SignatureConfiguration;
 31 | import org.pac4j.jwt.credentials.authenticator.JwtAuthenticator;
 32 | import org.pac4j.jwt.profile.JwtGenerator;
 33 | import org.pac4j.oauth.client.FacebookClient;
 34 | import org.pac4j.oauth.client.TwitterClient;
 35 | import org.pac4j.oidc.client.OidcClient;
 36 | import org.pac4j.oidc.config.OidcConfiguration;
 37 | import org.pac4j.saml.client.SAML2Client;
 38 | import org.pac4j.saml.config.SAML2Configuration;
 39 | import org.slf4j.Logger;
 40 | import org.slf4j.LoggerFactory;
 41 | import ratpack.error.ClientErrorHandler;
 42 | import ratpack.error.ServerErrorHandler;
 43 | import ratpack.func.Action;
 44 | import ratpack.guice.Guice;
 45 | import ratpack.handling.Chain;
 46 | import ratpack.pac4j.RatpackPac4j;
 47 | import ratpack.render.Renderer;
 48 | import ratpack.server.RatpackServer;
 49 | import ratpack.session.SessionModule;
 50 | import ratpack.session.SessionTypeFilter;
 51 | import static ratpack.handling.Handlers.redirect;
 52 | 
 53 | public class RatpackPac4jDemo {
 54 | 
 55 |   private static final Logger LOGGER = LoggerFactory.getLogger(RatpackPac4jDemo.class);
 56 | 
 57 |   private static final String JWT_SALT = "12345678901234567890123456789012";
 58 | 
 59 | 
 60 |   private static Template template(String name, Map<String, ?> model) {
 61 |     return new Template(name, model);
 62 |   }
 63 | 
 64 |   private static Template template(String name) {
 65 |     return new Template(name, Map.of());
 66 |   }
 67 | 
 68 |   public static void main(final String[] args) throws Exception {
 69 |     RatpackServer.start(server -> server
 70 |         .serverConfig(c -> c.baseDir(new File("src/main").getAbsoluteFile()).port(8080))
 71 |         .registry(Guice.registry(b -> b
 72 |             .bindInstance(ServerErrorHandler.class, (ctx, error) -> {
 73 |                   LOGGER.error("Unexpected error", error);
 74 |                   ctx.render(template("error500.html"));
 75 |                 }
 76 |             )
 77 |             .multiBind(Renderer.class, TemplateRenderer.class)
 78 |             .bindInstance(ClientErrorHandler.class, (ctx, statusCode) -> {
 79 |               ctx.getResponse().status(statusCode);
 80 |               if (statusCode == 404) {
 81 |                 ctx.render(template("error404.html"));
 82 |               } else if (statusCode == 401) {
 83 |                 ctx.render(template("error401.html"));
 84 |               } else if (statusCode == 403) {
 85 |                 ctx.render(template("error403.html"));
 86 |               } else {
 87 |                 LOGGER.error("Unexpected: {}", statusCode);
 88 |               }
 89 |             })
 90 |             .module(SessionModule.class)
 91 |             .module(new AbstractModule() {
 92 |               @Override
 93 |               protected void configure() {
 94 |                 binder().bind(SessionTypeFilter.class).toInstance(SessionTypeFilter.unsafeAllowAll());
 95 |               }
 96 |             })
 97 |         ))
 98 |         .handlers(chain -> {
 99 |           final OidcConfiguration oidcConfig = new OidcConfiguration();
100 |           oidcConfig.setClientId("343992089165-sp0l1km383i8cbm2j5nn20kbk5dk8hor.apps.googleusercontent.com");
101 |           oidcConfig.setSecret("uR3D8ej1kIRPbqAFaxIE3HWh");
102 |           oidcConfig.setUseNonce(true);
103 |           oidcConfig.setDiscoveryURI("https://accounts.google.com/.well-known/openid-configuration");
104 |           //oidcConfig.setPreferredJwsAlgorithm(JWSAlgorithm.RS256);
105 |           oidcConfig.addCustomParam("prompt", "consent");
106 |           final OidcClient oidcClient = new OidcClient(oidcConfig);
107 |           oidcClient.setAuthorizationGenerator((ctx, sessionStore, profile) -> {
108 |             profile.addRole("ROLE_ADMIN");
109 |             return Optional.of(profile);
110 |           });
111 | 
112 |           final SAML2Configuration cfg = new SAML2Configuration("resource:samlKeystore.jks",
113 |               "pac4j-demo-passwd",
114 |               "pac4j-demo-passwd",
115 |               "resource:metadata-okta.xml");
116 |           cfg.setMaximumAuthenticationLifetime(3600);
117 |           cfg.setServiceProviderEntityId("http://localhost:8080/callback?client_name=SAML2Client");
118 |           cfg.setServiceProviderMetadataPath("sp-metadata-ratpack.xml");
119 |           final SAML2Client saml2Client = new SAML2Client(cfg);
120 | 
121 |           final FacebookClient facebookClient = new FacebookClient("145278422258960",
