├── src
    ├── main
    │   ├── resources
    │   │   ├── saml
    │   │   │   └── delete-me-please.txt
    │   │   ├── static
    │   │   │   ├── img
    │   │   │   │   ├── favicon.ico
    │   │   │   │   ├── nyan-cat.png
    │   │   │   │   ├── saml-flow.png
    │   │   │   │   └── spring-boot-saml.png
    │   │   │   ├── screenshots
    │   │   │   │   ├── app_overview.png
    │   │   │   │   ├── saml_based_sign_on.png
    │   │   │   │   └── saml-signing-certificate-section.png
    │   │   │   ├── css
    │   │   │   │   └── spring-saml-sp.css
    │   │   │   └── js
    │   │   │   │   └── bootstrap.min.js
    │   │   ├── application.yml
    │   │   └── templates
    │   │   │   ├── pages
    │   │   │       ├── landing.html
    │   │   │       ├── discovery.html
    │   │   │       └── index.html
    │   │   │   └── layout.html
    │   └── java
    │   │   └── com
    │   │       └── spring
    │   │           └── boot
    │   │               └── security
    │   │                   └── saml
    │   │                       ├── stereotypes
    │   │                           └── CurrentUser.java
    │   │                       ├── Application.java
    │   │                       ├── controllers
    │   │                           ├── LandingController.java
    │   │                           └── SSOController.java
    │   │                       ├── config
    │   │                           ├── MvcConfig.java
    │   │                           └── WebSecurityConfig.java
    │   │                       └── core
    │   │                           ├── SAMLUserDetailsServiceImpl.java
    │   │                           └── CurrentUserHandlerMethodArgumentResolver.java
    └── test
    │   └── java
    │       └── com
    │           └── spring
    │               └── boot
    │                   └── security
    │                       └── saml
    │                           ├── TestConfig.java
    │                           ├── core
    │                               ├── SAMLUserDetailsServiceImplTest.java
    │                               └── CurrentUserHandlerMethodArgumentResolverTest.java
    │                           ├── controllers
    │                               ├── SSOControllerTest.java
    │                               └── LandingControllerTest.java
    │                           └── CommonTestSupport.java
├── .gitignore
├── pom.xml
└── Readme.MD


/src/main/resources/saml/delete-me-please.txt:
--------------------------------------------------------------------------------
1 | delete this file.


--------------------------------------------------------------------------------
/src/main/resources/static/img/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot/HEAD/src/main/resources/static/img/favicon.ico


--------------------------------------------------------------------------------
/src/main/resources/static/img/nyan-cat.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot/HEAD/src/main/resources/static/img/nyan-cat.png


--------------------------------------------------------------------------------
/src/main/resources/static/img/saml-flow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot/HEAD/src/main/resources/static/img/saml-flow.png


--------------------------------------------------------------------------------
/src/main/resources/static/img/spring-boot-saml.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot/HEAD/src/main/resources/static/img/spring-boot-saml.png


--------------------------------------------------------------------------------
/src/main/resources/static/screenshots/app_overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot/HEAD/src/main/resources/static/screenshots/app_overview.png


--------------------------------------------------------------------------------
/src/main/resources/static/screenshots/saml_based_sign_on.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot/HEAD/src/main/resources/static/screenshots/saml_based_sign_on.png


--------------------------------------------------------------------------------
/src/main/resources/static/screenshots/saml-signing-certificate-section.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/pateluday07/saml-sso-and-slo-demo-idp-azure-sp-springboot/HEAD/src/main/resources/static/screenshots/saml-signing-certificate-section.png


--------------------------------------------------------------------------------
/src/main/java/com/spring/boot/security/saml/stereotypes/CurrentUser.java:
--------------------------------------------------------------------------------
1 | package com.spring.boot.security.saml.stereotypes;
2 | 
3 | import java.lang.annotation.*;
4 | 
5 | @Target(ElementType.PARAMETER)
6 | @Retention(RetentionPolicy.RUNTIME)
7 | @Documented
8 | public @interface CurrentUser {}
9 | 


--------------------------------------------------------------------------------
/src/test/java/com/spring/boot/security/saml/TestConfig.java:
--------------------------------------------------------------------------------
1 | package com.spring.boot.security.saml;
2 | 
3 | import org.springframework.boot.autoconfigure.SpringBootApplication;
4 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
5 | 
6 | @SpringBootApplication
7 | public class TestConfig implements WebMvcConfigurer {
8 | }
9 | 


--------------------------------------------------------------------------------
/src/main/resources/application.yml:
--------------------------------------------------------------------------------
 1 | logging:
 2 |   level:
 3 |     org:
 4 |       springframework:
 5 |         security:
 6 |           saml: DEBUG
 7 |       opensaml: DEBUG
 8 |     com:
 9 |       spring:
10 |         boot:
11 |           security:
12 |             saml: DEBUG
13 | 
14 | service.provider.entity.id: # put your entity id here e.g com:uday:spring:boot:sp
15 | 
16 | idp.metedata.url: # put your IDP metadata URL here
17 | 
18 | # you can update credentials if you want, I recommend you to keep as it is for demo purpose
19 | saml:
20 |   keystore.password: nalle123
21 |   private.key:
22 |     alias: apollo
23 |     password: nalle123


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Ignore list
 2 | 
 3 | # Log file
 4 | *.log
 5 | 
 6 | # Maven
 7 | log/
 8 | logs/
 9 | target/
10 | 
11 | # Compiled class file
12 | *.class
13 | 
14 | # Mobile Tools for Java (J2ME)
15 | .mtj.tmp/
16 | 
17 | # Package Files
18 | *.jar
19 | *.war
20 | *.nar
21 | *.ear
22 | *.zip
23 | *.tar.gz
24 | *.rar
25 | 
26 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
27 | hs_err_pid*
28 | 
29 | # BlueJ files
30 | *.ctxt
31 | 
32 | # Eclipse
33 | .classpath
34 | .project
35 | .settings/
36 | 
37 | # Intellij
38 | .idea/
39 | *.iml
40 | *.iws
41 | 
42 | # Mac
43 | .DS_Store
44 | 
45 | # Custom domain settings
46 | CNAME
47 | 


--------------------------------------------------------------------------------
/src/main/java/com/spring/boot/security/saml/Application.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml;
 2 | 
 3 | import org.springframework.boot.SpringApplication;
 4 | import org.springframework.boot.autoconfigure.SpringBootApplication;
 5 | import org.springframework.boot.builder.SpringApplicationBuilder;
 6 | import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 7 | 
 8 | @SpringBootApplication
 9 | public class Application extends SpringBootServletInitializer {
10 | 
11 |     @Override
12 |     protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
13 |         return application.sources(Application.class);
14 |     }
15 | 
16 |     public static void main(String[] args) {
17 |         SpringApplication.run(Application.class, args);
18 |     }
19 | 
20 | }


--------------------------------------------------------------------------------
/src/main/resources/templates/pages/landing.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <html
 3 |   lang="en"
 4 |   xmlns:th="http://www.thymeleaf.org"
 5 |   xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
 6 |   xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"
 7 |   layout:decorate="~{layout}"
 8 | >
 9 | 
10 | <body>
11 |     <!-- Content starts -->
12 |     <section class="my-3 p-3 bg-white rounded box-shadow" layout:fragment="content">
13 |       <div class="alert alert-success" role="alert">
14 |           <small><strong>Well done!</strong> Aww yeah, you successfullying logged in.<br/>
15 |           Your SAML 2.0 authentication process works fine.</small>
16 |       </div>
17 |       <p><img class="img-fluid" th:src="@{/img/nyan-cat.png}" /></p>
18 |       <p>You are logged as <span class="badge badge-dark" th:text="${username}">null</span>.</p>
19 |       <small class="d-block text-right mt-3" id="sso-btn">
20 |         <a th:href="@{/saml/logout}" class="btn btn-spring btn-sm">
21 |           <i class="far fa-user-circle"></i> Global logout
22 |         </a>
23 |         <a th:href="@{/saml/logout?local=true}" class="btn btn-spring btn-sm">
24 |           <i class="fas fa-sign-out-alt"></i> Local logout
25 |         </a>
26 |       </small>
27 |     </section>
28 |     <!-- Content ends -->
29 | </body>
30 | 
31 | </html>
32 | 


--------------------------------------------------------------------------------
/src/main/java/com/spring/boot/security/saml/controllers/LandingController.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.controllers;
 2 | 
 3 | import com.spring.boot.security.saml.stereotypes.CurrentUser;
 4 | import org.slf4j.Logger;
 5 | import org.slf4j.LoggerFactory;
 6 | import org.springframework.security.core.Authentication;
 7 | import org.springframework.security.core.context.SecurityContextHolder;
 8 | import org.springframework.security.core.userdetails.User;
 9 | import org.springframework.stereotype.Controller;
10 | import org.springframework.ui.Model;
11 | import org.springframework.web.bind.annotation.GetMapping;
12 | 
13 | @Controller
14 | public class LandingController {
15 | 
16 |     // Logger
17 |     private static final Logger LOG = LoggerFactory.getLogger(LandingController.class);
18 | 
19 |     @GetMapping("/landing")
20 |     public String landing(@CurrentUser User user, Model model) {
21 |         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
22 |         if (auth == null)
23 |             LOG.debug("Current authentication instance from security context is null");
24 |         else
25 |             LOG.debug("Current authentication instance from security context: {}", this.getClass().getSimpleName());
26 |         model.addAttribute("username", user.getUsername());
27 |         return "pages/landing";
28 |     }
29 | 
30 | }
31 | 


--------------------------------------------------------------------------------
/src/main/resources/static/css/spring-saml-sp.css:
--------------------------------------------------------------------------------
 1 | body
 2 | {
 3 |   padding-bottom:25px;
 4 |   padding-top:25px;
 5 | }
 6 | 
 7 | .text-white-50
 8 | {
 9 |   color:rgba(255,255,255,.5);
10 | }
11 | 
12 | h6.text-black
13 | {
14 |   color:#000;
15 | }
16 | 
17 | .spring-green
18 | {
19 |   color:#68bd45;
20 | }
21 | 
22 | .bg-spring-green
23 | {
24 |   background-color:#68bd45;
25 | }
26 | 
27 | .border-bottom
28 | {
29 |   border-bottom:1px solid #e5e5e5;
30 | }
31 | 
32 | .box-shadow
33 | {
34 |   box-shadow:0 .25rem .75rem rgba(0,0,0,.05);
35 | }
36 | 
37 | .lh-100
38 | {
39 |   line-height:1;
40 | }
41 | 
42 | .lh-125
43 | {
44 |   line-height:1.25;
45 | }
46 | 
47 | .lh-150
48 | {
49 |   line-height:1.5;
50 | }
51 | 
52 | .margin-top-10
53 | {
54 |   margin-top:10px;
55 | }
56 | 
57 | .margin-bottom-10
58 | {
59 |   margin-top:10px;
60 | }
61 | 
62 | .container
63 | {
64 |   max-width:600px;
65 | }
66 | 
67 | .btn-spring
68 | {
69 |   background-color:#68bd45;
70 |   color:#FFF;
71 | }
72 | 
73 | footer
74 | {
75 |   border-top:1px solid #e5e5e5;
76 |   color:#696969;
77 |   font-size: 0.7em;
78 |   margin-top: 20px;
79 |   padding-top: 20px;
80 |   text-align:center;
81 | }
82 | 
83 | ul.footer-note
84 | {
85 |   list-style-type:none;
86 |   margin:0 0 10px;
87 |   padding:0;
88 | }
89 | 
90 | #sso-btn a:hover
91 | {
92 |   color:#FFF;
93 | }
94 | 
95 | footer a:link,footer a:visited,footer a:hover,footer a:active
96 | {
97 |   color:green;
98 | }
99 | 


--------------------------------------------------------------------------------
/src/main/java/com/spring/boot/security/saml/config/MvcConfig.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.config;
 2 | 
 3 | import com.spring.boot.security.saml.core.CurrentUserHandlerMethodArgumentResolver;
 4 | import org.springframework.beans.factory.annotation.Autowired;
 5 | import org.springframework.context.annotation.Configuration;
 6 | import org.springframework.web.method.support.HandlerMethodArgumentResolver;
 7 | import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 8 | import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 9 | import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
10 | 
11 | import java.util.List;
12 | 
13 | @Configuration
14 | public class MvcConfig implements WebMvcConfigurer {
15 | 
16 |     @Autowired
17 |     CurrentUserHandlerMethodArgumentResolver currentUserHandlerMethodArgumentResolver;
18 | 
19 |     @Override
20 |     public void addViewControllers(ViewControllerRegistry registry) {
21 |         registry.addViewController("/").setViewName("pages/index");
22 |     }
23 | 
24 |     @Override
25 |     public void addResourceHandlers(ResourceHandlerRegistry registry) {
26 |         if (!registry.hasMappingForPattern("/static/**")) {
27 |             registry.addResourceHandler("/static/**")
28 |                     .addResourceLocations("/static/");
29 |         }
30 |     }
31 | 
32 |     @Override
33 |     public void addArgumentResolvers(List<HandlerMethodArgumentResolver> argumentResolvers) {
34 |         argumentResolvers.add(currentUserHandlerMethodArgumentResolver);
35 |     }
36 | 
37 | }


--------------------------------------------------------------------------------
/src/main/java/com/spring/boot/security/saml/core/SAMLUserDetailsServiceImpl.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.core;
 2 | 
 3 | import org.slf4j.Logger;
 4 | import org.slf4j.LoggerFactory;
 5 | import org.springframework.security.core.GrantedAuthority;
 6 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
 7 | import org.springframework.security.core.userdetails.User;
 8 | import org.springframework.security.saml.SAMLCredential;
 9 | import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
10 | import org.springframework.stereotype.Service;
11 | 
12 | import java.util.ArrayList;
13 | import java.util.List;
14 | 
15 | @Service
16 | public class SAMLUserDetailsServiceImpl implements SAMLUserDetailsService {
17 | 
18 |     // Logger
19 |     private static final Logger LOG = LoggerFactory.getLogger(SAMLUserDetailsServiceImpl.class);
20 | 
21 |     public Object loadUserBySAML(SAMLCredential credential) {
22 | 
23 |         // The method is supposed to identify local account of user referenced by
24 |         // data in the SAML assertion and return UserDetails object describing the user.
25 | 
26 |         String userID = credential.getNameID().getValue();
27 | 
28 |         LOG.info("{} is logged in", userID);
29 |         List<GrantedAuthority> authorities = new ArrayList<>();
30 |         GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
31 |         authorities.add(authority);
32 | 
33 |         // In a real scenario, this implementation has to locate user in a arbitrary
34 |         // dataStore based on information present in the SAMLCredential and
35 |         // returns such a date in a form of application specific UserDetails object.
36 |         return new User(userID, "<abc123>", true, true, true, true, authorities);
37 |     }
38 | 
39 | }
40 | 


--------------------------------------------------------------------------------
/src/main/java/com/spring/boot/security/saml/core/CurrentUserHandlerMethodArgumentResolver.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.core;
 2 | 
 3 | import com.spring.boot.security.saml.stereotypes.CurrentUser;
 4 | import org.springframework.core.MethodParameter;
 5 | import org.springframework.security.core.Authentication;
 6 | import org.springframework.security.core.userdetails.User;
 7 | import org.springframework.stereotype.Component;
 8 | import org.springframework.web.bind.support.WebArgumentResolver;
 9 | import org.springframework.web.bind.support.WebDataBinderFactory;
10 | import org.springframework.web.context.request.NativeWebRequest;
11 | import org.springframework.web.method.support.HandlerMethodArgumentResolver;
12 | import org.springframework.web.method.support.ModelAndViewContainer;
13 | 
14 | import java.security.Principal;
15 | 
16 | @Component
17 | public class CurrentUserHandlerMethodArgumentResolver implements
18 |         HandlerMethodArgumentResolver {
19 | 
20 |     public boolean supportsParameter(MethodParameter methodParameter) {
21 |         return methodParameter.getParameterAnnotation(CurrentUser.class) != null
22 |                 && methodParameter.getParameterType().equals(User.class);
23 |     }
24 | 
25 |     public Object resolveArgument(MethodParameter methodParameter,
26 |                                   ModelAndViewContainer mavContainer, NativeWebRequest webRequest,
27 |                                   WebDataBinderFactory binderFactory) throws Exception {
28 |         if (this.supportsParameter(methodParameter)) {
29 |             Principal principal = webRequest.getUserPrincipal();
30 |             if (principal == null) {
31 |                 return WebArgumentResolver.UNRESOLVED;
32 |             }
33 |             return ((Authentication) principal).getPrincipal();
34 |         } else {
35 |             return WebArgumentResolver.UNRESOLVED;
36 |         }
37 |     }
38 | }


