diff --git a/.mvn/extensions.xml b/.mvn/extensions.xml
index 0fa026d33a..01a3142452 100644
--- a/.mvn/extensions.xml
+++ b/.mvn/extensions.xml
@@ -21,6 +21,6 @@ under the License.
org.apache.maven.extensions
maven-build-cache-extension
- 1.2.2
+ 1.2.3
diff --git a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
index 480b9c5d50..bc98659487 100644
--- a/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
+++ b/client/am/console/src/main/java/org/apache/syncope/client/console/clientapps/ClientAppModalPanelBuilder.java
@@ -20,6 +20,7 @@
import jakarta.ws.rs.core.MediaType;
import java.nio.charset.StandardCharsets;
+import java.time.Duration;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Comparator;
@@ -91,12 +92,29 @@
import org.apache.wicket.model.Model;
import org.apache.wicket.model.PropertyModel;
import org.apache.wicket.model.util.ListModel;
+import org.apache.wicket.validation.IValidatable;
+import org.apache.wicket.validation.IValidator;
+import org.apache.wicket.validation.ValidationError;
import org.apache.wicket.validation.validator.UrlValidator;
public class ClientAppModalPanelBuilder extends AbstractModalPanelBuilder {
private static final long serialVersionUID = 5945391813567245081L;
+ protected static class DurationValidator implements IValidator {
+
+ private static final long serialVersionUID = 3978328825079032964L;
+
+ @Override
+ public void validate(final IValidatable validatable) {
+ try {
+ Duration.parse(validatable.getValue());
+ } catch (Exception e) {
+ validatable.error(new ValidationError(this));
+ }
+ }
+ }
+
protected final IModel> accessPolicies = new LoadableDetachableModel<>() {
private static final long serialVersionUID = -2012833443695917883L;
@@ -522,44 +540,44 @@ public String getObject() {
new PropertyModel<>(clientAppTO, "metadataSignatureLocation"), false));
AjaxDropDownChoicePanel metadataCriteriaDirection =
- new AjaxDropDownChoicePanel<>(
- "field", "metadataCriteriaDirection",
- new PropertyModel<>(clientAppTO, "metadataCriteriaDirection"),
- false);
+ new AjaxDropDownChoicePanel<>(
+ "field", "metadataCriteriaDirection",
+ new PropertyModel<>(clientAppTO, "metadataCriteriaDirection"),
+ false);
metadataCriteriaDirection.setChoices(List.of(MetadataCriteriaDirection.values()));
fields.add(metadataCriteriaDirection);
fields.add(new AjaxTextFieldPanel(
- "field", "metadataCriteriaPattern",
- new PropertyModel<>(clientAppTO, "metadataCriteriaPattern"), false));
+ "field", "metadataCriteriaPattern",
+ new PropertyModel<>(clientAppTO, "metadataCriteriaPattern"), false));
fields.add(new AjaxTextFieldPanel(
- "field", "subjectLocality",
- new PropertyModel<>(clientAppTO, "subjectLocality"), false));
+ "field", "subjectLocality",
+ new PropertyModel<>(clientAppTO, "subjectLocality"), false));
AjaxDropDownChoicePanel signingCredentialType =
- new AjaxDropDownChoicePanel<>(
- "field", "signingCredentialType",
- new PropertyModel<>(clientAppTO, "signingCredentialType"),
- false);
+ new AjaxDropDownChoicePanel<>(
+ "field", "signingCredentialType",
+ new PropertyModel<>(clientAppTO, "signingCredentialType"),
+ false);
signingCredentialType.setChoices(List.of(SigningCredentialType.values()));
fields.add(signingCredentialType);
AjaxDropDownChoicePanel logoutResponseBinding =
- new AjaxDropDownChoicePanel<>(
- "field", "logoutResponseBinding",
- new PropertyModel<>(clientAppTO, "logoutResponseBinding"),
- false);
+ new AjaxDropDownChoicePanel<>(
+ "field", "logoutResponseBinding",
+ new PropertyModel<>(clientAppTO, "logoutResponseBinding"),
+ false);
logoutResponseBinding.setChoices(List.of(SAML2BindingType.values()));
fields.add(logoutResponseBinding);
fields.add(new AjaxCheckBoxPanel(
- "field", "logoutResponseEnabled",
- new PropertyModel<>(clientAppTO, "logoutResponseEnabled")));
+ "field", "logoutResponseEnabled",
+ new PropertyModel<>(clientAppTO, "logoutResponseEnabled")));
fields.add(new AjaxCheckBoxPanel(
- "field", "requireSignedRoot",
- new PropertyModel<>(clientAppTO, "requireSignedRoot")));
+ "field", "requireSignedRoot",
+ new PropertyModel<>(clientAppTO, "requireSignedRoot")));
fields.add(new AjaxCheckBoxPanel(
"field", "signAssertions", new PropertyModel<>(clientAppTO, "signAssertions")));
@@ -574,76 +592,76 @@ public String getObject() {
"field", "encryptAssertions", new PropertyModel<>(clientAppTO, "encryptAssertions")));
fields.add(new AjaxCheckBoxPanel(
- "field", "encryptAttributes",
- new PropertyModel<>(clientAppTO, "encryptAttributes")));
-
+ "field", "encryptAttributes",
