diff --git a/src/main/java/org/olat/admin/user/imp/ImportStep00.java b/src/main/java/org/olat/admin/user/imp/ImportStep00.java
index e34521c198b519bfc06798dd06b2c820f4c7caec..73f7b1642371ecb68d1d772a038123328eff3ea0 100644
--- a/src/main/java/org/olat/admin/user/imp/ImportStep00.java
+++ b/src/main/java/org/olat/admin/user/imp/ImportStep00.java
@@ -124,6 +124,8 @@ class ImportStep00 extends BasicStep {
private UserManager um;
@Autowired
private BaseSecurity securityManager;
+ @Autowired
+ private ShibbolethModule shibbolethModule;
public ImportStepForm00(UserRequest ureq, WindowControl control, Form rootForm, StepsRunContext runContext) {
super(ureq, control, rootForm, runContext, LAYOUT_VERTICAL, null);
@@ -220,7 +222,7 @@ class ImportStep00 extends BasicStep {
if (parts.length > columnId) {
pwd = parts[columnId].trim();
if (StringHelper.containsNonWhitespace(pwd)) {
- if(pwd.startsWith(UserImportController.SHIBBOLETH_MARKER) && ShibbolethModule.isEnableShibbolethLogins()) {
+ if(pwd.startsWith(UserImportController.SHIBBOLETH_MARKER) && shibbolethModule.isEnableShibbolethLogins()) {
String authusername = pwd.substring(UserImportController.SHIBBOLETH_MARKER.length());
Authentication auth = securityManager.findAuthenticationByAuthusername(authusername, ShibbolethDispatcher.PROVIDER_SHIB);
if(auth != null) {
diff --git a/src/main/java/org/olat/admin/user/imp/UserImportController.java b/src/main/java/org/olat/admin/user/imp/UserImportController.java
index 86c284f1205229374cd563ba6c1c9e2f141b881f..e65cea510efd30355c34f5670f8f49fe123d6424 100644
--- a/src/main/java/org/olat/admin/user/imp/UserImportController.java
+++ b/src/main/java/org/olat/admin/user/imp/UserImportController.java
@@ -93,6 +93,8 @@ public class UserImportController extends BasicController {
@Autowired
private OLATAuthManager olatAuthManager;
@Autowired
+ private ShibbolethModule shibbolethModule;
+ @Autowired
private BusinessGroupService businessGroupService;
/**
@@ -171,7 +173,7 @@ public class UserImportController extends BasicController {
newUser.getPreferences().setInformSessionTimeout(true);
// Save everything in database
Identity ident;
- if(pwd != null && pwd.startsWith(SHIBBOLETH_MARKER) && ShibbolethModule.isEnableShibbolethLogins()) {
+ if(pwd != null && pwd.startsWith(SHIBBOLETH_MARKER) && shibbolethModule.isEnableShibbolethLogins()) {
String uniqueID = pwd.substring(SHIBBOLETH_MARKER.length());
ident = securityManager.createAndPersistIdentityAndUserWithUserGroup(login, null, ShibbolethDispatcher.PROVIDER_SHIB, uniqueID, newUser);
report.incrementCreatedUser();
@@ -196,7 +198,7 @@ public class UserImportController extends BasicController {
String password = userToUpdate.getPassword();
if(StringHelper.containsNonWhitespace(password)) {
- if(password.startsWith(SHIBBOLETH_MARKER) && ShibbolethModule.isEnableShibbolethLogins()) {
+ if(password.startsWith(SHIBBOLETH_MARKER) && shibbolethModule.isEnableShibbolethLogins()) {
String uniqueID = password.substring(SHIBBOLETH_MARKER.length());
Authentication auth = securityManager.findAuthentication(identity, ShibbolethDispatcher.PROVIDER_SHIB);
if(auth == null) {
diff --git a/src/main/java/org/olat/core/_i18n/LocalStrings_de.properties b/src/main/java/org/olat/core/_i18n/LocalStrings_de.properties
index 2f1b0014744cac2afea9ef824a4d3faadc7b53b7..8538a1846138aecd7e799b9e9c5414b3742e1de7 100644
--- a/src/main/java/org/olat/core/_i18n/LocalStrings_de.properties
+++ b/src/main/java/org/olat/core/_i18n/LocalStrings_de.properties
@@ -11,6 +11,7 @@ confirmation.yes.toolHelp=Ja
contact=Kontakt
delete=L\u00F6schen
edit=Editieren
+enabled=Eingeschaltet
error.header=Fehler
error.jpbwrapper.renderfailed=Die Komponente kann nicht mehr dargestellt werden. Bitte rufen Sie die Komponente erneut auf.
error.noformpostdata=Achtung\! Durch ein Problem Ihres Browsers wurden nicht alle Daten hochgeladen. Dr\u00FCcken Sie bitte den Zur\u00FCck-Knopf und versuchen Sie es nochmals.
diff --git a/src/main/java/org/olat/core/_i18n/LocalStrings_en.properties b/src/main/java/org/olat/core/_i18n/LocalStrings_en.properties
index dd4743116f010a002b95f7faf6bff77052cdc512..a8092de401870bf64cb0d406d107bb2f306e7a5a 100644
--- a/src/main/java/org/olat/core/_i18n/LocalStrings_en.properties
+++ b/src/main/java/org/olat/core/_i18n/LocalStrings_en.properties
@@ -11,6 +11,7 @@ confirmation.yes.toolHelp=Yes
contact=Contact
delete=Delete
edit=Edit
+enabled=Enabled
error.header=Error
error.jpbwrapper.renderfailed=This component cannot be displayed anymore. Please start component again.
error.noformpostdata=Attention\! Due to problems concerning your browser some data could not be transferred. Please use the "Back" button and try again.
diff --git a/src/main/java/org/olat/core/dispatcher/_spring/dispatcherContext.xml b/src/main/java/org/olat/core/dispatcher/_spring/dispatcherContext.xml
index 252c24303943f71d1dc513e56ce961583d0d22e7..30cb0687c823f4019529a70df4fc939ec0c8f779 100644
--- a/src/main/java/org/olat/core/dispatcher/_spring/dispatcherContext.xml
+++ b/src/main/java/org/olat/core/dispatcher/_spring/dispatcherContext.xml
@@ -179,24 +179,31 @@
-->
<bean id="remoteloginbean" class="org.olat.dispatcher.RemoteLoginformDispatcher" />
- <bean id="shibbean" class="org.olat.shibboleth.ShibbolethDispatcher" />
+ <bean id="shibbean" class="org.olat.shibboleth.ShibbolethDispatcher">
+ <property name="shibbolethModule" ref="shibbolethModule"/>
+ <property name="restSecurityBean" ref="restSecurityBean"/>
+ <property name="securityManager" ref="baseSecurityManager"/>
+ <property name="userDeletionManager" ref="userDeletionManager"/>
+ </bean>
<bean id="shibmobilebean" class="org.olat.shibboleth.ShibbolethDispatcher">
<property name="mobile" value="true"/>
+ <property name="shibbolethModule" ref="shibbolethModule"/>
+ <property name="restSecurityBean" ref="restSecurityBean"/>
+ <property name="securityManager" ref="baseSecurityManager"/>
+ <property name="userDeletionManager" ref="userDeletionManager"/>
</bean>
<!-- static files delivery. See org.olat.core.dispatcher.mapper.package.html for more infos -->
<bean id="staticsrawbean"
- class="org.olat.core.dispatcher.impl.StaticMediaDispatcher"
- >
+ class="org.olat.core.dispatcher.impl.StaticMediaDispatcher">
<constructor-arg index="0">
<value>/raw/</value>
</constructor-arg>
</bean>
<bean id="contexthelpbean"
- class="org.olat.core.commons.contextHelp.ContextHelpDispatcher"
- >
+ class="org.olat.core.commons.contextHelp.ContextHelpDispatcher">
<constructor-arg index="0">
<value>/help/</value>
</constructor-arg>
diff --git a/src/main/java/org/olat/course/condition/AttributeEasyRowAdderController.java b/src/main/java/org/olat/course/condition/AttributeEasyRowAdderController.java
index c812be2609b63f6119a224e9393ebf02e451a058..e7ec04dd46b6734dbee4aaea24a1a0b8d980f4b2 100644
--- a/src/main/java/org/olat/course/condition/AttributeEasyRowAdderController.java
+++ b/src/main/java/org/olat/course/condition/AttributeEasyRowAdderController.java
@@ -57,6 +57,7 @@ import org.olat.course.condition.operators.OperatorManager;
import org.olat.shibboleth.ShibbolethModule;
import org.olat.shibboleth.util.AttributeTranslator;
import org.olat.user.UserManager;
+import org.springframework.beans.factory.annotation.Autowired;
/**
* Description:<br>
@@ -95,6 +96,9 @@ public class AttributeEasyRowAdderController extends FormBasicController {
private int rowCreationCounter = 0;
//
private boolean isinit = false;
+
+ @Autowired
+ private ShibbolethModule shibbolethModule;
/**
* Constructor for a shibboleth attribute rule creator form.