--------------------------------------------------------------------------------
/src/main/resources/templates/layout.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout">
 3 | 
 4 | <head>
 5 |   <meta charset="utf-8">
 6 |   <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 7 |   <meta name="description" content="Spring Boot - SAML 2.0 Service Provider">
 8 |   <meta name="author" content="Vincenzo De Notaris">
 9 |   <link rel="icon" th:href="@{/img/favicon.ico}">
10 |   <title>Spring Boot &mdash; SAML 2.0 Service Provider</title>
11 |   <!-- Bootstrap core CSS -->
12 |   <link th:href="@{/css/bootstrap.min.css}" rel="stylesheet">
13 |   <!-- Font Awesome CSS -->
14 |   <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.13/css/all.css">
15 |   <!-- Custom styles for this template -->
16 |   <link th:href="@{/css/spring-saml-sp.css}" rel="stylesheet">
17 | </head>
18 | 
19 | <body class="bg-light">
20 |   <!-- Main starts -->
21 |   <div role="main" class="container">
22 |   	<!-- Header starts -->
23 |     <header role="header" class="d-flex align-items-center p-3 my-3 text-white-50 bg-spring-green rounded box-shadow">
24 |       <img class="mr-3" th:src="@{/img/spring-boot-saml.png}" alt="" height="48">
25 |       <div class="lh-100">
26 |         <h6 class="mb-0 text-white lh-100">Spring Boot &mdash; SAML 2.0 Service Provider</h6>
27 |       </div>
28 |     </header>
29 |     <!-- Header ends -->
30 |     <!-- Content starts -->
31 |     <section role="content" class="my-3 p-3 bg-white rounded box-shadow" layout:fragment="content">
32 | 		<!-- Page content goes here! -->
33 |     </section>
34 |     <!-- Content ends -->
35 |   </div>
36 |   <!-- Main ends -->
37 |   <!-- Bootstrap scripts -->
38 |   <script th:src="@{/js/bootstrap.min.js}"></script>
39 |   <!-- Font Awesome scripts -->
40 |   <script defer src="https://use.fontawesome.com/releases/v5.0.13/js/all.js"></script>
41 | </body>
42 | 
43 | </html>
44 | 


--------------------------------------------------------------------------------
/src/main/resources/templates/pages/discovery.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <html
 3 |   lang="en"
 4 |   xmlns:th="http://www.thymeleaf.org"
 5 |   xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
 6 |   xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"
 7 |   layout:decorate="~{layout}"
 8 | >
 9 | 
10 | <body>
11 |     <!-- Content starts -->
12 |     <section class="my-3 p-3 bg-white rounded box-shadow" layout:fragment="content">
13 |       <div class="alert alert-warning" role="alert">
14 |         <small>
15 |         <strong>Here we go!</strong> Select an Identity provider that holds your authentication data.<br/>
16 |         <img class="img-fluid margin-top-10 margin-bottom-10" th:src="@{/img/saml-flow.png}" />
17 |         The Service Provider (SP) generates a SAML 2.0 authentication request, which is encoded and embedded into the URL for SSO
18 |         service. After being redirected, you must provide your credentials to authenticate against the selected IdP.</small>
19 |       </div>
20 | 
21 |       <h6 class="border-bottom border-gray pb-2 mb-0">Select your Identity Provider:</h6>
22 | 
23 |       <form th:action="${idpDiscoReturnURL}" method="get">
24 |         <fieldset class="form-group">
25 |           <div class="form-check" th:each="idp : ${idps}">
26 |             <label class="form-check-label">
27 |               <input type="radio" class="form-check-input" th:name="${idpDiscoReturnParam}" th:id="'idp_' + ${idp}" th:value="${idp}" />
28 |               <span class="badge badge-dark">Azure IDP</span>
29 |             </label>
30 |           </div>
31 |         </fieldset>
32 | 
33 |         <small class="d-block text-right mt-3" id="sso-btn">
34 |           <button type="submit" class="btn btn-spring btn-sm">
35 |             <i class="fas fa-handshake"></i> Start 3rd Party Login
36 |           </button>
37 |         </small>
38 |       </form>
39 |     </section>
40 |     <!-- Content ends -->
41 | </body>
42 | 
43 | </html>
44 | 


--------------------------------------------------------------------------------
/src/main/java/com/spring/boot/security/saml/controllers/SSOController.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.controllers;
 2 | 
 3 | import org.slf4j.Logger;
 4 | import org.slf4j.LoggerFactory;
 5 | import org.springframework.beans.factory.annotation.Autowired;
 6 | import org.springframework.security.authentication.AnonymousAuthenticationToken;
 7 | import org.springframework.security.core.Authentication;
 8 | import org.springframework.security.core.context.SecurityContextHolder;
 9 | import org.springframework.security.saml.metadata.MetadataManager;
10 | import org.springframework.stereotype.Controller;
11 | import org.springframework.ui.Model;
12 | import org.springframework.web.bind.annotation.GetMapping;
13 | import org.springframework.web.bind.annotation.RequestMapping;
14 | 
15 | import javax.servlet.http.HttpServletRequest;
16 | import java.util.Set;
17 | 
18 | @Controller
19 | @RequestMapping("/saml")
20 | public class SSOController {
21 | 
22 |     // Logger
23 |     private static final Logger LOG = LoggerFactory.getLogger(SSOController.class);
24 | 
25 |     @Autowired
26 |     private MetadataManager metadata;
27 | 
28 |     @GetMapping("/discovery")
29 |     public String idpSelection(HttpServletRequest request, Model model) {
30 |         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
31 |         if (auth == null)
32 |             LOG.debug("Current authentication instance from security context is null");
33 |         else
34 |             LOG.debug("Current authentication instance from security context: {}", this.getClass().getSimpleName());
35 |         if (auth == null || (auth instanceof AnonymousAuthenticationToken)) {
36 |             Set<String> idps = metadata.getIDPEntityNames();
37 |             for (String idp : idps)
38 |                 LOG.info("Configured Identity Provider for SSO: {}", idp);
39 |             model.addAttribute("idps", idps);
40 |             return "pages/discovery";
41 |         } else {
42 |             LOG.warn("The current user is already logged.");
43 |             return "redirect:/landing";
44 |         }
45 |     }
46 | 
47 | }
48 | 


--------------------------------------------------------------------------------
/src/test/java/com/spring/boot/security/saml/core/SAMLUserDetailsServiceImplTest.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.core;
 2 | 
 3 | import com.spring.boot.security.saml.CommonTestSupport;
 4 | import com.spring.boot.security.saml.TestConfig;
 5 | import org.junit.Test;
 6 | import org.junit.runner.RunWith;
 7 | import org.opensaml.saml2.core.NameID;
 8 | import org.springframework.beans.factory.annotation.Autowired;
 9 | import org.springframework.security.core.GrantedAuthority;
10 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
11 | import org.springframework.security.core.userdetails.User;
12 | import org.springframework.security.saml.SAMLCredential;
13 | import org.springframework.test.context.ContextConfiguration;
14 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
15 | 
16 | import java.util.ArrayList;
17 | import java.util.List;
18 | 
19 | import static org.junit.Assert.*;
20 | import static org.mockito.Mockito.mock;
21 | import static org.mockito.Mockito.when;
22 | 
23 | @RunWith(SpringJUnit4ClassRunner.class)
24 | @ContextConfiguration(classes = TestConfig.class)
25 | public class SAMLUserDetailsServiceImplTest extends CommonTestSupport {
26 | 
27 |     @Autowired
28 |     private SAMLUserDetailsServiceImpl userDetailsService;
29 | 
30 |     @Test
31 |     public void testLoadUserBySAML() {
32 |         // given
33 |         NameID mockNameID = mock(NameID.class);
34 |         when(mockNameID.getValue()).thenReturn(USER_NAME);
35 | 
36 |         SAMLCredential credentialsMock = mock(SAMLCredential.class);
37 |         when(credentialsMock.getNameID()).thenReturn(mockNameID);
38 | 
39 |         // when
40 |         Object actual = userDetailsService.loadUserBySAML(credentialsMock);
41 | 
42 |         // / then
43 |         assertNotNull(actual);
44 |         assertTrue(actual instanceof User);
45 | 
46 |         User user = (User) actual;
47 |         assertEquals(USER_NAME, user.getUsername());
48 |         assertEquals(USER_PASSWORD, user.getPassword());
49 |         assertTrue(user.isEnabled());
50 |         assertTrue(user.isAccountNonExpired());
51 |         assertTrue(user.isCredentialsNonExpired());
52 |         assertTrue(user.isAccountNonLocked());
53 |         assertEquals(1, user.getAuthorities().size());
54 | 
55 |         List<GrantedAuthority> authorities = new ArrayList<>(user.getAuthorities());
56 |         Object authority = authorities.get(0);
57 | 
58 |         assertTrue(authority instanceof SimpleGrantedAuthority);
59 |         assertEquals(USER_ROLE, ((SimpleGrantedAuthority) authority).getAuthority());
60 |     }
61 | }
62 | 


--------------------------------------------------------------------------------
/src/test/java/com/spring/boot/security/saml/controllers/SSOControllerTest.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.controllers;
 2 | 
 3 | import com.spring.boot.security.saml.CommonTestSupport;
 4 | import com.spring.boot.security.saml.TestConfig;
 5 | import org.junit.Before;
 6 | import org.junit.Test;
 7 | import org.junit.runner.RunWith;
 8 | import org.mockito.InjectMocks;
 9 | import org.mockito.Mock;
10 | import org.mockito.MockitoAnnotations;
11 | import org.springframework.security.saml.metadata.MetadataManager;
12 | import org.springframework.security.test.context.support.WithMockUser;
13 | import org.springframework.test.context.ContextConfiguration;
14 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
15 | import org.springframework.test.context.web.WebAppConfiguration;
16 | import org.springframework.test.web.servlet.MockMvc;
17 | import org.springframework.web.servlet.View;
18 | 
19 | import java.util.Arrays;
20 | import java.util.Collections;
21 | import java.util.HashSet;
22 | import java.util.Set;
23 | 
24 | import static org.mockito.Mockito.when;
25 | import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
26 | import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
27 | import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
28 | 
29 | @RunWith(SpringJUnit4ClassRunner.class)
30 | @ContextConfiguration(classes = {TestConfig.class})
31 | @WebAppConfiguration
32 | public class SSOControllerTest extends CommonTestSupport {
33 | 
34 |     private static final Set<String> IDPS =
35 |             Collections.unmodifiableSet(
36 |                     new HashSet<>(Arrays.asList("idp1", "idp2", "idp3")));
37 | 
38 |     @InjectMocks
39 |     SSOController ssoController;
40 | 
41 |     @Mock
42 |     private MetadataManager metadata;
43 | 
44 |     @Mock
45 |     private View mockView;
46 | 
47 |     private MockMvc mockMvc;
48 | 
49 |     @Before
50 |     public void setUp() {
51 |         MockitoAnnotations.initMocks(this);
52 |         mockMvc = standaloneSetup(ssoController).setSingleView(mockView).build();
53 |     }
54 | 
55 |     @Test
56 |     @WithMockUser
57 |     public void testIdpSelectionWithUser() throws Exception {
58 |         mockMvc.perform(get("/saml/discovery"))
59 |                 .andExpect(status().isOk())
60 |                 .andExpect(view().name("redirect:/landing"));
61 |     }
62 | 
63 |     @Test
64 |     public void testIdpSelection() throws Exception {
65 |         // given
66 |         when(metadata.getIDPEntityNames()).thenReturn(IDPS);
67 | 
68 |         // when / then
69 |         mockMvc.perform(get("/saml/discovery").session(mockAnonymousHttpSession()))
70 |                 .andExpect(status().isOk())
71 |                 .andExpect(model().attribute("idps", IDPS))
72 |                 .andExpect(view().name("pages/discovery"));
73 |     }
74 | 
75 | }
76 | 


--------------------------------------------------------------------------------
/src/main/resources/templates/pages/index.html:
--------------------------------------------------------------------------------
 1 | <!doctype html>
 2 | <html
 3 |   lang="en"
 4 |   xmlns:th="http://www.thymeleaf.org"
 5 |   xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
 6 |   layout:decorate="~{layout}"
 7 | >
 8 | 
 9 | <body>
10 |   <!-- Content starts -->
11 |   <section class="my-3 p-3 bg-white rounded box-shadow" layout:fragment="content">
12 |     <h6 class="border-bottom border-gray pb-2 mb-0">The authentication flow, step by step:</h6>
13 |     <div class="media text-muted pt-3">
14 |       <i class="fas fa-building fa-2x fa-fw mr-2 spring-green" data-fa-transform="shrink-4"></i>
15 |       <p class="media-body pb-3 mb-0 small lh-125 border-bottom border-gray">
16 |         <strong class="d-block text-gray-dark">Select your Identity Provider (IdP)</strong>
17 |         Select an Identity provider that holds your authentication data. You can either enable users to explicitly select an IdP
18 |         (like in this case) or you can configure as well an automatic means of Identity Provider discovery.
19 |       </p>
20 |     </div>
21 |     <div class="media text-muted pt-3">
22 |       <i class="fas fa-user-lock fa-2x fa-fw mr-2 spring-green" data-fa-transform="shrink-4"></i>
23 |       <p class="media-body pb-3 mb-0 small lh-125 border-bottom border-gray">
24 |         <strong class="d-block text-gray-dark">Authenticate against the selected IdP</strong>
25 |         The Service Provider (SP) generates a SAML 2.0 authentication request, which is encoded and embedded into the URL for SSO
26 |         service. After being redirected, you must provide your credentials to authenticate against the selected IdP.
27 |       </p>
28 |     </div>
29 |     <div class="media text-muted pt-3">
30 |       <i class="fas fa-user-tag fa-2x fa-fw mr-2 spring-green" data-fa-transform="shrink-4"></i>
31 |       <p class="media-body pb-3 mb-0 small lh-125 border-bottom border-gray">
32 |         <strong class="d-block text-gray-dark">Get back and see your login data</strong>
33 |         The Identity Provider returns the encoded SAML response to the browser. You will be redirected back to the Service Provider.
34 |         If your identity is established by the IdP, you will be provided with app access and your profile data displayed.
35 |       </p>
36 |     </div>
37 |     <div class="media text-muted pt-3">
38 |       <i class="fas fa-door-closed fa-2x fa-fw mr-2 spring-green" data-fa-transform="shrink-4"></i>
39 |       <p class="media-body pb-3 mb-0 small lh-125 border-bottom border-gray">
40 |         <strong class="d-block text-gray-dark">Logout from your session</strong>
41 |         You can now logout from the app. If enabled, you can also invoke the Single Logout (SLO) that invalidates client application
42 |         sessions in addition to its own SSO session (IdP-side).
43 |       </p>
44 |     </div>
45 |     <small class="d-block text-right mt-3" id="sso-btn">
46 |       <a th:href="@{/saml/login}" class="btn btn-spring btn-sm">
47 |         <i class="fas fa-rocket"></i> Get started</a>
48 |     </small>
49 |   </section>
50 |   <!-- Content ends -->
51 | <body>
52 |   
53 | </html>


--------------------------------------------------------------------------------
/src/test/java/com/spring/boot/security/saml/controllers/LandingControllerTest.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.controllers;
 2 | 
 3 | import com.spring.boot.security.saml.CommonTestSupport;
 4 | import com.spring.boot.security.saml.TestConfig;
 5 | import org.junit.Before;
 6 | import org.junit.Test;
 7 | import org.junit.runner.RunWith;
 8 | import org.mockito.InjectMocks;
 9 | import org.mockito.Mock;
10 | import org.mockito.MockitoAnnotations;
11 | import org.springframework.core.MethodParameter;
12 | import org.springframework.security.core.userdetails.User;
13 | import org.springframework.test.context.ContextConfiguration;
14 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
15 | import org.springframework.test.context.web.WebAppConfiguration;
16 | import org.springframework.test.web.servlet.MockMvc;
17 | import org.springframework.web.bind.support.WebDataBinderFactory;
18 | import org.springframework.web.context.request.NativeWebRequest;
19 | import org.springframework.web.method.support.HandlerMethodArgumentResolver;
20 | import org.springframework.web.method.support.ModelAndViewContainer;
21 | import org.springframework.web.servlet.View;
22 | 
23 | import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
24 | import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
25 | import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
26 | 
27 | @RunWith(SpringJUnit4ClassRunner.class)
28 | @ContextConfiguration(classes = {TestConfig.class})
29 | @WebAppConfiguration
30 | public class LandingControllerTest extends CommonTestSupport {
31 | 
32 |     @InjectMocks
33 |     private LandingController landingController;
34 | 
35 |     @Mock
36 |     private View mockView;
37 | 
38 |     private MockMvc mockMvc;
39 | 
40 |     @Before
41 |     public void setUp() {
42 |         MockitoAnnotations.initMocks(this);
43 |         mockMvc = standaloneSetup(landingController)
44 |                 .setCustomArgumentResolvers(new MockArgumentResolver())
45 |                 .setSingleView(mockView).build();
46 |     }
47 | 
48 |     @Test
49 |     public void testAnonymousLanding() throws Exception {
50 |         mockMvc.perform(get("/landing").session(mockHttpSession(true)))
51 |                 .andExpect(status().isOk())
52 |                 .andExpect(model().attribute("username", USER_NAME))
53 |                 .andExpect(view().name("pages/landing"));
54 |     }
55 | 
56 |     private static class MockArgumentResolver implements HandlerMethodArgumentResolver {
57 |         @Override
58 |         public boolean supportsParameter(MethodParameter methodParameter) {
59 |             return methodParameter.getParameterType().equals(User.class);
60 |         }
61 | 
62 |         @Override
63 |         public Object resolveArgument(MethodParameter methodParameter,
64 |                                       ModelAndViewContainer modelAndViewContainer,
65 |                                       NativeWebRequest nativeWebRequest,
66 |                                       WebDataBinderFactory webDataBinderFactory)
67 |                 throws Exception {
68 |             return CommonTestSupport.USER_DETAILS;
69 |         }
70 |     }
71 | 
72 | }
73 | 


