From bd580232fc8469c24f8f5e6b8d2ebdc86a5f18e2 Mon Sep 17 00:00:00 2001
From: Daniel Gerhardt <code@dgerhardt.net>
Date: Sun, 29 Sep 2019 20:28:08 +0200
Subject: [PATCH] Add SAML SP metadata endpoint

---
 src/main/java/de/thm/arsnova/config/AppConfig.java    |  1 +
 .../java/de/thm/arsnova/config/SecurityConfig.java    |  3 +++
 .../arsnova/controller/AuthenticationController.java  | 11 +++++++++++
 3 files changed, 15 insertions(+)

diff --git a/src/main/java/de/thm/arsnova/config/AppConfig.java b/src/main/java/de/thm/arsnova/config/AppConfig.java
index e2bf1ab31..12db8a034 100644
--- a/src/main/java/de/thm/arsnova/config/AppConfig.java
+++ b/src/main/java/de/thm/arsnova/config/AppConfig.java
@@ -219,6 +219,7 @@ public class AppConfig implements WebMvcConfigurer {
 		messageConverter.setWriteAcceptCharset(false);
 		final List<MediaType> mediaTypes = new ArrayList<>();
 		mediaTypes.add(MediaType.TEXT_PLAIN);
+		mediaTypes.add(MediaType.APPLICATION_XML);
 		messageConverter.setSupportedMediaTypes(mediaTypes);
 
 		return messageConverter;
diff --git a/src/main/java/de/thm/arsnova/config/SecurityConfig.java b/src/main/java/de/thm/arsnova/config/SecurityConfig.java
index 1be1246cd..8dee39cc8 100644
--- a/src/main/java/de/thm/arsnova/config/SecurityConfig.java
+++ b/src/main/java/de/thm/arsnova/config/SecurityConfig.java
@@ -620,6 +620,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 		client.setCallbackUrl(rootUrl + apiPath + AUTH_CALLBACK_PATH);
 		client.setCallbackUrlResolver(pathParameterCallbackUrlResolver());
 
+		/* Initialize the client manually for the metadata endpoint */
+		client.init();
+
 		return client;
 	}
 
diff --git a/src/main/java/de/thm/arsnova/controller/AuthenticationController.java b/src/main/java/de/thm/arsnova/controller/AuthenticationController.java
index 0c3c01923..9642477d6 100644
--- a/src/main/java/de/thm/arsnova/controller/AuthenticationController.java
+++ b/src/main/java/de/thm/arsnova/controller/AuthenticationController.java
@@ -28,6 +28,7 @@ import org.pac4j.core.context.J2EContext;
 import org.pac4j.oidc.client.OidcClient;
 import org.pac4j.saml.client.SAML2Client;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -46,6 +47,7 @@ import de.thm.arsnova.model.LoginCredentials;
 import de.thm.arsnova.model.UserProfile;
 import de.thm.arsnova.security.LoginAuthenticationSucessHandler;
 import de.thm.arsnova.service.UserService;
+import de.thm.arsnova.web.exceptions.NotImplementedException;
 
 @RestController
 @RequestMapping("/auth")
@@ -152,4 +154,13 @@ public class AuthenticationController {
 				throw new IllegalArgumentException("Invalid provider ID.");
 		}
 	}
+
+	@GetMapping(value = "/config/saml/sp-metadata.xml", produces = MediaType.APPLICATION_XML_VALUE)
+	public String samlSpMetadata() throws IOException {
+		if (saml2Client == null) {
+			throw new NotImplementedException("SAML authentication is disabled.");
+		}
+
+		return saml2Client.getServiceProviderMetadataResolver().getMetadata();
+	}
 }
-- 
GitLab