@@ -107,11 +111,11 @@ public class AttributeEasyRowAdderController extends FormBasicController {
super(ureq, wControl, FormBasicController.LAYOUT_CUSTOM, EASYROWS, parentForm);
// Set custom translator to use translations from shibb module as well
setTranslator(Util.createPackageTranslator(ShibbolethModule.class, ureq.getLocale(), getTranslator()));
- attributeTranslator = ShibbolethModule.getAttributeTranslator();
+ attributeTranslator = shibbolethModule.getAttributeTranslator();
attrKeys = getShibAttributes();
- preselectedAttribute = ShibbolethModule.getPreselectedAttributeKey(ShibbolethModule.CONF_OLATUSERMAPPING_INSTITUTIONALNAME);
+ preselectedAttribute = shibbolethModule.getPreselectedAttributeKey(ShibbolethModule.CONF_OLATUSERMAPPING_INSTITUTIONALNAME);
preselectedAttributeValue = ureq.getIdentity().getUser().getProperty(UserConstants.INSTITUTIONALNAME, getLocale());
- operatorKeys = OperatorManager.getRegisteredOperatorKeys(ShibbolethModule.getOperatorKeys());
+ operatorKeys = OperatorManager.getRegisteredOperatorKeys(shibbolethModule.getOperatorKeys());
this.init();
}
@@ -558,7 +562,7 @@ public class AttributeEasyRowAdderController extends FormBasicController {
* @return String[] - will never returh null
*/
private String[] getShibAttributes() {
- if (ShibbolethModule.isEnableShibbolethLogins()) {
+ if (shibbolethModule.isEnableShibbolethLogins()) {
final AttributeTranslator attTrans = getAttributeTranslator();
final Set<String> attributes = attTrans.getTranslateableAttributes();
final String[] outNames = new String[attributes.size()];
diff --git a/src/main/java/org/olat/course/condition/ConditionConfigEasyController.java b/src/main/java/org/olat/course/condition/ConditionConfigEasyController.java
index 1c4729792558b9a05e262dd69b8bdd8fcfb35a77..8b68d223aec639cfb6b75f62ffa8d7f09364b683 100644
--- a/src/main/java/org/olat/course/condition/ConditionConfigEasyController.java
+++ b/src/main/java/org/olat/course/condition/ConditionConfigEasyController.java
@@ -33,7 +33,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import org.olat.core.CoreSpringFactory;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.form.flexible.DependencyRuleApplayable;
import org.olat.core.gui.components.form.flexible.FormItem;
@@ -76,6 +75,7 @@ import org.olat.repository.RepositoryEntryManagedFlag;
import org.olat.repository.RepositoryManager;
import org.olat.resource.OLATResource;
import org.olat.shibboleth.ShibbolethModule;
+import org.springframework.beans.factory.annotation.Autowired;
/**
* Description:<br>
* The ConditionConfigEasyController implements the easy condition editing
@@ -136,8 +136,12 @@ public class ConditionConfigEasyController extends FormBasicController implement
private EventBus singleUserEventCenter;
private OLATResourceable groupConfigChangeEventOres;
- private final BGAreaManager areaManager;
- private final BusinessGroupService businessGroupService;
+ @Autowired
+ private BGAreaManager areaManager;
+ @Autowired
+ private ShibbolethModule shibbolethModule;
+ @Autowired
+ private BusinessGroupService businessGroupService;
private boolean managedGroup;
@@ -157,9 +161,6 @@ public class ConditionConfigEasyController extends FormBasicController implement
public ConditionConfigEasyController(UserRequest ureq, WindowControl wControl, Condition cond,
List<CourseNode> nodeIdentList, CourseEditorEnv env) {
super(ureq, wControl, "easycondedit");
-
- areaManager = CoreSpringFactory.getImpl(BGAreaManager.class);
- businessGroupService = CoreSpringFactory.getImpl(BusinessGroupService.class);
singleUserEventCenter = ureq.getUserSession().getSingleUserEventCenter();
groupConfigChangeEventOres = OresHelper.createOLATResourceableType(MultiUserEvent.class);
@@ -282,7 +283,7 @@ public class ConditionConfigEasyController extends FormBasicController implement
}
// 6) attribute switch
- if (ShibbolethModule.isEnableShibbolethLogins()) {
+ if (shibbolethModule.isEnableShibbolethLogins()) {
if (attributeSwitch.getSelectedKeys().size() == 1) {
List<ExtendedCondition> le = attribteRowAdderSubform.getAttributeConditions();
@@ -554,7 +555,7 @@ public class ConditionConfigEasyController extends FormBasicController implement
}
}
- if (ShibbolethModule.isEnableShibbolethLogins()) {
+ if (shibbolethModule.isEnableShibbolethLogins()) {
retVal=validateAttibuteFields()&&retVal;
}
//
@@ -721,10 +722,10 @@ public class ConditionConfigEasyController extends FormBasicController implement
addEasyGroupAreaChoosers(formLayout);
addAssessmentSwitch(formLayout);
//
- if(ShibbolethModule.isEnableShibbolethLogins()){
+ if(shibbolethModule.isEnableShibbolethLogins()){
addAttributeSwitch(formLayout, ureq);
}
- flc.contextPut("shibbolethEnabled", new Boolean(ShibbolethModule.isEnableShibbolethLogins()));
+ flc.contextPut("shibbolethEnabled", new Boolean(shibbolethModule.isEnableShibbolethLogins()));
addAssessmentMode(formLayout);
addApplyRulesForTutorsToo(formLayout);
@@ -833,7 +834,7 @@ public class ConditionConfigEasyController extends FormBasicController implement
final Set<FormItem> dependenciesAttributeSwitch = new HashSet<FormItem>();
// only add when initialized. is null when shibboleth module is not enabled
- if (ShibbolethModule.isEnableShibbolethLogins()) {
+ if (shibbolethModule.isEnableShibbolethLogins()) {
dependenciesAttributeSwitch.add(attributeBconnector);
}
@@ -875,7 +876,7 @@ public class ConditionConfigEasyController extends FormBasicController implement
}
});
- if (ShibbolethModule.isEnableShibbolethLogins()) {
+ if (shibbolethModule.isEnableShibbolethLogins()) {
FormItemDependencyRule hideClearAttibuteSwitchDeps = RulesFactory.createCustomRule(attributeSwitch, null, dependenciesAttributeSwitch, formLayout);
hideClearAttibuteSwitchDeps.setDependencyRuleApplayable(new DependencyRuleApplayable() {
@@ -918,7 +919,7 @@ public class ConditionConfigEasyController extends FormBasicController implement
groupSwitch.clearError();
groupSubContainer.setVisible(false);
- if (ShibbolethModule.isEnableShibbolethLogins()) {
+ if (shibbolethModule.isEnableShibbolethLogins()) {
attributeSwitch.clearError();
}
easyGroupList.setFocus(false);
@@ -1052,7 +1053,7 @@ public class ConditionConfigEasyController extends FormBasicController implement
switchesOnly.add(groupSwitch);
switchesOnly.add(assessmentSwitch);
switchesOnly.add(applyRulesForCoach);
- if (ShibbolethModule.isEnableShibbolethLogins()) {
+ if (shibbolethModule.isEnableShibbolethLogins()) {
switchesOnly.add(attributeSwitch);
}
@@ -1067,7 +1068,7 @@ public class ConditionConfigEasyController extends FormBasicController implement
assessmentMode.setEnabled(true);
//default is a checked disabled apply rules for coach
- if (ShibbolethModule.isEnableShibbolethLogins()) {
+ if (shibbolethModule.isEnableShibbolethLogins()) {
attributeSwitch.setEnabled(true);
}
if(!firedDuringInit){
diff --git a/src/main/java/org/olat/portal/shiblogin/ShibLoginPortlet.java b/src/main/java/org/olat/portal/shiblogin/ShibLoginPortlet.java
index f3f218731875ba0ce7663bf5c5b39e3b9fd56db4..1c52b18fa7c54395fef618527f1e04199ebae90d 100644
--- a/src/main/java/org/olat/portal/shiblogin/ShibLoginPortlet.java
+++ b/src/main/java/org/olat/portal/shiblogin/ShibLoginPortlet.java
@@ -30,6 +30,7 @@ package org.olat.portal.shiblogin;
import java.util.Map;
+import org.olat.core.CoreSpringFactory;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.Component;
import org.olat.core.gui.control.Controller;
@@ -65,12 +66,13 @@ public class ShibLoginPortlet extends AbstractPortlet {
*/
@Override
public boolean isEnabled() {
- return ShibbolethModule.isEnableShibbolethLogins() && super.isEnabled();
+ return CoreSpringFactory.getImpl(ShibbolethModule.class).isEnableShibbolethLogins() && super.isEnabled();
}
/**