--------------------------------------------------------------------------------
/src/test/java/com/spring/boot/security/saml/CommonTestSupport.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml;
 2 | 
 3 | import org.springframework.mock.web.MockHttpSession;
 4 | import org.springframework.security.authentication.AnonymousAuthenticationToken;
 5 | import org.springframework.security.core.GrantedAuthority;
 6 | import org.springframework.security.core.authority.SimpleGrantedAuthority;
 7 | import org.springframework.security.core.context.SecurityContext;
 8 | import org.springframework.security.core.context.SecurityContextHolder;
 9 | import org.springframework.security.core.userdetails.User;
10 | import org.springframework.security.providers.ExpiringUsernameAuthenticationToken;
11 | import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
12 | 
13 | import java.util.Collections;
14 | import java.util.List;
15 | 
16 | import static org.mockito.Mockito.mock;
17 | import static org.mockito.Mockito.when;
18 | 
19 | public class CommonTestSupport {
20 | 
21 |     public static final String USER_NAME = "UserName";
22 | 
23 |     public static final String USER_PASSWORD = "<abc123>";
24 | 
25 |     public static final String USER_ROLE = "ROLE_USER";
26 | 
27 |     public static final String ANONYMOUS_USER_KEY = "UserKey";
28 | 
29 |     public static final String ANONYMOUS_USER_PRINCIPAL = "UserPrincipal";
30 | 
31 |     public static final List<GrantedAuthority> AUTHORITIES =
32 |             Collections.singletonList(new SimpleGrantedAuthority(USER_ROLE));
33 | 
34 |     public static final User USER_DETAILS = new User(USER_NAME, USER_PASSWORD, AUTHORITIES);
35 | 
36 |     public MockHttpSession mockHttpSession(boolean secured) {
37 |         MockHttpSession mockSession = new MockHttpSession();
38 | 
39 |         SecurityContext mockSecurityContext = mock(SecurityContext.class);
40 | 
41 |         if (secured) {
42 |             ExpiringUsernameAuthenticationToken principal =
43 |                     new ExpiringUsernameAuthenticationToken(null, USER_DETAILS, USER_NAME, AUTHORITIES);
44 |             principal.setDetails(USER_DETAILS);
45 |             when(mockSecurityContext.getAuthentication()).thenReturn(principal);
46 |         }
47 | 
48 |         SecurityContextHolder.setContext(mockSecurityContext);
49 |         mockSession.setAttribute(
50 |                 HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
51 |                 mockSecurityContext);
52 | 
53 |         return mockSession;
54 |     }
55 | 
56 |     public MockHttpSession mockAnonymousHttpSession() {
57 |         MockHttpSession mockSession = new MockHttpSession();
58 | 
59 |         SecurityContext mockSecurityContext = mock(SecurityContext.class);
60 | 
61 |         AnonymousAuthenticationToken principal =
62 |                 new AnonymousAuthenticationToken(
63 |                         ANONYMOUS_USER_KEY,
64 |                         ANONYMOUS_USER_PRINCIPAL,
65 |                         AUTHORITIES);
66 | 
67 |         when(mockSecurityContext.getAuthentication()).thenReturn(principal);
68 | 
69 |         SecurityContextHolder.setContext(mockSecurityContext);
70 |         mockSession.setAttribute(
71 |                 HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
72 |                 mockSecurityContext);
73 | 
74 |         return mockSession;
75 |     }
76 | }
77 | 


--------------------------------------------------------------------------------
/src/test/java/com/spring/boot/security/saml/core/CurrentUserHandlerMethodArgumentResolverTest.java:
--------------------------------------------------------------------------------
 1 | package com.spring.boot.security.saml.core;
 2 | 
 3 | import com.spring.boot.security.saml.CommonTestSupport;
 4 | import com.spring.boot.security.saml.TestConfig;
 5 | import com.spring.boot.security.saml.stereotypes.CurrentUser;
 6 | import org.junit.Before;
 7 | import org.junit.Test;
 8 | import org.junit.runner.RunWith;
 9 | import org.springframework.beans.factory.annotation.Autowired;
10 | import org.springframework.core.MethodParameter;
11 | import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
12 | import org.springframework.security.core.userdetails.User;
13 | import org.springframework.test.context.ContextConfiguration;
14 | import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
15 | import org.springframework.web.bind.support.WebArgumentResolver;
16 | import org.springframework.web.bind.support.WebDataBinderFactory;
17 | import org.springframework.web.context.request.NativeWebRequest;
18 | import org.springframework.web.method.support.ModelAndViewContainer;
19 | 
20 | import java.security.Principal;
21 | import java.util.Collections;
22 | 
23 | import static org.junit.Assert.*;
24 | import static org.mockito.Mockito.mock;
25 | import static org.mockito.Mockito.when;
26 | 
27 | @RunWith(SpringJUnit4ClassRunner.class)
28 | @ContextConfiguration(classes = TestConfig.class)
29 | public class CurrentUserHandlerMethodArgumentResolverTest extends CommonTestSupport {
30 | 
31 |     @Autowired
32 |     private CurrentUserHandlerMethodArgumentResolver resolver;
33 | 
34 |     private MethodParameter validParam;
35 | 
36 |     private MethodParameter notAnnotatedParam;
37 | 
38 |     private MethodParameter wrongTypeParam;
39 | 
40 |     @Before
41 |     public void init() throws NoSuchMethodException {
42 |         validParam = new MethodParameter(
43 |                 MethodSamples.class.getMethod("validUser", User.class), 0);
44 |         notAnnotatedParam = new MethodParameter(
45 |                 MethodSamples.class.getMethod("notAnnotatedUser", User.class), 0);
46 |         wrongTypeParam = new MethodParameter(
47 |                 MethodSamples.class.getMethod("wrongTypeUser", Object.class), 0);
48 |     }
49 | 
50 |     @Test
51 |     public void testSupportsParameter() throws NoSuchMethodException {
52 |         assertTrue(resolver.supportsParameter(validParam));
53 |         assertFalse(resolver.supportsParameter(notAnnotatedParam));
54 |         assertFalse(resolver.supportsParameter(wrongTypeParam));
55 |     }
56 | 
57 |     @Test
58 |     public void testResolveArgument() throws Exception {
59 |         // given
60 |         ModelAndViewContainer mavContainer = mock(ModelAndViewContainer.class);
61 |         WebDataBinderFactory binderFactory = mock(WebDataBinderFactory.class);
62 |         NativeWebRequest webRequest = mock(NativeWebRequest.class);
63 |         User stubUser = new User(USER_NAME, "", Collections.emptyList());
64 |         Principal stubPrincipal = new UsernamePasswordAuthenticationToken(stubUser, null);
65 |         when(webRequest.getUserPrincipal()).thenReturn(stubPrincipal);
66 | 
67 |         // when/then
68 |         assertEquals(stubUser,
69 |                 resolver.resolveArgument(validParam, mavContainer, webRequest, binderFactory));
70 |         assertEquals(WebArgumentResolver.UNRESOLVED,
71 |                 resolver.resolveArgument(notAnnotatedParam, mavContainer, webRequest, binderFactory));
72 |         assertEquals(WebArgumentResolver.UNRESOLVED,
73 |                 resolver.resolveArgument(wrongTypeParam, mavContainer, webRequest, binderFactory));
74 |     }
75 | 
76 |     @SuppressWarnings("unused")
77 |     private static final class MethodSamples {
78 | 
79 |         public void validUser(@CurrentUser User user) {
80 |         }
81 | 
82 |         public void notAnnotatedUser(User user) {
83 |         }
84 | 
85 |         public void wrongTypeUser(@CurrentUser Object user) {
86 |         }
87 |     }
88 | }
89 | 


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="UTF-8"?>
  2 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  3 |     <modelVersion>4.0.0</modelVersion>
  4 |     <groupId>com.spring.saml</groupId>
  5 |     <artifactId>spring-boot-security-saml-sample</artifactId>
  6 |     <version>2.3.1.RELEASE</version>
  7 |     <packaging>jar</packaging>
  8 |     <!-- Project description -->
  9 |     <name>Spring Boot sample SAML 2.0 Service Provider</name>
 10 |     <description>A sample SAML 2.0 Service Provider built on Spring Boot.</description>
 11 |     <properties>
 12 |         <java.version>1.8</java.version>
 13 |         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 14 |         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 15 |         <start-class>com.spring.boot.security.saml.Application</start-class>
 16 |         <jackson.version>2.9.10</jackson.version>
 17 |     </properties>
 18 |     <!-- Inherit defaults from Spring Boot -->
 19 |     <parent>
 20 |         <groupId>org.springframework.boot</groupId>
 21 |         <artifactId>spring-boot-starter-parent</artifactId>
 22 |         <version>2.2.4.RELEASE</version>
 23 |     </parent>
 24 |     <repositories>
 25 |         <repository>
 26 |             <id>Shibboleth</id>
 27 |             <name>Shibboleth</name>
 28 |             <url>https://build.shibboleth.net/nexus/content/repositories/releases/</url>
 29 |         </repository>
 30 |     </repositories>
 31 |     <dependencies>
 32 |         <dependency>
 33 |             <groupId>org.springframework.boot</groupId>
 34 |             <artifactId>spring-boot-starter</artifactId>
 35 |             <exclusions>
 36 |                 <exclusion>
 37 |                     <groupId>org.springframework.boot</groupId>
 38 |                     <artifactId>spring-boot-starter-logging</artifactId>
 39 |                 </exclusion>
 40 |             </exclusions>
 41 |         </dependency>
 42 |         <dependency>
 43 |             <groupId>org.springframework.boot</groupId>
 44 |             <artifactId>spring-boot-starter-log4j2</artifactId>
 45 |         </dependency>
 46 |         <dependency>
 47 |             <groupId>org.springframework.boot</groupId>
 48 |             <artifactId>spring-boot-starter-web</artifactId>
 49 |         </dependency>
 50 |         <dependency>
 51 |             <groupId>org.springframework.boot</groupId>
 52 |             <artifactId>spring-boot-starter-security</artifactId>
 53 |         </dependency>
 54 |         <dependency>
 55 |             <groupId>org.springframework.boot</groupId>
 56 |             <artifactId>spring-boot-starter-thymeleaf</artifactId>
 57 |         </dependency>
 58 |         <dependency>
 59 |             <groupId>nz.net.ultraq.thymeleaf</groupId>
 60 |             <artifactId>thymeleaf-layout-dialect</artifactId>
 61 |         </dependency>
 62 |         <dependency>
 63 |             <groupId>org.springframework.boot</groupId>
 64 |             <artifactId>spring-boot-starter-test</artifactId>
 65 |             <scope>test</scope>
 66 |         </dependency>
 67 |         <dependency>
 68 |             <groupId>org.springframework.security</groupId>
 69 |             <artifactId>spring-security-test</artifactId>
 70 |             <scope>test</scope>
 71 |         </dependency>
 72 |         <dependency>
 73 |             <groupId>org.springframework.boot</groupId>
 74 |             <artifactId>spring-boot-starter-tomcat</artifactId>
 75 |             <scope>provided</scope>
 76 |         </dependency>
 77 |         <dependency>
 78 |             <groupId>org.springframework.security.extensions</groupId>
 79 |             <artifactId>spring-security-saml2-core</artifactId>
 80 |             <version>1.0.10.RELEASE</version>
 81 |             <exclusions>
 82 |                 <exclusion>
 83 |                     <groupId>commons-collections</groupId>
 84 |                     <artifactId>commons-collections</artifactId>
 85 |                 </exclusion>
 86 |             </exclusions>
 87 |         </dependency>
 88 |         <dependency>
 89 |             <groupId>commons-collections</groupId>
 90 |             <artifactId>commons-collections</artifactId>
 91 |             <version>3.2.2</version>
 92 |         </dependency>
 93 |     </dependencies>
 94 |     <build>
 95 |         <plugins>
 96 |             <plugin>
 97 |                 <groupId>org.springframework.boot</groupId>
 98 |                 <artifactId>spring-boot-maven-plugin</artifactId>
 99 |             </plugin>
100 |             <plugin>
101 |                 <groupId>org.jacoco</groupId>
102 |                 <artifactId>jacoco-maven-plugin</artifactId>
103 |                 <version>0.8.2</version>
104 |                 <executions>
105 |                     <execution>
106 |                         <goals>
107 |                             <goal>prepare-agent</goal>
108 |                         </goals>
109 |                     </execution>
110 |                     <execution>
111 |                         <id>report</id>
112 |                         <phase>prepare-package</phase>
113 |                         <goals>
114 |                             <goal>report</goal>
115 |                         </goals>
116 |                     </execution>
117 |                 </executions>
118 |             </plugin>
119 |         </plugins>
120 |     </build>
121 | </project>
122 | 


--------------------------------------------------------------------------------
/Readme.MD:
--------------------------------------------------------------------------------
  1 | # saml-sso-and-slo-demo-idp-azure-sp-springboot
  2 | This project is to demonstrate the **Spring Boot SAML** 
  3 | integration with **Azure IDP**, so here this spring boot 
  4 | app behaves like **SP (Service Provider)** and the **IDP** 
  5 | will be the **Azure**.
  6 | 
  7 | ### Requirements To Run Applications
  8 | * JDK 8 or later
  9 | * IDE (Optional)
 10 | 
 11 | ### Dependencies And Tools Used To Build Applications
 12 | * Git
 13 | * JDK 8 or later
 14 | * Maven
 15 | * Spring Web
 16 | * Spring Security
 17 | * Spring SAML 2
 18 | * Spring Test
 19 | * Log4j2
 20 | * Thymeleaf
 21 | * IDE
 22 | 
 23 | ### Prerequisites
 24 | Before you start the application you must fulfill the 
 25 | following prerequisites.
 26 | * Go to the **Azure portal** and create an account if you 
 27 | don't have one, here is the link [Azure Portal](https://azure.microsoft.com/en-in/free/search/?cdn=disable)
 28 | 
 29 | * Create a new **tenant** in **Azure Active Directory**, 
 30 | if you have an existing one you can use it, here is the 
 31 | link that will help you to create a new **tenant** [Create a tenant](https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-access-create-new-tenant)
 32 | 
 33 | * Create a non-gallery enterprise application, here is 
 34 | the link that will help you to create one 
 35 | [Create an application](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app)
 36 | 
 37 | * If you are able to successfully create an enterprise 
 38 | application you will get the screen like this.
 39 | ![Application Preview](src/main/resources/static/screenshots/app_overview.png)
 40 | 
 41 | * Now click on the second option **Set up single sign-on**, 
 42 | you can see this option in the above image, and then select 
 43 | **SAML** as a single sign-on method.
 44 | 
 45 | * Now you will get the configuration page like this, I 
 46 | request you to stay on this page because here we will do 
 47 | some configuration. 
 48 | ![SAML Configuration Page](src/main/resources/static/screenshots/saml_based_sign_on.png)
 49 | 
 50 | ### Configuration
 51 | ##### Azure IDP Configuration
 52 | * Go to the previous configuration page and set the 
 53 | **Identifier (Entity ID)**, you can set the value something
 54 | like this **com:uday:spring:sp**, please replace the name 
 55 | "uday" with yours.
 56 | 
 57 | * Now set the **Reply URL (Assertion Consumer Service URL)**, 
 58 | this URL used by the **Azure IDP** to call the 
 59 | **Service Provider**, in our case the **Service Provider** 
 60 | is this application. So here you can set the 
 61 | **Reply URL (Assertion Consumer Service URL)** like this 
 62 | **https://[your domain]/saml/SSO**.
 63 | 
 64 | * Now slightly scroll down the configuration page, and you 
 65 | will find the **SAML Signing Certificate** section, you can 
 66 | see this section in the below image, so from this section 
 67 | copy the **App Federation Metadata Url** and save it 
 68 | somewhere, we will use this URL later in our 
 69 | **Spring Boot Service**, and download the 
 70 | **Certificate (Base64)** and save it somewhere, we will use 
 71 | this certificate too in our service.
 72 | ![SAML Based Sign On Section](src/main/resources/static/screenshots/saml-signing-certificate-section.png)
 73 | 
 74 | * Now add users or group to this application, here is the link it will 
 75 | guide you for the same [Add Users or Group](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal)
 76 | And we are done with the **Azure IDP** configuration.
 77 | 
 78 | ##### Spring Boot Service Provider (SP) Configuration
 79 | * Now open the project in the IDE and go to the 
 80 | **apllcation.yml** file to do some mandatory configuration, 
 81 | here is the location of this file 
 82 | `/saml-sso-and-slo-demo-idp-azure-sp-springboot/src/main/resources/application.yml`.
 83 | 
 84 | * Now set the following properties, with the properties value 
 85 | you have just configured in the **Azure IDP**.
 86 | 
 87 |       service.provider.entity.id: value of [Identifier (Entity ID)]
 88 |       
 89 |       idp.metedata.url: URL of [App Federation Metadata Url]
 90 | 
 91 |   And we are done with **application.yml** file configuration.
 92 |   
 93 | * If you remember we have downloaded the **Certificate (Base64)** 
 94 | from the **Azure IDP**, so change the name of this 
 95 | certificate to **signature.cer** and move the certificate 
 96 | to this location `/saml-sso-and-slo-demo-idp-azure-sp-springboot/src/main/resources/saml/signature.cer`
 97 | 
 98 |   **Note: first delete all the files available in this location**
 99 |   
100 |   Now open the terminal in the same location and execute 
101 |   the following command.
102 |   
103 |       keytool -importcert -alias adfssigning -keystore samlKeystore.jks -file signature.cer
104 |   
105 |   it will ask you for the password once you execute the 
106 |   command use this **nalle123** password for the same, 
107 |   and when it asks **Trust this certificate? [no]:** type 
108 |   **y** and your **.jks** file will be created.
109 |   
110 |   Now execute the one more command in the same location. 
111 |   Here is the command.
112 |   
113 |       keytool -genkeypair -alias apollo -keypass nalle123 -keyalg RSA -keysize 2048 -validity 10000 -keystore samlKeystore.jks
114 |       
115 |   it will ask you for the password once you execute the 
116 |   command use this **nalle123** password for the same. 
117 |   As well as it will ask you a bunch of questions just hit enter 
118 |   and you will be fine. When it asks **Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct? [no]:** type **y**.
119 |   
120 | And here we are done with all the configuration and now we are ready to run this application. Enjoy!!
121 | 
122 | To run this project go to the `/saml-sso-and-slo-demo-idp-azure-sp-springboot/src/main/java/com/spring/boot/security/saml/Application.java` and run the **Application.java** class.
123 | 
124 | You have already added users in the IDP's application so you can use 
125 | those users to log in to this service.
126 | 
127 | And we are done here, **Thank You.**
128 | 


