From ab5be483246eddd6162f50f8ac876a7a15a00ff1 Mon Sep 17 00:00:00 2001 From: scpcom Date: Tue, 28 May 2024 22:14:24 +0200 Subject: [PATCH] extensions: auth-sso-saml: Add option to get username from attribute --- .../auth/saml/conf/ConfigurationService.java | 26 +++++++++++++++++++ .../auth/saml/user/SAMLAuthenticatedUser.java | 19 +++++++++++++- 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java index 47ead88208..35e74353b9 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java @@ -151,6 +151,18 @@ public class ConfigurationService { }; + /** + * The property that defines what attribute the SAML provider will return + * that contains login name for the authenticated user. + */ + private static final StringGuacamoleProperty SAML_USER_ATTRIBUTE = + new StringGuacamoleProperty() { + + @Override + public String getName() { return "saml-user-attribute"; } + + }; + /** * The maximum amount of time to allow for an in-progress SAML * authentication attempt to be completed, in minutes. A user that takes @@ -340,6 +352,20 @@ public String getGroupAttribute() throws GuacamoleException { return environment.getProperty(SAML_GROUP_ATTRIBUTE, "groups"); } + /** + * Return the name of the attribute that will be supplied by the identity + * provider that contains the username. + * + * @return + * The name of the attribute that contains the username. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ + public String getUserAttribute() throws GuacamoleException { + return environment.getProperty(SAML_USER_ATTRIBUTE, null); + } + /** * Returns the maximum amount of time to allow for an in-progress SAML * authentication attempt to be completed, in minutes. A user that takes diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/user/SAMLAuthenticatedUser.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/user/SAMLAuthenticatedUser.java index 88adee66a9..e9353b68f4 100644 --- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/user/SAMLAuthenticatedUser.java +++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/user/SAMLAuthenticatedUser.java @@ -104,6 +104,23 @@ private Set getGroups(AssertedIdentity identity) } + private String getUser(AssertedIdentity identity) + throws GuacamoleException { + + String samlUserAttribute = confService.getUserAttribute(); + List samlUser = null; + + if (samlUserAttribute == null || samlUserAttribute.isEmpty()) + return identity.getUsername(); + + samlUser = identity.getAttributes().get(samlUserAttribute); + if (samlUser == null || samlUser.isEmpty()) + return identity.getUsername(); + + return samlUser.get(0); + + } + /** * Initializes this AuthenticatedUser using the given * {@link AssertedIdentity} and credentials. @@ -121,7 +138,7 @@ private Set getGroups(AssertedIdentity identity) */ public void init(AssertedIdentity identity, Credentials credentials) throws GuacamoleException { - super.init(identity.getUsername(), credentials, getGroups(identity), getTokens(identity)); + super.init(getUser(identity), credentials, getGroups(identity), getTokens(identity)); } }