* @see org.olat.gui.control.generic.portal.Portlet#getTitle()
*/
+ @Override
public String getTitle() {
String title = getConfiguration().get("title_" + getTranslator().getLocale().toString());
if (title == null) {
@@ -82,6 +84,7 @@ public class ShibLoginPortlet extends AbstractPortlet {
/**
* @see org.olat.gui.control.generic.portal.Portlet#getDescription()
*/
+ @Override
public String getDescription() {
String desc = getConfiguration().get("description_" + getTranslator().getLocale().toString());
if (desc == null) {
@@ -93,8 +96,9 @@ public class ShibLoginPortlet extends AbstractPortlet {
/**
* @see org.olat.gui.control.generic.portal.AbstractPortlet#createInstance(org.olat.gui.control.WindowControl, org.olat.gui.UserRequest, java.util.Map)
*/
+ @Override
public Portlet createInstance(WindowControl wControl, UserRequest ureq, Map<String,String> configuration) {
- if (!ShibbolethModule.isEnableShibbolethLogins())
+ if (!CoreSpringFactory.getImpl(ShibbolethModule.class).isEnableShibbolethLogins())
throw new OLATSecurityException("Got shibboleth wayf form request but shibboleth is not enabled.");
ShibLoginPortlet p = new ShibLoginPortlet(config);
p.setName(this.getName());
diff --git a/src/main/java/org/olat/restapi/_spring/restApiContext.xml b/src/main/java/org/olat/restapi/_spring/restApiContext.xml
index ccea0e4b61c5f7c583ab5a7d07fafee713f6d591..6ba96621ee55b754cd1e87e91455b0ad2ffddc92 100644
--- a/src/main/java/org/olat/restapi/_spring/restApiContext.xml
+++ b/src/main/java/org/olat/restapi/_spring/restApiContext.xml
@@ -17,7 +17,7 @@
<property name="ipsByPass" value="${restapi.ips.system}"/>
</bean>
- <bean id="org.olat.restapi.security.RestSecurityBean" class="org.olat.restapi.security.RestSecurityBeanImpl">
+ <bean id="restSecurityBean" class="org.olat.restapi.security.RestSecurityBeanImpl">
<property name="securityManager" ref="baseSecurityManager"/>
</bean>
diff --git a/src/main/java/org/olat/shibboleth/DefaultShibbolethAuthenticationController.java b/src/main/java/org/olat/shibboleth/DefaultShibbolethAuthenticationController.java
index 4daee7bea1e74bec3c0ed064cbaf2a5b0315e84d..e18c880ab760e73e73859f7aaf37bc1cadf56eb4 100644
--- a/src/main/java/org/olat/shibboleth/DefaultShibbolethAuthenticationController.java
+++ b/src/main/java/org/olat/shibboleth/DefaultShibbolethAuthenticationController.java
@@ -39,6 +39,7 @@ import org.olat.core.util.Util;
import org.olat.core.util.WebappHelper;
import org.olat.login.LoginModule;
import org.olat.login.auth.AuthenticationController;
+import org.springframework.beans.factory.annotation.Autowired;
/**
*
@@ -52,8 +53,11 @@ import org.olat.login.auth.AuthenticationController;
*/
public class DefaultShibbolethAuthenticationController extends AuthenticationController {
- private VelocityContainer loginComp;
private Link shibLink;
+
+ @Autowired
+ private ShibbolethModule shibbolethModule;
+
/**
* @param ureq
* @param wControl
@@ -68,9 +72,11 @@ public class DefaultShibbolethAuthenticationController extends AuthenticationCon
// Can't use constructor with fallback translator because it gets overriden by setBasePackage call above
setTranslator(Util.createPackageTranslator(this.getClass(), ureq.getLocale(), Util.createPackageTranslator(LoginModule.class, ureq.getLocale())));
- if (!ShibbolethModule.isEnableShibbolethLogins()) throw new OLATSecurityException("Shibboleth is not enabled.");
+ if (!shibbolethModule.isEnableShibbolethLogins()) {
+ throw new OLATSecurityException("Shibboleth is not enabled.");
+ }
- loginComp = createVelocityContainer(ShibbolethModule.getLoginTemplateDefault());
+ VelocityContainer loginComp = createVelocityContainer(shibbolethModule.getLoginTemplateDefault());
shibLink = LinkFactory.createButton("shib.redirect", loginComp, this);
shibLink.setIconRightCSS("o_icon o_icon_start");
shibLink.setPrimary(true);
diff --git a/src/main/java/org/olat/shibboleth/ShibbolethAdminController.java b/src/main/java/org/olat/shibboleth/ShibbolethAdminController.java
new file mode 100644
index 0000000000000000000000000000000000000000..a4b3803f5381fe28995b6dabb0149eb1a40cea45
--- /dev/null
+++ b/src/main/java/org/olat/shibboleth/ShibbolethAdminController.java
@@ -0,0 +1,115 @@
+/**
+ * <a href="http://www.openolat.org">
+ * OpenOLAT - Online Learning and Training</a><br>
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); <br>
+ * you may not use this file except in compliance with the License.<br>
+ * You may obtain a copy of the License at the
+ * <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache homepage</a>
+ * <p>
+ * Unless required by applicable law or agreed to in writing,<br>
+ * software distributed under the License is distributed on an "AS IS" BASIS, <br>
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
+ * See the License for the specific language governing permissions and <br>
+ * limitations under the License.
+ * <p>
+ * Initial code contributed and copyrighted by<br>
+ * frentix GmbH, http://www.frentix.com
+ * <p>
+ */
+package org.olat.shibboleth;
+
+import org.olat.core.gui.UserRequest;
+import org.olat.core.gui.components.form.flexible.FormItem;
+import org.olat.core.gui.components.form.flexible.FormItemContainer;
+import org.olat.core.gui.components.form.flexible.elements.MultipleSelectionElement;
+import org.olat.core.gui.components.form.flexible.elements.TextElement;
+import org.olat.core.gui.components.form.flexible.impl.FormBasicController;
+import org.olat.core.gui.components.form.flexible.impl.FormEvent;
+import org.olat.core.gui.components.form.flexible.impl.FormLayoutContainer;
+import org.olat.core.gui.control.Controller;
+import org.olat.core.gui.control.WindowControl;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ *
+ * Initial date: 16.07.2015<br>
+ * @author srosse, stephane.rosse@frentix.com, http://www.frentix.com
+ *
+ */
+public class ShibbolethAdminController extends FormBasicController {
+
+ private static final String[] keys = new String[]{ "x" };
+
+ private MultipleSelectionElement attributeEl;
+ private TextElement attribute1El, values1El;
+ private TextElement attribute2El, values2El;
+
+ @Autowired
+ private ShibbolethModule shibbolethModule;
+
+ public ShibbolethAdminController(UserRequest ureq, WindowControl wControl) {
+ super(ureq, wControl);
+ initForm(ureq);
+ }
+
+ @Override
+ protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
+ setFormTitle("admin.title");
+ setFormDescription("admin.description");
+
+ boolean enabled = shibbolethModule.isAccessControlByAttributes();
+ String[] values = new String[]{ translate("enabled") };
+ attributeEl = uifactory.addCheckboxesHorizontal("admin.ac.attribute", formLayout, keys, values);
+ attributeEl.addActionListener(FormEvent.ONCHANGE);
+ attributeEl.select(keys[0], enabled);
+
+ String attribute1 = shibbolethModule.getAttribute1();
+ attribute1El = uifactory.addTextElement("attr-1", "admin.ac.attribute.1", 255, attribute1, formLayout);
+ attribute1El.setVisible(enabled);
+ String value1 = shibbolethModule.getAttribute1Values();
+ values1El = uifactory.addTextAreaElement("admin.ac.value.1", 6, 60, value1, formLayout);
+ values1El.setVisible(enabled);
+
+ String attribute2 = shibbolethModule.getAttribute2();
+ attribute2El = uifactory.addTextElement("attr-2", "admin.ac.attribute.2", 255, attribute2, formLayout);
+ attribute2El.setVisible(enabled);
+ String value2 = shibbolethModule.getAttribute2Values();
+ values2El = uifactory.addTextAreaElement("admin.ac.value.2", 6, 60, value2, formLayout);
+ values2El.setVisible(enabled);
+
+ FormLayoutContainer buttonLayout = FormLayoutContainer.createButtonLayout("buttons", getTranslator());
+ formLayout.add("buttons", buttonLayout);
+ uifactory.addFormSubmitButton("save", buttonLayout);