--------------------------------------------------------------------------------
/src/main/java/com/spring/boot/security/saml/config/WebSecurityConfig.java:
--------------------------------------------------------------------------------
  1 | package com.spring.boot.security.saml.config;
  2 | 
  3 | import com.spring.boot.security.saml.core.SAMLUserDetailsServiceImpl;
  4 | import org.apache.commons.httpclient.HttpClient;
  5 | import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
  6 | import org.apache.velocity.app.VelocityEngine;
  7 | import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
  8 | import org.opensaml.saml2.metadata.provider.MetadataProvider;
  9 | import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 10 | import org.opensaml.xml.parse.ParserPool;
 11 | import org.opensaml.xml.parse.StaticBasicParserPool;
 12 | import org.springframework.beans.factory.DisposableBean;
 13 | import org.springframework.beans.factory.InitializingBean;
 14 | import org.springframework.beans.factory.annotation.Autowired;
 15 | import org.springframework.beans.factory.annotation.Qualifier;
 16 | import org.springframework.beans.factory.annotation.Value;
 17 | import org.springframework.context.annotation.Bean;
 18 | import org.springframework.context.annotation.Configuration;
 19 | import org.springframework.core.io.DefaultResourceLoader;
 20 | import org.springframework.core.io.Resource;
 21 | import org.springframework.security.authentication.AuthenticationManager;
 22 | import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 23 | import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 24 | import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 25 | import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 26 | import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 27 | import org.springframework.security.saml.*;
 28 | import org.springframework.security.saml.context.SAMLContextProviderImpl;
 29 | import org.springframework.security.saml.key.JKSKeyManager;
 30 | import org.springframework.security.saml.key.KeyManager;
 31 | import org.springframework.security.saml.log.SAMLDefaultLogger;
 32 | import org.springframework.security.saml.metadata.*;
 33 | import org.springframework.security.saml.parser.ParserPoolHolder;
 34 | import org.springframework.security.saml.processor.*;
 35 | import org.springframework.security.saml.util.VelocityFactory;
 36 | import org.springframework.security.saml.websso.*;
 37 | import org.springframework.security.web.DefaultSecurityFilterChain;
 38 | import org.springframework.security.web.FilterChainProxy;
 39 | import org.springframework.security.web.SecurityFilterChain;
 40 | import org.springframework.security.web.access.channel.ChannelProcessingFilter;
 41 | import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 42 | import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 43 | import org.springframework.security.web.authentication.logout.LogoutHandler;
 44 | import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 45 | import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
 46 | import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 47 | import org.springframework.security.web.csrf.CsrfFilter;
 48 | import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 49 | 
 50 | import java.util.*;
 51 | 
 52 | @Configuration
 53 | @EnableWebSecurity
 54 | @EnableGlobalMethodSecurity(securedEnabled = true)
 55 | public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements InitializingBean, DisposableBean {
 56 | 
 57 |     private Timer backgroundTaskTimer;
 58 |     private MultiThreadedHttpConnectionManager multiThreadedHttpConnectionManager;
 59 | 
 60 |     public void init() {
 61 |         this.backgroundTaskTimer = new Timer(true);
 62 |         this.multiThreadedHttpConnectionManager = new MultiThreadedHttpConnectionManager();
 63 |     }
 64 | 
 65 |     public void shutdown() {
 66 |         this.backgroundTaskTimer.purge();
 67 |         this.backgroundTaskTimer.cancel();
 68 |         this.multiThreadedHttpConnectionManager.shutdown();
 69 |     }
 70 | 
 71 |     @Value("${service.provider.entity.id}")
 72 |     private String serviceProviderEntityId;
 73 | 
 74 |     @Value("${idp.metedata.url}")
 75 |     private String ipdMetaDataUrl;
 76 | 
 77 |     @Value("${saml.keystore.password}")
 78 |     private String samlKeyStorePassword;
 79 | 
 80 |     @Value("${saml.private.key.alias}")
 81 |     private String samlPrivateKeyAlias;
 82 | 
 83 |     @Value("${saml.private.key.password}")
 84 |     private String samlPrivateKeyPassword;
 85 | 
 86 |     @Autowired
 87 |     private SAMLUserDetailsServiceImpl samlUserDetailsServiceImpl;
 88 | 
 89 |     // Initialization of the velocity engine
 90 |     @Bean
 91 |     public VelocityEngine velocityEngine() {
 92 |         return VelocityFactory.getEngine();
 93 |     }
 94 | 
 95 |     // XML parser pool needed for OpenSAML parsing
 96 |     @Bean(initMethod = "initialize")
 97 |     public StaticBasicParserPool parserPool() {
 98 |         return new StaticBasicParserPool();
 99 |     }
100 | 
101 |     @Bean(name = "parserPoolHolder")
102 |     public ParserPoolHolder parserPoolHolder() {
103 |         return new ParserPoolHolder();
104 |     }
105 | 
106 |     // Bindings, encoders and decoders used for creating and parsing messages
107 |     @Bean
108 |     public HttpClient httpClient() {
109 |         return new HttpClient(this.multiThreadedHttpConnectionManager);
110 |     }
111 | 
112 |     // SAML Authentication Provider responsible for validating of received SAML
113 |     // messages
114 |     @Bean
115 |     public SAMLAuthenticationProvider samlAuthenticationProvider(SAMLUserDetailsServiceImpl samlUserDetailsServiceImpl) {
116 |         SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
117 |         samlAuthenticationProvider.setUserDetails(samlUserDetailsServiceImpl);
118 |         samlAuthenticationProvider.setForcePrincipalAsString(false);
119 |         return samlAuthenticationProvider;
120 |     }
121 | 
122 |     // Provider of default SAML Context
123 |     @Bean
124 |     public SAMLContextProviderImpl contextProvider() {
125 |         return new SAMLContextProviderImpl();
126 |     }
127 | 
128 |     // Initialization of OpenSAML library
129 |     @Bean
130 |     public static SAMLBootstrap sAMLBootstrap() {
131 |         return new SAMLBootstrap();
132 |     }
133 | 
134 |     // Logger for SAML messages and events
135 |     @Bean
136 |     public SAMLDefaultLogger samlLogger() {
137 |         return new SAMLDefaultLogger();
138 |     }
139 | 
140 |     // SAML 2.0 WebSSO Assertion Consumer
141 |     @Bean
142 |     public WebSSOProfileConsumer webSSOprofileConsumer() {
143 |         return new WebSSOProfileConsumerImpl();
144 |     }
145 | 
146 |     // SAML 2.0 Holder-of-Key WebSSO Assertion Consumer
147 |     @Bean
148 |     public WebSSOProfileConsumerHoKImpl hokWebSSOprofileConsumer() {
149 |         return new WebSSOProfileConsumerHoKImpl();
150 |     }
151 | 
152 |     // SAML 2.0 Web SSO profile
153 |     @Bean
154 |     public WebSSOProfile webSSOprofile() {
155 |         return new WebSSOProfileImpl();
156 |     }
157 | 
158 |     // SAML 2.0 Holder-of-Key Web SSO profile
159 |     @Bean
160 |     public WebSSOProfileConsumerHoKImpl hokWebSSOProfile() {
161 |         return new WebSSOProfileConsumerHoKImpl();
162 |     }
163 | 
164 |     // SAML 2.0 ECP profile
165 |     @Bean
166 |     public WebSSOProfileECPImpl ecpprofile() {
167 |         return new WebSSOProfileECPImpl();
168 |     }
169 | 
170 |     @Bean
171 |     public SingleLogoutProfile logoutprofile() {
172 |         return new SingleLogoutProfileImpl();
173 |     }
174 | 
175 |     // Central storage of cryptographic keys
176 |     @Bean
177 |     public KeyManager keyManager() {
178 |         DefaultResourceLoader loader = new DefaultResourceLoader();
179 |         Resource storeFile = loader
180 |                 .getResource("classpath:/saml/samlKeystore.jks");
181 |         String storePass = samlKeyStorePassword;
182 |         Map<String, String> passwords = new HashMap<>();
183 |         passwords.put(samlPrivateKeyAlias, samlPrivateKeyPassword);
184 |         String defaultKey = samlPrivateKeyAlias;
185 |         return new JKSKeyManager(storeFile, storePass, passwords, defaultKey);
186 |     }
187 | 
188 |     @Bean
189 |     public WebSSOProfileOptions defaultWebSSOProfileOptions() {
190 |         WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
191 |         webSSOProfileOptions.setIncludeScoping(false);
192 |         return webSSOProfileOptions;
193 |     }
194 | 
195 |     // Entry point to initialize authentication, default values taken from
196 |     // properties file
197 |     @Bean
198 |     public SAMLEntryPoint samlEntryPoint() {
199 |         SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint();
200 |         samlEntryPoint.setDefaultProfileOptions(defaultWebSSOProfileOptions());
201 |         return samlEntryPoint;
202 |     }
203 | 
204 |     // Setup advanced info about metadata
205 |     @Bean
206 |     public ExtendedMetadata extendedMetadata() {
207 |         ExtendedMetadata extendedMetadata = new ExtendedMetadata();
208 |         extendedMetadata.setIdpDiscoveryEnabled(true);
209 |         extendedMetadata.setSigningAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
210 |         extendedMetadata.setSignMetadata(true);
211 |         extendedMetadata.setEcpEnabled(true);
212 |         return extendedMetadata;
213 |     }
214 | 
215 |     // IDP Discovery Service
216 |     @Bean
217 |     public SAMLDiscovery samlIDPDiscovery() {
218 |         SAMLDiscovery idpDiscovery = new SAMLDiscovery();
219 |         idpDiscovery.setIdpSelectionPath("/saml/discovery");
220 |         return idpDiscovery;
221 |     }
222 | 
223 |     @Bean
224 |     @Qualifier("idp-azure")
225 |     public ExtendedMetadataDelegate azureExtendedMetadataProvider()
226 |             throws MetadataProviderException {
227 |         String idpAzureMetadataURL = ipdMetaDataUrl;
228 |         HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(
229 |                 this.backgroundTaskTimer, httpClient(), idpAzureMetadataURL);
230 |         httpMetadataProvider.setParserPool(parserPool());
231 |         ExtendedMetadataDelegate extendedMetadataDelegate =
232 |                 new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());
233 |         extendedMetadataDelegate.setMetadataTrustCheck(true);
234 |         extendedMetadataDelegate.setMetadataRequireSignature(false);
235 |         backgroundTaskTimer.purge();
236 |         return extendedMetadataDelegate;
237 |     }
238 | 
239 |     // IDP Metadata configuration - paths to metadata of IDPs in circle of trust
240 |     // is here
241 |     // Do no forget to call iniitalize method on providers
242 |     @Bean
243 |     @Qualifier("metadata")
244 |     public CachingMetadataManager metadata() throws MetadataProviderException {
245 |         List<MetadataProvider> providers = new ArrayList<>();
246 |         providers.add(azureExtendedMetadataProvider());
247 |         return new CachingMetadataManager(providers);
248 |     }
249 | 
250 |     // Filter automatically generates default SP metadata
251 |     @Bean
252 |     public MetadataGenerator metadataGenerator() {
253 |         MetadataGenerator metadataGenerator = new MetadataGenerator();
254 |         metadataGenerator.setEntityId(serviceProviderEntityId);
255 |         metadataGenerator.setExtendedMetadata(extendedMetadata());
256 |         metadataGenerator.setIncludeDiscoveryExtension(false);
257 |         metadataGenerator.setKeyManager(keyManager());
258 |         return metadataGenerator;
259 |     }
260 | 
261 |     // The filter is waiting for connections on URL suffixed with filterSuffix
262 |     // and presents SP metadata there
263 |     @Bean
264 |     public MetadataDisplayFilter metadataDisplayFilter() {
265 |         return new MetadataDisplayFilter();
266 |     }
267 | 
268 |     // Handler deciding where to redirect user after successful login
269 |     @Bean
270 |     public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
271 |         SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler =
272 |                 new SavedRequestAwareAuthenticationSuccessHandler();
273 |         successRedirectHandler.setDefaultTargetUrl("/landing");
274 |         return successRedirectHandler;
275 |     }
276 | 
277 |     // Handler deciding where to redirect user after failed login
278 |     @Bean
279 |     public SimpleUrlAuthenticationFailureHandler authenticationFailureHandler() {
280 |         SimpleUrlAuthenticationFailureHandler failureHandler =
281 |                 new SimpleUrlAuthenticationFailureHandler();
282 |         failureHandler.setUseForward(true);
283 |         failureHandler.setDefaultFailureUrl("/error");
284 |         return failureHandler;
285 |     }
286 | 
287 |     @Bean
288 |     public SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter() throws Exception {
289 |         SAMLWebSSOHoKProcessingFilter samlWebSSOHoKProcessingFilter = new SAMLWebSSOHoKProcessingFilter();
290 |         samlWebSSOHoKProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
291 |         samlWebSSOHoKProcessingFilter.setAuthenticationManager(authenticationManager());
292 |         samlWebSSOHoKProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
293 |         return samlWebSSOHoKProcessingFilter;
294 |     }
295 | 
296 |     // Processing filter for WebSSO profile messages
297 |     @Bean
298 |     public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception {
299 |         SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter();
300 |         samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager());
301 |         samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
302 |         samlWebSSOProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
303 |         return samlWebSSOProcessingFilter;
304 |     }
305 | 
306 |     @Bean
307 |     public MetadataGeneratorFilter metadataGeneratorFilter() {
308 |         return new MetadataGeneratorFilter(metadataGenerator());
309 |     }
310 | 
311 |     // Handler for successful logout
312 |     @Bean
313 |     public SimpleUrlLogoutSuccessHandler successLogoutHandler() {
314 |         SimpleUrlLogoutSuccessHandler successLogoutHandler = new SimpleUrlLogoutSuccessHandler();
315 |         successLogoutHandler.setDefaultTargetUrl("/");
316 |         return successLogoutHandler;
317 |     }
318 | 
319 |     // Logout handler terminating local session
320 |     @Bean
321 |     public SecurityContextLogoutHandler logoutHandler() {
322 |         SecurityContextLogoutHandler logoutHandler =
323 |                 new SecurityContextLogoutHandler();
324 |         logoutHandler.setInvalidateHttpSession(true);
325 |         logoutHandler.setClearAuthentication(true);
326 |         return logoutHandler;
327 |     }
328 | 
329 |     // Filter processing incoming logout messages
330 |     // First argument determines URL user will be redirected to after successful
331 |     // global logout
332 |     @Bean
333 |     public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
334 |         return new SAMLLogoutProcessingFilter(successLogoutHandler(),
335 |                 logoutHandler());
336 |     }
337 | 
338 |     // Overrides default logout processing filter with the one processing SAML
339 |     // messages
340 |     @Bean
341 |     public SAMLLogoutFilter samlLogoutFilter() {
342 |         return new SAMLLogoutFilter(successLogoutHandler(),
343 |                 new LogoutHandler[]{logoutHandler()},
344 |                 new LogoutHandler[]{logoutHandler()});
345 |     }
346 | 
347 |     // Bindings
348 |     private ArtifactResolutionProfile artifactResolutionProfile() {
349 |         final ArtifactResolutionProfileImpl artifactResolutionProfile =
350 |                 new ArtifactResolutionProfileImpl(httpClient());
351 |         artifactResolutionProfile.setProcessor(new SAMLProcessorImpl(soapBinding()));
352 |         return artifactResolutionProfile;
353 |     }
354 | 
355 |     @Bean
356 |     public HTTPArtifactBinding artifactBinding(ParserPool parserPool, VelocityEngine velocityEngine) {
357 |         return new HTTPArtifactBinding(parserPool, velocityEngine, artifactResolutionProfile());
358 |     }
359 | 
360 |     @Bean
361 |     public HTTPSOAP11Binding soapBinding() {
362 |         return new HTTPSOAP11Binding(parserPool());
363 |     }
364 | 
365 |     @Bean
366 |     public HTTPPostBinding httpPostBinding() {
367 |         return new HTTPPostBinding(parserPool(), velocityEngine());
368 |     }
369 | 
370 |     @Bean
371 |     public HTTPRedirectDeflateBinding httpRedirectDeflateBinding() {
372 |         return new HTTPRedirectDeflateBinding(parserPool());
373 |     }
374 | 
375 |     @Bean
376 |     public HTTPSOAP11Binding httpSOAP11Binding() {
377 |         return new HTTPSOAP11Binding(parserPool());
378 |     }
379 | 
380 |     @Bean
381 |     public HTTPPAOS11Binding httpPAOS11Binding() {
382 |         return new HTTPPAOS11Binding(parserPool());
383 |     }
384 | 
385 |     // Processor
386 |     @Bean
387 |     public SAMLProcessorImpl processor() {
388 |         Collection<SAMLBinding> bindings = new ArrayList<>();
389 |         bindings.add(httpRedirectDeflateBinding());
390 |         bindings.add(httpPostBinding());
391 |         bindings.add(artifactBinding(parserPool(), velocityEngine()));
392 |         bindings.add(httpSOAP11Binding());
393 |         bindings.add(httpPAOS11Binding());
394 |         return new SAMLProcessorImpl(bindings);
395 |     }
396 | 
397 |     /**
398 |      * Define the security filter chain in order to support SSO Auth by using SAML 2.0
399 |      *
400 |      * @return Filter chain proxy
401 |      * @throws Exception
402 |      */
403 |     @Bean
404 |     public FilterChainProxy samlFilter() throws Exception {
405 |         List<SecurityFilterChain> chains = new ArrayList<>();
406 |         chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
407 |                 samlEntryPoint()));
408 |         chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
409 |                 samlLogoutFilter()));
410 |         chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
411 |                 metadataDisplayFilter()));
412 |         chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
413 |                 samlWebSSOProcessingFilter()));
414 |         chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSOHoK/**"),
415 |                 samlWebSSOHoKProcessingFilter()));
416 |         chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
417 |                 samlLogoutProcessingFilter()));
418 |         chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/discovery/**"),
419 |                 samlIDPDiscovery()));
420 |         return new FilterChainProxy(chains);
421 |     }
422 | 
423 |     /**
424 |      * Returns the authentication manager currently used by Spring.
425 |      * It represents a bean definition with the aim allow wiring from
426 |      * other classes performing the Inversion of Control (IoC).
427 |      *
428 |      * @throws Exception
429 |      */
430 |     @Bean
431 |     @Override
432 |     public AuthenticationManager authenticationManagerBean() throws Exception {
433 |         return super.authenticationManagerBean();
434 |     }
435 | 
436 |     /**
437 |      * Defines the web based security configuration.
438 |      *
439 |      * @param http It allows configuring web based security for specific http requests.
440 |      * @throws Exception
441 |      */
442 |     @Override
443 |     protected void configure(HttpSecurity http) throws Exception {
444 |         http
445 |                 .httpBasic()
446 |                 .authenticationEntryPoint(samlEntryPoint());
447 |         http
448 |                 .addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class)
449 |                 .addFilterAfter(samlFilter(), BasicAuthenticationFilter.class)
450 |                 .addFilterBefore(samlFilter(), CsrfFilter.class);
451 |         http
452 |                 .authorizeRequests()
453 |                 .antMatchers("/").permitAll()
454 |                 .antMatchers("/saml/**").permitAll()
455 |                 .antMatchers("/css/**").permitAll()
456 |                 .antMatchers("/img/**").permitAll()
457 |                 .antMatchers("/js/**").permitAll()
458 |                 .anyRequest().authenticated();
459 |         http
460 |                 .logout()
461 |                 .disable();    // The logout procedure is already handled by SAML filters.
462 |     }
463 | 
464 |     /**
465 |      * Sets a custom authentication provider.
466 |      *
467 |      * @param auth SecurityBuilder used to create an AuthenticationManager.
468 |      */
469 |     @Override
470 |     protected void configure(AuthenticationManagerBuilder auth) {
471 |         auth
472 |                 .authenticationProvider(samlAuthenticationProvider(samlUserDetailsServiceImpl));
473 |     }
474 | 
475 |     @Override
476 |     public void afterPropertiesSet() {
477 |         init();
478 |     }
479 | 
480 |     @Override
481 |     public void destroy() {
482 |         shutdown();
483 |     }
484 | 
485 | }
486 | 