+ new PropertyModel<>(clientAppTO, "encryptAttributes")));
+
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingAssertionNameId",
- new PropertyModel<>(clientAppTO, "skipGeneratingAssertionNameId")));
+ "field", "skipGeneratingAssertionNameId",
+ new PropertyModel<>(clientAppTO, "skipGeneratingAssertionNameId")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingSubjectConfirmationInResponseTo",
- new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationInResponseTo")));
+ "field", "skipGeneratingSubjectConfirmationInResponseTo",
+ new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationInResponseTo")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingResponseInResponseTo",
- new PropertyModel<>(clientAppTO, "skipGeneratingResponseInResponseTo")));
+ "field", "skipGeneratingResponseInResponseTo",
+ new PropertyModel<>(clientAppTO, "skipGeneratingResponseInResponseTo")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingSubjectConfirmationNotOnOrAfter",
- new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNotOnOrAfter")));
+ "field", "skipGeneratingSubjectConfirmationNotOnOrAfter",
+ new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNotOnOrAfter")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingSubjectConfirmationRecipient",
- new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationRecipient")));
+ "field", "skipGeneratingSubjectConfirmationRecipient",
+ new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationRecipient")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingSubjectConfirmationRecipient",
- new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationRecipient")));
+ "field", "skipGeneratingSubjectConfirmationRecipient",
+ new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationRecipient")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingSubjectConfirmationAddress",
- new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationAddress")));
+ "field", "skipGeneratingSubjectConfirmationAddress",
+ new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationAddress")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingSubjectConfirmationNotBefore",
- new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNotBefore")));
+ "field", "skipGeneratingSubjectConfirmationNotBefore",
+ new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNotBefore")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingSubjectConfirmationNameId",
- new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNameId")));
+ "field", "skipGeneratingSubjectConfirmationNameId",
+ new PropertyModel<>(clientAppTO, "skipGeneratingSubjectConfirmationNameId")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingNameIdQualifiers",
- new PropertyModel<>(clientAppTO, "skipGeneratingNameIdQualifiers")));
+ "field", "skipGeneratingNameIdQualifiers",
+ new PropertyModel<>(clientAppTO, "skipGeneratingNameIdQualifiers")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingTransientNameId",
- new PropertyModel<>(clientAppTO, "skipGeneratingTransientNameId")));
+ "field", "skipGeneratingTransientNameId",
+ new PropertyModel<>(clientAppTO, "skipGeneratingTransientNameId")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipValidatingAuthnRequest",
- new PropertyModel<>(clientAppTO, "skipValidatingAuthnRequest")));
+ "field", "skipValidatingAuthnRequest",
+ new PropertyModel<>(clientAppTO, "skipValidatingAuthnRequest")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingServiceProviderNameIdQualifier",
- new PropertyModel<>(clientAppTO, "skipGeneratingServiceProviderNameIdQualifier")));
+ "field", "skipGeneratingServiceProviderNameIdQualifier",
+ new PropertyModel<>(clientAppTO, "skipGeneratingServiceProviderNameIdQualifier")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingAuthenticatingAuthority",
- new PropertyModel<>(clientAppTO, "skipGeneratingAuthenticatingAuthority")));
+ "field", "skipGeneratingAuthenticatingAuthority",
+ new PropertyModel<>(clientAppTO, "skipGeneratingAuthenticatingAuthority")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingNameIdQualifier",
- new PropertyModel<>(clientAppTO, "skipGeneratingNameIdQualifier")));
+ "field", "skipGeneratingNameIdQualifier",
+ new PropertyModel<>(clientAppTO, "skipGeneratingNameIdQualifier")));
fields.add(new AjaxCheckBoxPanel(
- "field", "skipGeneratingSessionNotOnOrAfter",
- new PropertyModel<>(clientAppTO, "skipGeneratingSessionNotOnOrAfter")));
+ "field", "skipGeneratingSessionNotOnOrAfter",
+ new PropertyModel<>(clientAppTO, "skipGeneratingSessionNotOnOrAfter")));