122 |               "be21409ba8f39b5dae2a7de525484da8");
123 |           final TwitterClient twitterClient = new TwitterClient("CoxUiYwQOSFDReZYdjigBA",
124 |               "2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs");
125 | 
126 |           // HTTP
127 |           final FormClient formClient = new FormClient("/loginForm.html",
128 |               new SimpleTestUsernamePasswordAuthenticator());
129 |           final IndirectBasicAuthClient basicAuthClient = new IndirectBasicAuthClient(
130 |               new SimpleTestUsernamePasswordAuthenticator());
131 | 
132 |           // CAS
133 |           final CasClient casClient = new CasClient(new CasConfiguration("https://casserverpac4j.herokuapp.com/login"));
134 | 
135 |           // direct clients
136 |           final SignatureConfiguration signatureConfiguration = new SecretSignatureConfiguration(JWT_SALT);
137 |           final EncryptionConfiguration encryptionConfiguration = new SecretEncryptionConfiguration(JWT_SALT);
138 |           final JwtAuthenticator jwtAuthenticator = new JwtAuthenticator(Arrays.asList(signatureConfiguration),
139 |               Arrays.asList(encryptionConfiguration));
140 |           final ParameterClient parameterClient = new ParameterClient("token", jwtAuthenticator);
141 |           parameterClient.setSupportGetRequest(true);
142 |           parameterClient.setSupportPostRequest(false);
143 | 
144 |           // basic auth
145 |           final DirectBasicAuthClient directBasicAuthClient = new DirectBasicAuthClient(
146 |               new SimpleTestUsernamePasswordAuthenticator());
147 | 
148 |           chain
149 |               .path(redirect(301, "index.html"))
150 |               .all(RatpackPac4j.authenticator("callback", formClient, saml2Client, facebookClient, twitterClient,
151 |                   basicAuthClient, casClient, oidcClient, parameterClient, directBasicAuthClient))
152 |               .prefix("facebook", auth(FacebookClient.class))
153 |               .prefix("facebookadmin",
154 |                   auth(FacebookClient.class, new RequireAnyRoleAuthorizer("ROLE_ADMIN")))
155 |               .prefix("facebookcustom", auth(FacebookClient.class, new Authorizer() {
156 |                 @Override
157 |                 public boolean isAuthorized(WebContext context, SessionStore sessionStore,
158 |                     List<UserProfile> profiles) {
159 |                   if (profiles == null || profiles.size() == 0) {
160 |                     return false;
161 |                   }
162 |                   return StringUtils.startsWith(profiles.get(0).getId(), "jle");
163 |                 }
164 |               }))
165 |               .prefix("twitter", auth(TwitterClient.class))
166 |               .prefix("form", auth(FormClient.class))
167 |               .prefix("basicauth", auth(IndirectBasicAuthClient.class))
168 |               .prefix("cas", auth(CasClient.class))
169 |               .prefix("saml2", auth(SAML2Client.class))
170 |               .prefix("oidc", auth(OidcClient.class))
171 |               .prefix("dba", auth(DirectBasicAuthClient.class))
172 |               .prefix("rest-jwt", auth(ParameterClient.class))
173 |               .path("jwt.html", ctx -> {
174 |                     final Map<String, Object> model = new HashMap<>();
175 |                     RatpackPac4j.userProfile(ctx)
176 |                         .route(Optional::isPresent, p -> {
177 |                           final JwtGenerator generator = new JwtGenerator(signatureConfiguration, encryptionConfiguration);
178 |                           final String token = generator.generate(p.get());
179 |                           model.put("token", token);
180 |                           ctx.render(template("jwt.html", model));
181 |                         })
182 |                         .then(p -> {
183 |                           ctx.render(template("jwt.html", model));
184 |                         });
185 |                   }
186 |               )
187 |               .path("loginForm.html", ctx ->
188 |                   ctx.render(template(
189 |                       "loginForm.html",
190 |                       Collections.singletonMap("callbackUrl", formClient.getCallbackUrl() + "?client_name=FormClient")
191 |                   ))
192 |               )
193 |               .path("logout.html", ctx ->
194 |                   RatpackPac4j.logout(ctx).then(() -> ctx.redirect("index.html"))
195 |               )
196 |               .path("index.html", ctx -> {