--------------------------------------------------------------------------------
/src/main/resources/static/js/bootstrap.min.js:
--------------------------------------------------------------------------------
1 | !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,c){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function o(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function h(r){for(var t=1;t<arguments.length;t++){var s=null!=arguments[t]?arguments[t]:{},e=Object.keys(s);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(s).filter(function(t){return Object.getOwnPropertyDescriptor(s,t).enumerable}))),e.forEach(function(t){var e,n,i;e=r,i=s[n=t],n in e?Object.defineProperty(e,n,{value:i,enumerable:!0,configurable:!0,writable:!0}):e[n]=i})}return r}e=e&&e.hasOwnProperty("default")?e.default:e,c=c&&c.hasOwnProperty("default")?c.default:c;var r,n,s,a,l,u,f,d,_,g,m,p,v,E,y,T,C,I,A,D,b,S,w,N,O,k,P,L,j,R,H,W,M,x,U,K,F,V,Q,B,Y,G,q,z,X,J,Z,$,tt,et,nt,it,rt,st,ot,at,lt,ht,ct,ut,ft,dt,_t,gt,mt,pt,vt,Et,yt,Tt,Ct,It,At,Dt,bt,St,wt,Nt,Ot,kt,Pt,Lt,jt,Rt,Ht,Wt,Mt,xt,Ut,Kt,Ft,Vt,Qt,Bt,Yt,Gt,qt,zt,Xt,Jt,Zt,$t,te,ee,ne,ie,re,se,oe,ae,le,he,ce,ue,fe,de,_e,ge,me,pe,ve,Ee,ye,Te,Ce,Ie,Ae,De,be,Se,we,Ne,Oe,ke,Pe,Le,je,Re,He,We,Me,xe,Ue,Ke,Fe,Ve,Qe,Be,Ye,Ge,qe,ze,Xe,Je,Ze,$e,tn,en,nn,rn,sn,on,an,ln,hn,cn,un,fn,dn,_n,gn,mn,pn,vn,En,yn,Tn,Cn=function(i){var e="transitionend";function t(t){var e=this,n=!1;return i(this).one(l.TRANSITION_END,function(){n=!0}),setTimeout(function(){n||l.triggerTransitionEnd(e)},t),this}var l={TRANSITION_END:"bsTransitionEnd",getUID:function(t){for(;t+=~~(1e6*Math.random()),document.getElementById(t););return t},getSelectorFromElement:function(t){var e=t.getAttribute("data-target");e&&"#"!==e||(e=t.getAttribute("href")||"");try{return 0<i(document).find(e).length?e:null}catch(t){return null}},getTransitionDurationFromElement:function(t){if(!t)return 0;var e=i(t).css("transition-duration");return parseFloat(e)?(e=e.split(",")[0],1e3*parseFloat(e)):0},reflow:function(t){return t.offsetHeight},triggerTransitionEnd:function(t){i(t).trigger(e)},supportsTransitionEnd:function(){return Boolean(e)},isElement:function(t){return(t[0]||t).nodeType},typeCheckConfig:function(t,e,n){for(var i in n)if(Object.prototype.hasOwnProperty.call(n,i)){var r=n[i],s=e[i],o=s&&l.isElement(s)?"element":(a=s,{}.toString.call(a).match(/\s([a-z]+)/i)[1].toLowerCase());if(!new RegExp(r).test(o))throw new Error(t.toUpperCase()+': Option "'+i+'" provided type "'+o+'" but expected type "'+r+'".')}var a}};return i.fn.emulateTransitionEnd=t,i.event.special[l.TRANSITION_END]={bindType:e,delegateType:e,handle:function(t){if(i(t.target).is(this))return t.handleObj.handler.apply(this,arguments)}},l}(e),In=(n="alert",a="."+(s="bs.alert"),l=(r=e).fn[n],u={CLOSE:"close"+a,CLOSED:"closed"+a,CLICK_DATA_API:"click"+a+".data-api"},f="alert",d="fade",_="show",g=function(){function i(t){this._element=t}var t=i.prototype;return t.close=function(t){var e=this._element;t&&(e=this._getRootElement(t)),this._triggerCloseEvent(e).isDefaultPrevented()||this._removeElement(e)},t.dispose=function(){r.removeData(this._element,s),this._element=null},t._getRootElement=function(t){var e=Cn.getSelectorFromElement(t),n=!1;return e&&(n=r(e)[0]),n||(n=r(t).closest("."+f)[0]),n},t._triggerCloseEvent=function(t){var e=r.Event(u.CLOSE);return r(t).trigger(e),e},t._removeElement=function(e){var n=this;if(r(e).removeClass(_),r(e).hasClass(d)){var t=Cn.getTransitionDurationFromElement(e);r(e).one(Cn.TRANSITION_END,function(t){return n._destroyElement(e,t)}).emulateTransitionEnd(t)}else this._destroyElement(e)},t._destroyElement=function(t){r(t).detach().trigger(u.CLOSED).remove()},i._jQueryInterface=function(n){return this.each(function(){var t=r(this),e=t.data(s);e||(e=new i(this),t.data(s,e)),"close"===n&&e[n](this)})},i._handleDismiss=function(e){return function(t){t&&t.preventDefault(),e.close(this)}},o(i,null,[{key:"VERSION",get:function(){return"4.1.1"}}]),i}(),r(document).on(u.CLICK_DATA_API,'[data-dismiss="alert"]',g._handleDismiss(new g)),r.fn[n]=g._jQueryInterface,r.fn[n].Constructor=g,r.fn[n].noConflict=function(){return r.fn[n]=l,g._jQueryInterface},g),An=(p="button",E="."+(v="bs.button"),y=".data-api",T=(m=e).fn[p],C="active",I="btn",D='[data-toggle^="button"]',b='[data-toggle="buttons"]',S="input",w=".active",N=".btn",O={CLICK_DATA_API:"click"+E+y,FOCUS_BLUR_DATA_API:(A="focus")+E+y+" blur"+E+y},k=function(){function n(t){this._element=t}var t=n.prototype;return t.toggle=function(){var t=!0,e=!0,n=m(this._element).closest(b)[0];if(n){var i=m(this._element).find(S)[0];if(i){if("radio"===i.type)if(i.checked&&m(this._element).hasClass(C))t=!1;else{var r=m(n).find(w)[0];r&&m(r).removeClass(C)}if(t){if(i.hasAttribute("disabled")||n.hasAttribute("disabled")||i.classList.contains("disabled")||n.classList.contains("disabled"))return;i.checked=!m(this._element).hasClass(C),m(i).trigger("change")}i.focus(),e=!1}}e&&this._element.setAttribute("aria-pressed",!m(this._element).hasClass(C)),t&&m(this._element).toggleClass(C)},t.dispose=function(){m.removeData(this._element,v),this._element=null},n._jQueryInterface=function(e){return this.each(function(){var t=m(this).data(v);t||(t=new n(this),m(this).data(v,t)),"toggle"===e&&t[e]()})},o(n,null,[{key:"VERSION",get:function(){return"4.1.1"}}]),n}(),m(document).on(O.CLICK_DATA_API,D,function(t){t.preventDefault();var e=t.target;m(e).hasClass(I)||(e=m(e).closest(N)),k._jQueryInterface.call(m(e),"toggle")}).on(O.FOCUS_BLUR_DATA_API,D,function(t){var e=m(t.target).closest(N)[0];m(e).toggleClass(A,/^focus(in)?$/.test(t.type))}),m.fn[p]=k._jQueryInterface,m.fn[p].Constructor=k,m.fn[p].noConflict=function(){return m.fn[p]=T,k._jQueryInterface},k),Dn=(L="carousel",R="."+(j="bs.carousel"),H=".data-api",W=(P=e).fn[L],M={interval:5e3,keyboard:!0,slide:!1,pause:"hover",wrap:!0},x={interval:"(number|boolean)",keyboard:"boolean",slide:"(boolean|string)",pause:"(string|boolean)",wrap:"boolean"},U="next",K="prev",F="left",V="right",Q={SLIDE:"slide"+R,SLID:"slid"+R,KEYDOWN:"keydown"+R,MOUSEENTER:"mouseenter"+R,MOUSELEAVE:"mouseleave"+R,TOUCHEND:"touchend"+R,LOAD_DATA_API:"load"+R+H,CLICK_DATA_API:"click"+R+H},B="carousel",Y="active",G="slide",q="carousel-item-right",z="carousel-item-left",X="carousel-item-next",J="carousel-item-prev",Z={ACTIVE:".active",ACTIVE_ITEM:".active.carousel-item",ITEM:".carousel-item",NEXT_PREV:".carousel-item-next, .carousel-item-prev",INDICATORS:".carousel-indicators",DATA_SLIDE:"[data-slide], [data-slide-to]",DATA_RIDE:'[data-ride="carousel"]'},$=function(){function s(t,e){this._items=null,this._interval=null,this._activeElement=null,this._isPaused=!1,this._isSliding=!1,this.touchTimeout=null,this._config=this._getConfig(e),this._element=P(t)[0],this._indicatorsElement=P(this._element).find(Z.INDICATORS)[0],this._addEventListeners()}var t=s.prototype;return t.next=function(){this._isSliding||this._slide(U)},t.nextWhenVisible=function(){!document.hidden&&P(this._element).is(":visible")&&"hidden"!==P(this._element).css("visibility")&&this.next()},t.prev=function(){this._isSliding||this._slide(K)},t.pause=function(t){t||(this._isPaused=!0),P(this._element).find(Z.NEXT_PREV)[0]&&(Cn.triggerTransitionEnd(this._element),this.cycle(!0)),clearInterval(this._interval),this._interval=null},t.cycle=function(t){t||(this._isPaused=!1),this._interval&&(clearInterval(this._interval),this._interval=null),this._config.interval&&!this._isPaused&&(this._interval=setInterval((document.visibilityState?this.nextWhenVisible:this.next).bind(this),this._config.interval))},t.to=function(t){var e=this;this._activeElement=P(this._element).find(Z.ACTIVE_ITEM)[0];var n=this._getItemIndex(this._activeElement);if(!(t>this._items.length-1||t<0))if(this._isSliding)P(this._element).one(Q.SLID,function(){return e.to(t)});else{if(n===t)return this.pause(),void this.cycle();var i=n<t?U:K;this._slide(i,this._items[t])}},t.dispose=function(){P(this._element).off(R),P.removeData(this._element,j),this._items=null,this._config=null,this._element=null,this._interval=null,this._isPaused=null,this._isSliding=null,this._activeElement=null,this._indicatorsElement=null},t._getConfig=function(t){return t=h({},M,t),Cn.typeCheckConfig(L,t,x),t},t._addEventListeners=function(){var e=this;this._config.keyboard&&P(this._element).on(Q.KEYDOWN,function(t){return e._keydown(t)}),"hover"===this._config.pause&&(P(this._element).on(Q.MOUSEENTER,function(t){return e.pause(t)}).on(Q.MOUSELEAVE,function(t){return e.cycle(t)}),"ontouchstart"in document.documentElement&&P(this._element).on(Q.TOUCHEND,function(){e.pause(),e.touchTimeout&&clearTimeout(e.touchTimeout),e.touchTimeout=setTimeout(function(t){return e.cycle(t)},500+e._config.interval)}))},t._keydown=function(t){if(!/input|textarea/i.test(t.target.tagName))switch(t.which){case 37:t.preventDefault(),this.prev();break;case 39:t.preventDefault(),this.next()}},t._getItemIndex=function(t){return this._items=P.makeArray(P(t).parent().find(Z.ITEM)),this._items.indexOf(t)},t._getItemByDirection=function(t,e){var n=t===U,i=t===K,r=this._getItemIndex(e),s=this._items.length-1;if((i&&0===r||n&&r===s)&&!this._config.wrap)return e;var o=(r+(t===K?-1:1))%this._items.length;return-1===o?this._items[this._items.length-1]:this._items[o]},t._triggerSlideEvent=function(t,e){var n=this._getItemIndex(t),i=this._getItemIndex(P(this._element).find(Z.ACTIVE_ITEM)[0]),r=P.Event(Q.SLIDE,{relatedTarget:t,direction:e,from:i,to:n});return P(this._element).trigger(r),r},t._setActiveIndicatorElement=function(t){if(this._indicatorsElement){P(this._indicatorsElement).find(Z.ACTIVE).removeClass(Y);var e=this._indicatorsElement.children[this._getItemIndex(t)];e&&P(e).addClass(Y)}},t._slide=function(t,e){var n,i,r,s=this,o=P(this._element).find(Z.ACTIVE_ITEM)[0],a=this._getItemIndex(o),l=e||o&&this._getItemByDirection(t,o),h=this._getItemIndex(l),c=Boolean(this._interval);if(t===U?(n=z,i=X,r=F):(n=q,i=J,r=V),l&&P(l).hasClass(Y))this._isSliding=!1;else if(!this._triggerSlideEvent(l,r).isDefaultPrevented()&&o&&l){this._isSliding=!0,c&&this.pause(),this._setActiveIndicatorElement(l);var u=P.Event(Q.SLID,{relatedTarget:l,direction:r,from:a,to:h});if(P(this._element).hasClass(G)){P(l).addClass(i),Cn.reflow(l),P(o).addClass(n),P(l).addClass(n);var f=Cn.getTransitionDurationFromElement(o);P(o).one(Cn.TRANSITION_END,function(){P(l).removeClass(n+" "+i).addClass(Y),P(o).removeClass(Y+" "+i+" "+n),s._isSliding=!1,setTimeout(function(){return P(s._element).trigger(u)},0)}).emulateTransitionEnd(f)}else P(o).removeClass(Y),P(l).addClass(Y),this._isSliding=!1,P(this._element).trigger(u);c&&this.cycle()}},s._jQueryInterface=function(i){return this.each(function(){var t=P(this).data(j),e=h({},M,P(this).data());"object"==typeof i&&(e=h({},e,i));var n="string"==typeof i?i:e.slide;if(t||(t=new s(this,e),P(this).data(j,t)),"number"==typeof i)t.to(i);else if("string"==typeof n){if("undefined"==typeof t[n])throw new TypeError('No method named "'+n+'"');t[n]()}else e.interval&&(t.pause(),t.cycle())})},s._dataApiClickHandler=function(t){var e=Cn.getSelectorFromElement(this);if(e){var n=P(e)[0];if(n&&P(n).hasClass(B)){var i=h({},P(n).data(),P(this).data()),r=this.getAttribute("data-slide-to");r&&(i.interval=!1),s._jQueryInterface.call(P(n),i),r&&P(n).data(j).to(r),t.preventDefault()}}},o(s,null,[{key:"VERSION",get:function(){return"4.1.1"}},{key:"Default",get:function(){return M}}]),s}(),P(document).on(Q.CLICK_DATA_API,Z.DATA_SLIDE,$._dataApiClickHandler),P(window).on(Q.LOAD_DATA_API,function(){P(Z.DATA_RIDE).each(function(){var t=P(this);$._jQueryInterface.call(t,t.data())})}),P.fn[L]=$._jQueryInterface,P.fn[L].Constructor=$,P.fn[L].noConflict=function(){return P.fn[L]=W,$._jQueryInterface},$),bn=(et="collapse",it="."+(nt="bs.collapse"),rt=(tt=e).fn[et],st={toggle:!0,parent:""},ot={toggle:"boolean",parent:"(string|element)"},at={SHOW:"show"+it,SHOWN:"shown"+it,HIDE:"hide"+it,HIDDEN:"hidden"+it,CLICK_DATA_API:"click"+it+".data-api"},lt="show",ht="collapse",ct="collapsing",ut="collapsed",ft="width",dt="height",_t={ACTIVES:".show, .collapsing",DATA_TOGGLE:'[data-toggle="collapse"]'},gt=function(){function a(t,e){this._isTransitioning=!1,this._element=t,this._config=this._getConfig(e),this._triggerArray=tt.makeArray(tt('[data-toggle="collapse"][href="#'+t.id+'"],[data-toggle="collapse"][data-target="#'+t.id+'"]'));for(var n=tt(_t.DATA_TOGGLE),i=0;i<n.length;i++){var r=n[i],s=Cn.getSelectorFromElement(r);null!