fields.add(new AjaxCheckBoxPanel(
- "field", "validateMetadataCertificates",
- new PropertyModel<>(clientAppTO, "validateMetadataCertificates")));
+ "field", "validateMetadataCertificates",
+ new PropertyModel<>(clientAppTO, "validateMetadataCertificates")));
fields.add(new AjaxTextFieldPanel(
"field", "requiredAuthenticationContextClass",
@@ -656,9 +674,15 @@ public String getObject() {
requiredNameIdFormat.addRequiredLabel().setEnabled(true);
fields.add(requiredNameIdFormat);
- fields.add(new AjaxNumberFieldPanel.Builder().min(0).build(
- "field", "skewAllowance", Integer.class,
- new PropertyModel<>(clientAppTO, "skewAllowance")));
+ AjaxTextFieldPanel skewAllowance = new AjaxTextFieldPanel(
+ "field", "skewAllowance", new PropertyModel<>(clientAppTO, "skewAllowance"), false);
+ skewAllowance.addValidator(new DurationValidator());
+ fields.add(skewAllowance);
+
+ AjaxTextFieldPanel validityUntil = new AjaxTextFieldPanel(
+ "field", "validityUntil", new PropertyModel<>(clientAppTO, "validityUntil"), false);
+ validityUntil.addValidator(new DurationValidator());
+ fields.add(validityUntil);
fields.add(new AjaxTextFieldPanel(
"field", "nameIdQualifier", new PropertyModel<>(clientAppTO, "nameIdQualifier"), false));
diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
index a8f51846ac..bdc0ffef1b 100644
--- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
+++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel.properties
@@ -106,3 +106,4 @@ userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
evaluationOrder=Evaluation Order
idp=Identity Provider
+validityUntil=Validity Until
diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
index 2c3e428cdc..3d7316bf5b 100644
--- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
+++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_fr_CA.properties
@@ -106,3 +106,4 @@ userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
evaluationOrder=Evaluation Order
idp=Identity Provider
+validityUntil=Validity Until
diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
index d4123f56c6..96dcd2705c 100644
--- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
+++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_it.properties
@@ -106,3 +106,4 @@ userInfoEncryptedResponseAlg=Algoritmo di cifratura risposta UserInfo
userInfoEncryptedResponseEncoding=Codifica di cifratura risposta UserInfo
evaluationOrder=Ordine di valutazione
idp=Identity Provider
+validityUntil=Validit\u00e0
diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
index 06aa5f2737..fd95fba6ae 100644
--- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
+++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ja.properties
@@ -106,3 +106,4 @@ userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
evaluationOrder=Evaluation Order
idp=Identity Provider
+validityUntil=Validity Until
diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
index ceaecd955c..a1f4bdd85d 100644
--- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
+++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_pt_BR.properties
@@ -106,3 +106,4 @@ userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
evaluationOrder=Evaluation Order
idp=Identity Provider
+validityUntil=Validity Until
diff --git a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
index 1284cc9602..393ce1f407 100644
--- a/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
+++ b/client/am/console/src/main/resources/org/apache/syncope/client/console/clientapps/ClientAppDirectoryPanel_ru.properties
@@ -107,3 +107,4 @@ userInfoEncryptedResponseAlg=UserInfo Encrypted Response Algorithm
userInfoEncryptedResponseEncoding=UserInfo Encrypted Response Encoding
evaluationOrder=Evaluation Order
idp=Identity Provider
+validityUntil=Validity Until
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java
index 2c3f63c230..87f2782d49 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/SAML2SPClientAppTO.java
@@ -51,7 +51,7 @@ public class SAML2SPClientAppTO extends ClientAppTO {
private SigningCredentialType signingCredentialType;
- private SAML2BindingType logoutResponseBinding;
+ private SAML2BindingType logoutResponseBinding;
private boolean signAssertions;
@@ -103,7 +103,15 @@ public class SAML2SPClientAppTO extends ClientAppTO {
private SAML2SPNameId requiredNameIdFormat;
- private Integer skewAllowance;
+ /**
+ * This settings supports the java.time.Duration syntax.
+ */
+ private String skewAllowance;
+
+ /**
+ * This settings supports the java.time.Duration syntax.
+ */
+ private String validityUntil;