197 |                 LOGGER.debug("Retrieving user profile...");
198 |                 final Map<String, Object> model = new HashMap<>();
199 |                 RatpackPac4j.userProfile(ctx)
200 |                     .route(Optional::isPresent, p -> {
201 |                       model.put("profile", p);
202 |                       ctx.render(template("index.html", model));
203 |                     })
204 |                     .then(p -> {
205 |                       ctx.render(template("index.html", model));
206 |                     });
207 |               });
208 |         })
209 |     );
210 |   }
211 | 
212 |   private static <T extends org.pac4j.core.client.Client> Action<Chain> auth(Class<T> clientClass) {
213 |     return chain -> chain
214 |         .all(RatpackPac4j.requireAuth(clientClass))
215 |         .path("index.html", ctx ->
216 |             ctx.render(template(
217 |                 "protectedIndex.html",
218 |                 Collections.singletonMap("profile", ctx.get(UserProfile.class))
219 |             ))
220 |         );
221 |   }
222 | 
223 |   private static <T extends org.pac4j.core.client.Client> Action<Chain> auth(Class<T> clientClass, Authorizer... authorizers) {
224 |     return chain -> chain
225 |         .all(RatpackPac4j.requireAuth(clientClass, authorizers))
226 |         .path("index.html", ctx ->
227 |             ctx.render(template(
228 |                 "protectedIndex.html",
229 |                 Collections.singletonMap("profile", ctx.get(UserProfile.class))
230 |             ))
231 |         );
232 |   }
233 | }
234 | 


--------------------------------------------------------------------------------
/src/main/resources/testshib-providers.xml:
--------------------------------------------------------------------------------
  1 | <EntitiesDescriptor Name="urn:mace:shibboleth:testshib:two"
  2 |     xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
  3 |     xmlns:mdalg="urn:oasis:names:tc:SAML:metadata:algsupport" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
  4 |     xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  5 | 
  6 |     <!-- This file contains the metadata for the testing IdP and SP
  7 |      that are operated by TestShib as a service for testing new
  8 |      Shibboleth and SAML providers. -->
  9 | 
 10 |     <EntityDescriptor entityID="https://idp.testshib.org/idp/shibboleth">
 11 |         
 12 |         <Extensions>
 13 |             <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
 14 |             <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />
 15 |             <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
 16 |             <mdalg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
 17 |             <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" />
 18 |             <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" />
 19 |             <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
 20 |             <mdalg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
 21 |         </Extensions>
 22 | 
 23 |         <IDPSSODescriptor
 24 |             protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0 urn:oasis:names:tc:SAML:2.0:protocol">
 25 |             <Extensions>
 26 |                 <shibmd:Scope regexp="false">testshib.org</shibmd:Scope>
 27 |                 <mdui:UIInfo>
 28 |                     <mdui:DisplayName xml:lang="en">TestShib Test IdP</mdui:DisplayName>
 29 |                     <mdui:Description xml:lang="en">TestShib IdP. Use this as a source of attributes
 30 |                         for your test SP.</mdui:Description>
 31 |                     <mdui:Logo height="88" width="253"
 32 |                         >https://www.testshib.org/testshibtwo.jpg</mdui:Logo>
 33 |                 </mdui:UIInfo>
 34 | 
 35 |             </Extensions>
 36 |             <KeyDescriptor>
 37 |                 <ds:KeyInfo>
 38 |                     <ds:X509Data>
 39 |                         <ds:X509Certificate>
 40 |                             MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
 41 |                             MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
 42 |                             VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
 43 |                             MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
 44 |                             EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
 45 |                             c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