==s&&0<tt(s).filter(t).length&&(this._selector=s,this._triggerArray.push(r))}this._parent=this._config.parent?this._getParent():null,this._config.parent||this._addAriaAndCollapsedClass(this._element,this._triggerArray),this._config.toggle&&this.toggle()}var t=a.prototype;return t.toggle=function(){tt(this._element).hasClass(lt)?this.hide():this.show()},t.show=function(){var t,e,n=this;if(!this._isTransitioning&&!tt(this._element).hasClass(lt)&&(this._parent&&0===(t=tt.makeArray(tt(this._parent).find(_t.ACTIVES).filter('[data-parent="'+this._config.parent+'"]'))).length&&(t=null),!(t&&(e=tt(t).not(this._selector).data(nt))&&e._isTransitioning))){var i=tt.Event(at.SHOW);if(tt(this._element).trigger(i),!i.isDefaultPrevented()){t&&(a._jQueryInterface.call(tt(t).not(this._selector),"hide"),e||tt(t).data(nt,null));var r=this._getDimension();tt(this._element).removeClass(ht).addClass(ct),(this._element.style[r]=0)<this._triggerArray.length&&tt(this._triggerArray).removeClass(ut).attr("aria-expanded",!0),this.setTransitioning(!0);var s="scroll"+(r[0].toUpperCase()+r.slice(1)),o=Cn.getTransitionDurationFromElement(this._element);tt(this._element).one(Cn.TRANSITION_END,function(){tt(n._element).removeClass(ct).addClass(ht).addClass(lt),n._element.style[r]="",n.setTransitioning(!1),tt(n._element).trigger(at.SHOWN)}).emulateTransitionEnd(o),this._element.style[r]=this._element[s]+"px"}}},t.hide=function(){var t=this;if(!this._isTransitioning&&tt(this._element).hasClass(lt)){var e=tt.Event(at.HIDE);if(tt(this._element).trigger(e),!e.isDefaultPrevented()){var n=this._getDimension();if(this._element.style[n]=this._element.getBoundingClientRect()[n]+"px",Cn.reflow(this._element),tt(this._element).addClass(ct).removeClass(ht).removeClass(lt),0<this._triggerArray.length)for(var i=0;i<this._triggerArray.length;i++){var r=this._triggerArray[i],s=Cn.getSelectorFromElement(r);if(null!==s)tt(s).hasClass(lt)||tt(r).addClass(ut).attr("aria-expanded",!1)}this.setTransitioning(!0);this._element.style[n]="";var o=Cn.getTransitionDurationFromElement(this._element);tt(this._element).one(Cn.TRANSITION_END,function(){t.setTransitioning(!1),tt(t._element).removeClass(ct).addClass(ht).trigger(at.HIDDEN)}).emulateTransitionEnd(o)}}},t.setTransitioning=function(t){this._isTransitioning=t},t.dispose=function(){tt.removeData(this._element,nt),this._config=null,this._parent=null,this._element=null,this._triggerArray=null,this._isTransitioning=null},t._getConfig=function(t){return(t=h({},st,t)).toggle=Boolean(t.toggle),Cn.typeCheckConfig(et,t,ot),t},t._getDimension=function(){return tt(this._element).hasClass(ft)?ft:dt},t._getParent=function(){var n=this,t=null;Cn.isElement(this._config.parent)?(t=this._config.parent,"undefined"!=typeof this._config.parent.jquery&&(t=this._config.parent[0])):t=tt(this._config.parent)[0];var e='[data-toggle="collapse"][data-parent="'+this._config.parent+'"]';return tt(t).find(e).each(function(t,e){n._addAriaAndCollapsedClass(a._getTargetFromElement(e),[e])}),t},t._addAriaAndCollapsedClass=function(t,e){if(t){var n=tt(t).hasClass(lt);0<e.length&&tt(e).toggleClass(ut,!n).attr("aria-expanded",n)}},a._getTargetFromElement=function(t){var e=Cn.getSelectorFromElement(t);return e?tt(e)[0]:null},a._jQueryInterface=function(i){return this.each(function(){var t=tt(this),e=t.data(nt),n=h({},st,t.data(),"object"==typeof i&&i?i:{});if(!e&&n.toggle&&/show|hide/.test(i)&&(n.toggle=!1),e||(e=new a(this,n),t.data(nt,e)),"string"==typeof i){if("undefined"==typeof e[i])throw new TypeError('No method named "'+i+'"');e[i]()}})},o(a,null,[{key:"VERSION",get:function(){return"4.1.1"}},{key:"Default",get:function(){return st}}]),a}(),tt(document).on(at.CLICK_DATA_API,_t.DATA_TOGGLE,function(t){"A"===t.currentTarget.tagName&&t.preventDefault();var n=tt(this),e=Cn.getSelectorFromElement(this);tt(e).each(function(){var t=tt(this),e=t.data(nt)?"toggle":n.data();gt._jQueryInterface.call(t,e)})}),tt.fn[et]=gt._jQueryInterface,tt.fn[et].Constructor=gt,tt.fn[et].noConflict=function(){return tt.fn[et]=rt,gt._jQueryInterface},gt),Sn=(pt="dropdown",Et="."+(vt="bs.dropdown"),yt=".data-api",Tt=(mt=e).fn[pt],Ct=new RegExp("38|40|27"),It={HIDE:"hide"+Et,HIDDEN:"hidden"+Et,SHOW:"show"+Et,SHOWN:"shown"+Et,CLICK:"click"+Et,CLICK_DATA_API:"click"+Et+yt,KEYDOWN_DATA_API:"keydown"+Et+yt,KEYUP_DATA_API:"keyup"+Et+yt},At="disabled",Dt="show",bt="dropup",St="dropright",wt="dropleft",Nt="dropdown-menu-right",Ot="position-static",kt='[data-toggle="dropdown"]',Pt=".dropdown form",Lt=".dropdown-menu",jt=".navbar-nav",Rt=".dropdown-menu .dropdown-item:not(.disabled):not(:disabled)",Ht="top-start",Wt="top-end",Mt="bottom-start",xt="bottom-end",Ut="right-start",Kt="left-start",Ft={offset:0,flip:!0,boundary:"scrollParent",reference:"toggle",display:"dynamic"},Vt={offset:"(number|string|function)",flip:"boolean",boundary:"(string|element)",reference:"(string|element)",display:"string"},Qt=function(){function l(t,e){this._element=t,this._popper=null,this._config=this._getConfig(e),this._menu=this._getMenuElement(),this._inNavbar=this._detectNavbar(),this._addEventListeners()}var t=l.prototype;return t.toggle=function(){if(!this._element.disabled&&!mt(this._element).hasClass(At)){var t=l._getParentFromElement(this._element),e=mt(this._menu).hasClass(Dt);if(l._clearMenus(),!e){var n={relatedTarget:this._element},i=mt.Event(It.SHOW,n);if(mt(t).trigger(i),!i.isDefaultPrevented()){if(!this._inNavbar){if("undefined"==typeof c)throw new TypeError("Bootstrap dropdown require Popper.js (https://popper.js.org)");var r=this._element;"parent"===this._config.reference?r=t:Cn.isElement(this._config.reference)&&(r=this._config.reference,"undefined"!=typeof this._config.reference.jquery&&(r=this._config.reference[0])),"scrollParent"!==this._config.boundary&&mt(t).addClass(Ot),this._popper=new c(r,this._menu,this._getPopperConfig())}"ontouchstart"in document.documentElement&&0===mt(t).closest(jt).length&&mt(document.body).children().on("mouseover",null,mt.noop),this._element.focus(),this._element.setAttribute("aria-expanded",!0),mt(this._menu).toggleClass(Dt),mt(t).toggleClass(Dt).trigger(mt.Event(It.SHOWN,n))}}}},t.dispose=function(){mt.removeData(this._element,vt),mt(this._element).off(Et),this._element=null,(this._menu=null)!==this._popper&&(this._popper.destroy(),this._popper=null)},t.update=function(){this._inNavbar=this._detectNavbar(),null!==this._popper&&this._popper.scheduleUpdate()},t._addEventListeners=function(){var e=this;mt(this._element).on(It.CLICK,function(t){t.preventDefault(),t.stopPropagation(),e.toggle()})},t._getConfig=function(t){return t=h({},this.constructor.Default,mt(this._element).data(),t),Cn.typeCheckConfig(pt,t,this.constructor.DefaultType),t},t._getMenuElement=function(){if(!this._menu){var t=l._getParentFromElement(this._element);this._menu=mt(t).find(Lt)[0]}return this._menu},t._getPlacement=function(){var t=mt(this._element).parent(),e=Mt;return t.hasClass(bt)?(e=Ht,mt(this._menu).hasClass(Nt)&&(e=Wt)):t.hasClass(St)?e=Ut:t.hasClass(wt)?e=Kt:mt(this._menu).hasClass(Nt)&&(e=xt),e},t._detectNavbar=function(){return 0<mt(this._element).closest(".navbar").length},t._getPopperConfig=function(){var e=this,t={};"function"==typeof this._config.offset?t.fn=function(t){return t.offsets=h({},t.offsets,e._config.offset(t.offsets)||{}),t}:t.offset=this._config.offset;var n={placement:this._getPlacement(),modifiers:{offset:t,flip:{enabled:this._config.flip},preventOverflow:{boundariesElement:this._config.boundary}}};return"static"===this._config.display&&(n.modifiers.applyStyle={enabled:!1}),n},l._jQueryInterface=function(e){return this.each(function(){var t=mt(this).data(vt);if(t||(t=new l(this,"object"==typeof e?e:null),mt(this).data(vt,t)),"string"==typeof e){if("undefined"==typeof t[e])throw new TypeError('No method named "'+e+'"');t[e]()}})},l._clearMenus=function(t){if(!t||3!==t.which&&("keyup"!==t.type||9===t.which))for(var e=mt.makeArray(mt(kt)),n=0;n<e.length;n++){var i=l._getParentFromElement(e[n]),r=mt(e[n]).data(vt),s={relatedTarget:e[n]};if(r){var o=r._menu;if(mt(i).hasClass(Dt)&&!(t&&("click"===t.type&&/input|textarea/i.test(t.target.tagName)||"keyup"===t.type&&9===t.which)&&mt.contains(i,t.target))){var a=mt.Event(It.HIDE,s);mt(i).trigger(a),a.isDefaultPrevented()||("ontouchstart"in document.documentElement&&mt(document.body).children().off("mouseover",null,mt.noop),e[n].setAttribute("aria-expanded","false"),mt(o).removeClass(Dt),mt(i).removeClass(Dt).trigger(mt.Event(It.HIDDEN,s)))}}}},l._getParentFromElement=function(t){var e,n=Cn.getSelectorFromElement(t);return n&&(e=mt(n)[0]),e||t.parentNode},l._dataApiKeydownHandler=function(t){if((/input|textarea/i.test(t.target.tagName)?!(32===t.which||27!==t.which&&(40!==t.which&&38!==t.which||mt(t.target).closest(Lt).length)):Ct.test(t.which))&&(t.preventDefault(),t.stopPropagation(),!this.disabled&&!mt(this).hasClass(At))){var e=l._getParentFromElement(this),n=mt(e).hasClass(Dt);if((n||27===t.which&&32===t.which)&&(!n||27!==t.which&&32!==t.which)){var i=mt(e).find(Rt).get();if(0!==i.length){var r=i.indexOf(t.target);38===t.which&&0<r&&r--,40===t.which&&r<i.length-1&&r++,r<0&&(r=0),i[r].focus()}}else{if(27===t.which){var s=mt(e).find(kt)[0];mt(s).trigger("focus")}mt(this).trigger("click")}}},o(l,null,[{key:"VERSION",get:function(){return"4.1.1"}},{key:"Default",get:function(){return Ft}},{key:"DefaultType",get:function(){return Vt}}]),l}(),mt(document).on(It.KEYDOWN_DATA_API,kt,Qt._dataApiKeydownHandler).on(It.KEYDOWN_DATA_API,Lt,Qt._dataApiKeydownHandler).on(It.CLICK_DATA_API+" "+It.KEYUP_DATA_API,Qt._clearMenus).on(It.CLICK_DATA_API,kt,function(t){t.preventDefault(),t.stopPropagation(),Qt._jQueryInterface.call(mt(this),"toggle")}).on(It.CLICK_DATA_API,Pt,function(t){t.stopPropagation()}),mt.fn[pt]=Qt._jQueryInterface,mt.fn[pt].Constructor=Qt,mt.fn[pt].noConflict=function(){return mt.fn[pt]=Tt,Qt._jQueryInterface},Qt),wn=(Yt="modal",qt="."+(Gt="bs.modal"),zt=(Bt=e).fn[Yt],Xt={backdrop:!0,keyboard:!0,focus:!0,show:!0},Jt={backdrop:"(boolean|string)",keyboard:"boolean",focus:"boolean",show:"boolean"},Zt={HIDE:"hide"+qt,HIDDEN:"hidden"+qt,SHOW:"show"+qt,SHOWN:"shown"+qt,FOCUSIN:"focusin"+qt,RESIZE:"resize"+qt,CLICK_DISMISS:"click.dismiss"+qt,KEYDOWN_DISMISS:"keydown.dismiss"+qt,MOUSEUP_DISMISS:"mouseup.dismiss"+qt,MOUSEDOWN_DISMISS:"mousedown.dismiss"+qt,CLICK_DATA_API:"click"+qt+".data-api"},$t="modal-scrollbar-measure",te="modal-backdrop",ee="modal-open",ne="fade",ie="show",re={DIALOG:".modal-dialog",DATA_TOGGLE:'[data-toggle="modal"]',DATA_DISMISS:'[data-dismiss="modal"]',FIXED_CONTENT:".fixed-top, .fixed-bottom, .is-fixed, .sticky-top",STICKY_CONTENT:".sticky-top",NAVBAR_TOGGLER:".navbar-toggler"},se=function(){function r(t,e){this._config=this._getConfig(e),this._element=t,this._dialog=Bt(t).find(re.DIALOG)[0],this._backdrop=null,this._isShown=!1,this._isBodyOverflowing=!1,this._ignoreBackdropClick=!1,this._scrollbarWidth=0}var t=r.prototype;return t.toggle=function(t){return this._isShown?this.hide():this.show(t)},t.show=function(t){var e=this;if(!this._isTransitioning&&!this._isShown){Bt(this._element).hasClass(ne)&&(this._isTransitioning=!0);var n=Bt.Event(Zt.SHOW,{relatedTarget:t});Bt(this._element).trigger(n),this._isShown||n.isDefaultPrevented()||(this._isShown=!0,this._checkScrollbar(),this._setScrollbar(),this._adjustDialog(),Bt(document.body).addClass(ee),this._setEscapeEvent(),this._setResizeEvent(),Bt(this._element).on(Zt.CLICK_DISMISS,re.DATA_DISMISS,function(t){return e.hide(t)}),Bt(this._dialog).on(Zt.MOUSEDOWN_DISMISS,function(){Bt(e._element).one(Zt.MOUSEUP_DISMISS,function(t){Bt(t.target).is(e._element)&&(e._ignoreBackdropClick=!0)})}),this._showBackdrop(function(){return e._showElement(t)}))}},t.hide=function(t){var e=this;if(t&&t.preventDefault(),!this._isTransitioning&&this._isShown){var n=Bt.Event(Zt.HIDE);if(Bt(this._element).trigger(n),this._isShown&&!n.isDefaultPrevented()){this._isShown=!1;var i=Bt(this._element).hasClass(ne);if(i&&(this._isTransitioning=!0),this._setEscapeEvent(),this._setResizeEvent(),Bt(document).off(Zt.FOCUSIN),Bt(this._element).removeClass(ie),Bt(this._element).off(Zt.CLICK_DISMISS),Bt(this._dialog).off(Zt.MOUSEDOWN_DISMISS),i){var r=Cn.getTransitionDurationFromElement(this._element);Bt(this._element).one(Cn.TRANSITION_END,function(t){return e._hideModal(t)}).emulateTransitionEnd(r)}else this._hideModal()}}},t.dispose=function(){Bt.removeData(this._element,Gt),Bt(window,document,this._element,this._backdrop).off(qt),this._config=null,this._element=null,this._dialog=null,this._backdrop=null,this._isShown=null,this._isBodyOverflowing=null,this._ignoreBackdropClick=null,this._scrollbarWidth=null},t.handleUpdate=function(){this._adjustDialog()},t._getConfig=function(t){return t=h({},Xt,t),Cn.typeCheckConfig(Yt,t,Jt),t},t._showElement=function(t){var e=this,n=Bt(this._element).hasClass(ne);this._element.parentNode&&this._element.parentNode.nodeType===Node.ELEMENT_NODE||document.body.appendChild(this._element),this._element.style.display="block",this._element.removeAttribute("aria-hidden"),this._element.scrollTop=0,n&&Cn.reflow(this._element),Bt(this._element).addClass(ie),this._config.focus&&this._enforceFocus();var i=Bt.Event(Zt.SHOWN,{relatedTarget:t}),r=function(){e._config.focus&&e._element.focus(),e._isTransitioning=!1,Bt(e._element).trigger(i)};if(n){var s=Cn.getTransitionDurationFromElement(this._element);Bt(this._dialog).one(Cn.TRANSITION_END,r).emulateTransitionEnd(s)}else r()},t._enforceFocus=function(){var e=this;Bt(document).off(Zt.FOCUSIN).on(Zt.FOCUSIN,function(t){document!