+ }
+
+ @Override
+ protected void doDispose() {
+ //
+ }
+
+ @Override
+ protected void formInnerEvent(UserRequest ureq, FormItem source, FormEvent event) {
+ if(attributeEl == source) {
+ boolean enabled = attributeEl.isAtLeastSelected(1);
+ values1El.setVisible(enabled);
+ values2El.setVisible(enabled);
+ attribute1El.setVisible(enabled);
+ attribute2El.setVisible(enabled);
+ }
+ super.formInnerEvent(ureq, source, event);
+ }
+
+ @Override
+ protected void formOK(UserRequest ureq) {
+ if(attributeEl.isAtLeastSelected(1)) {
+ shibbolethModule.setAccessControlByAttributes(true);
+ shibbolethModule.setAttribute1(attribute1El.getValue());
+ shibbolethModule.setAttribute2(attribute2El.getValue());
+ shibbolethModule.setAttribute1Values(values1El.getValue());
+ shibbolethModule.setAttribute2Values(values2El.getValue());
+ } else {
+ shibbolethModule.setAccessControlByAttributes(false);
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/org/olat/shibboleth/ShibbolethAuthenticationController.java b/src/main/java/org/olat/shibboleth/ShibbolethAuthenticationController.java
index 6f8fbe76055c8e146226336832a7becd925cbabe..15cbce7d7628163976daa548cba70a601c175431 100644
--- a/src/main/java/org/olat/shibboleth/ShibbolethAuthenticationController.java
+++ b/src/main/java/org/olat/shibboleth/ShibbolethAuthenticationController.java
@@ -46,6 +46,7 @@ import org.olat.core.util.Util;
import org.olat.core.util.WebappHelper;
import org.olat.login.LoginModule;
import org.olat.login.auth.AuthenticationController;
+import org.springframework.beans.factory.annotation.Autowired;
/**
@@ -62,13 +63,16 @@ import org.olat.login.auth.AuthenticationController;
*/
public class ShibbolethAuthenticationController extends AuthenticationController {
+
+ private static OLog log = Tracing.createLoggerFor(ShibbolethAuthenticationController.class);
+
protected static final String IDP_HOMESITE_COOKIE = "idpsite-presel";
protected static final String SHIB_MOBILE = "shibbolet-mobile";
- private Translator fallbackTranslator;
- private VelocityContainer loginComp;
+ private Translator fallbackTranslator;
- private static OLog log = Tracing.createLoggerFor(ShibbolethAuthenticationController.class);
+ @Autowired
+ private ShibbolethModule shibbolethModule;
public ShibbolethAuthenticationController(UserRequest ureq, WindowControl wControl) {
super(ureq, wControl);
@@ -79,10 +83,10 @@ public class ShibbolethAuthenticationController extends AuthenticationController
// Can't use constructor with fallback translator because it gets overriden by setBasePackage call above
setTranslator(Util.createPackageTranslator(this.getClass(), ureq.getLocale(), Util.createPackageTranslator(LoginModule.class, ureq.getLocale())));
- if (!ShibbolethModule.isEnableShibbolethLogins()) throw new OLATSecurityException(
+ if (!shibbolethModule.isEnableShibbolethLogins()) throw new OLATSecurityException(
"Tried to access shibboleth wayf but shibboleth is not enabled.");
- loginComp = createVelocityContainer(ShibbolethModule.getLoginTemplate());
+ VelocityContainer loginComp = createVelocityContainer(shibbolethModule.getLoginTemplate());
SwitchShibbolethAuthenticationConfigurator config = (SwitchShibbolethAuthenticationConfigurator)CoreSpringFactory.getBean(SwitchShibbolethAuthenticationConfigurator.class);
loginComp.contextPut("wayfSPEntityID", config.getWayfSPEntityID());
diff --git a/src/main/java/org/olat/shibboleth/ShibbolethDispatcher.java b/src/main/java/org/olat/shibboleth/ShibbolethDispatcher.java
index 9892275386d63d8de7c756e3205d857e96e106ff..db303ab6e3ceddf53520f45b2183a093164b3f8d 100644
--- a/src/main/java/org/olat/shibboleth/ShibbolethDispatcher.java
+++ b/src/main/java/org/olat/shibboleth/ShibbolethDispatcher.java
@@ -32,6 +32,7 @@ import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
+import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -39,8 +40,7 @@ import javax.servlet.http.HttpServletResponse;
import org.olat.admin.user.delete.service.UserDeletionManager;
import org.olat.basesecurity.AuthHelper;
import org.olat.basesecurity.Authentication;
-import org.olat.basesecurity.BaseSecurityManager;
-import org.olat.core.CoreSpringFactory;
+import org.olat.basesecurity.BaseSecurity;
import org.olat.core.dispatcher.Dispatcher;
import org.olat.core.dispatcher.DispatcherModule;
import org.olat.core.gui.UserRequest;
@@ -56,6 +56,7 @@ import org.olat.core.logging.OLATSecurityException;
import org.olat.core.logging.OLog;
import org.olat.core.logging.Tracing;
import org.olat.core.logging.activity.ThreadLocalUserActivityLoggerInstaller;
+import org.olat.core.util.StringHelper;
import org.olat.core.util.Util;
import org.olat.core.util.WebappHelper;
import org.olat.core.util.i18n.I18nModule;
@@ -79,6 +80,10 @@ public class ShibbolethDispatcher implements Dispatcher{
private Translator translator;
private boolean mobile = false;
+ private BaseSecurity securityManager;
+ private ShibbolethModule shibbolethModule;
+ private RestSecurityBean restSecurityBean;
+ private UserDeletionManager userDeletionManager;
/**
@@ -88,6 +93,38 @@ public class ShibbolethDispatcher implements Dispatcher{
public void setMobile(boolean mobile) {
this.mobile = mobile;
}
+
+ /**
+ * [used by Spring]
+ * @param shibbolethModule
+ */
+ public void setShibbolethModule(ShibbolethModule shibbolethModule) {
+ this.shibbolethModule = shibbolethModule;
+ }
+
+ /**
+ * [used by Spring]
+ * @param restSecurityBean
+ */
+ public void setRestSecurityBean(RestSecurityBean restSecurityBean) {
+ this.restSecurityBean = restSecurityBean;
+ }
+
+ /**
+ * [used by Spring]
+ * @param securityManager
+ */
+ public void setSecurityManager(BaseSecurity securityManager) {
+ this.securityManager = securityManager;
+ }
+
+ /**
+ * [used by Spring]
+ * @param userDeletionManager
+ */
+ public void setUserDeletionManager(UserDeletionManager userDeletionManager) {
+ this.userDeletionManager = userDeletionManager;
+ }
/**
* Main method called by OpenOLATServlet.
@@ -103,8 +140,7 @@ public class ShibbolethDispatcher implements Dispatcher{
translator = Util.createPackageTranslator(ShibbolethDispatcher.class, I18nModule.getDefaultLocale());
}
String uri = req.getRequestURI();
-
- if (!ShibbolethModule.isEnableShibbolethLogins()){
+ if (!shibbolethModule.isEnableShibbolethLogins()){
throw new OLATSecurityException("Got shibboleth request but shibboleth is not enabled: " + uri);
}
try { uri = URLDecoder.decode(uri, "UTF-8");
@@ -114,17 +150,21 @@ public class ShibbolethDispatcher implements Dispatcher{
String uriPrefix = DispatcherModule.getLegacyUriPrefix(req);
uri = uri.substring(uriPrefix.length()); // guaranteed to exist by DispatcherAction
- Map<String, String> attributesMap = getShibbolethAttributesFromRequest(req);
+ Map<String, String> attributesMap = getShibbolethAttributesFromRequest(req);
String uniqueID = getUniqueIdentifierFromRequest(req, resp, attributesMap);
- if(uniqueID == null){
+ if(uniqueID == null) {
return;
}
+ if(!authorization(req, resp, attributesMap)) {
+ return;
+ }
+
UserRequest ureq = null;
try{
//upon creation URL is checked for
ureq = new UserRequestImpl(uriPrefix, req, resp);
- }catch(NumberFormatException nfe){
+ } catch(NumberFormatException nfe) {
//MODE could not be decoded
//typically if robots with wrong urls hit the system
//or user have bookmarks
@@ -136,9 +176,9 @@ public class ShibbolethDispatcher implements Dispatcher{
}
DispatcherModule.sendBadRequest(req.getPathInfo(), resp);
return;
- }
+ }
- Authentication auth = BaseSecurityManager.getInstance().findAuthenticationByAuthusername(uniqueID, PROVIDER_SHIB);
+ Authentication auth = securityManager.findAuthenticationByAuthusername(uniqueID, PROVIDER_SHIB);
if (auth == null) { // no matching authentication...