 46 |                             AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
 47 |                             yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
 48 |                             3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
 49 |                             NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
 50 |                             kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
 51 |                             gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
 52 |                             A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
 53 |                             9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
 54 |                             bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
 55 |                             aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
 56 |                             BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
 57 |                             I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
 58 |                             93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
 59 |                             /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
 60 |                             Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
 61 |                             8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
 62 |                         </ds:X509Certificate>
 63 |                     </ds:X509Data>
 64 |                 </ds:KeyInfo>
 65 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
 66 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
 67 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
 68 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
 69 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
 70 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
 71 |             </KeyDescriptor>
 72 | 
 73 |             <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
 74 |                 Location="https://idp.testshib.org:8443/idp/profile/SAML1/SOAP/ArtifactResolution"
 75 |                 index="1"/>
 76 |             <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
 77 |                 Location="https://idp.testshib.org:8443/idp/profile/SAML2/SOAP/ArtifactResolution"
 78 |                 index="2"/>
 79 | 
 80 |             <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
 81 |             <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
 82 |             
 83 |             <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
 84 |                 Location="https://idp.testshib.org/idp/profile/Shibboleth/SSO"/>
 85 |             <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
 86 |                 Location="https://idp.testshib.org/idp/profile/SAML2/POST/SSO"/>
 87 |             <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
 88 |                 Location="https://idp.testshib.org/idp/profile/SAML2/Redirect/SSO"/>
 89 |             <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
 90 |                 Location="https://idp.testshib.org/idp/profile/SAML2/SOAP/ECP"/>
 91 | 
 92 |         </IDPSSODescriptor>
 93 | 
 94 | 
 95 |         <AttributeAuthorityDescriptor
 96 |             protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">
 97 | 
 98 |             <KeyDescriptor>
 99 |                 <ds:KeyInfo>
100 |                     <ds:X509Data>
101 |                         <ds:X509Certificate>
102 |                             MIIEDjCCAvagAwIBAgIBADANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJVUzEV
103 |                             MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMREwDwYD
104 |                             VQQKEwhUZXN0U2hpYjEZMBcGA1UEAxMQaWRwLnRlc3RzaGliLm9yZzAeFw0wNjA4
105 |                             MzAyMTEyMjVaFw0xNjA4MjcyMTEyMjVaMGcxCzAJBgNVBAYTAlVTMRUwEwYDVQQI
106 |                             EwxQZW5uc3lsdmFuaWExEzARBgNVBAcTClBpdHRzYnVyZ2gxETAPBgNVBAoTCFRl
107 |                             c3RTaGliMRkwFwYDVQQDExBpZHAudGVzdHNoaWIub3JnMIIBIjANBgkqhkiG9w0B
108 |                             AQEFAAOCAQ8AMIIBCgKCAQEArYkCGuTmJp9eAOSGHwRJo1SNatB5ZOKqDM9ysg7C
109 |                             yVTDClcpu93gSP10nH4gkCZOlnESNgttg0r+MqL8tfJC6ybddEFB3YBo8PZajKSe
110 |                             3OQ01Ow3yT4I+Wdg1tsTpSge9gEz7SrC07EkYmHuPtd71CHiUaCWDv+xVfUQX0aT
111 |                             NPFmDixzUjoYzbGDrtAyCqA8f9CN2txIfJnpHE6q6CmKcoLADS4UrNPlhHSzd614