private String nameIdQualifier;
@@ -272,7 +280,7 @@ public boolean isSkipGeneratingSubjectConfirmationInResponseTo() {
}
public void setSkipGeneratingSubjectConfirmationInResponseTo(
- final boolean skipGeneratingSubjectConfirmationInResponseTo) {
+ final boolean skipGeneratingSubjectConfirmationInResponseTo) {
this.skipGeneratingSubjectConfirmationInResponseTo = skipGeneratingSubjectConfirmationInResponseTo;
}
@@ -289,7 +297,7 @@ public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() {
}
public void setSkipGeneratingSubjectConfirmationNotOnOrAfter(
- final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
+ final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
this.skipGeneratingSubjectConfirmationNotOnOrAfter = skipGeneratingSubjectConfirmationNotOnOrAfter;
}
@@ -298,7 +306,7 @@ public boolean isSkipGeneratingSubjectConfirmationRecipient() {
}
public void setSkipGeneratingSubjectConfirmationRecipient(
- final boolean skipGeneratingSubjectConfirmationRecipient) {
+ final boolean skipGeneratingSubjectConfirmationRecipient) {
this.skipGeneratingSubjectConfirmationRecipient = skipGeneratingSubjectConfirmationRecipient;
}
@@ -315,7 +323,7 @@ public boolean isSkipGeneratingSubjectConfirmationNotBefore() {
}
public void setSkipGeneratingSubjectConfirmationNotBefore(
- final boolean skipGeneratingSubjectConfirmationNotBefore) {
+ final boolean skipGeneratingSubjectConfirmationNotBefore) {
this.skipGeneratingSubjectConfirmationNotBefore = skipGeneratingSubjectConfirmationNotBefore;
}
@@ -356,7 +364,7 @@ public boolean isSkipGeneratingServiceProviderNameIdQualifier() {
}
public void setSkipGeneratingServiceProviderNameIdQualifier(
- final boolean skipGeneratingServiceProviderNameIdQualifier) {
+ final boolean skipGeneratingServiceProviderNameIdQualifier) {
this.skipGeneratingServiceProviderNameIdQualifier = skipGeneratingServiceProviderNameIdQualifier;
}
@@ -408,14 +416,22 @@ public void setRequiredNameIdFormat(final SAML2SPNameId requiredNameIdFormat) {
this.requiredNameIdFormat = requiredNameIdFormat;
}
- public Integer getSkewAllowance() {
+ public String getSkewAllowance() {
return skewAllowance;
}
- public void setSkewAllowance(final Integer skewAllowance) {
+ public void setSkewAllowance(final String skewAllowance) {
this.skewAllowance = skewAllowance;
}
+ public String getValidityUntil() {
+ return validityUntil;
+ }
+
+ public void setValidityUntil(final String validityUntil) {
+ this.validityUntil = validityUntil;
+ }
+
public String getNameIdQualifier() {
return nameIdQualifier;
}
@@ -490,10 +506,10 @@ public boolean equals(final Object obj) {
.append(this.encryptAttributes, rhs.encryptAttributes)
.append(this.skipGeneratingAssertionNameId, rhs.skipGeneratingAssertionNameId)
.append(this.skipGeneratingSubjectConfirmationInResponseTo,
- rhs.skipGeneratingSubjectConfirmationInResponseTo)
+ rhs.skipGeneratingSubjectConfirmationInResponseTo)
.append(this.skipGeneratingResponseInResponseTo, rhs.skipGeneratingResponseInResponseTo)
.append(this.skipGeneratingSubjectConfirmationNotOnOrAfter,
- rhs.skipGeneratingSubjectConfirmationNotOnOrAfter)
+ rhs.skipGeneratingSubjectConfirmationNotOnOrAfter)
.append(this.skipGeneratingSubjectConfirmationRecipient, rhs.skipGeneratingSubjectConfirmationRecipient)
.append(this.skipGeneratingSubjectConfirmationAddress, rhs.skipGeneratingSubjectConfirmationAddress)
.append(this.skipGeneratingSubjectConfirmationNotBefore, rhs.skipGeneratingSubjectConfirmationNotBefore)
@@ -502,7 +518,7 @@ public boolean equals(final Object obj) {
.append(this.skipGeneratingTransientNameId, rhs.skipGeneratingTransientNameId)
.append(this.skipValidatingAuthnRequest, rhs.skipValidatingAuthnRequest)
.append(this.skipGeneratingServiceProviderNameIdQualifier,
- rhs.skipGeneratingServiceProviderNameIdQualifier)
+ rhs.skipGeneratingServiceProviderNameIdQualifier)
.append(this.skipGeneratingAuthenticatingAuthority, rhs.skipGeneratingAuthenticatingAuthority)
.append(this.skipGeneratingNameIdQualifier, rhs.skipGeneratingNameIdQualifier)
.append(this.skipGeneratingSessionNotOnOrAfter, rhs.skipGeneratingSessionNotOnOrAfter)
@@ -511,6 +527,7 @@ public boolean equals(final Object obj) {
.append(this.requiredAuthenticationContextClass, rhs.requiredAuthenticationContextClass)
.append(this.requiredNameIdFormat, rhs.requiredNameIdFormat)
.append(this.skewAllowance, rhs.skewAllowance)
+ .append(this.validityUntil, rhs.validityUntil)
.append(this.nameIdQualifier, rhs.nameIdQualifier)
.append(this.assertionAudiences, rhs.assertionAudiences)