ShibbolethRegistrationController.putShibAttributes(req, attributesMap);
ShibbolethRegistrationController.putShibUniqueID(req, uniqueID);
@@ -160,13 +200,12 @@ public class ShibbolethDispatcher implements Dispatcher{
}
// successfull login
- UserDeletionManager.getInstance().setIdentityAsActiv(ureq.getIdentity());
+ userDeletionManager.setIdentityAsActiv(ureq.getIdentity());
ureq.getUserSession().getIdentityEnvironment().addAttributes(
- ShibbolethModule.getAttributeTranslator().translateAttributesMap(attributesMap));
+ shibbolethModule.getAttributeTranslator().translateAttributesMap(attributesMap));
if(mobile) {
- RestSecurityBean secBean = CoreSpringFactory.getImpl(RestSecurityBean.class);
- String token = secBean.generateToken(ureq.getIdentity(), ureq.getHttpReq().getSession(true));
+ String token = restSecurityBean.generateToken(ureq.getIdentity(), ureq.getHttpReq().getSession(true));
try {
resp.sendRedirect(WebappHelper.getServletContextPath() + "/mobile?x-olat-token=" + token + "&username=" + ureq.getIdentity().getName());
@@ -185,7 +224,8 @@ public class ShibbolethDispatcher implements Dispatcher{
}
private String getUniqueIdentifierFromRequest(HttpServletRequest req, HttpServletResponse resp, Map<String, String> attributesMap) {
- String uniqueID = attributesMap.get(ShibbolethModule.getDefaultUIDAttribute());
+
+ String uniqueID = attributesMap.get(shibbolethModule.getDefaultUIDAttribute());
if (uniqueID == null) {
handleException(new ShibbolethException(ShibbolethException.UNIQUE_ID_NOT_FOUND,"Unable to get unique identifier for subject. Make sure you are listed in the metadata.xml file and your resources your are trying to access are available and your are allowed to see them. (Resourceregistry). "),
req, resp, translator);
@@ -199,7 +239,7 @@ public class ShibbolethDispatcher implements Dispatcher{
}
private Map<String, String> getShibbolethAttributesFromRequest(HttpServletRequest req) {
- Set<String> translateableAttributes = ShibbolethModule.getAttributeTranslator().getTranslateableAttributes();
+ Set<String> translateableAttributes = shibbolethModule.getAttributeTranslator().getTranslateableAttributes();
Map<String, String> attributesMap = new HashMap<String, String>();
Enumeration<String> headerEnum = req.getHeaderNames();
while(headerEnum.hasMoreElements()) {
@@ -231,11 +271,11 @@ public class ShibbolethDispatcher implements Dispatcher{
return false;
}
try {
- String lastname = attributesMap.get(ShibbolethModule.getLastName());
- String firstname = attributesMap.get(ShibbolethModule.getFirstName());
- String email = ShibbolethHelper.getFirstValueOf(ShibbolethModule.getEMail(), attributesMap);
- String institutionalEMail = ShibbolethHelper.getFirstValueOf(ShibbolethModule.getInstitutionalEMail(), attributesMap);
- String institutionalName = attributesMap.get(ShibbolethModule.getInstitutionalName());
+ String lastname = attributesMap.get(shibbolethModule.getLastName());
+ String firstname = attributesMap.get(shibbolethModule.getFirstName());
+ String email = ShibbolethHelper.getFirstValueOf(shibbolethModule.getEMail(), attributesMap);
+ String institutionalEMail = ShibbolethHelper.getFirstValueOf(shibbolethModule.getInstitutionalEMail(), attributesMap);
+ String institutionalName = attributesMap.get(shibbolethModule.getInstitutionalName());
//String institutionalUserIdentifier = userMapping.getInstitutionalUserIdentifier();
if(lastname!=null && !lastname.equals("") && firstname!=null && !firstname.equals("") && email!=null && !email.equals("") &&
institutionalEMail!=null && !institutionalEMail.equals("") && institutionalName!=null && !institutionalName.equals("")) {
@@ -254,6 +294,42 @@ public class ShibbolethDispatcher implements Dispatcher{
log.error("Redirect failed: url=" + WebappHelper.getServletContextPath() + DispatcherModule.getPathDefault(),e);
}
}
+
+ private boolean authorization(HttpServletRequest req, HttpServletResponse resp, Map<String,String> attributesMap) {
+ boolean authorized = false;
+ if(shibbolethModule.isAccessControlByAttributes()) {
+ if(StringHelper.containsNonWhitespace(shibbolethModule.getAttribute1()) && StringHelper.containsNonWhitespace(shibbolethModule.getAttribute1Values())) {
+ authorized |= authorization(shibbolethModule.getAttribute1(), shibbolethModule.getAttribute1Values(), attributesMap);
+ }
+ if(StringHelper.containsNonWhitespace(shibbolethModule.getAttribute2()) && StringHelper.containsNonWhitespace(shibbolethModule.getAttribute2Values())) {
+ authorized |= authorization(shibbolethModule.getAttribute2(), shibbolethModule.getAttribute2Values(), attributesMap);
+ }
+ } else {
+ authorized = true;
+ }
+
+ if(!authorized) {
+ UserRequest ureq = new UserRequestImpl(ShibbolethDispatcher.PATH_SHIBBOLETH, req, resp);
+ String userMsg = translator.translate("error.shibboleth.not.authorized");
+ ChiefController msgcc = MessageWindowController.createMessageChiefController(ureq, null, userMsg, null);
+ msgcc.getWindow().dispatchRequest(ureq, true);
+ }
+ return authorized;
+ }
+
+ private boolean authorization(String attribute, String allowedValues, Map<String,String> attributesMap) {
+ String val = attributesMap.get(attribute);
+ if(StringHelper.containsNonWhitespace(val)) {
+ val = val.trim();
+ for(StringTokenizer tokenizer = new StringTokenizer(allowedValues, "\n\r,;", false); tokenizer.hasMoreTokens(); ) {
+ String allowedValue = tokenizer.nextToken().trim();
+ if(val.equalsIgnoreCase(allowedValue)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
/**
* It first tries to catch the frequent SAMLExceptions and to ask the user to login again.
diff --git a/src/main/java/org/olat/shibboleth/ShibbolethModule.java b/src/main/java/org/olat/shibboleth/ShibbolethModule.java
index fd120a59acb0d83a6ac50119ee24fbb2cf981e08..7018708a551dbfef4697e3ba753f6ae913de85e4 100644
--- a/src/main/java/org/olat/shibboleth/ShibbolethModule.java
+++ b/src/main/java/org/olat/shibboleth/ShibbolethModule.java
@@ -25,12 +25,21 @@
package org.olat.shibboleth;
+import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
-import java.util.Map;
-import org.olat.core.configuration.AbstractOLATModule;
-import org.olat.core.configuration.PersistedProperties;
+import org.olat.core.configuration.AbstractSpringModule;
+import org.olat.core.configuration.ConfigOnOff;
+import org.olat.core.logging.OLog;
+import org.olat.core.logging.Tracing;
+import org.olat.core.util.StringHelper;
+import org.olat.core.util.coordinate.CoordinatorManager;
import org.olat.shibboleth.util.AttributeTranslator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
/**
* Initial Date: 16.07.2004
@@ -40,15 +49,15 @@ import org.olat.shibboleth.util.AttributeTranslator;
* Comment:
*
*/
-public class ShibbolethModule extends AbstractOLATModule {
+@Service("shibbolethModule")
+public class ShibbolethModule extends AbstractSpringModule implements ConfigOnOff {
+
+ private static final OLog log = Tracing.createLoggerFor(ShibbolethModule.class);
+
/**
* Path identifier for shibboleth registration workflows.
*/
- static final String PATH_REGISTER_SHIBBOLETH = "shibregister";
- private static final String CONF_ENABLE = "EnableShibbolethLogins";
- private static final String CONF_UNIQUEIDENTIFIER = "defaultUIDAttribute";
- private static final String CONF_USELANGUAGEINREQ ="UseLanguageInRequest";
- private static final String CONF_LANGUAGEPARAMNAM ="LanguageParamName";
+ static final String PATH_REGISTER_SHIBBOLETH = "shibregister";
private static final String CONF_OLATUSERMAPPING_FIRSTNAME = "FirstName";
private static final String CONF_OLATUSERMAPPING_LASTNAME = "LastName";
@@ -58,114 +67,137 @@ public class ShibbolethModule extends AbstractOLATModule {
private static final String CONF_OLATUSERMAPPING_INSTITUTIONALUSERIDENTIFIER = "InstitutionalUserIdentifier";
private static final String CONF_OLATUSERMAPPING_PREFERED_LANGUAGE = "PreferedLanguage";
- private static boolean enableShibbolethLogins = false;
- private static AttributeTranslator attributeTranslator;
+ @Value("${shibboleth.enable}")
+ private boolean enableShibbolethLogins = false;
+
+ @Autowired
+ private AttributeTranslator attributeTranslator;
+
+ @Value("${language.enable}")
+ private boolean useLanguageInReq = false;
+ @Value("${language.param:en}")
+ private String languageParamName;
+
+ @Autowired @Qualifier("shibbolethOperators")
+ private ArrayList<String> operators;
- private static boolean useLanguageInReq = false;
- private static String languageParamName;
- private static List<String> operators;
- private static String defaultUIDAttribute;
- private static String loginTemplate;
- private static String loginTemplateDefault;
+ @Value("${shibboleth.template.login:shibbolethlogin}")
+ private String loginTemplate;
+ @Value("${shibboleth.template.login.default:default_shibbolethlogin}")
+ private String loginTemplateDefault;
- public static final String MULTIVALUE_SEPARATOR = ";";
- private static Map<String, String> userMapping;
+ public final String MULTIVALUE_SEPARATOR = ";";
- /**
- * [used by spring]
- */
- private ShibbolethModule() {
- //
+ @Value("${shibboleth.defaultUID:Shib-SwissEP-UniqueID}")
+ private String defaultUIDAttribute;
+ @Autowired @Qualifier("shibbolethUserMapping")
+ private HashMap<String, String> userMapping;
+
+ @Value("${shibboleth.ac.byAttributes:false}")
+ private boolean accessControlByAttributes;
+ @Value("${shibboleth.ac.attribute1:#{null}}")
+ private String attribute1;
+ @Value("${shibboleth.ac.attribute1Values:#{null}}")
+ private String attribute1Values;
+ @Value("${shibboleth.ac.attribute2:#{null}}")
+ private String attribute2;
+ @Value("${shibboleth.ac.attribute2Values:#{null}}")
+ private String attribute2Values;
+
+ @Autowired
+ public ShibbolethModule(CoordinatorManager coordinatorManager) {
+ super(coordinatorManager);
}
@Override
public void init() {
- }
-
- @Override
- protected void initDefaultProperties() {
- enableShibbolethLogins = getBooleanConfigParameter(CONF_ENABLE, false);
if (enableShibbolethLogins) {
- logInfo("Shibboleth logins enabled.");
+ log.info("Shibboleth logins enabled.");
+
+ if(useLanguageInReq) {
+ log.info("Language code is sent as parameter in the AAI request with lang: "+languageParamName);
+ } else {
+ log.info("Language code is not sent with AAI request.");
+ }
} else {
- logInfo("Shibboleth logins disabled.");
+ log.info("Shibboleth logins disabled.");
}
- useLanguageInReq = getBooleanConfigParameter(CONF_USELANGUAGEINREQ, true);
- languageParamName = getStringConfigParameter(CONF_LANGUAGEPARAMNAM, "en", true);
- if(useLanguageInReq) {
- logInfo("Language code is sent as parameter in the AAI request with lang: "+languageParamName);
- } else {
- logInfo("Language code is not sent with AAI request.");
+ //module enabled/disabled
+ String accessControlByAttributesObj = getStringPropertyValue("accessControlByAttributes", true);
+ if(StringHelper.containsNonWhitespace(accessControlByAttributesObj)) {
+ accessControlByAttributes = "true".equals(accessControlByAttributesObj);
}
- defaultUIDAttribute = getStringConfigParameter(CONF_UNIQUEIDENTIFIER, "Shib-SwissEP-UniqueID", false);
- }
-
- /**
- * [used by spring]
- * @param attributeTranslator
- */
- public void setAttributeTranslator(AttributeTranslator attributeTranslator) {
- ShibbolethModule.attributeTranslator = attributeTranslator;
+ String attribute1Obj = getStringPropertyValue("attribute1", true);
+ if(StringHelper.containsNonWhitespace(attribute1Obj)) {
+ attribute1 = attribute1Obj;
+ }
+
+ String attribute1ValuesObj = getStringPropertyValue("attribute1Values", true);
+ if(StringHelper.containsNonWhitespace(attribute1ValuesObj)) {
+ attribute1Values = attribute1ValuesObj;
+ }
+
+ String attribute2Obj = getStringPropertyValue("attribute2", true);
+ if(StringHelper.containsNonWhitespace(attribute2Obj)) {
+ attribute2 = attribute2Obj;
+ }
+
+ String attribute2ValuesObj = getStringPropertyValue("attribute2Values", true);
+ if(StringHelper.containsNonWhitespace(attribute2ValuesObj)) {
+ attribute2Values = attribute2ValuesObj;
+ }
}
-
- /**
- * [used by spring]
- * @param operators
- */
- public void setOperators(List<String> operators) {
- ShibbolethModule.operators = operators;
+
+ @Override
+ protected void initFromChangedProperties() {
+ init();
}
- // Getters and Setters //
/**
* @return True if shibboleth logins are allowed.