112 |                             kR/JYiks0K4kbRqCQF0Dv0P5Di+rEfefC6glV8ysC8dB5/9nb0yh/ojRuJGmgMWH
113 |                             gWk6h0ihjihqiu4jACovUZ7vVOCgSE5Ipn7OIwqd93zp2wIDAQABo4HEMIHBMB0G
114 |                             A1UdDgQWBBSsBQ869nh83KqZr5jArr4/7b+QazCBkQYDVR0jBIGJMIGGgBSsBQ86
115 |                             9nh83KqZr5jArr4/7b+Qa6FrpGkwZzELMAkGA1UEBhMCVVMxFTATBgNVBAgTDFBl
116 |                             bm5zeWx2YW5pYTETMBEGA1UEBxMKUGl0dHNidXJnaDERMA8GA1UEChMIVGVzdFNo
117 |                             aWIxGTAXBgNVBAMTEGlkcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
118 |                             BgkqhkiG9w0BAQUFAAOCAQEAjR29PhrCbk8qLN5MFfSVk98t3CT9jHZoYxd8QMRL
119 |                             I4j7iYQxXiGJTT1FXs1nd4Rha9un+LqTfeMMYqISdDDI6tv8iNpkOAvZZUosVkUo
120 |                             93pv1T0RPz35hcHHYq2yee59HJOco2bFlcsH8JBXRSRrJ3Q7Eut+z9uo80JdGNJ4
121 |                             /SJy5UorZ8KazGj16lfJhOBXldgrhppQBb0Nq6HKHguqmwRfJ+WkxemZXzhediAj
122 |                             Geka8nz8JjwxpUjAiSWYKLtJhGEaTqCYxCCX2Dw+dOTqUzHOZ7WKv4JXPK5G/Uhr
123 |                             8K/qhmFT2nIQi538n6rVYLeWj8Bbnl+ev0peYzxFyF5sQA==
124 |                         </ds:X509Certificate>
125 |                     </ds:X509Data>
126 |                 </ds:KeyInfo>
127 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
128 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
129 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
130 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
131 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
132 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
133 |             </KeyDescriptor>
134 | 
135 | 
136 |             <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
137 |                 Location="https://idp.testshib.org:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
138 |             <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
139 |                 Location="https://idp.testshib.org:8443/idp/profile/SAML2/SOAP/AttributeQuery"/>
140 | 
141 |             <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
142 |             <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
143 | 
144 |         </AttributeAuthorityDescriptor>
145 | 
146 |         <Organization>
147 |             <OrganizationName xml:lang="en">TestShib Two Identity Provider</OrganizationName>
148 |             <OrganizationDisplayName xml:lang="en">TestShib Two</OrganizationDisplayName>
149 |             <OrganizationURL xml:lang="en">http://www.testshib.org/testshib-two/</OrganizationURL>
150 |         </Organization>
151 |         <ContactPerson contactType="technical">
152 |             <GivenName>Nate</GivenName>
153 |             <SurName>Klingenstein</SurName>
154 |             <EmailAddress>ndk@internet2.edu</EmailAddress>
155 |         </ContactPerson>
156 |     </EntityDescriptor>
157 | 
158 |     <EntityDescriptor entityID="https://sp.testshib.org/shibboleth-sp">
159 | 
160 |         <Extensions>
161 |             <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
162 |             <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />
163 |             <mdalg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
164 |             <mdalg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
165 |             <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" />
166 |             <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384" />
167 |             <mdalg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
168 |             <mdalg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
169 |         </Extensions>
170 |         
171 |         <!-- An SP supporting SAML 1 and 2 contains this element with protocol support as shown. -->
172 |         <SPSSODescriptor
173 |             protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
174 | 
175 |             <Extensions>
176 |                 <!-- Extension to permit the SP to receive IdP discovery responses. -->
177 |                 <idpdisc:DiscoveryResponse
178 |                     xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
179 |                     index="1" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
180 |                     Location="https://sp.testshib.org/Shibboleth.sso/DS"/>
181 |                 
182 |                 <mdui:UIInfo>
183 |                     <mdui:DisplayName xml:lang="en">TestShib Test SP</mdui:DisplayName>
184 |                     <mdui:Description xml:lang="en">TestShib SP. Log into this to test your machine.