.append(this.serviceProviderNameIdQualifier, rhs.serviceProviderNameIdQualifier)
@@ -561,6 +578,7 @@ public int hashCode() {
.append(requiredAuthenticationContextClass)
.append(requiredNameIdFormat)
.append(skewAllowance)
+ .append(validityUntil)
.append(nameIdQualifier)
.append(assertionAudiences)
.append(serviceProviderNameIdQualifier)
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java
index 1cde400d76..5a9d879197 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/am/SAML2SPClientApp.java
@@ -100,7 +100,7 @@ public interface SAML2SPClientApp extends ClientApp {
boolean isSkipGeneratingSubjectConfirmationInResponseTo();
void setSkipGeneratingSubjectConfirmationInResponseTo(boolean skipGeneratingSubjectConfirmationInResponseTo);
-
+
boolean isSkipGeneratingResponseInResponseTo();
void setSkipGeneratingResponseInResponseTo(boolean skipGeneratingResponseInResponseTo);
@@ -165,9 +165,13 @@ public interface SAML2SPClientApp extends ClientApp {
SAML2SPNameId getRequiredNameIdFormat();
- void setSkewAllowance(Integer location);
+ void setSkewAllowance(String skewAllowance);
+
+ String getSkewAllowance();
+
+ void setValidityUntil(String validityUntil);
- Integer getSkewAllowance();
+ String getValidityUntil();
void setNameIdQualifier(String location);
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java
index 3b3635204c..6de6d2622a 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/am/JPASAML2SPClientApp.java
@@ -70,7 +70,7 @@ public class JPASAML2SPClientApp extends AbstractClientApp implements SAML2SPCli
private boolean encryptAttributes;
private boolean skipGeneratingAssertionNameId;
-
+
private boolean logoutResponseEnable;
@Column(name = "skipGeneSubjectConfInRespTo")
@@ -118,7 +118,9 @@ public class JPASAML2SPClientApp extends AbstractClientApp implements SAML2SPCli
private SAML2SPNameId requiredNameIdFormat;
- private Integer skewAllowance;
+ private String skewAllowance;
+
+ private String validityUntil;
private String nameIdQualifier;
@@ -262,7 +264,7 @@ public String getMetadataCriteriaPattern() {
@Override
public void setSubjectLocality(final String subjectLocality) {
- this.subjectLocality = subjectLocality;
+ this.subjectLocality = subjectLocality;
}
@Override
@@ -352,7 +354,7 @@ public boolean isSkipGeneratingSubjectConfirmationInResponseTo() {
@Override
public void setSkipGeneratingSubjectConfirmationInResponseTo(
- final boolean skipGeneratingSubjectConfirmationInResponseTo) {
+ final boolean skipGeneratingSubjectConfirmationInResponseTo) {
this.skipGeneratingSubjectConfirmationInResponseTo = skipGeneratingSubjectConfirmationInResponseTo;
}
@@ -373,7 +375,7 @@ public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() {
@Override
public void setSkipGeneratingSubjectConfirmationNotOnOrAfter(
- final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
+ final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
this.skipGeneratingSubjectConfirmationNotOnOrAfter = skipGeneratingSubjectConfirmationNotOnOrAfter;
}
@@ -384,7 +386,7 @@ public boolean isSkipGeneratingSubjectConfirmationRecipient() {
@Override
public void setSkipGeneratingSubjectConfirmationRecipient(
- final boolean skipGeneratingSubjectConfirmationRecipient) {
+ final boolean skipGeneratingSubjectConfirmationRecipient) {
this.skipGeneratingSubjectConfirmationRecipient = skipGeneratingSubjectConfirmationRecipient;
}
@@ -405,7 +407,7 @@ public boolean isSkipGeneratingSubjectConfirmationNotBefore() {
@Override
public void setSkipGeneratingSubjectConfirmationNotBefore(
- final boolean skipGeneratingSubjectConfirmationNotBefore) {
+ final boolean skipGeneratingSubjectConfirmationNotBefore) {
this.skipGeneratingSubjectConfirmationNotBefore = skipGeneratingSubjectConfirmationNotBefore;
}
@@ -456,7 +458,7 @@ public boolean isSkipGeneratingServiceProviderNameIdQualifier() {
@Override
public void setSkipGeneratingServiceProviderNameIdQualifier(
- final boolean skipGeneratingServiceProviderNameIdQualifier) {
+ final boolean skipGeneratingServiceProviderNameIdQualifier) {
this.skipGeneratingServiceProviderNameIdQualifier = skipGeneratingServiceProviderNameIdQualifier;
}
@@ -521,15 +523,25 @@ public void setRequiredNameIdFormat(final SAML2SPNameId requiredNameIdFormat) {
}
@Override
- public Integer getSkewAllowance() {
+ public String getSkewAllowance() {
return skewAllowance;
}
@Override
- public void setSkewAllowance(final Integer skewAllowance) {
+ public void setSkewAllowance(final String skewAllowance) {
this.skewAllowance = skewAllowance;
}
+ @Override