*/
- public static boolean isEnableShibbolethLogins() {
+ public boolean isEnableShibbolethLogins() {
return enableShibbolethLogins;
}
+
+ @Override
+ public boolean isEnabled() {
+ return isEnableShibbolethLogins();
+ }
/**
* @return true if the language should be sent in the aai request
*/
- public static boolean useLanguageInReq() {
+ public boolean useLanguageInReq() {
return useLanguageInReq;
}
/**
* @return the get request parameter name to be used sending the language code.
*/
- public static String getLanguageParamName() {
+ public String getLanguageParamName() {
return languageParamName;
}
- public static AttributeTranslator getAttributeTranslator() {
+ public AttributeTranslator getAttributeTranslator() {
return attributeTranslator;
}
- public static String[] getRegisteredOperatorKeys() {
+ public String[] getRegisteredOperatorKeys() {
return null;
}
- public static List<String> getOperatorKeys() {
+ public List<String> getOperatorKeys() {
return operators;
}
- @Override
- protected void initFromChangedProperties() {
- //
- }
-
- public void setUserMapping(Map<String, String> userMapping) {
- ShibbolethModule.userMapping = userMapping;
- }
-
/**
*
* @return the shib. default attribute which identifies an user by an unique key
*/
- public static String getDefaultUIDAttribute() {
+ public String getDefaultUIDAttribute() {
return defaultUIDAttribute;
}
@@ -173,76 +205,115 @@ public class ShibbolethModule extends AbstractOLATModule {
* @param attributesMap
* @return First Name value from shibboleth attributes.
*/
- public static String getFirstName() {
+ public String getFirstName() {
return userMapping.get(CONF_OLATUSERMAPPING_FIRSTNAME);
}
/**
* @return Last Name value from shibboleth attributes.
*/
- public static String getLastName() {
+ public String getLastName() {
return userMapping.get(CONF_OLATUSERMAPPING_LASTNAME);
}
/**
* @return EMail value from shibboleth attributes.
*/
- public static String getEMail() {
+ public String getEMail() {
return userMapping.get(CONF_OLATUSERMAPPING_EMAIL);
}
/**
* @return Institutional EMail value from shibboleth attributes.
*/
- public static String getInstitutionalEMail() {
+ public String getInstitutionalEMail() {
return userMapping.get(CONF_OLATUSERMAPPING_INSTITUTIONALEMAIL);
}
/**
* @return Institutional Name value from shibboleth attributes.
*/
- public static String getInstitutionalName() {
+ public String getInstitutionalName() {
return userMapping.get(CONF_OLATUSERMAPPING_INSTITUTIONALNAME);
}
/**
* @return Institutional User Identifyer value from shibboleth attributes.
*/
- public static String getInstitutionalUserIdentifier() {
+ public String getInstitutionalUserIdentifier() {
return userMapping.get(CONF_OLATUSERMAPPING_INSTITUTIONALUSERIDENTIFIER);
}
/**
* @return Prefered language value from shibboleth attributes.
*/
- public static String getPreferedLanguage() {
+ public String getPreferedLanguage() {
return userMapping.get(CONF_OLATUSERMAPPING_PREFERED_LANGUAGE);
}
- public static String getLoginTemplate() {
+ public String getLoginTemplate() {
return loginTemplate;
}
- public static void setLoginTemplate(String loginTemplate) {
- ShibbolethModule.loginTemplate = loginTemplate;
+ public void setLoginTemplate(String loginTemplate) {
+ this.loginTemplate = loginTemplate;
}
- public static String getLoginTemplateDefault() {
+ public String getLoginTemplateDefault() {
return loginTemplateDefault;
}
- public static void setLoginTemplateDefault(String loginTemplateDefault) {
- ShibbolethModule.loginTemplateDefault = loginTemplateDefault;
+ public void setLoginTemplateDefault(String loginTemplateDefault) {
+ this.loginTemplateDefault = loginTemplateDefault;
}
- @Override
- public void setPersistedProperties(PersistedProperties persistedProperties) {
- this.moduleConfigProperties = persistedProperties;
- }
-
- public static String getPreselectedAttributeKey(String userAttribute) {
+ public String getPreselectedAttributeKey(String userAttribute) {
String shibKey = userMapping.get(userAttribute);
return attributeTranslator.translateAttribute(shibKey);
}
-}
+ public boolean isAccessControlByAttributes() {
+ return accessControlByAttributes;
+ }
+
+ public void setAccessControlByAttributes(boolean accessControlByAttributes) {
+ this.accessControlByAttributes = accessControlByAttributes;
+ setStringProperty("accessControlByAttributes", accessControlByAttributes ? "true" : "false", true);
+ }
+
+ public String getAttribute1() {
+ return attribute1;
+ }
+
+ public void setAttribute1(String attribute1) {
+ this.attribute1 = attribute1;
+ setStringProperty("attribute1", attribute1, true);
+ }
+
+ public String getAttribute1Values() {
+ return attribute1Values;
+ }
+
+ public void setAttribute1Values(String attribute1Values) {
+ this.attribute1Values = attribute1Values;
+ setStringProperty("attribute1Values", attribute1Values, true);
+ }
+
+ public String getAttribute2() {
+ return attribute2;
+ }
+
+ public void setAttribute2(String attribute2) {
+ this.attribute2 = attribute2;
+ setStringProperty("attribute2", attribute2, true);
+ }
+
+ public String getAttribute2Values() {
+ return attribute2Values;
+ }
+
+ public void setAttribute2Values(String attribute2Values) {
+ this.attribute2Values = attribute2Values;
+ setStringProperty("attribute2Values", attribute2Values, true);
+ }
+}
\ No newline at end of file
diff --git a/src/main/java/org/olat/shibboleth/ShibbolethRegistrationController.java b/src/main/java/org/olat/shibboleth/ShibbolethRegistrationController.java
index 4fbd7bbe63c0a4cf95c429f9de1d58928ef2e128..fba39286d49767b9c9e692966a07f66dcfbf7be3 100644
--- a/src/main/java/org/olat/shibboleth/ShibbolethRegistrationController.java
+++ b/src/main/java/org/olat/shibboleth/ShibbolethRegistrationController.java
@@ -68,6 +68,7 @@ import org.olat.registration.RegistrationModule;
import org.olat.registration.UserNameCreationInterceptor;
import org.olat.shibboleth.util.ShibbolethHelper;
import org.olat.user.UserManager;
+import org.springframework.beans.factory.annotation.Autowired;
/**
* Initial Date: 09.08.2004
@@ -111,6 +112,9 @@ public class ShibbolethRegistrationController extends DefaultController implemen
private boolean hasEmailInShibAttr;
+ @Autowired
+ private ShibbolethModule shibbolethModule;
+
/**
* Implements the shibboleth registration workflow.