185 |                         Once logged in check that all attributes that you expected have been
186 |                         released.</mdui:Description>
187 |                     <mdui:Logo height="88" width="253">https://www.testshib.org/testshibtwo.jpg</mdui:Logo>
188 |                 </mdui:UIInfo>
189 |             </Extensions>
190 | 
191 |             <KeyDescriptor>
192 |                 <ds:KeyInfo>
193 |                     <ds:X509Data>
194 |                         <ds:X509Certificate>
195 |                             MIIEPjCCAyagAwIBAgIBADANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJVUzEV
196 |                             MBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1cmdoMSIwIAYD
197 |                             VQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQDEw9zcC50ZXN0
198 |                             c2hpYi5vcmcwHhcNMDYwODMwMjEyNDM5WhcNMTYwODI3MjEyNDM5WjB3MQswCQYD
199 |                             VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYDVQQHEwpQaXR0c2J1
200 |                             cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3ZpZGVyMRgwFgYDVQQD
201 |                             Ew9zcC50ZXN0c2hpYi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
202 |                             AQDJyR6ZP6MXkQ9z6RRziT0AuCabDd3x1m7nLO9ZRPbr0v1LsU+nnC363jO8nGEq
203 |                             sqkgiZ/bSsO5lvjEt4ehff57ERio2Qk9cYw8XCgmYccVXKH9M+QVO1MQwErNobWb
204 |                             AjiVkuhWcwLWQwTDBowfKXI87SA7KR7sFUymNx5z1aoRvk3GM++tiPY6u4shy8c7
205 |                             vpWbVfisfTfvef/y+galxjPUQYHmegu7vCbjYP3On0V7/Ivzr+r2aPhp8egxt00Q
206 |                             XpilNai12LBYV3Nv/lMsUzBeB7+CdXRVjZOHGuQ8mGqEbsj8MBXvcxIKbcpeK5Zi
207 |                             JCVXPfarzuriM1G5y5QkKW+LAgMBAAGjgdQwgdEwHQYDVR0OBBYEFKB6wPDxwYrY
208 |                             StNjU5P4b4AjBVQVMIGhBgNVHSMEgZkwgZaAFKB6wPDxwYrYStNjU5P4b4AjBVQV
209 |                             oXukeTB3MQswCQYDVQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRMwEQYD
210 |                             VQQHEwpQaXR0c2J1cmdoMSIwIAYDVQQKExlUZXN0U2hpYiBTZXJ2aWNlIFByb3Zp
211 |                             ZGVyMRgwFgYDVQQDEw9zcC50ZXN0c2hpYi5vcmeCAQAwDAYDVR0TBAUwAwEB/zAN
212 |                             BgkqhkiG9w0BAQUFAAOCAQEAc06Kgt7ZP6g2TIZgMbFxg6vKwvDL0+2dzF11Onpl
213 |                             5sbtkPaNIcj24lQ4vajCrrGKdzHXo9m54BzrdRJ7xDYtw0dbu37l1IZVmiZr12eE
214 |                             Iay/5YMU+aWP1z70h867ZQ7/7Y4HW345rdiS6EW663oH732wSYNt9kr7/0Uer3KD
215 |                             9CuPuOidBacospDaFyfsaJruE99Kd6Eu/w5KLAGG+m0iqENCziDGzVA47TngKz2v
216 |                             PVA+aokoOyoz3b53qeti77ijatSEoKjxheBWpO+eoJeGq/e49Um3M2ogIX/JAlMa
217 |                             Inh+vYSYngQB2sx9LGkR9KHaMKNIGCDehk93Xla4pWJx1w== 
218 |                         </ds:X509Certificate>
219 |                     </ds:X509Data>
220 |                 </ds:KeyInfo>
221 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
222 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
223 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
224 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
225 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
226 |                 <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
227 |             </KeyDescriptor>
228 | 
229 |             <!-- This tells IdPs that Single Logout is supported and where/how to request it. -->
230 | 
231 |             <SingleLogoutService Location="https://sp.testshib.org/Shibboleth.sso/SLO/SOAP"
232 |                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
233 |             <SingleLogoutService Location="https://sp.testshib.org/Shibboleth.sso/SLO/Redirect"