+ public String getValidityUntil() {
+ return validityUntil;
+ }
+
+ @Override
+ public void setValidityUntil(final String validityUntil) {
+ this.validityUntil = validityUntil;
+ }
+
@Override
public String getNameIdQualifier() {
return nameIdQualifier;
diff --git a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java
index 3f9c120455..dbc9fcbe2e 100644
--- a/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java
+++ b/core/persistence-neo4j/src/main/java/org/apache/syncope/core/persistence/neo4j/entity/am/Neo4jSAML2SPClientApp.java
@@ -113,7 +113,9 @@ public class Neo4jSAML2SPClientApp extends AbstractClientApp implements SAML2SPC
private SAML2SPNameId requiredNameIdFormat;
- private Integer skewAllowance;
+ private String skewAllowance;
+
+ private String validityUntil;
private String nameIdQualifier;
@@ -337,7 +339,7 @@ public boolean isSkipGeneratingSubjectConfirmationInResponseTo() {
@Override
public void setSkipGeneratingSubjectConfirmationInResponseTo(
- final boolean skipGeneratingSubjectConfirmationInResponseTo) {
+ final boolean skipGeneratingSubjectConfirmationInResponseTo) {
this.skipGeneratingSubjectConfirmationInResponseTo = skipGeneratingSubjectConfirmationInResponseTo;
}
@@ -358,7 +360,7 @@ public boolean isSkipGeneratingSubjectConfirmationNotOnOrAfter() {
@Override
public void setSkipGeneratingSubjectConfirmationNotOnOrAfter(
- final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
+ final boolean skipGeneratingSubjectConfirmationNotOnOrAfter) {
this.skipGeneratingSubjectConfirmationNotOnOrAfter = skipGeneratingSubjectConfirmationNotOnOrAfter;
}
@@ -369,7 +371,7 @@ public boolean isSkipGeneratingSubjectConfirmationRecipient() {
@Override
public void setSkipGeneratingSubjectConfirmationRecipient(
- final boolean skipGeneratingSubjectConfirmationRecipient) {
+ final boolean skipGeneratingSubjectConfirmationRecipient) {
this.skipGeneratingSubjectConfirmationRecipient = skipGeneratingSubjectConfirmationRecipient;
}
@@ -390,7 +392,7 @@ public boolean isSkipGeneratingSubjectConfirmationNotBefore() {
@Override
public void setSkipGeneratingSubjectConfirmationNotBefore(
- final boolean skipGeneratingSubjectConfirmationNotBefore) {
+ final boolean skipGeneratingSubjectConfirmationNotBefore) {
this.skipGeneratingSubjectConfirmationNotBefore = skipGeneratingSubjectConfirmationNotBefore;
}
@@ -441,7 +443,7 @@ public boolean isSkipGeneratingServiceProviderNameIdQualifier() {
@Override
public void setSkipGeneratingServiceProviderNameIdQualifier(
- final boolean skipGeneratingServiceProviderNameIdQualifier) {
+ final boolean skipGeneratingServiceProviderNameIdQualifier) {
this.skipGeneratingServiceProviderNameIdQualifier = skipGeneratingServiceProviderNameIdQualifier;
}
@@ -506,15 +508,25 @@ public void setRequiredNameIdFormat(final SAML2SPNameId requiredNameIdFormat) {
}
@Override
- public Integer getSkewAllowance() {
+ public String getSkewAllowance() {
return skewAllowance;
}
@Override
- public void setSkewAllowance(final Integer skewAllowance) {
+ public void setSkewAllowance(final String skewAllowance) {
this.skewAllowance = skewAllowance;
}
+ @Override
+ public String getValidityUntil() {
+ return validityUntil;
+ }
+
+ @Override
+ public void setValidityUntil(final String validityUntil) {
+ this.validityUntil = validityUntil;
+ }
+
@Override
public String getNameIdQualifier() {
return nameIdQualifier;
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
index 753c6a4804..f5851bcb84 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/ClientAppDataBinderImpl.java
@@ -148,21 +148,21 @@ protected void doUpdate(final SAML2SPClientApp clientApp, final SAML2SPClientApp
clientApp.setEncryptAttributes(clientAppTO.isEncryptAttributes());
clientApp.setSkipGeneratingAssertionNameId(clientAppTO.isSkipGeneratingAssertionNameId());
clientApp.setSkipGeneratingSubjectConfirmationInResponseTo(
- clientAppTO.isSkipGeneratingSubjectConfirmationInResponseTo());
+ clientAppTO.isSkipGeneratingSubjectConfirmationInResponseTo());
clientApp.setSkipGeneratingResponseInResponseTo(clientAppTO.isSkipGeneratingResponseInResponseTo());
clientApp.setSkipGeneratingSubjectConfirmationNotOnOrAfter(
- clientAppTO.isSkipGeneratingSubjectConfirmationNotOnOrAfter());
+ clientAppTO.isSkipGeneratingSubjectConfirmationNotOnOrAfter());
clientApp.setSkipGeneratingSubjectConfirmationRecipient(
- clientAppTO.isSkipGeneratingSubjectConfirmationRecipient());
+ clientAppTO.isSkipGeneratingSubjectConfirmationRecipient());
clientApp.setSkipGeneratingSubjectConfirmationAddress(clientAppTO.isSkipGeneratingSubjectConfirmationAddress());