* @param ureq
@@ -133,11 +137,11 @@ public class ShibbolethRegistrationController extends DefaultController implemen
if (shibbolethAttributesMap == null)
throw new AssertException("ShibbolethRegistrationController was unable to fetch ShibbolethAttribuitesMap from session.");
- hasEmailInShibAttr = (ShibbolethModule.getEMail() == null) ? false : true;
+ hasEmailInShibAttr = (shibbolethModule.getEMail() == null) ? false : true;
Locale locale = (Locale)ureq.getUserSession().getEntry(LocaleNegotiator.NEGOTIATED_LOCALE);
if(locale == null) {
- String preferedLanguage = ShibbolethModule.getPreferedLanguage();
+ String preferedLanguage = shibbolethModule.getPreferedLanguage();
if(preferedLanguage == null) {
locale = LocaleNegotiator.getPreferedLocale(ureq);
} else {
@@ -249,6 +253,7 @@ public class ShibbolethRegistrationController extends DefaultController implemen
/**
* @see org.olat.core.gui.control.DefaultController#event(org.olat.core.gui.UserRequest, org.olat.core.gui.control.Controller, org.olat.core.gui.control.Event)
*/
+ @Override
public void event(UserRequest ureq, Controller source, Event event) {
if (source == migrationForm) {
if (event == Event.CANCELLED_EVENT) {
@@ -328,7 +333,7 @@ public class ShibbolethRegistrationController extends DefaultController implemen
if(!hasEmailInShibAttr){
email = regWithEmailForm.getEmail();
} else {
- email = ShibbolethHelper.getFirstValueOf(ShibbolethModule.getEMail(), shibbolethAttributesMap);
+ email = ShibbolethHelper.getFirstValueOf(shibbolethModule.getEMail(), shibbolethAttributesMap);
}
User user = null;
@@ -346,15 +351,15 @@ public class ShibbolethRegistrationController extends DefaultController implemen
return;
}
- String firstName = shibbolethAttributesMap.get(ShibbolethModule.getFirstName());
- String lastName = shibbolethAttributesMap.get(ShibbolethModule.getLastName());
+ String firstName = shibbolethAttributesMap.get(shibbolethModule.getFirstName());
+ String lastName = shibbolethAttributesMap.get(shibbolethModule.getLastName());
user = UserManager.getInstance().createUser(firstName, lastName, email);
- user.setProperty(UserConstants.INSTITUTIONALNAME, shibbolethAttributesMap.get(ShibbolethModule.getInstitutionalName()));
+ user.setProperty(UserConstants.INSTITUTIONALNAME, shibbolethAttributesMap.get(shibbolethModule.getInstitutionalName()));
if(hasEmailInShibAttr){
- String institutionalEmail = ShibbolethHelper.getFirstValueOf(ShibbolethModule.getInstitutionalEMail(), shibbolethAttributesMap);
+ String institutionalEmail = ShibbolethHelper.getFirstValueOf(shibbolethModule.getInstitutionalEMail(), shibbolethAttributesMap);
user.setProperty(UserConstants.INSTITUTIONALEMAIL, institutionalEmail);
}
- user.setProperty(UserConstants.INSTITUTIONALUSERIDENTIFIER, shibbolethAttributesMap.get(ShibbolethModule.getInstitutionalUserIdentifier()));
+ user.setProperty(UserConstants.INSTITUTIONALUSERIDENTIFIER, shibbolethAttributesMap.get(shibbolethModule.getInstitutionalUserIdentifier()));
identity = secMgr.createAndPersistIdentityAndUser(choosenLogin, null, user, ShibbolethDispatcher.PROVIDER_SHIB, shibbolethUniqueID);
SecurityGroup olatUserGroup = secMgr.findSecurityGroupByName(Constants.GROUP_OLATUSERS);
secMgr.addIdentityToSecurityGroup(identity, olatUserGroup);
@@ -371,15 +376,15 @@ public class ShibbolethRegistrationController extends DefaultController implemen
// update user profile
User user = authenticationedIdentity.getUser();
- String s = shibbolethAttributesMap.get(ShibbolethModule.getFirstName());
+ String s = shibbolethAttributesMap.get(shibbolethModule.getFirstName());
if (s != null) user.setProperty(UserConstants.FIRSTNAME, s);
- s = shibbolethAttributesMap.get(ShibbolethModule.getLastName());
+ s = shibbolethAttributesMap.get(shibbolethModule.getLastName());
if (s != null) user.setProperty(UserConstants.LASTNAME, s);
- s = shibbolethAttributesMap.get(ShibbolethModule.getInstitutionalName());
+ s = shibbolethAttributesMap.get(shibbolethModule.getInstitutionalName());
if (s != null) user.setProperty(UserConstants.INSTITUTIONALNAME, s);
- s = ShibbolethHelper.getFirstValueOf(ShibbolethModule.getInstitutionalEMail(), shibbolethAttributesMap);
+ s = ShibbolethHelper.getFirstValueOf(shibbolethModule.getInstitutionalEMail(), shibbolethAttributesMap);
if (s != null) user.setProperty(UserConstants.INSTITUTIONALEMAIL, s);
- s = shibbolethAttributesMap.get(ShibbolethModule.getInstitutionalUserIdentifier());
+ s = shibbolethAttributesMap.get(shibbolethModule.getInstitutionalUserIdentifier());
if (s != null) user.setProperty(UserConstants.INSTITUTIONALUSERIDENTIFIER, s);
UserManager.getInstance().updateUser(user);
doLogin(authenticationedIdentity, ureq);
@@ -405,7 +410,7 @@ public class ShibbolethRegistrationController extends DefaultController implemen
}
// successfull login
ureq.getUserSession().getIdentityEnvironment().addAttributes(
- ShibbolethModule.getAttributeTranslator().translateAttributesMap(shibbolethAttributesMap));
+ shibbolethModule.getAttributeTranslator().translateAttributesMap(shibbolethAttributesMap));
}
/**
diff --git a/src/main/java/org/olat/shibboleth/ShibbolethUserNameFromAttributeUserNameCreationInterceptor.java b/src/main/java/org/olat/shibboleth/ShibbolethUserNameFromAttributeUserNameCreationInterceptor.java
index bf356e109fb992a68080af90f81dc111d0c9d34a..897251fb193e42d973c2a9078e6bee2679bdffc5 100644
--- a/src/main/java/org/olat/shibboleth/ShibbolethUserNameFromAttributeUserNameCreationInterceptor.java
+++ b/src/main/java/org/olat/shibboleth/ShibbolethUserNameFromAttributeUserNameCreationInterceptor.java
@@ -26,6 +26,7 @@ import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import org.olat.core.CoreSpringFactory;
import org.olat.core.util.StringHelper;
import org.olat.registration.AbstractUserNameCreationInterceptor;
@@ -71,7 +72,7 @@ public class ShibbolethUserNameFromAttributeUserNameCreationInterceptor extends
public String getUsernameFor(Map<String, String> userAttributes) {
String proposedUsername = userAttributes.get(shibUsernameAttr);
if(proposedUsername == null) {
- shibUsernameAttr = ShibbolethModule.getAttributeTranslator().translateAttribute(shibUsernameAttr);
+ shibUsernameAttr = CoreSpringFactory.getImpl(ShibbolethModule.class).getAttributeTranslator().translateAttribute(shibUsernameAttr);
proposedUsername = userAttributes.get(shibUsernameAttr);
}
diff --git a/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_de.properties b/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_de.properties
index 4407ff9e49b7ec3aedf6122371bde4cfecaf5456..350aae88b6a5d3f84c4a2ae7c523639c974a71db 100644
--- a/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_de.properties
+++ b/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_de.properties
@@ -1,4 +1,13 @@
#Fri Oct 09 12:13:13 CEST 2009
+admin.ac.attribute=Activate attribute access control
+admin.ac.attribute.1=Shibboleth attribute 1
+admin.ac.attribute.2=Shibboleth attribute 2
+admin.ac.value.1=Allowed values
+admin.ac.value.2=Allowed values
+admin.description=Use the form below...
+admin.menu.shibboleth=Shibboleth
+admin.menu.shibboleth.desc=Shibboleth
+admin.title=Shibboleth auhorization
authentication.provider.description=Sind Sie Mitglied einer Institution mit Shibboleth Loginverfahren?
authentication.provider.linkText=Anmelden mit Shibboleth Konto
chelp.help-shib-login1.title=OLAT-Login
@@ -22,6 +31,7 @@ eduPersonEntitlement=Berechtigung
eduPersonOrgUnitDN=Organisationsheinheit DN
employeeNumber=Mitarbeiternummer
error.insufficieant.attributes=Erforderliche Shibboleth Attribute\: Shib-SwissEP-UniqueID, Shib-InetOrgPerson-givenName, Shib-Person-surname, Shib-InetOrgPerson-mail, Shib-SwissEP-HomeOrganization
+error.shibboleth.not.authorized=Sie d\u00FCrfen nicht auf OpenOLAT einloggen.
error.shibboleth.generic=Shibboleth Fehler. Melden Sie sich nochmals an\!
error.shibboleth.head=OLAT - Online Learning And Training - Error
error.unqueid.notfound=Haben Sie eine Zugangsberechtigung f\u00FCr OpenOLAT? Wenn ja, versuchen Sie bitte nochmals, sich einzuloggen.
diff --git a/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_en.properties b/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_en.properties
index c968137222151a487c4b600471749a8a382ddc2d..6ba28acbfc7a977ad237a36900dc073b78669000 100644
--- a/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_en.properties
+++ b/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_en.properties
@@ -1,4 +1,13 @@
#Sun Jan 23 15:52:39 CET 2011
+admin.ac.attribute=Activate attribute access control
+admin.ac.attribute.1=Shibboleth attribute 1
+admin.ac.attribute.2=Shibboleth attribute 2
+admin.ac.value.1=Allowed values
+admin.ac.value.2=Allowed values
+admin.description=Use the forms below to configure optional authorization rules. this is usefull when you want to restrict access to this OpenOLAT resource provider based on Shibboleth attributes because not all users which successfully authenticated against your IDP are allowed to access this resource. If one of the rule below matches, the user is authorized to access this OpenOLAT installation (OR conjunction). If the user does not have the necessary attributes, access is denied.