234 |                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
235 |             <SingleLogoutService Location="https://sp.testshib.org/Shibboleth.sso/SLO/POST"
236 |                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
237 |             <SingleLogoutService Location="https://sp.testshib.org/Shibboleth.sso/SLO/Artifact"
238 |                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
239 | 
240 | 
241 |             <!-- This tells IdPs that you only need transient identifiers. -->
242 |             <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
243 |             <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
244 | 
245 |             <!--
246 | 		This tells IdPs where and how to send authentication assertions. Mostly
247 | 		the SP will tell the IdP what location to use in its request, but this
248 | 		is how the IdP validates the location and also figures out which
249 | 		SAML version/binding to use.
250 | 		-->
251 | 
252 |             <AssertionConsumerService index="1" isDefault="true"
253 |                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
254 |                 Location="https://sp.testshib.org/Shibboleth.sso/SAML2/POST"/>
255 |             <AssertionConsumerService index="2"
256 |                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
257 |                 Location="https://sp.testshib.org/Shibboleth.sso/SAML2/POST-SimpleSign"/>
258 |             <AssertionConsumerService index="3"
259 |                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
260 |                 Location="https://sp.testshib.org/Shibboleth.sso/SAML2/Artifact"/>
261 |             <AssertionConsumerService index="4"
262 |                 Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
263 |                 Location="https://sp.testshib.org/Shibboleth.sso/SAML/POST"/>
264 |             <AssertionConsumerService index="5"
265 |                 Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"
266 |                 Location="https://sp.testshib.org/Shibboleth.sso/SAML/Artifact"/>
267 |             <AssertionConsumerService index="6"
268 |                 Binding="http://schemas.xmlsoap.org/ws/2003/07/secext"
269 |                 Location="https://sp.testshib.org/Shibboleth.sso/ADFS"/>
270 | 
271 |             <!-- A couple additional assertion consumers for the registration webapp. -->
272 | 
273 |             <AssertionConsumerService index="7"
274 |                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
275 |                 Location="https://www.testshib.org/Shibboleth.sso/SAML2/POST"/>
276 |             <AssertionConsumerService index="8"
277 |                 Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
278 |                 Location="https://www.testshib.org/Shibboleth.sso/SAML/POST"/>
279 | 
280 |         </SPSSODescriptor>
281 | 
282 |         <!-- This is just information about the entity in human terms. -->
283 |         <Organization>
284 |             <OrganizationName xml:lang="en">TestShib Two Service Provider</OrganizationName>
285 |             <OrganizationDisplayName xml:lang="en">TestShib Two</OrganizationDisplayName>
286 |             <OrganizationURL xml:lang="en">http://www.testshib.org/testshib-two/</OrganizationURL>
287 |         </Organization>
288 |         <ContactPerson contactType="technical">
289 |             <GivenName>Nate</GivenName>
290 |             <SurName>Klingenstein</SurName>
291 |             <EmailAddress>ndk@internet2.edu</EmailAddress>
292 |         </ContactPerson>
293 | 
294 |     </EntityDescriptor>
295 | 
296 | 
297 | </EntitiesDescriptor>
298 | 
299 | 


--------------------------------------------------------------------------------