clientApp.setSkipGeneratingSubjectConfirmationNotBefore(
- clientAppTO.isSkipGeneratingSubjectConfirmationNotBefore());
+ clientAppTO.isSkipGeneratingSubjectConfirmationNotBefore());
clientApp.setSkipGeneratingSubjectConfirmationNameId(clientAppTO.isSkipGeneratingSubjectConfirmationNameId());
clientApp.setSkipGeneratingNameIdQualifiers(clientAppTO.isSkipGeneratingNameIdQualifiers());
clientApp.setSkipGeneratingTransientNameId(clientAppTO.isSkipGeneratingTransientNameId());
clientApp.setSkipValidatingAuthnRequest(clientAppTO.isSkipValidatingAuthnRequest());
clientApp.setSkipGeneratingServiceProviderNameIdQualifier(
- clientAppTO.isSkipGeneratingServiceProviderNameIdQualifier());
+ clientAppTO.isSkipGeneratingServiceProviderNameIdQualifier());
clientApp.setSkipGeneratingAuthenticatingAuthority(clientAppTO.isSkipGeneratingAuthenticatingAuthority());
clientApp.setSkipGeneratingNameIdQualifier(clientAppTO.isSkipGeneratingNameIdQualifier());
clientApp.setSkipGeneratingSessionNotOnOrAfter(clientAppTO.isSkipGeneratingSessionNotOnOrAfter());
@@ -170,6 +170,7 @@ protected void doUpdate(final SAML2SPClientApp clientApp, final SAML2SPClientApp
clientApp.setRequiredAuthenticationContextClass(clientAppTO.getRequiredAuthenticationContextClass());
clientApp.setRequiredNameIdFormat(clientAppTO.getRequiredNameIdFormat());
clientApp.setSkewAllowance(clientAppTO.getSkewAllowance());
+ clientApp.setValidityUntil(clientAppTO.getValidityUntil());
clientApp.setNameIdQualifier(clientAppTO.getNameIdQualifier());
clientApp.getAssertionAudiences().clear();
clientApp.getAssertionAudiences().addAll(clientAppTO.getAssertionAudiences());
@@ -244,21 +245,21 @@ protected SAML2SPClientAppTO getSAMLClientAppTO(final SAML2SPClientApp clientApp
clientAppTO.setEncryptAttributes(clientApp.isEncryptAttributes());
clientAppTO.setSkipGeneratingAssertionNameId(clientApp.isSkipGeneratingAssertionNameId());
clientAppTO.setSkipGeneratingSubjectConfirmationInResponseTo(
- clientApp.isSkipGeneratingSubjectConfirmationInResponseTo());
+ clientApp.isSkipGeneratingSubjectConfirmationInResponseTo());
clientAppTO.setSkipGeneratingResponseInResponseTo(clientApp.isSkipGeneratingResponseInResponseTo());
clientAppTO.setSkipGeneratingSubjectConfirmationNotOnOrAfter(
- clientApp.isSkipGeneratingSubjectConfirmationNotOnOrAfter());
+ clientApp.isSkipGeneratingSubjectConfirmationNotOnOrAfter());
clientAppTO.setSkipGeneratingSubjectConfirmationRecipient(
- clientApp.isSkipGeneratingSubjectConfirmationRecipient());
+ clientApp.isSkipGeneratingSubjectConfirmationRecipient());
clientAppTO.setSkipGeneratingSubjectConfirmationAddress(clientApp.isSkipGeneratingSubjectConfirmationAddress());
clientAppTO.setSkipGeneratingSubjectConfirmationNotBefore(
- clientApp.isSkipGeneratingSubjectConfirmationNotBefore());
+ clientApp.isSkipGeneratingSubjectConfirmationNotBefore());
clientAppTO.setSkipGeneratingSubjectConfirmationNameId(clientApp.isSkipGeneratingSubjectConfirmationNameId());
clientAppTO.setSkipGeneratingNameIdQualifiers(clientApp.isSkipGeneratingNameIdQualifiers());
clientAppTO.setSkipGeneratingTransientNameId(clientApp.isSkipGeneratingTransientNameId());
clientAppTO.setSkipValidatingAuthnRequest(clientApp.isSkipValidatingAuthnRequest());
clientAppTO.setSkipGeneratingServiceProviderNameIdQualifier(
- clientApp.isSkipGeneratingServiceProviderNameIdQualifier());
+ clientApp.isSkipGeneratingServiceProviderNameIdQualifier());
clientAppTO.setSkipGeneratingAuthenticatingAuthority(clientApp.isSkipGeneratingAuthenticatingAuthority());
clientAppTO.setSkipGeneratingNameIdQualifier(clientApp.isSkipGeneratingNameIdQualifier());
clientAppTO.setSkipGeneratingSessionNotOnOrAfter(clientApp.isSkipGeneratingSessionNotOnOrAfter());
@@ -266,6 +267,7 @@ protected SAML2SPClientAppTO getSAMLClientAppTO(final SAML2SPClientApp clientApp
clientAppTO.setRequiredAuthenticationContextClass(clientApp.getRequiredAuthenticationContextClass());
clientAppTO.setRequiredNameIdFormat(clientApp.getRequiredNameIdFormat());
clientAppTO.setSkewAllowance(clientApp.getSkewAllowance());
+ clientAppTO.setValidityUntil(clientApp.getValidityUntil());
clientAppTO.setNameIdQualifier(clientApp.getNameIdQualifier());
clientAppTO.getAssertionAudiences().addAll(clientApp.getAssertionAudiences());
clientAppTO.setServiceProviderNameIdQualifier(clientApp.getServiceProviderNameIdQualifier());
diff --git a/pom.xml b/pom.xml
index 0a22458c93..c33a4045dd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -451,7 +451,7 @@ under the License.