+admin.menu.shibboleth=Shibboleth
+admin.menu.shibboleth.desc=Shibboleth
+admin.title=Shibboleth auhorization
authentication.provider.description=Are you a member of an institutions that uses Shibboleth authentication?
authentication.provider.linkText=Login with Shibboleth account
chelp.help-shib-login1.title=OLAT login
@@ -22,6 +31,7 @@ eduPersonEntitlement=Authorization
eduPersonOrgUnitDN=Organization unit DN
employeeNumber=Employee identification number
error.insufficieant.attributes=Mandatory Shibboleth attributes\: Shib-SwissEP-UniqueID, Shib-InetOrgPerson-givenName, Shib-Person-surname, Shib-InetOrgPerson-mail, Shib-SwissEP-HomeOrganization
+error.shibboleth.not.authorized=You are not authorized to log in OpenOLAT.
error.shibboleth.generic=A Shibboleth error occured. Please log in again\!
error.shibboleth.head=OLAT - Online Learning And Training - Error
error.unqueid.notfound=Are you really entitled to access OLAT? If so, please log in again.
diff --git a/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_fr.properties b/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_fr.properties
index 927a04c1bd1371400077a0205551a248630c5676..2dcd05696d43f36d732d5b77123eef722de263d7 100644
--- a/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_fr.properties
+++ b/src/main/java/org/olat/shibboleth/_i18n/LocalStrings_fr.properties
@@ -49,7 +49,7 @@ sr.error.loginexists=Le nom d'utilisateur existe d\u00E9j\u00E0. <br>Si vous vou
sr.header=Enregistrement
sr.intro=Veuillez choisir un nom d'utilisateur sous lequel vous voulez travailler dans OLAT. <br>Attention\:</br> Ce nom ne peut plus \u00EAtre modifi\u00E9 par la suite\!
sr.login.meantimetaken=Le nom d'utilisateur choisi est d\u00E9j\u00E0 enregistr\u00E9. Veuillez choisir un autre nom d'utilisateur.
-sr.select_language=S\u00E9lectionnez la langue pour l'enregistrement \u00E0 OLAT et votre comte d'utilisateur. Vous pouvez adapter la langue plus tard dans votre profil d'utilisateur. Ensuite vous serez guid\u00E9 \u00E0 travers le processus d'enregistrement.
+sr.select_language=S\u00E9lectionnez la langue pour l'enregistrement \u00E0 OLAT et votre compte d'utilisateur. Vous pouvez adapter la langue plus tard dans votre profil d'utilisateur. Ensuite vous serez guid\u00E9 \u00E0 travers le processus d'enregistrement.
srf.email=Adresse e-mail
srf.error.blacklist=Le nom d'utilisateur choisi n'a pas \u00E9t\u00E9 accept\u00E9.
srf.error.email.badcharacters=L'adresse e-mail ne doit pas comporter des caract\u00E8res comme <,>,",',, ni des espaces, ni des tablatures.
diff --git a/src/main/java/org/olat/shibboleth/_spring/shibbolethContext.xml b/src/main/java/org/olat/shibboleth/_spring/shibbolethContext.xml
index 955e7dbba6ad2ad39b08b0424020b79e29412cf6..a2b5f9d3feb26c0743955ad8e70f74bb28c56606 100644
--- a/src/main/java/org/olat/shibboleth/_spring/shibbolethContext.xml
+++ b/src/main/java/org/olat/shibboleth/_spring/shibbolethContext.xml
@@ -1,65 +1,62 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans.xsd">
+ http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context.xsd">
-<bean id="shibbolethModule" class="org.olat.shibboleth.ShibbolethModule">
-<property name="attributeTranslator" ref="attributeTranslator" />
-<!-- Define the template of the ShibbolethAuthenticationController.java (without .html) -->
-<property name="loginTemplate" value="shibbolethlogin" />
-<!-- Define the template of the DefaultShibbolethAuthenticationController.java (without .html) -->
-<property name="loginTemplateDefault" value="default_shibbolethlogin" />
-<property name="operators">
- <list>
- <value>isin</value>
- <value>isnotin</value>
- <value>has</value>
- <value>hasnot</value>
- <value>startswith</value>
- <value>endswith</value>
- </list>
-</property>
-<property name="userMapping">
- <map>
- <entry key="FirstName" value="Shib-InetOrgPerson-givenName" />
- <entry key="LastName" value="Shib-Person-surname" />
- <entry key="EMail" value="Shib-InetOrgPerson-mail" />
- <entry key="InstitutionalName" value="Shib-SwissEP-HomeOrganization" />
- <entry key="InstitutionalEMail" value="Shib-InetOrgPerson-mail" />
- <entry key="InstitutionalUserIdentifier" value="Shib-InetOrgPerson-employeeNumber" />
- <!-- <entry key="PreferedLanguage" value="" />-->
- </map>
-</property>
-
-<property name="persistedProperties">
- <bean class="org.olat.core.configuration.PersistedProperties" scope="prototype" init-method="init" destroy-method="destroy">
- <constructor-arg index="0" ref="coordinatorManager"/>
- <constructor-arg index="1" ref="shibbolethModule" />
- </bean>
-</property>
-</bean>
-
- <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
- <property name="targetObject" ref="shibbolethModule" />
- <property name="targetMethod" value="init" />
- <property name="arguments">
- <value>
- <!-- Enable/disable shibboleth logins. Make sure to enable/disable the Shibboleth authentication provider aswell. -->
- EnableShibbolethLogins=${shibboleth.enable}
-
- <!--
- enable sending language with specified parameter name in the AAI get request.
- Used to display a localized AAI login page, where the language is taken from the olats login page.
- -->
- UseLanguageInRequest=${language.enable}
- LanguageParamName=${language.param}
- defaultUIDAttribute=${shibboleth.defaultUID}
- </value>
- </property>
-</bean>
+ <context:component-scan base-package="org.olat.shibboleth" />
+
+ <!-- Shibboleth admin. panel -->
+ <bean class="org.olat.core.extensions.action.GenericActionExtension" id="sysadmin.menupoint.syscfg.shibbolethcfg" init-method="initExtensionPoints">
+ <property name="order" value="8830" />
+ <property name="enabled" value="${shibboleth.enable}" />
+ <property name="actionController">
+ <bean class="org.olat.core.gui.control.creator.AutoCreator" scope="prototype">
+ <property name="className" value="org.olat.shibboleth.ShibbolethAdminController"/>
+ </bean>
+ </property>
+ <property name="navigationKey" value="shibbolethadmin" />
+ <property name="i18nActionKey" value="admin.menu.shibboleth"/>
+ <property name="i18nDescriptionKey" value="admin.menu.shibboleth.desc"/>
+ <property name="translationPackage" value="org.olat.shibboleth"/>
+ <property name="extensionPoints">
+ <list>
+ <value>org.olat.admin.SystemAdminMainController</value>
+ </list>
+ </property>
+ <property name="parentTreeNodeIdentifier" value="loginAndSecurityParent" />
+ </bean>
+ <bean name="shibbolethOperators" class="java.util.ArrayList" scope="prototype" >
+ <constructor-arg>
+ <list>
+ <value>isin</value>
+ <value>isnotin</value>
+ <value>has</value>
+ <value>hasnot</value>
+ <value>startswith</value>
+ <value>endswith</value>
+ </list>
+ </constructor-arg>
+ </bean>
+
+ <bean name="shibbolethUserMapping" class="java.util.HashMap" scope="prototype" >
+ <constructor-arg>
+ <map key-type="java.lang.String" value-type="java.lang.String">
+ <entry key="FirstName" value="Shib-InetOrgPerson-givenName" />
+ <entry key="LastName" value="Shib-Person-surname" />
+ <entry key="EMail" value="Shib-InetOrgPerson-mail" />
+ <entry key="InstitutionalName" value="Shib-SwissEP-HomeOrganization" />
+ <entry key="InstitutionalEMail" value="Shib-InetOrgPerson-mail" />
+ <entry key="InstitutionalUserIdentifier" value="Shib-InetOrgPerson-employeeNumber" />
+ <!-- <entry key="PreferedLanguage" value="" /> -->
+ </map>
+ </constructor-arg>
+ </bean>
<bean id="attributeTranslator" class="org.olat.shibboleth.util.AttributeTranslator" >
<property name="attributeTranslations">
@@ -556,17 +553,17 @@
</property>
</bean>
-<bean id="switchShibbolethAuthenticationConfigurator" class="org.olat.shibboleth.SwitchShibbolethAuthenticationConfigurator">
+ <bean id="switchShibbolethAuthenticationConfigurator" class="org.olat.shibboleth.SwitchShibbolethAuthenticationConfigurator">
<property name="wayfSPEntityID" value="${shibboleth.wayfSPEntityID}" />
<property name="wayfSPHandlerURL" value="${shibboleth.wayfSPHandlerURL}" />
<property name="wayfSPSamlDSURL" value="${shibboleth.wayfSPSamlDSURL}" />
<property name="wayfReturnUrl" value="${shibboleth.wayfReturnUrl}" />
<property name="wayfReturnMobileUrl" value="${shibboleth.wayfReturnMobileUrl}" />
<property name="additionalIdentityProviders" value="${shibboleth.wayf.additionalIDPs}" />
-</bean>
+ </bean>
-<bean id="registrationPresetUsername.byShibbolethAttribute"
- class="org.olat.shibboleth.ShibbolethUserNameFromAttributeUserNameCreationInterceptor" lazy-init="true">
+ <bean id="registrationPresetUsername.byShibbolethAttribute"
+ class="org.olat.shibboleth.ShibbolethUserNameFromAttributeUserNameCreationInterceptor" lazy-init="true">
<property name="allowChangeOfUsername" value="${registration.preset.username.allowChanges}"/>
<property name="shibUsernameAttr" value="${registration.preset.username.shibbolethAttribute}"/>
<property name="regexp">
@@ -574,6 +571,6 @@
<value>^[^@]*</value>
</list>
</property>
-</bean>
+ </bean>
</beans>
\ No newline at end of file