==t.target&&e._element!==t.target&&0===Bt(e._element).has(t.target).length&&e._element.focus()})},t._setEscapeEvent=function(){var e=this;this._isShown&&this._config.keyboard?Bt(this._element).on(Zt.KEYDOWN_DISMISS,function(t){27===t.which&&(t.preventDefault(),e.hide())}):this._isShown||Bt(this._element).off(Zt.KEYDOWN_DISMISS)},t._setResizeEvent=function(){var e=this;this._isShown?Bt(window).on(Zt.RESIZE,function(t){return e.handleUpdate(t)}):Bt(window).off(Zt.RESIZE)},t._hideModal=function(){var t=this;this._element.style.display="none",this._element.setAttribute("aria-hidden",!0),this._isTransitioning=!1,this._showBackdrop(function(){Bt(document.body).removeClass(ee),t._resetAdjustments(),t._resetScrollbar(),Bt(t._element).trigger(Zt.HIDDEN)})},t._removeBackdrop=function(){this._backdrop&&(Bt(this._backdrop).remove(),this._backdrop=null)},t._showBackdrop=function(t){var e=this,n=Bt(this._element).hasClass(ne)?ne:"";if(this._isShown&&this._config.backdrop){if(this._backdrop=document.createElement("div"),this._backdrop.className=te,n&&Bt(this._backdrop).addClass(n),Bt(this._backdrop).appendTo(document.body),Bt(this._element).on(Zt.CLICK_DISMISS,function(t){e._ignoreBackdropClick?e._ignoreBackdropClick=!1:t.target===t.currentTarget&&("static"===e._config.backdrop?e._element.focus():e.hide())}),n&&Cn.reflow(this._backdrop),Bt(this._backdrop).addClass(ie),!t)return;if(!n)return void t();var i=Cn.getTransitionDurationFromElement(this._backdrop);Bt(this._backdrop).one(Cn.TRANSITION_END,t).emulateTransitionEnd(i)}else if(!this._isShown&&this._backdrop){Bt(this._backdrop).removeClass(ie);var r=function(){e._removeBackdrop(),t&&t()};if(Bt(this._element).hasClass(ne)){var s=Cn.getTransitionDurationFromElement(this._backdrop);Bt(this._backdrop).one(Cn.TRANSITION_END,r).emulateTransitionEnd(s)}else r()}else t&&t()},t._adjustDialog=function(){var t=this._element.scrollHeight>document.documentElement.clientHeight;!this._isBodyOverflowing&&t&&(this._element.style.paddingLeft=this._scrollbarWidth+"px"),this._isBodyOverflowing&&!t&&(this._element.style.paddingRight=this._scrollbarWidth+"px")},t._resetAdjustments=function(){this._element.style.paddingLeft="",this._element.style.paddingRight=""},t._checkScrollbar=function(){var t=document.body.getBoundingClientRect();this._isBodyOverflowing=t.left+t.right<window.innerWidth,this._scrollbarWidth=this._getScrollbarWidth()},t._setScrollbar=function(){var r=this;if(this._isBodyOverflowing){Bt(re.FIXED_CONTENT).each(function(t,e){var n=Bt(e)[0].style.paddingRight,i=Bt(e).css("padding-right");Bt(e).data("padding-right",n).css("padding-right",parseFloat(i)+r._scrollbarWidth+"px")}),Bt(re.STICKY_CONTENT).each(function(t,e){var n=Bt(e)[0].style.marginRight,i=Bt(e).css("margin-right");Bt(e).data("margin-right",n).css("margin-right",parseFloat(i)-r._scrollbarWidth+"px")}),Bt(re.NAVBAR_TOGGLER).each(function(t,e){var n=Bt(e)[0].style.marginRight,i=Bt(e).css("margin-right");Bt(e).data("margin-right",n).css("margin-right",parseFloat(i)+r._scrollbarWidth+"px")});var t=document.body.style.paddingRight,e=Bt(document.body).css("padding-right");Bt(document.body).data("padding-right",t).css("padding-right",parseFloat(e)+this._scrollbarWidth+"px")}},t._resetScrollbar=function(){Bt(re.FIXED_CONTENT).each(function(t,e){var n=Bt(e).data("padding-right");"undefined"!=typeof n&&Bt(e).css("padding-right",n).removeData("padding-right")}),Bt(re.STICKY_CONTENT+", "+re.NAVBAR_TOGGLER).each(function(t,e){var n=Bt(e).data("margin-right");"undefined"!=typeof n&&Bt(e).css("margin-right",n).removeData("margin-right")});var t=Bt(document.body).data("padding-right");"undefined"!=typeof t&&Bt(document.body).css("padding-right",t).removeData("padding-right")},t._getScrollbarWidth=function(){var t=document.createElement("div");t.className=$t,document.body.appendChild(t);var e=t.getBoundingClientRect().width-t.clientWidth;return document.body.removeChild(t),e},r._jQueryInterface=function(n,i){return this.each(function(){var t=Bt(this).data(Gt),e=h({},Xt,Bt(this).data(),"object"==typeof n&&n?n:{});if(t||(t=new r(this,e),Bt(this).data(Gt,t)),"string"==typeof n){if("undefined"==typeof t[n])throw new TypeError('No method named "'+n+'"');t[n](i)}else e.show&&t.show(i)})},o(r,null,[{key:"VERSION",get:function(){return"4.1.1"}},{key:"Default",get:function(){return Xt}}]),r}(),Bt(document).on(Zt.CLICK_DATA_API,re.DATA_TOGGLE,function(t){var e,n=this,i=Cn.getSelectorFromElement(this);i&&(e=Bt(i)[0]);var r=Bt(e).data(Gt)?"toggle":h({},Bt(e).data(),Bt(this).data());"A"!==this.tagName&&"AREA"!==this.tagName||t.preventDefault();var s=Bt(e).one(Zt.SHOW,function(t){t.isDefaultPrevented()||s.one(Zt.HIDDEN,function(){Bt(n).is(":visible")&&n.focus()})});se._jQueryInterface.call(Bt(e),r,this)}),Bt.fn[Yt]=se._jQueryInterface,Bt.fn[Yt].Constructor=se,Bt.fn[Yt].noConflict=function(){return Bt.fn[Yt]=zt,se._jQueryInterface},se),Nn=(ae="tooltip",he="."+(le="bs.tooltip"),ce=(oe=e).fn[ae],ue="bs-tooltip",fe=new RegExp("(^|\\s)"+ue+"\\S+","g"),ge={animation:!0,template:'<div class="tooltip" role="tooltip"><div class="arrow"></div><div class="tooltip-inner"></div></div>',trigger:"hover focus",title:"",delay:0,html:!(_e={AUTO:"auto",TOP:"top",RIGHT:"right",BOTTOM:"bottom",LEFT:"left"}),selector:!(de={animation:"boolean",template:"string",title:"(string|element|function)",trigger:"string",delay:"(number|object)",html:"boolean",selector:"(string|boolean)",placement:"(string|function)",offset:"(number|string)",container:"(string|element|boolean)",fallbackPlacement:"(string|array)",boundary:"(string|element)"}),placement:"top",offset:0,container:!1,fallbackPlacement:"flip",boundary:"scrollParent"},pe="out",ve={HIDE:"hide"+he,HIDDEN:"hidden"+he,SHOW:(me="show")+he,SHOWN:"shown"+he,INSERTED:"inserted"+he,CLICK:"click"+he,FOCUSIN:"focusin"+he,FOCUSOUT:"focusout"+he,MOUSEENTER:"mouseenter"+he,MOUSELEAVE:"mouseleave"+he},Ee="fade",ye="show",Te=".tooltip-inner",Ce=".arrow",Ie="hover",Ae="focus",De="click",be="manual",Se=function(){function i(t,e){if("undefined"==typeof c)throw new TypeError("Bootstrap tooltips require Popper.js (https://popper.js.org)");this._isEnabled=!0,this._timeout=0,this._hoverState="",this._activeTrigger={},this._popper=null,this.element=t,this.config=this._getConfig(e),this.tip=null,this._setListeners()}var t=i.prototype;return t.enable=function(){this._isEnabled=!0},t.disable=function(){this._isEnabled=!1},t.toggleEnabled=function(){this._isEnabled=!this._isEnabled},t.toggle=function(t){if(this._isEnabled)if(t){var e=this.constructor.DATA_KEY,n=oe(t.currentTarget).data(e);n||(n=new this.constructor(t.currentTarget,this._getDelegateConfig()),oe(t.currentTarget).data(e,n)),n._activeTrigger.click=!n._activeTrigger.click,n._isWithActiveTrigger()?n._enter(null,n):n._leave(null,n)}else{if(oe(this.getTipElement()).hasClass(ye))return void this._leave(null,this);this._enter(null,this)}},t.dispose=function(){clearTimeout(this._timeout),oe.removeData(this.element,this.constructor.DATA_KEY),oe(this.element).off(this.constructor.EVENT_KEY),oe(this.element).closest(".modal").off("hide.bs.modal"),this.tip&&oe(this.tip).remove(),this._isEnabled=null,this._timeout=null,this._hoverState=null,(this._activeTrigger=null)!==this._popper&&this._popper.destroy(),this._popper=null,this.element=null,this.config=null,this.tip=null},t.show=function(){var e=this;if("none"===oe(this.element).css("display"))throw new Error("Please use show on visible elements");var t=oe.Event(this.constructor.Event.SHOW);if(this.isWithContent()&&this._isEnabled){oe(this.element).trigger(t);var n=oe.contains(this.element.ownerDocument.documentElement,this.element);if(t.isDefaultPrevented()||!n)return;var i=this.getTipElement(),r=Cn.getUID(this.constructor.NAME);i.setAttribute("id",r),this.element.setAttribute("aria-describedby",r),this.setContent(),this.config.animation&&oe(i).addClass(Ee);var s="function"==typeof this.config.placement?this.config.placement.call(this,i,this.element):this.config.placement,o=this._getAttachment(s);this.addAttachmentClass(o);var a=!1===this.config.container?document.body:oe(this.config.container);oe(i).data(this.constructor.DATA_KEY,this),oe.contains(this.element.ownerDocument.documentElement,this.tip)||oe(i).appendTo(a),oe(this.element).trigger(this.constructor.Event.INSERTED),this._popper=new c(this.element,i,{placement:o,modifiers:{offset:{offset:this.config.offset},flip:{behavior:this.config.fallbackPlacement},arrow:{element:Ce},preventOverflow:{boundariesElement:this.config.boundary}},onCreate:function(t){t.originalPlacement!==t.placement&&e._handlePopperPlacementChange(t)},onUpdate:function(t){e._handlePopperPlacementChange(t)}}),oe(i).addClass(ye),"ontouchstart"in document.documentElement&&oe(document.body).children().on("mouseover",null,oe.noop);var l=function(){e.config.animation&&e._fixTransition();var t=e._hoverState;e._hoverState=null,oe(e.element).trigger(e.constructor.Event.SHOWN),t===pe&&e._leave(null,e)};if(oe(this.tip).hasClass(Ee)){var h=Cn.getTransitionDurationFromElement(this.tip);oe(this.tip).one(Cn.TRANSITION_END,l).emulateTransitionEnd(h)}else l()}},t.hide=function(t){var e=this,n=this.getTipElement(),i=oe.Event(this.constructor.Event.HIDE),r=function(){e._hoverState!==me&&n.parentNode&&n.parentNode.removeChild(n),e._cleanTipClass(),e.element.removeAttribute("aria-describedby"),oe(e.element).trigger(e.constructor.Event.HIDDEN),null!==e._popper&&e._popper.destroy(),t&&t()};if(oe(this.element).trigger(i),!i.isDefaultPrevented()){if(oe(n).removeClass(ye),"ontouchstart"in document.documentElement&&oe(document.body).children().off("mouseover",null,oe.noop),this._activeTrigger[De]=!1,this._activeTrigger[Ae]=!1,this._activeTrigger[Ie]=!1,oe(this.tip).hasClass(Ee)){var s=Cn.getTransitionDurationFromElement(n);oe(n).one(Cn.TRANSITION_END,r).emulateTransitionEnd(s)}else r();this._hoverState=""}},t.update=function(){null!==this._popper&&this._popper.scheduleUpdate()},t.isWithContent=function(){return Boolean(this.getTitle())},t.addAttachmentClass=function(t){oe(this.getTipElement()).addClass(ue+"-"+t)},t.getTipElement=function(){return this.tip=this.tip||oe(this.config.template)[0],this.tip},t.setContent=function(){var t=oe(this.getTipElement());this.setElementContent(t.find(Te),this.getTitle()),t.removeClass(Ee+" "+ye)},t.setElementContent=function(t,e){var n=this.config.html;"object"==typeof e&&(e.nodeType||e.jquery)?n?oe(e).parent().is(t)||t.empty().append(e):t.text(oe(e).text()):t[n?"html":"text"](e)},t.getTitle=function(){var t=this.element.getAttribute("data-original-title");return t||(t="function"==typeof this.config.title?this.config.title.call(this.element):this.config.title),t},t._getAttachment=function(t){return _e[t.toUpperCase()]},t._setListeners=function(){var i=this;this.config.trigger.split(" ").forEach(function(t){if("click"===t)oe(i.element).on(i.constructor.Event.CLICK,i.config.selector,function(t){return i.toggle(t)});else if(t!==be){var e=t===Ie?i.constructor.Event.MOUSEENTER:i.constructor.Event.FOCUSIN,n=t===Ie?i.constructor.Event.MOUSELEAVE:i.constructor.Event.FOCUSOUT;oe(i.element).on(e,i.config.selector,function(t){return i._enter(t)}).on(n,i.config.selector,function(t){return i._leave(t)})}oe(i.element).closest(".modal").on("hide.bs.modal",function(){return i.hide()})}),this.config.selector?this.config=h({},this.config,{trigger:"manual",selector:""}):this._fixTitle()},t._fixTitle=function(){var t=typeof this.element.getAttribute("data-original-title");(this.element.getAttribute("title")||"string"!