4.0.0
- 9.4.1
+ 9.4.2
3.6.0
3.8.0
@@ -464,13 +464,13 @@ under the License.
1.15.0
1.22.0
- 6.4.3
+ 6.5.2
- 8.0.0-RC4
+ 8.0.0-RC5
4.1.1
2.2.50
- 5.32.5
+ 5.32.6
1.3.8
1.4.1-1
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
index 8516f74915..abb4ae129d 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
@@ -83,7 +83,7 @@
import org.apereo.cas.configuration.model.support.mfa.gauth.LdapGoogleAuthenticatorMultifactorProperties;
import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
import org.apereo.cas.configuration.support.JpaBeans;
-import org.apereo.cas.consent.ConsentRepository;
+import org.apereo.cas.consent.ConsentRepositoryBuilder;
import org.apereo.cas.gauth.CasGoogleAuthenticator;
import org.apereo.cas.gauth.credential.LdapGoogleAuthenticatorTokenCredentialRepository;
import org.apereo.cas.multitenancy.TenantsManager;
@@ -111,6 +111,7 @@
import org.apereo.cas.util.LdapUtils;
import org.apereo.cas.util.crypto.CipherExecutor;
import org.apereo.cas.util.spring.CasApplicationReadyListener;
+import org.apereo.cas.util.spring.beans.BeanSupplier;
import org.apereo.cas.webauthn.storage.WebAuthnCredentialRepository;
import org.ldaptive.ConnectionFactory;
import org.pac4j.core.client.Client;
@@ -572,8 +573,11 @@ public WebAuthnCredentialRepository webAuthnCredentialRepository(
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
@Bean
- public ConsentRepository consentRepository(final WARestClient waRestClient) {
- return new WAConsentRepository(waRestClient);
+ public ConsentRepositoryBuilder waConsentRepositoryBuilder(final WARestClient waRestClient) {
+ return BeanSupplier.of(ConsentRepositoryBuilder.class).
+ supply(() -> () -> new WAConsentRepository(waRestClient)).
+ otherwiseProxy().
+ get();
}
@Bean
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
index 2a8a1636a8..a93e48352a 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
@@ -72,11 +72,11 @@ public RegisteredService map(
service.setEncryptAssertions(sp.isEncryptAssertions());
service.setSubjectLocality(sp.getSubjectLocality());
service.setLogoutResponseBinding(
- Optional.ofNullable(sp.getLogoutResponseBinding()).map(Enum::name).orElse(null));
+ Optional.ofNullable(sp.getLogoutResponseBinding()).map(Enum::name).orElse(null));
service.setMetadataCriteriaDirection(sp.getMetadataCriteriaDirection().name());
service.setMetadataCriteriaPattern(sp.getMetadataCriteriaPattern());
service.setSigningCredentialType(
- Optional.ofNullable(sp.getSigningCredentialType()).map(Enum::name).orElse(null));
+ Optional.ofNullable(sp.getSigningCredentialType()).map(Enum::name).orElse(null));
service.setEncryptAttributes(sp.isEncryptAttributes());
service.setRequireSignedRoot(sp.isRequireSignedRoot());
service.setLogoutResponseEnabled(sp.isLogoutResponseEnabled());
@@ -98,7 +98,8 @@ public RegisteredService map(
service.setValidateMetadataCertificates(sp.isValidateMetadataCertificates());
service.setRequiredAuthenticationContextClass(sp.getRequiredAuthenticationContextClass());
service.setRequiredNameIdFormat(sp.getRequiredNameIdFormat().getNameId());
- service.setSkewAllowance(Optional.ofNullable(sp.getSkewAllowance()).orElse(0));
+ service.setSkewAllowance(Optional.ofNullable(sp.getSkewAllowance()).orElse(null));
+ service.setValidityUntil(Optional.ofNullable(sp.getValidityUntil()).orElse(null));
service.setNameIdQualifier(sp.getNameIdQualifier());
if (!sp.getAssertionAudiences().isEmpty()) {
service.setAssertionAudiences(String.join(",", sp.getAssertionAudiences()));
diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/multitenancy/WATenantsManager.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/multitenancy/WATenantsManager.java
index ac68ea3b5c..b400b9dc6d 100644
--- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/multitenancy/WATenantsManager.java
+++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/multitenancy/WATenantsManager.java
@@ -123,4 +123,21 @@ public List findTenants() {
domainOps.list().forEach(domain -> findTenant(domain.getKey()).ifPresent(tenants::add));
return tenants;
}
+
+ @Override
+ public TenantDefinition save(final TenantDefinition tenantDefinition) {
+ // Syncope Domains are managed by Core
+ return tenantDefinition;
+ }
+
+ @Override
+ public boolean delete(final String tenantId) {
+ // Syncope Domains are managed by Core
+ return false;
+ }
+
+ @Override
+ public void load() {
+ // nothing to do
+ }
}