==t)&&(this.element.setAttribute("data-original-title",this.element.getAttribute("title")||""),this.element.setAttribute("title",""))},t._enter=function(t,e){var n=this.constructor.DATA_KEY;(e=e||oe(t.currentTarget).data(n))||(e=new this.constructor(t.currentTarget,this._getDelegateConfig()),oe(t.currentTarget).data(n,e)),t&&(e._activeTrigger["focusin"===t.type?Ae:Ie]=!0),oe(e.getTipElement()).hasClass(ye)||e._hoverState===me?e._hoverState=me:(clearTimeout(e._timeout),e._hoverState=me,e.config.delay&&e.config.delay.show?e._timeout=setTimeout(function(){e._hoverState===me&&e.show()},e.config.delay.show):e.show())},t._leave=function(t,e){var n=this.constructor.DATA_KEY;(e=e||oe(t.currentTarget).data(n))||(e=new this.constructor(t.currentTarget,this._getDelegateConfig()),oe(t.currentTarget).data(n,e)),t&&(e._activeTrigger["focusout"===t.type?Ae:Ie]=!1),e._isWithActiveTrigger()||(clearTimeout(e._timeout),e._hoverState=pe,e.config.delay&&e.config.delay.hide?e._timeout=setTimeout(function(){e._hoverState===pe&&e.hide()},e.config.delay.hide):e.hide())},t._isWithActiveTrigger=function(){for(var t in this._activeTrigger)if(this._activeTrigger[t])return!0;return!1},t._getConfig=function(t){return"number"==typeof(t=h({},this.constructor.Default,oe(this.element).data(),"object"==typeof t&&t?t:{})).delay&&(t.delay={show:t.delay,hide:t.delay}),"number"==typeof t.title&&(t.title=t.title.toString()),"number"==typeof t.content&&(t.content=t.content.toString()),Cn.typeCheckConfig(ae,t,this.constructor.DefaultType),t},t._getDelegateConfig=function(){var t={};if(this.config)for(var e in this.config)this.constructor.Default[e]!==this.config[e]&&(t[e]=this.config[e]);return t},t._cleanTipClass=function(){var t=oe(this.getTipElement()),e=t.attr("class").match(fe);null!==e&&0<e.length&&t.removeClass(e.join(""))},t._handlePopperPlacementChange=function(t){this._cleanTipClass(),this.addAttachmentClass(this._getAttachment(t.placement))},t._fixTransition=function(){var t=this.getTipElement(),e=this.config.animation;null===t.getAttribute("x-placement")&&(oe(t).removeClass(Ee),this.config.animation=!1,this.hide(),this.show(),this.config.animation=e)},i._jQueryInterface=function(n){return this.each(function(){var t=oe(this).data(le),e="object"==typeof n&&n;if((t||!/dispose|hide/.test(n))&&(t||(t=new i(this,e),oe(this).data(le,t)),"string"==typeof n)){if("undefined"==typeof t[n])throw new TypeError('No method named "'+n+'"');t[n]()}})},o(i,null,[{key:"VERSION",get:function(){return"4.1.1"}},{key:"Default",get:function(){return ge}},{key:"NAME",get:function(){return ae}},{key:"DATA_KEY",get:function(){return le}},{key:"Event",get:function(){return ve}},{key:"EVENT_KEY",get:function(){return he}},{key:"DefaultType",get:function(){return de}}]),i}(),oe.fn[ae]=Se._jQueryInterface,oe.fn[ae].Constructor=Se,oe.fn[ae].noConflict=function(){return oe.fn[ae]=ce,Se._jQueryInterface},Se),On=(Ne="popover",ke="."+(Oe="bs.popover"),Pe=(we=e).fn[Ne],Le="bs-popover",je=new RegExp("(^|\\s)"+Le+"\\S+","g"),Re=h({},Nn.Default,{placement:"right",trigger:"click",content:"",template:'<div class="popover" role="tooltip"><div class="arrow"></div><h3 class="popover-header"></h3><div class="popover-body"></div></div>'}),He=h({},Nn.DefaultType,{content:"(string|element|function)"}),We="fade",xe=".popover-header",Ue=".popover-body",Ke={HIDE:"hide"+ke,HIDDEN:"hidden"+ke,SHOW:(Me="show")+ke,SHOWN:"shown"+ke,INSERTED:"inserted"+ke,CLICK:"click"+ke,FOCUSIN:"focusin"+ke,FOCUSOUT:"focusout"+ke,MOUSEENTER:"mouseenter"+ke,MOUSELEAVE:"mouseleave"+ke},Fe=function(t){var e,n;function i(){return t.apply(this,arguments)||this}n=t,(e=i).prototype=Object.create(n.prototype),(e.prototype.constructor=e).__proto__=n;var r=i.prototype;return r.isWithContent=function(){return this.getTitle()||this._getContent()},r.addAttachmentClass=function(t){we(this.getTipElement()).addClass(Le+"-"+t)},r.getTipElement=function(){return this.tip=this.tip||we(this.config.template)[0],this.tip},r.setContent=function(){var t=we(this.getTipElement());this.setElementContent(t.find(xe),this.getTitle());var e=this._getContent();"function"==typeof e&&(e=e.call(this.element)),this.setElementContent(t.find(Ue),e),t.removeClass(We+" "+Me)},r._getContent=function(){return this.element.getAttribute("data-content")||this.config.content},r._cleanTipClass=function(){var t=we(this.getTipElement()),e=t.attr("class").match(je);null!==e&&0<e.length&&t.removeClass(e.join(""))},i._jQueryInterface=function(n){return this.each(function(){var t=we(this).data(Oe),e="object"==typeof n?n:null;if((t||!/destroy|hide/.test(n))&&(t||(t=new i(this,e),we(this).data(Oe,t)),"string"==typeof n)){if("undefined"==typeof t[n])throw new TypeError('No method named "'+n+'"');t[n]()}})},o(i,null,[{key:"VERSION",get:function(){return"4.1.1"}},{key:"Default",get:function(){return Re}},{key:"NAME",get:function(){return Ne}},{key:"DATA_KEY",get:function(){return Oe}},{key:"Event",get:function(){return Ke}},{key:"EVENT_KEY",get:function(){return ke}},{key:"DefaultType",get:function(){return He}}]),i}(Nn),we.fn[Ne]=Fe._jQueryInterface,we.fn[Ne].Constructor=Fe,we.fn[Ne].noConflict=function(){return we.fn[Ne]=Pe,Fe._jQueryInterface},Fe),kn=(Qe="scrollspy",Ye="."+(Be="bs.scrollspy"),Ge=(Ve=e).fn[Qe],qe={offset:10,method:"auto",target:""},ze={offset:"number",method:"string",target:"(string|element)"},Xe={ACTIVATE:"activate"+Ye,SCROLL:"scroll"+Ye,LOAD_DATA_API:"load"+Ye+".data-api"},Je="dropdown-item",Ze="active",$e={DATA_SPY:'[data-spy="scroll"]',ACTIVE:".active",NAV_LIST_GROUP:".nav, .list-group",NAV_LINKS:".nav-link",NAV_ITEMS:".nav-item",LIST_ITEMS:".list-group-item",DROPDOWN:".dropdown",DROPDOWN_ITEMS:".dropdown-item",DROPDOWN_TOGGLE:".dropdown-toggle"},tn="offset",en="position",nn=function(){function n(t,e){var n=this;this._element=t,this._scrollElement="BODY"===t.tagName?window:t,this._config=this._getConfig(e),this._selector=this._config.target+" "+$e.NAV_LINKS+","+this._config.target+" "+$e.LIST_ITEMS+","+this._config.target+" "+$e.DROPDOWN_ITEMS,this._offsets=[],this._targets=[],this._activeTarget=null,this._scrollHeight=0,Ve(this._scrollElement).on(Xe.SCROLL,function(t){return n._process(t)}),this.refresh(),this._process()}var t=n.prototype;return t.refresh=function(){var e=this,t=this._scrollElement===this._scrollElement.window?tn:en,r="auto"===this._config.method?t:this._config.method,s=r===en?this._getScrollTop():0;this._offsets=[],this._targets=[],this._scrollHeight=this._getScrollHeight(),Ve.makeArray(Ve(this._selector)).map(function(t){var e,n=Cn.getSelectorFromElement(t);if(n&&(e=Ve(n)[0]),e){var i=e.getBoundingClientRect();if(i.width||i.height)return[Ve(e)[r]().top+s,n]}return null}).filter(function(t){return t}).sort(function(t,e){return t[0]-e[0]}).forEach(function(t){e._offsets.push(t[0]),e._targets.push(t[1])})},t.dispose=function(){Ve.removeData(this._element,Be),Ve(this._scrollElement).off(Ye),this._element=null,this._scrollElement=null,this._config=null,this._selector=null,this._offsets=null,this._targets=null,this._activeTarget=null,this._scrollHeight=null},t._getConfig=function(t){if("string"!=typeof(t=h({},qe,"object"==typeof t&&t?t:{})).target){var e=Ve(t.target).attr("id");e||(e=Cn.getUID(Qe),Ve(t.target).attr("id",e)),t.target="#"+e}return Cn.typeCheckConfig(Qe,t,ze),t},t._getScrollTop=function(){return this._scrollElement===window?this._scrollElement.pageYOffset:this._scrollElement.scrollTop},t._getScrollHeight=function(){return this._scrollElement.scrollHeight||Math.max(document.body.scrollHeight,document.documentElement.scrollHeight)},t._getOffsetHeight=function(){return this._scrollElement===window?window.innerHeight:this._scrollElement.getBoundingClientRect().height},t._process=function(){var t=this._getScrollTop()+this._config.offset,e=this._getScrollHeight(),n=this._config.offset+e-this._getOffsetHeight();if(this._scrollHeight!==e&&this.refresh(),n<=t){var i=this._targets[this._targets.length-1];this._activeTarget!==i&&this._activate(i)}else{if(this._activeTarget&&t<this._offsets[0]&&0<this._offsets[0])return this._activeTarget=null,void this._clear();for(var r=this._offsets.length;r--;){this._activeTarget!==this._targets[r]&&t>=this._offsets[r]&&("undefined"==typeof this._offsets[r+1]||t<this._offsets[r+1])&&this._activate(this._targets[r])}}},t._activate=function(e){this._activeTarget=e,this._clear();var t=this._selector.split(",");t=t.map(function(t){return t+'[data-target="'+e+'"],'+t+'[href="'+e+'"]'});var n=Ve(t.join(","));n.hasClass(Je)?(n.closest($e.DROPDOWN).find($e.DROPDOWN_TOGGLE).addClass(Ze),n.addClass(Ze)):(n.addClass(Ze),n.parents($e.NAV_LIST_GROUP).prev($e.NAV_LINKS+", "+$e.LIST_ITEMS).addClass(Ze),n.parents($e.NAV_LIST_GROUP).prev($e.NAV_ITEMS).children($e.NAV_LINKS).addClass(Ze)),Ve(this._scrollElement).trigger(Xe.ACTIVATE,{relatedTarget:e})},t._clear=function(){Ve(this._selector).filter($e.ACTIVE).removeClass(Ze)},n._jQueryInterface=function(e){return this.each(function(){var t=Ve(this).data(Be);if(t||(t=new n(this,"object"==typeof e&&e),Ve(this).data(Be,t)),"string"==typeof e){if("undefined"==typeof t[e])throw new TypeError('No method named "'+e+'"');t[e]()}})},o(n,null,[{key:"VERSION",get:function(){return"4.1.1"}},{key:"Default",get:function(){return qe}}]),n}(),Ve(window).on(Xe.LOAD_DATA_API,function(){for(var t=Ve.makeArray(Ve($e.DATA_SPY)),e=t.length;e--;){var n=Ve(t[e]);nn._jQueryInterface.call(n,n.data())}}),Ve.fn[Qe]=nn._jQueryInterface,Ve.fn[Qe].Constructor=nn,Ve.fn[Qe].noConflict=function(){return Ve.fn[Qe]=Ge,nn._jQueryInterface},nn),Pn=(on="."+(sn="bs.tab"),an=(rn=e).fn.tab,ln={HIDE:"hide"+on,HIDDEN:"hidden"+on,SHOW:"show"+on,SHOWN:"shown"+on,CLICK_DATA_API:"click"+on+".data-api"},hn="dropdown-menu",cn="active",un="disabled",fn="fade",dn="show",_n=".dropdown",gn=".nav, .list-group",mn=".active",pn="> li > .active",vn='[data-toggle="tab"], [data-toggle="pill"], [data-toggle="list"]',En=".dropdown-toggle",yn="> .dropdown-menu .active",Tn=function(){function i(t){this._element=t}var t=i.prototype;return t.show=function(){var n=this;if(!(this._element.parentNode&&this._element.parentNode.nodeType===Node.ELEMENT_NODE&&rn(this._element).hasClass(cn)||rn(this._element).hasClass(un))){var t,i,e=rn(this._element).closest(gn)[0],r=Cn.getSelectorFromElement(this._element);if(e){var s="UL"===e.nodeName?pn:mn;i=(i=rn.makeArray(rn(e).find(s)))[i.length-1]}var o=rn.Event(ln.HIDE,{relatedTarget:this._element}),a=rn.Event(ln.SHOW,{relatedTarget:i});if(i&&rn(i).trigger(o),rn(this._element).trigger(a),!a.isDefaultPrevented()&&!o.isDefaultPrevented()){r&&(t=rn(r)[0]),this._activate(this._element,e);var l=function(){var t=rn.Event(ln.HIDDEN,{relatedTarget:n._element}),e=rn.Event(ln.SHOWN,{relatedTarget:i});rn(i).trigger(t),rn(n._element).trigger(e)};t?this._activate(t,t.parentNode,l):l()}}},t.dispose=function(){rn.removeData(this._element,sn),this._element=null},t._activate=function(t,e,n){var i=this,r=("UL"===e.nodeName?rn(e).find(pn):rn(e).children(mn))[0],s=n&&r&&rn(r).hasClass(fn),o=function(){return i._transitionComplete(t,r,n)};if(r&&s){var a=Cn.getTransitionDurationFromElement(r);rn(r).one(Cn.TRANSITION_END,o).emulateTransitionEnd(a)}else o()},t._transitionComplete=function(t,e,n){if(e){rn(e).removeClass(dn+" "+cn);var i=rn(e.parentNode).find(yn)[0];i&&rn(i).removeClass(cn),"tab"===e.getAttribute("role")&&e.setAttribute("aria-selected",!1)}if(rn(t).addClass(cn),"tab"===t.getAttribute("role")&&t.setAttribute("aria-selected",!0),Cn.reflow(t),rn(t).addClass(dn),t.parentNode&&rn(t.parentNode).hasClass(hn)){var r=rn(t).closest(_n)[0];r&&rn(r).find(En).addClass(cn),t.setAttribute("aria-expanded",!0)}n&&n()},i._jQueryInterface=function(n){return this.each(function(){var t=rn(this),e=t.data(sn);if(e||(e=new i(this),t.data(sn,e)),"string"==typeof n){if("undefined"==typeof e[n])throw new TypeError('No method named "'+n+'"');e[n]()}})},o(i,null,[{key:"VERSION",get:function(){return"4.1.1"}}]),i}(),rn(document).on(ln.CLICK_DATA_API,vn,function(t){t.preventDefault(),Tn._jQueryInterface.call(rn(this),"show")}),rn.fn.tab=Tn._jQueryInterface,rn.fn.tab.Constructor=Tn,rn.fn.tab.noConflict=function(){return rn.fn.tab=an,Tn._jQueryInterface},Tn);!function(t){if("undefined"==typeof t)throw new TypeError("Bootstrap's JavaScript requires jQuery. jQuery must be included before Bootstrap's JavaScript.");var e=t.fn.jquery.split(" ")[0].split(".");if(e[0]<2&&e[1]<9||1===e[0]&&9===e[1]&&e[2]<1||4<=e[0])throw new Error("Bootstrap's JavaScript requires at least jQuery v1.9.1 but less than v4.0.0")}(e),t.Util=Cn,t.Alert=In,t.Button=An,t.Carousel=Dn,t.Collapse=bn,t.Dropdown=Sn,t.Modal=wn,t.Popover=On,t.Scrollspy=kn,t.Tab=Pn,t.Tooltip=Nn,Object.defineProperty(t,"__esModule",{value:!0})});
2 | //# sourceMappingURL=bootstrap.min.js.map


--------------------------------------------------------------------------------